Menu
▾
▴
Re: [PacketFence-users] Packetfence rejects requests from pfSense openVPN
|
From: Christian H. <chr...@do...> - 2020-03-22 12:38:48
|
Hi, I just tested your recommendation, however I am still getting the same log entries prepended with the information, that the SNMP connection was unsuccessful. This should be no surprise as I did not configure any SNMP settings. Regards Christian Von: Durand fabrice via PacketFence-users <pac...@li...> Gesendet: Donnerstag, 19. März 2020 01:34 An: pac...@li... Cc: Durand fabrice <fd...@in...> Betreff: Re: [PacketFence-users] Packetfence rejects requests from pfSense openVPN Try with the Catalyst_2960 switch module instead of the generic one Le 20-03-18 à 20 h 23, Zacharry Williams via PacketFence-users a écrit : Not sure if it's supported as it's not in the device config guide. But that doesn't mean it's not possible. I think you'd have to make a different connection profile though. On Wed, Mar 18, 2020, 11:39 AM Christian Hillebrand via PacketFence-users <pac...@li... <mailto:pac...@li...> > wrote: Hi, At the moment I am testing the user authorization of requests coming from my openVPN server which is part of my pfSense machine. I added the pfSense machine as a “Generic” Switch and enabled CLI Access. However when I am testing the access, I am rejected with the following log output: Mar 18 17:27:09 localhost packetfence_httpd.aaa: httpd.aaa(1667) INFO: [mac:10:25:51:14:10:10] handling radius autz request: from switch_ip => (10.0.1.1), connection_type => CLI-Access,switch_mac => (00:1b:21:bc:e2:14), mac => [10:25:51:14:10:10], port => 41010, username => "<USER>" (pf::radius::authorize) Mar 18 17:27:09 localhost packetfence_httpd.aaa: httpd.aaa(1667) WARN: [mac:10:25:51:14:10:10] (10.0.1.1) Sending REJECT since switch is unsupported (pf::radius::_switchUnsupportedReply) Setup: pfSense is configured to use packetfence as a radius authentication server. I configured packetfence to work as a radius server providing access to my unifi based network. To achieve this I configured an AD as my authentication source. In the authentication source I added three accept rules, each handling users of one of my three “access groups”. However if it is possible I want to achieve, that only the users of the first group are accepted when they request VPN access. Each of the access groups is getting access to my (internal) network on a different VLAN, which is assigned by packetfence via a role. So I have two questions: Is the setup which I described even possible? Is pfSense not supported? Or did I mess up the config? _______________________________________________ PacketFence-users mailing list Pac...@li... <mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users _______________________________________________ PacketFence-users mailing list Pac...@li... <mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users |
