[isf-wifidog] Routed network
Pascal Charest
pascal.charest at gmail.com
Mar 27 Juin 12:34:56 EDT 2006
I'm more of a lurker on wifidog list, but I might be able to answer that...
Layer3 devices will not preserve the mac adress from the original requesting
device (in that case, your client) and will change it for its own making the
authentification scheme invalid.
You could :
1. Whitelist the router mac adress. In that case, nobody on the other side
of the routeur will have to go through the portal (automaticaly jump over
it).
2. Establish vpn connexion between the network and your gateway so that your
packet can reach unchanged. (kinda lot of trouble to do)
3. Use one network interfaces by network, and directly connect them on each
network.
OR:
4. Install wifidog-gateway on each router of your network, whitelisting
their mac in the upstream routeur connection.
Pascal C.
That's my 2 cents, i might be way off the track though. so it might worth
even less than 2 cents.
On 6/27/06, Mattias Eriksson <eriksson1 at gmail.com> wrote:
>
> Hi, I want the portal to work for clients that are seperated from the
> gateway by layer 3 devices (routers). Is this not possible?
>
> I made a test and the gateway gave this error: "Failed to retrieve
> your MAC address"
>
> /M. Eriksson
>
> On 6/27/06, Mattias Eriksson <eriksson1 at gmail.com> wrote:
> > I found some interesting information in the wifidog logfile. Probably
> > explain why $incoming and $outgoing does not get passed with the
> > radius accounting record.
> >
> > I don't know what to do about it though.. :-)
> >
> > Ps. Good luck tonight all you french people, you will beat them!
> >
> > 2006-06-27 08:56:21 (EDT) Runtime Notice >Test network >* nouser*@New
> > test node [/auth/?stage=counters&ip=
> 10.1.204.99&mac=00:14:C2:E1:B3:F6&token=df103ed9c2d49832a14d72cea2202eb8&incoming=74072450&outgoing=5012533
> ]:
> > Assigning the return value of new by reference is deprecated in
> > /usr/home/mattiase/wifidog-auth/wifidog/PEAR.php on line 557
> > 2006-06-27 08:56:21 (EDT) Runtime Notice >Test network >*nouser*@New
> > test node [/auth/?stage=counters&ip=
> 10.1.204.99&mac=00:14:C2:E1:B3:F6&token=df103ed9c2d49832a14d72cea2202eb8&incoming=74072450&outgoing=5012533]:
> > Assigning the return value of new by reference is deprecated in
> > /usr/home/mattiase/wifidog-auth/wifidog/PEAR.php on line 560
> > 2006-06-27 08:56:22 (EDT) Runtime Notice >Test network >*nouser*@New
> > test node [/auth/?stage=counters&ip=
> 10.1.204.99&mac=00:14:C2:E1:B3:F6&token=df103ed9c2d49832a14d72cea2202eb8&incoming=74072450&outgoing=5012533
> ]:
> > Non-static method PEAR::loadExtension() should not be called
> > statically, assuming $this from incompatible context in
> > /usr/local/share/pear/Auth/RADIUS.php on line 49
> > 2006-06-27 08:56:22 (EDT) Runtime Notice >Test network >*nouser*@New
> > test node [/auth/?stage=counters&ip=
> 10.1.204.99&mac=00:14:C2:E1:B3:F6&token=df103ed9c2d49832a14d72cea2202eb8&incoming=74072450&outgoing=5012533
> ]:
> > Creating default object from empty value in
> >
> /usr/home/mattiase/wifidog-auth/wifidog/classes/Authenticators/AuthenticatorRadius.php
>
> > on line 412
> > 2006-06-27 08:56:22 (EDT) Runtime Notice >Test network >*nouser*@New
> > test node [/auth/?stage=counters&ip=
> 10.1.204.99&mac=00:14:C2:E1:B3:F6&token=df103ed9c2d49832a14d72cea2202eb8&incoming=74072450&outgoing=5012533]:
> > Non-static method PEAR::isError() should not be called statically,
> > assuming $this from incompatible context in
> >
> /usr/home/mattiase/wifidog-auth/wifidog/classes/Authenticators/AuthenticatorRadius.php
>
> > on line 418
> > 2006-06-27 08:56:22 (EDT) Runtime Notice >Test network >*nouser*@New
> > test node [/auth/?stage=counters&ip=
> 10.1.204.99&mac=00:14:C2:E1:B3:F6&token=df103ed9c2d49832a14d72cea2202eb8&incoming=74072450&outgoing=5012533]:
> > is_a(): Deprecated. Please use the instanceof operator in
> > /usr/home/mattiase/wifidog-auth/wifidog/PEAR.php on line 269
> > 2006-06-27 08:56:22 (EDT) Runtime Notice >Test network >*nouser*@New
> > test node [/auth/?stage=counters&ip=
> 10.1.204.99&mac=00:14:C2:E1:B3:F6&token=df103ed9c2d49832a14d72cea2202eb8&incoming=74072450&outgoing=5012533
> ]:
> > Non-static method PEAR::isError() should not be called statically,
> > assuming $this from incompatible context in
> >
> /usr/home/mattiase/wifidog-auth/wifidog/classes/Authenticators/AuthenticatorRadius.php
> > on line 430
> > 2006-06-27 08:56:22 (EDT) Runtime Notice >Test network >* nouser*@New
> > test node [/auth/?stage=counters&ip=
> 10.1.204.99&mac=00:14:C2:E1:B3:F6&token=df103ed9c2d49832a14d72cea2202eb8&incoming=74072450&outgoing=5012533
> ]:
> > is_a(): Deprecated. Please use the instanceof operator in
> > /usr/home/mattiase/wifidog-auth/wifidog/PEAR.php on line 269
> >
> > /M. Eriksson
> >
> > On 6/27/06, Mattias Eriksson <eriksson1 at gmail.com> wrote:
> > > Ok thanks.
> > >
> > > Strange thing is when I look in the database the numbers for incoming
> > > and outgoing looks alright.
> > >
> > > /M Eriksson
> > >
> > > On 6/27/06, François Proulx < fproulx at edito.qc.ca> wrote:
> > > > Hum ... no it's not configurable, but it should not do this... Big
> > > > fat hex numbers like this look like a variable has not been
> > > > initialized correcly ... :-/
> > > >
> > > > Post a bug report on our tracker. Maybe Kaouete (from Paris) could
> > > > tell us if he has the same issue...
> > > >
> > > >
> > > > On 27-Jun-06, at 7:30 AM, Mattias Eriksson wrote:
> > > >
> > > > > Hi, I can't get radius accounting working properly. Wifidog just
> send
> > > > > some weird hex numbers, and does not send Acct-Output-Octets or
> > > > > Acct-Input-Octets.
> > > > >
> > > > > Why is this? Is it configurable?
> > > > >
> > > > > An extract from an accounting record:
> > > > >
> > > > > Acct-Status-Type = Interim-Update
> > > > > Acct-Input-Packets = 0x32313330363936
> > > > > Acct-Output-Packets = 0x373333303931
> > > > >
> > > > > Regards,
> > > > >
> > > > > /M. Eriksson
> > > > > _______________________________________________
> > > > > WiFiDog mailing list
> > > > > WiFiDog at listes.ilesansfil.org
> > > > > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > WiFiDog mailing list
> > > > WiFiDog at listes.ilesansfil.org
> > > > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> > > >
> > > >
> > >
> >
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
--
Pascal Charest, Feydakin
http://blog.pacharest.com
--
-------------- section suivante --------------
Une pièce jointe HTML a été enlevée...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20060627/64a1daa7/attachment.html
Plus d'informations sur la liste de diffusion WiFiDog