Feature #2573
Captive Portal support of RADIUS POD (Packet of Disconnect)
| Status: | New | Start date: | 08/02/2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | Captive Portal | |||
| Target version: | - | |||
| Affected version: | 2.0.1 | Affected Architecture: |
Description
AFAIK pfsense CP NAS doesn't support RADIUS POD, a feature that is supported by most NAS like Cisco and Mikrotik, and most Radius managers.
For more on POD check http://wiki.freeradius.org/Disconnect-Messages
Disconnect Messages
A Disconnect Message (sometimes known as Packet of Disconnect) is and unsolicited RADIUS Disconnect-Request packet (A special type of Change-of-Authorization packet) sent to a NAS in order to terminate a user session and discard all associated session context. The Disconnect-Request packet is sent to UDP port 3799 (Although many NAS use port 1700 instead), and is intended to be used in situations where the AAA server wants to disconnect the user after the session has been accepted by the RADIUS Access-Accept packet.
Instead pfsense's CP offers an option to re-authenticate users every minute, which probably doesn't scale too well.