Project

General

Profile

Feature #4294

Add additonal option to RADIUS Called-Station-Id value

Added by James Wood over 4 years ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Category:
Captive Portal
Target version:
Start date:
01/25/2015
Due date:
% Done:

100%

Estimated time:
0.20 h

Description

We are a hotspot provider and have many potential customers who are looking to use our service and love their pfSense setup. We have been testing your firewall and have got it working but would like to ask if the following request can be implemented. It will also help other hotspot providers, and is not unique to our solution.

Would it be possible to add an additional option to the radius called-station-id types to support a standard MAC of the pfSense box rather than an IP address or client MAC. Called-Station-Id should be the MAC of the NAS (i.e. the pfSense MAC itself). Most hotspot providers need the Called-Station-Id to be this MAC.

So, could this be added as standard?

in /usr/local/captiveportal/radius_authentication.inc

switch($radiusvendor) {

        case 'cisco':
                $calledstationid = $clientmac;
                $callingstationid = $clientip;
                break;
+        case 'wanmac':
+                $calledstationid = mac_format(get_interface_mac(get_real_interface("wan")));
+                $callingstationid = $clientmac;
+                break;

in /usr/local/www/services_captiveportal.php

$radiusvendors = array("cisco","wanmac")Íž

Additionally, is it also possible to all the captive portal login request from an external server accept GET as well as POST, i.e. instead of having to POST this:

<form action="http://192.168.0.254:8000/" method="post" />
<input type="hidden" name="auth_user" value="123" />
<input type="hidden" name="auth_pass" value="456" />
<input type="submit" name="accept" value="Log in" />
</form>

We could just redirect the browser to this (and thus a GET requst):

http://192.168.0.254:8000/?auth_user=123&auth_pass=456&accept=Log+in

Thanks in advance,

James

History

#1 Updated by James Wood over 4 years ago

Also, if this ne option is set, the Called-Station-Id should also be the same WAN MAC in RADIUS accounting packets too.

in /usr/local/captiveportal/radius_accounting.inc

switch($radiusvendor) {

        case 'cisco':
                $calledstationid = $clientmac;
                $callingstationid = $clientip;
                break;
+        case 'wanmac':
+                $calledstationid = mac_format(get_interface_mac(get_real_interface("wan")));
+                $callingstationid = $clientmac;
+                break;

#2 Updated by Renato Botelho about 1 year ago

  • Status changed from New to In Progress
  • Assignee set to Renato Botelho
  • Target version set to 2.4.4

#3 Updated by Renato Botelho about 1 year ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

PR merged

#4 Updated by A FL about 1 year ago

I confirm that the fix is working.
Called-Station-ID and Calling-Station-ID are now following RFC3580 (see https://mrncciew.com/2013/07/22/called-calling-station-id/ for more details) on latest Snapshots. Just checked with wireshark

This issue can be marked as resolved.

#5 Updated by Jim Pingle about 1 year ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF