pfsense interview questions
Top pfsense frequently asked interview questions
I'm trying to update the pfSense captive portal authentication page, and it appears fine everywhere except for IE (both desktop and mobile versions). The issue is that the upper table row (from a table of 2 rows), is extending to a large size as can be seen in the image below. The HTML is:
<html>
<link rel="stylesheet" type="text/css" rel='nofollow' href="style.css">
<body>
<form method="post" action="#PORTAL_ACTION#" align="center" >
<input name="redirurl" type="hidden" value="#PORTAL_REDIRURL#">
<input name="zone" type="hidden" value="#PORTAL_ZONE#">
<center>
<table class="MainTable">
<!--Beginning of Form title heading-->
<tr class="TableTopRow">
<td class="TableTopCell1">
<img src="captiveportal-wifi_icon.png" width="50%" height="3%" align="right">
</td>
<td class="TableTopCell2" >
<img src="captiveportal-aragon_logo.png" width="50%" height="3%" align="left">
</td>
</tr>
<!--End of Form title heading-->
<!--Beginning of main area which contains authentication form and an area reserved for showing errors-->
<tr class="TableLowerRow" colspan="2" height="70%">
<td colspan="2" width="100%">
<div id="mainlevel">
<center>
<table height="100%" width="100%" border="0" cellpadding="0">
<tr>
<td style="color:#0B173B;font-family:arial; font-weight:bold; font-size:90%"><center>
Welcome to Aragon House Business Center
</td>
</tr>
<tr>
<td>
<center>
<div id="mainarea">
<center>
<table width="100%" border="0" cellpadding="1px" cellspacing="2">
<tr height="20%">
<td>
<div id="maindivarea">
<center>
<!-- The statusbox area is where errors will be shown should there be an error when authenticating with the hotspot-->
<div id='statusbox'>
<font color='red' face='arial' size='+1'>
<b>
#PORTAL_MESSAGE#
</b>
</font>
</div>
<!--End of error message area-->
<br />
<!--Beginning of form area; this area will contain fields for authenticating users with the hotspot system-->
<div id='loginbox'>
<table>
<!-- Beginning of area where you input the authentication details-->
<tr><td> </td></tr>
<tr><td align="right" style="color:#333333;font-family:arial; font-size:98%;">Username:</td><td><input name="auth_user" type="text" style="border: 1px solid;"></td></tr>
<tr><td align="right" style="color:#333333;font-family:arial; font-size:98%;">Password:</td><td><input name="auth_pass" type="password" style="border: 1px solid;"></td></tr>
<tr><td> </td></tr>
<tr>
<td align="right" style="color:#333333;font-family:arial; font-size:98%;">Enter Voucher Code: </td>
<td><input name="auth_voucher" type="text" style="border:1px solid;" size="20"></td>
</tr>
<tr>
<td colspan="2" align="right" style="padding-right:10px"><input name="accept" type="submit" value="Continue"></td>
</tr>
<!-- End of area where you input the authentication details-->
</table>
</div>
<!--End of authentication form area-->
</center>
</div>
</td>
</tr>
</table>
</center>
</div>
</center>
</td>
</tr>
</table>
</center>
</div>
</td>
</tr>
</table>
</center>
<!--End of main area-->
</form>
</body>
</html>
While the CSS is:
.MainTable{
height: 40%;
width: 30%;
padding: 0;
border-radius: 15px;
border:1px solid #000000;
}
.TableTopRow{
width: 30%;
height: 30%;
background-color:#CCCCCC;
border-top-right-radius: 15px;
border-top-left-radius: 15px;
border-top:1px #6DA4DE;
}
.TableLowerRow{
height: 70%;
}
.TableTopCell1{
width: 50%;
border-top-left-radius: 15px;
}
.TableTopCell2{
width: 50%;
border-top-right-radius: 15px;
}
The first image shows how the form appears in IE, while the one below it shows how the same form appears in Chrome.
Help is greatly appreciated.
Thanks in advance,
J
Source: (StackOverflow)
Dear Stackoverflow users,
I am running into a problem. It is as follows:
Currently i am programming a management tool for pfsense, which needs to send a multipart form that the server needs to validate and process. It should enable the voucher based acces control on the interface. However, i am getting the error that my headers are already sent. I did not sent them.
my code is as follows:
protected function doCurl($resourceID=null, $post=null)
{
//volledige url
$url = Yii::app()->params->pfsense['host'].$resourceID;
$ch = curl_init();
if($post != null)
{
$post_string = "";
foreach($post as $key=>$value)
{
if($key != 'enctype')
{
$post_string .= $key.'='.$value.'&';
}
else
{
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: multipart/form-data'
));
}
}
rtrim($post_string, '&');
//var_dump($post);
/**/
curl_setopt($ch,CURLOPT_POST, count($post));
curl_setopt($ch,CURLOPT_POSTFIELDS, $post_string);
//var_dump($post_string);
}
else
{
curl_setopt($ch, CURLOPT_HEADER, true);
}
curl_setopt($ch, CURLOPT_URL, $url);
//omdat het certificaat niet klopt zetten we de verificatie uit.
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
//we setten de useragent en de timeout. Useragent omdat sommige websites iets anders voorschotelen per browser.
//timeout voor als er iets gebeurd wat niet moet
curl_setopt($ch,CURLOPT_USERAGENT,Yii::app()->params->pfsense['useragent']);
curl_setopt($ch,CURLOPT_COOKIEJAR, Yii::app()->params->pfsense['cookiepath']);
curl_setopt($ch,CURLOPT_COOKIEFILE, Yii::app()->params->pfsense['cookiepath']);
curl_setopt($ch, CURLOPT_AUTOREFERER, true );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,10);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$response = curl_exec($ch);
$result = array( 'header' => '',
'body' => '',
'http_code' => '',
'last_url' => '');
$header_size = curl_getinfo($ch,CURLINFO_HEADER_SIZE);
$result['header'] = substr($response, 0, $header_size);
$result['body'] = substr( $response, $header_size );
$result['http_code'] = curl_getinfo($ch,CURLINFO_HTTP_CODE);
$result['last_url'] = curl_getinfo($ch,CURLINFO_EFFECTIVE_URL);
//curl_close($ch);
return $result;
}
public function curl($resourceID=null, $post=null)
{
$result = $this->doCurl($resourceID, $post);
if(strpos($result['body'], 'Login') == false && $result['http_code'] != 403)
{
//echo $result['body'];
return $result;
}
else
{
$loginpost = array(
'__csrf_magic' => substr($result['body'], strpos($result['body'],'sid:') , 55),
'login' => urlencode('Login'),
'usernamefld' => urlencode(Yii::app()->params->pfsense['pfuser']),
'passwordfld' => urlencode(Yii::app()->params->pfsense['pfpass'])
);
$result = $this->doCurl('',$loginpost);
$result = $this->doCurl($resourceID, $post);
return $result;
}
}
This is the code that allows a curl request to be sent to the server. If the page that is returned is the login page, the login info needs to be sent and the original post request needs to be sent again.
the code that follows is the code to insert a zone:
public function insertZone($post)
{
$description = $post['description'];
$interface = $post['interfaces'];
$name = $post['name'];
$post=null;
$post['zone'] = $name;
$post['descr'] = $description;
$post['Submit'] = 'Continue';
$result = $this->curl(Yii::app()->params->pfsense['pfpathtoinsertzone']);
$post['__csrf_magic'] = substr($result['body'], strpos($result['body'],'sid:') , 55);
var_dump($post);
$result = $this->curl(Yii::app()->params->pfsense['pfpathtoinsertzone'], $post);
var_dump($result['body']);
//exit;
if(strpos($result['body'], 'The following input errors were detected') == false)
{
$post = null;
$post['enable'] = 'yes';
$post['interfaces'] = $interface;
$post['Submit'] = 'Save';
$post['name'] = $name;
$result = $this->editZone($post);
if($result != false)
{
$post = null;
$post['zone'] = $name;
$post['enable'] = 'yes';
$post['Submit'] = 'Save';
$result = $this->curl(Yii::app()->params->pfsense['pfpathtovoucherroll'].$name);
$post['__csrf_magic'] = substr($result['body'], strpos($result['body'],'sid:') , 55);
$doc = new DOMDocument();
$doc->loadHTML($result['body']);
$doc->preserveWhiteSpace = false;
if($childs = $doc->getElementsByTagName("textarea"))
{
foreach($childs as $child)
{
if($child->nodeType == XML_TEXT_NODE)
{
continue;
}
if(strpos(trim($child->nodeValue),'BEGIN RSA PRIVATE KEY'))
{
$post['privatekey'] = trim($child->nodeValue);
}
elseif(strpos(trim($child->nodeValue),'BEGIN PUBLIC KEY'))
{
$post['publickey'] = trim($child->nodeValue);
}
}
}
$post['charset'] = $doc->getElementById('charset')->attributes->getNamedItem('value')->nodeValue;
$post['rollbits'] = $doc->getElementById('rollbits')->attributes->getNamedItem('value')->nodeValue;
$post['ticketbits'] = $doc->getElementById('ticketbits')->attributes->getNamedItem('value')->nodeValue;
$post['checksumbits'] = $doc->getElementById('checksumbits')->attributes->getNamedItem('value')->nodeValue;
$post['magic'] = $doc->getElementById('magic')->attributes->getNamedItem('value')->nodeValue;
$result = $this->curl(Yii::app()->params->pfsense['pfpathtovoucherroll'].$name, $post);
if($result['http_code'] >= 100 && $result['http_code'] <= 299)
{
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
else
{
return false;
}
}
public function editZone($post)
{
$zone = $post['name'];
$interfaces = $post['interfaces'];
$post = null;
//$post['localauth_priv'] = 'yes';
//$post['radiussrcip_attribute'] = strtolower($interfaces);
if(is_array($interfaces))
{
$post['cinterface[]'] = array_map('strtolower', $interfaces);
}
else
{
$post['cinterface[]'] = strtolower($interfaces);
}
$post['auth_method'] = 'local';
$post['radiussrcip_attribute'] = 'wan';
$post['radiusvendor'] = 'default';
$post['radmac_format'] = 'default';
$post['enable'] = 'yes';
$post['Submit'] = 'Save';
$post["maxprocperip"] = '';
$post["idletimeout"] = '';
$post["timeout"] = '';
$post["freelogins_count"] = '';
$post["freelogins_resettimeout"] = '';
$post["preauthurl"] = '';
$post["redirurl"] = '';
$post["blockedmacsurl"] = '';
$post["bwdefaultdn"] = '';
$post["bwdefaultup"] = '';
$post["radiusip"] = '';
$post["radiusport"] = '';
$post["radiuskey"] = '';
$post["radiusip2"] = '';
$post["radiusport2"] = '';
$post["radiuskey2"] = '';
$post["radiusip3"] = '';
$post["radiusport3"] = '';
$post["radiuskey3"] = '';
$post["radiusip4"] = '';
$post["radiusport4"] = '';
$post["reauthenticateacct"] = '';
$post["radmac_secret"] = '';
$post["radiusvendor"] = 'default';
$post["radiusnasid"] = '';
$post["radmac_format"] = 'default';
$post["httpsname"] = '';
$post['certref'] = '';
$post['enctype'] = true;
$post['zone'] = $zone;
$post['enable'] = 'yes';
$post['Submit'] = 'Save';
$result = $this->curl(Yii::app()->params->pfsense['pfpathtoupdatezone'].$zone);
//echo $result['last_url'];
$post['__csrf_magic'] = substr($result['body'], strpos($result['body'],'sid:') , 55);
//var_dump($post);
$result = $this->curl(Yii::app()->params->pfsense['pfpathtoupdatezone'].$zone, $post);
ini_set('xdebug.var_display_max_depth', -1);
ini_set('xdebug.var_display_max_children', -1);
ini_set('xdebug.var_display_max_data', -1);
var_dump($result['body']);
exit;
if($result['http_code'] >= 100 && $result['http_code'] <= 299)
{
return true;
}
else
{
//var_dump($result);
///exit;
return $result;
}
}
This code works by first inserting a zone with the name and description and then updating it to set the interface active and enabling the captive portal page to be displayed. However, if i sent the page without the multipart form(it seems to be that this is the issue) then the authentication is not set correctly. It is set, but it does not work. If i then manually change the authentication setting (it is a radio button, if i choose another radio button and then choose my original radio button it suddenly works)
has anyone have a clue about what i am doing wrong? because with the following code i get the result that my headers are already sent:
$result = $this->curl(Yii::app()->params->pfsense['pfpathtoupdatezone'].$zone, $post);
ini_set('xdebug.var_display_max_depth', -1);
ini_set('xdebug.var_display_max_children', -1);
ini_set('xdebug.var_display_max_data', -1);
var_dump($result['body']);
exit;
i would appreciate all the help i can get.
thanks in advance!
Source: (StackOverflow)
I have a problem building a freebsd image with my custom application. I am making an application in php and html that uses some other applications on freebsd. Now I made a release by some commands provided by FreeBSD like make buildworld, make release, ... then I got the files: .iso and .img .
Now, when I installed them, the php files that were written in the first system were not found and the /usr/local directory was empty.
How can I produce a FreeBSD image with all the files I added and all the ports or packages I downloaded?
I was inspired by pfsense which is a fork of FreeBSD.
Source: (StackOverflow)
In our company, we use PF sense to lease IP's to different computers.
So PF sense is the default gateway with IP 10.8.2.1/27
How am i able to ping 10.8.3.215/26 with 10.8.2.3/27 ?
I see some configurations in PF sense...i.e rules like NAT port forwarding
OpenVPN setup and all, but I dont understand it.
Please help.
How is this possible? What all settings are configured must be configured in PF Sense to connect different subnets ?
Source: (StackOverflow)
I have an older version of pfsense installed and for several reasons I cannot move to a new version. Few days ago I discovered a bug on openssl client which is a problem for paypal IPN communication. Then I have installed a new openssl version by pkg_add but now I found the old version under /bin and new under /usr/local/bin. How can tell to lighttpd process to use this client instead of the old one?
Thank you
Source: (StackOverflow)
I have installed pfsense on bridge mode and without squid it's working but if i enable to squid and squidgaurd then internet is not working. i have setup as below.
internet--netgear-------WAN pfsense LAN------PC
netgear=192.168.1.1 (gw)
pfsense wan:192.168.1.13
pfsense lan:192.168.1.166
squid listen :LAN and transparent listen : LAN with ssl enable
pc ip:192.168.1.90 gateway:192.168.1.1
my main goal is my machine gateway and netgear router gateway must same(here 192.168.1.1).
Source: (StackOverflow)
What I am trying to do is pretty simple with most firewalls except with PFSense.
I would like remotely connect to my server via RDP like this :9999 being forwarded to :3389
I don't want to change the RDP Listening Port on the server.
thanks;
Source: (StackOverflow)
I am getting scanned by some external IP address and I want to block it from getting passed my firewall. I created a floating rule for both WAN and LAN interfaces and block their ip address to any destination any port.
It's still getting through ugh! Is there anyway to block it entirely?
Source: (StackOverflow)
I uploaded a captive portal html page and it is redirecting correctly to the specified page. However it is not displaying the images included in the html page although I uploaded those images to the file manager and I changed their names in the html page according to the new names given by the file manager. But it still not appearing when I click in view button.
Could you help me? Am I missing any thing??
Source: (StackOverflow)
I configured a VPN server using pfsense, and configured my client and the server with pfsense acting as the certificate authority. When I attempt to connect to the VPN using Tunnelblick on a Mac, I get an error message:
Tunnelblick was unable to start OpenVPN to connect client. For details, see the log in the VPN Details... window
Checking the system log displays:
7/6/15 4:57:05.974 PM tunnelblickd: Status = 251 from tunnelblick-helper command 'start client.tblk 1337 1 0 1 0 16688 -ptADGNWradsgnw 2.3.6'
7/6/15 4:57:06.374 PM Tunnelblick: tunnelblickd status from start: 251
I have attempted using versions 2.3.6 and 2.3.7, and all other questions about this error have said that using the other version would work, so I do not know where else to search for the problem.
Source: (StackOverflow)
I was wondering if someone could help me out or guide me. So I got everything up and running my only issue that when im trying to filter my syslog dashboard (the system logs of pfSense) it shows nothing while on my other dashboard of pfSense firewall it shows everything perfect see pics. I was wondering on my 10-syslog.conf what could be the issue?
I also made a guide if anyone is interested here is the link. But I would like to get the syslog (system logs) to work as nice too
Thank you
http://pastebin.com/idXvYyQD
http://pastebin.com/MhDvcYYzSyslog
Source: (StackOverflow)
I customize captive portal page of pfsense like this:
<form method="post" action="$PORTAL_ACTION$">
Click here to enter!
<input name="auth_user" type="hidden" value="guest" />
<input name="auth_pass" type="hidden" value="password" />
<input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$" />
<input type="text" name="mail" id="mail" />
<input id="mail" value="OK" type="checkbox" checked="checked">
<input name="accept" type="submit" value="Enter WiFi!" />
It's working but I will use mail field to collect addresses and put in a mailchimp newsletter...
How can I do this if the form also authenticate users?!?
It is possible?
Thanks in advance
Source: (StackOverflow)
I have successfully set up a VPN connection between my pfsense firewall and an Azure 2012 Server. I can see the server from within my network (ping, view shared folders etc) but I am unable to see my network from the Server.
The network setup is as follows:
Office network - 192.168.0.0/24
Azure network - 10.0.0.0/24 (IP range 10.0.0.4 - 10.0.0.254)
Azure Subnet 10.0.0.0/27 (IP range 10.0.0.4 - 10.0.0.30)
Gateway 10.0.0.32/29 (IP range 10.0.0.36 - 10.0.0.38)
The Azure server has a DHCP address of 10.0.0.4
and a gateway of 10.0.0.1
. I don't understand why a gateway of 10.0.0.1
. Based on my network config above, I would have expected the gateway to be 10.0.0.36
or higher.
I can't ping 10.0.0.1
but can ping 10.0.0.36
from both networks. I have tried changing the Server's default gateway to 10.0.0.36
without any luck. I have disabled the firewall on the Server and created a firewall IPsec rule on the pfsense box to allow all TCP/UDP traffic from everywhere on all port. Still no luck
Anyone know what may be wrong?
Thanks
O
Source: (StackOverflow)
I m using OPENWRT DNSMASQ/
1 every machine should have a Dynamic IP.(it is OK)
2 after that he gets a captive portal page to enter credentials. ( it is done too)
Question is
If credential is correct then what command should I do to Server openwrt so that it could change its Earlier IP given by DHCP to an other specific IP.
for Example:
DHCP range is 192.168.1.100 to 192.168.1.150.
if one had got IP 192.168.1.xxx.. how can I order server to assign a specific IP 192.168.1.20 after credentials change of IP to other IP.
like pfsense captive portal do, firstly it gives dynamic IP, but after credenttial succeed it changes the client IP according to the credentials.
Source: (StackOverflow)
I run my home network off of a pfSense (2.2.6) box, which is connected via PPPoE to my DSL (in Germany, Alice/O2/Telefonica). My modem is a deconfigured "Alice Modem WLAN 1421", which only provides PPPoE-Passthrough.
My Carrier contacted me to "upgrade" my hardware to a "HomeBox 2". My research suggests that Telefonica migrates my connection to BSA (BitStream / OneSession). I contacted them via chat and they told me that indeed OneSession is their reason and PPPoE (passthrough) will not be available to me any more. This is rather dissatisfactory, because my pfSense box would become another LAN client behind that HomeBox. Also would port forwarding become more difficult, double-NAT and stuff. m(
I don't use VoIP, so "OneSession" is rather useless to me.
1) Is there alternative hardware i can use?
2) May that HomeBox 2 can be somehow configured ... with my pfSense box ...?
Source: (StackOverflow)