Pages

Tuesday, March 11, 2014

Failover with CARP in PFsense: Part 2

Failover with CARP in PFsense: Part 2


Failover with CARP in PFsense


In the previous article, I briefly discussed the advantages of using CARP with PF, as well as the difference between CARP and other protocols commonly used for redundancy. In this article, I will outline a hypothetical CARP implementation involving two redundant firewalls.

Failover with CARP in PFsense: Part 1

Failover with CARP in PFsense: Part 1



Failover with CARP in PFsense

Common Address Redundancy Protocol (CARP) is a protocol which allows multiple hosts on the same local network to share a set of IP addresses. Its primary purpose is to provide failover redundancy. It was developed as a non-patent-encumbered alternative to Virtual Router Redundancy Protocol (VRRP), which is defined in RFC 2281 and 3768 and was quite far along towards becoming an IETF-sanctioned standard.

WAN Load Balancing and Captive Portal on Pfsense 2

WAN Load Balancing and Captive Portal on Pfsense 2


Dual WAN Load Balacing and Failover + Captive Portal


In this tutorial I will be show you how to configure a DUAL WAN Load Balancing and Failover server using PFsense 2 with Captive Portal for wireless authentication.

Requirements: PFsense v2 with 4 network adapter, 2 Internet Connection

Setup and Configure FreeRadius on Captive Portal

Setup and Configure FreeRadius on Captive Portal


What is radius server?

Remote Access Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers that connect and use a network service. RADIUS servers use the AAA concept to manage network access in the following two-step process, also known as an "AAA transaction". AAA stands for “authentication, authorization and accounting”. Authentication and Authorization characteristics in RADIUS are described in RFC 2865 while Accounting is described by RFC 2866.

Customizing Captive Portal Login Page on PFsense

Customizing Captive Portal Login Page on PFsense


After configuring captive portal, you can change the default login page

Open notepad, copy and paste the code below, click Save As, type File name login.html and simply save it to your desktop.

Securing Captive Portal Login Page on PFsense

How to secure Captive Portal Login Page on PFsense 2


Problem:

The common problem of captive portal is ARP Spoofing that may allow an attacker to intercept data frames on a LAN, modify the traffic, stop the traffic altogether, or even sniff the username and password / voucher code in a captive portal login page.