Hi support team,
I have a Pepwave AP One AC Mini (Firmware: 3.5.2 build 1540) which I’m trying to get it to work with my captive portal. When a client device connected to the SSID, I manage to get captive portal by setting this config below…
Now, based on the information in this URL - Peplink | Pepwave - Forum
The captive portal should have a form sending Username, Password, Command and Orig_URL to the AP (as per Step 5 in the URL above).
I’m stuck with the form setup as below…
<form name=“XXXXX” id=“YYYYY” action=“ZZZZZ” method=“POST” >
<input type=“hidden” name=“username” value=“user01” />
<input type=“hidden” name=“password” value=“password01” />
<input type=“hidden” name=“command” value=“login” />
<input type=“hidden” name=“orig_url” value=“www.google.com ” />
<input type=“submit” value=“Click to Surf” />
</form>
What’s the value for XXXXX / YYYYY / ZZZZZ ???
Can you provide me with a sample HTML form that will work so I can adapt it into my own captive portal?
Thanks.
Please refer back to the same URL link - Peplink | Pepwave - Forum
You can download an example of the external splash page in php language.
Hi Liew,
From the sample I get the following…
<form method=‘POST’ action=‘https://captive-portal.peplink.com:8000/portal.cgi ’ >
<div align=‘center’ style=“text-align:center”>
<table border=“0” cellpadding=“4” cellspacing=“4” width=“100%”>
<tr><td align=‘center’ colspan=‘2’><br><img src=“logo.png”></td></tr>
<tr><td class=‘title’ colspan=‘2’><span>Welcome to Portal!</span></td></tr>
<tr><td class=‘row_header’>Username: </td><td><input name=‘username’ size=‘32’></td></tr>
<tr><td class=‘row_header’>Password: </td><td><input type=‘password’ name=‘password’ size=‘32’></td></tr>
<input type=‘hidden’ name=‘command’ value=‘login’>
<tr><td align=‘center’ colspan=‘2’><input type=‘submit’ value=‘Login’></td></tr>
</table>
</div>
</form>
This URL doesn’t seems to be a valid link, can you provide this file - https://captive-portal.peplink.com:8000/portal.cgi
So I can study the content and reference to it?
Thanks.
cckhaw:
Hi Liew,
From the sample I get the following…
<form method=‘POST’ action=‘https://captive-portal.peplink.com:8000/portal.cgi ’ >
<div align=‘center’ style=“text-align:center”>
<table border=“0” cellpadding=“4” cellspacing=“4” width=“100%”>
<tr><td align=‘center’ colspan=‘2’><br><img src=“logo.png”></td></tr>
<tr><td class=‘title’ colspan=‘2’><span>Welcome to Portal!</span></td></tr>
<tr><td class=‘row_header’>Username: </td><td><input name=‘username’ size=‘32’></td></tr>
<tr><td class=‘row_header’>Password: </td><td><input type=‘password’ name=‘password’ size=‘32’></td></tr>
<input type=‘hidden’ name=‘command’ value=‘login’>
<tr><td align=‘center’ colspan=‘2’><input type=‘submit’ value=‘Login’></td></tr>
</table>
</div>
</form>
This URL doesn’t seems to be a valid link, can you provide this file - https://captive-portal.peplink.com:8000/portal.cgi
So I can study the content and reference to it?
Thanks.
This is the URL for form submission from web client to AP for authentication purpose. Please refer back to the step 5 and 6 in knowledge base - Peplink | Pepwave - Forum
You have to put this URL in your coding.
cckhaw
May 17, 2016, 12:35pm
5
Hi Liew,
As show in Step 5, the client need to POST the form to AP and I need to know what “action=” to be included in the <form> tag.
For now, if I follow the sample code, the POST action=“https://captive-portal.peplink.com:8000/portal.cgi ” is not valid, which means the form submission is not going to the AP. The call flow stuck at Step 5.
Please advise.
The domain “captive-portal.peplink.com ” is for MAX/Balance. For AP, please use “device.pepwave.com ”, i.e., https://device.pepwave.com:8000/portal.cgi .
You could also use the form_action attribute supplied on the redirection ($_REQUEST’form_action’]) as indicated on the sample page.
Thanks.
Hi Gary,
Thanks for this, I have implemented the form with the action=https://device.pepwave.com:8000/portal.cgi
I see the client is posting the request now to AP. Can’t actually see its content because its HTTPS but that’s expected, assume my Username, Password is in the POST.
Now, the next step I am expecting the AP will send a RADIUS Access-Request to a AAA server as configured below. However, I don’t see the RADIUS Access-Request being send from AP to AAA server. Instead, immediately, the user is granted with internet access.
Please advise…
Hi Gary/Liew…
Thanks for the help on the form, now I manage to post the Username and Password to AP. Subsequently, AP is triggering a RADIUS Access-Request to AAA and AAA reply Access-Accept. - all good.
Going next is AP to send Accounting-Request (START) to AAA but it is missing Acct-Session-Id, see capture below…
Frame 3: 178 bytes on wire (1424 bits), 178 bytes captured (1424 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 25
Arrival Time: May 18, 2016 18:28:16.976101453 MYT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1463567296.976101453 seconds
[Time delta from previous captured frame: 0.021575022 seconds]
[Time delta from previous displayed frame: 0.021575022 seconds]
[Time since reference or first frame: 0.034483316 seconds]
Frame Number: 3
Frame Length: 178 bytes (1424 bits)
Capture Length: 178 bytes (1424 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: sll:ip:udp:radius]
Linux cooked capture
Packet type: Unicast to us (0)
Link-layer address type: 1
Link-layer address length: 6
Source: Pepwave_f7:ff:20 (00:1a:dd:f7:ff:20)
Protocol: IP (0x0800)
Internet Protocol Version 4, Src: 192.168.0.249 (192.168.0.249), Dst: 192.168.0.248 (192.168.0.248)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 162
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (17)
Header checksum: 0xb709 [correct]
[Good: True]
[Bad: False]
Source: 192.168.0.249 (192.168.0.249)
Destination: 192.168.0.248 (192.168.0.248)
User Datagram Protocol, Src Port: 33253 (33253), Dst Port: radius-acct (1813)
Source port: 33253 (33253)
Destination port: radius-acct (1813)
Length: 142
Checksum: 0xcf01 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Radius Protocol
Code: Accounting-Request (4)
Packet identifier: 0xbc (188)
Length: 134
Authenticator: cd35e05796e86c97890f7cdaa51ecbd3
Attribute Value Pairs
AVP: l=5 t=User-Name(1): user01
User-Name: user01
AVP: l=18 t=User-Password(2): Encrypted
User-Password (encrypted): 0b3d57a795c2078af9abb7273f801b67
AVP: l=6 t=Acct-Status-Type(40): Start(1)
Acct-Status-Type: Start (1)
AVP: l=6 t=Framed-IP-Address(8): 192.168.1.100
Framed-IP-Address: 192.168.1.100 (192.168.1.100)
AVP: l=19 t=Calling-Station-Id(31): 4C-34-88-58-77-03
Calling-Station-Id: 4C-34-88-58-77-03
AVP: l=6 t=NAS-IP-Address(4): 192.168.0.249
NAS-IP-Address: 192.168.0.249 (192.168.0.249)
AVP: l=27 t=Called-Station-Id(30): 00-1A-DD-F7-FF-31:pepwave
Called-Station-Id: 00-1A-DD-F7-FF-31:pepwave
AVP: l=6 t=NAS-Port-Type(61): Wireless-802.11(19)
NAS-Port-Type: Wireless-802.11 (19)
AVP: l=21 t=NAS-Identifier(32): AP-One-AC-Mini-0491
NAS-Identifier: AP-One-AC-Mini-0491
Based on RFC2866 - RFC 2866 - RADIUS Accounting ==>An Accounting-Request packet MUST have an Acct-Session-Id.
Thanks for the report. We will check on the missing Acct-Session-Id issue.
cckhaw
May 18, 2016, 4:36pm
10
I’m on (Firmware: 3.5.2 build 1540) - is there a newer firmware I can try on?
I’m having the same issue on multiple external splashes since a few days, for now I could only solve it by removing the captive portal
Hi,
Can you please provide the details info for the issue that you encounter ? Initially this forum threads is discussing the parameter passing between the AP & the external captive portal. If this is related to missing Acct-Session-Id , please check the firmware posted by Gary.
http://download.peplink.com/firmware/apone/fw-ap-acmini_enterprise_flexhw2_rugged-3.5.3s5-build1610.bin
Thank you