Wireless Access

Reply
Occasional Contributor II

Captive portal vs VPN

Hi,

I have a guest access using Captive portal.

Everything seems to work, web, pop, imap, etc... but there is one problem, I can't get uers to connect to their VPN (in that case "Contivity VPN client" from Nortel).

I'm 99 % sure the problem is the Captive portal because if I use another method of authentication (like wpa) then everything works.

Are they any ports that are blocked with captive portal ?

Or do you have another idea ?

thanks
sorry for my english
Aruba

Captive portal vs VPN

Which role is the Captive Portal user in ? Is it Guest ? If yes, then
that explains what you are seeing. The default Guest role does not
allow VPN. Every installation I do, I add VPN to the guest role ;)

If its not guest, which role ?
Occasional Contributor II

Re: Captive portal vs VPN


Which role is the Captive Portal user in ? Is it Guest ? If yes, then
that explains what you are seeing. The default Guest role does not
allow VPN. Every installation I do, I add VPN to the guest role ;)

If its not guest, which role ?




yes it's guest

I'm sorry, I'm really new at aruba products...

what is the easiest way to add vpn to this role ??

aruba controller 500

thanks
Aruba

Captive portal vs VPN

No worries. Here is the configuration I typically leverage when I am
doing installations and also provide to folks I work with in my area to
make their installs go efficiently.

Step #1 - The policy, apply from the command line of the controller,
under the config t mode

!
ip access-list session VPN-Clients
user any svc-l2tp permit
user any svc-esp permit
user any svc-ike permit
user any tcp 17 permit
user any udp 51 permit
user any udp 4500 permit
user any tcp 10000 10001 permit
user any udp 10000 10001 permit
user any svc-pptp permit
user any svc-gre permit
!

Step #2 -- Associate the new policy with the guest account as follows
(also from command line)

!
user-role guest
access-list session VPN-Clients
!

Step #3 -- Your users, in the guest role, should now have full VPN
capabilities, regardless of the device or client they are using
(Nortel(R.I.P.) included) :)

JF
Aruba

Captive portal vs VPN

No worries. Here is the configuration I typically leverage when I am
doing installations and also provide to folks I work with in my area to
make their installs go efficiently.

Step #1 - The policy, apply from the command line of the controller,
under the config t mode

!
ip access-list session VPN-Clients
user any svc-l2tp permit
user any svc-esp permit
user any svc-ike permit
user any tcp 17 permit
user any udp 51 permit
user any udp 4500 permit
user any tcp 10000 10001 permit
user any udp 10000 10001 permit
user any svc-pptp permit
user any svc-gre permit
!

Step #2 -- Associate the new policy with the guest account as follows
(also from command line)

!
user-role guest
access-list session VPN-Clients
!

Step #3 -- Your users, in the guest role, should now have full VPN
capabilities, regardless of the device or client they are using
(Nortel(R.I.P.) included) :)

JF
Occasional Contributor II

Re: Captive portal vs VPN

Thank you very much

that just did the trick !

thanks again !
Aruba

Captive portal vs VPN

Glad it worked out!

You have happy guests now :)
Occasional Contributor II

Re: Captive portal vs VPN


Glad it worked out!

You have happy guests now :)




yes they are !

As you seems to know well the product, instead of using internal database for the Captive portal users/passwords, I suppose it's possible to use a radius server ?

question 2 : do you know if there is a way to automatically open browser on the captive portal when user connect to the network ?

edit : ok I found the place in the web interface for the first question.

Re: Captive portal vs VPN

Hi,

It is the user that opens the browser which then redirects to the Captive Portal page.

You can configure it to direct to a specific page after they have entered their credentials by adding it to the Captive portal config,

aaa authentication captive-portal "Guest"
welcome-page http://someaddress.com


Hope this helps

If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Aruba Employee

Re: Captive portal vs VPN


Hi,

It is the user that opens the browser which then redirects to the Captive Portal page.




For typical desktop operating systems that is correct. Many of the smart phone operating systems will attempt to ping via http an Internet connected resource upon successful network association in order to see if they have Internet connectivity. Apple iOS for instance will try to ping apple.com, and if necessary will auto-launch a browser to complete the captive portal authentication.

Still, the action is initiated by the client (user or device), not by the wireless infrastructure.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: