skyzohkey / kanet Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/kanet
License: GNU General Public License v3.0
Automatically exported from code.google.com/p/kanet
License: GNU General Public License v3.0
It would be great to be able to write patterns in ACL configurations such as:
{ "port" : * },
{ "port" : 80* },
{ "address" : www.edu*.fr },
or port ranges such as:
{ "port" : 1024-1034 },
Usefull when Kanet is used for the captive portal and authentication process
but when the firewalling job is done by another machine.
Original issue reported on code.google.com by [email protected]
on 31 Jan 2012 at 9:57
What steps will reproduce the problem?
1.Lorsque je me connecte à mon CAS
2.Au moment de recevoir le ticket pour le serveur kanet
3.
What is the expected output? What do you see instead?
Je suis sensé arriver sur la page "update.html"
Mais au lieu de ça, j'ai une erreur proxy "the server could not handle the
request
/login_cas/
What version of the product are you using? On what operating system?
kanet_0.2-3_i386_lucid.deb sur un Ubuntu server
Please provide any additional information below.
J'arrive à joindre ce fichier si je commente les lignes "proxy" dans le
fichier /etc/apache2/sites-availables/kanet, mais forcéement, ça ne sert à
rien.
je démarre kanet en root
Et les logs ne m'aident pas trop.
Je joint mes fichier de site et kanet.conf
Merci d'avance pour votre aide
Original issue reported on code.google.com by [email protected]
on 19 Mar 2013 at 9:22
Attachments:
Have the possibility to DNAT user to different VLAN depending on an
attribute return when user is authenticated
Original issue reported on code.google.com by [email protected]
on 31 Mar 2010 at 8:19
I'm trying to compile a debian package from sources (version 0.2.3)
Im get this error (Full log attached):
WebServers.vala:58.63-58.80: error: The name `data' does not exist in the
context of `string'
WebServers.vala:62.63-62.80: error: The name `data' does not exist in the
context of `string'
WebServers.vala:136.65-136.82: error: The name `data' does not exist in the
context of `string?'
WebServers.vala:142.65-142.82: error: The name `data' does not exist in the
context of `string?'
WebServers.vala:179.64-179.81: error: The name `data' does not exist in the
context of `string?'
WebServers.vala:185.64-185.81: error: The name `data' does not exist in the
context of `string?'
WebServers.vala:228.61-228.79: error: The name `data' does not exist in the
context of `string?'
WebServers.vala:242.57-242.74: error: The name `data' does not exist in the
context of `string?'
WebServers.vala:451.38-451.41: error: Argument 2: Cannot convert from `null' to
`size_t'
WebServers.vala:458.73-458.78: error: Argument 3: Cannot convert from
`uint8[]?' to `string'
WebServers.vala:605.23-605.26: warning: Argument 1: Cannot pass null to
non-null parameter type
Does anybody ave an idea?
I'm not really familiar with package building and vala but I would like to
develop a new authentication mode for kanet (password-of-the-day mode)
Thanks for your help
Original issue reported on code.google.com by [email protected]
on 18 Jan 2012 at 2:32
Attachments:
What steps will reproduce the problem?
1. Followed network setup on wiki
2. followed config in wiki for ubuntu using cas for login
3. everything starts fine
What is the expected output? What do you see instead?
after logiing into CAS should be redirected to portal or internet
What version of the product are you using? On what operating system?
kanet_0.2-3_amd64_lucid.deb
Please provide any additional information below.
After successfully getting an IP, I open internet explorer and am immediatley
redirected to our CAS login. After i login it redirects to
https://kanet ip/login_cas/?ticket=ST***********
after which says server is not respodning, unable to connect
Please Help,
Jason
Original issue reported on code.google.com by [email protected]
on 20 Jun 2012 at 7:04
Maybe it's already possible to make it but I'll expose my problem here :
ACLs system allows or deny acces to some websites, ports or address, but only
for acces to WAN side.
I would like to make a whitelist from mac addresses of some users of our
captive portal.
Kanet is a very good solution but this feature is the only missing for
replacing PFSense...
I'm currently trying to make ie via a script which parses a macaddress list to
add iptables rules.
Original issue reported on code.google.com by [email protected]
on 7 Jul 2011 at 3:03
Hello,
I like the design of kanet, well job !
But I think there is a small security issue : it seems that there is no DNS
tunnel protection.
Some possible solutions I see :
- implement basic DNS resolution in kanet, for resolving captive portal,
listening on a non standard UDP port (ex : 5353)
- add an iptable rule for non authenticated clients requesting UDP 53 to be
redirected to kanet DNS server (port 5353)
Best regards,
G. Husson.
Original issue reported on code.google.com by [email protected]
on 2 May 2011 at 11:49
I don't know how difficult it is but a session tracking based on the packets
traffic (like WIFIDog) would help to make Kanet work on IPhones. No need to
keep a window open.
It could be an option in the configuration file.
Thomas
Original issue reported on code.google.com by [email protected]
on 31 Jan 2012 at 10:00
What steps will reproduce the problem?
1. After the login page,we can't go on internet and we are redirected to the
page that we have after the login (intranet of my school).
What is the expected output? What do you see instead?
The expected output is that we can navigate on the internet.
What version of the product are you using? On what operating system?
I'm using KANET 0.2.3 on debian squeeze.
Please provide any additional information below.
My authentification type is "CAS" but in "Kanet.conf", the only type of
authentification are "kanet-radiusclient" or "kanet-dummy". Is there an another
type of authentification that i don't know?
Thanks in advance
PS : I'm french so i'm sorry for my english
Original issue reported on code.google.com by [email protected]
on 20 Apr 2011 at 2:34
Have the ability to specify Acl for a particular User.
Original issue reported on code.google.com by [email protected]
on 22 Feb 2013 at 10:23
What steps will reproduce the problem?
1.install of kanet_0.2-3_i386_lucid.deb
2.kanet in debbug mode
3.start kanet from the command line
What is the expected output? What do you see instead?
when I start kanet from the command line, I've got this output (Attached in
logKanet.txt)
What version of the product are you using? On what operating system?
kanet_0.2-3_i386_lucid.deb
Please provide any additional information below.
I double check the installation of the libraries, and my configuration of
kanet.conf is pretty basic, I only change the ip's for my devices, kanet is
configured in STANDALONE mode, I don't have any idea why is it failing.
Original issue reported on code.google.com by [email protected]
on 10 Feb 2012 at 6:41
Attachments:
Check mandatory field with different server mode.
Original issue reported on code.google.com by [email protected]
on 29 Nov 2010 at 3:47
bonjour à tous,
je suis en train de monter un portail captif à l'aide de "kanet" et d'une
authentification CAS mais voila, je rencontre un problème (je ne serais pas la
sinon me direz vous)
mon problème ::
Quand mon client veut aller sur le web il doit passer par mon portail et
s'authentifier auprès de mon serveur CAS, jusque ici pas de problème.
La ou le bas blesse c'est que une foi authentifier mon client devrai avoir
(grâce au ticket délivré pas CAS) accéder au web mais cela ne fonctionne
pas et je suis toujours redirigé sur le serveur web de kanet...
fichier /etc/apache2/sites-enable/kanet :
[code]
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/server.crt
SSLCertificateKeyFile /etc/apache2/server.key
SSLVerifyClient none
SSLProxyEngine On
Alias /www /usr/share/kanet/
ProxyPreserveHost On
ProxyRequests On
ProxyPass / http://127.0.0.1:8181/ disablereuse=on retry=0 flushpackets=on
ProxyPassReverse / http://127.0.0.1/
ProxyTimeout 3
<location />
Allow From All
</location>
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
<VirtualHost *:8080>
RewriteEngine ON
RedirectMatch .* https://cas.toto.fr:8443/cas/?service=https://kanet.toto.fr/login_cas
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
[/code]
fichier /etc/kanet/kanet.conf
[code]/*
Configuration file for kanet
*/
{
/*
Server configuration
SERVER_MODE="STANDALONE" (default) or "PROXY"
*/
"SERVER_MODE" : "PROXY",
"SERVER_URL" : "https://kanet.toto.fr",
"SERVER_PORT" : "8181",
"SERVER_IP" : "",
"REDIRECT_SERVER_PORT" : "8080",
"QUEUE_NUM" : "0",
"SSL_CERT_FILE" : "/etc/kanet/ssl-kanet.crt",
"SSL_KEY_FILE" : "/etc/kanet/ssl-kanet.key",
"DEBUG" : "0",
/*
Persistent data,
only sqlite is available.
*/
"database" : "sqlite",
"sqlite_connection_string" : "/var/lib/kanet/kanet.sqlite",
"mysql_connection_string" : "Server=xxx; Port=3306; Database=xxx; uid=xxx; pwd=xxx;",
/*
Server behavior
*/
"login_page" : "https://cas.toto.fr:8443/cas/?service=https://kanet.toto.fr/login_cas/",
"captive_portal_page" : "https://kanet.toto.fr/www/update.html,
"cas_url" : "https://cas.toto.fr:8443/cas/",
"www_path" : "/usr/share/kanet/",
"module_path" : "/usr/lib",
"auth_module_name" : "kanet-radiusclient",
/*
blacklist acls
always rejected.
*/
"KANET_ACL_TYPE_BLACKLIST": [
{ "address" : "127.0.0.1", "port" : 9090 },
{ "port" : 8089 }
],
/*
open acls
always open
*/
"KANET_ACL_TYPE_OPEN": [
{ "address" : "kanet.toto.fr" },
{ "address" : "cas.toto.fr", },
{ "address" : "kanet.toto.fr" }
],
/*
default acls
open to authenticated users.
*/
"KANET_ACL_TYPE_DEFAULT": [
{ "port" : 8043 },
{ "port" : 443 },
{ "port" : 80 },
{ "port" : 8080 },
{ "port" : 8443 }
],
/* Admins : comma separated login list */
"admins": "colin,colin@upvm",
/*
blacklist_part
*/
"blacklist_users" : [
{ "login" : "colin", "message" : "hi foo ! you're login have been locked .." },
{ "login" : "johndoe", "message" : "hi john doe ! this account is locked .." }
],
"default_blacklist_message" : "Your account have been locked",
/*
auto_blacklist_acl
used to inform user they are probably infected, if a user try to join
one of this address, the user is automatically blacklisted and the message
display on is login window
*/
"auto_blacklist_acls": [
{ "address" : "192.168.1.45", "message" : "You're account have been temporarily locked <br/> because you're probably infected by a virus" },
{ "port" : 45678, "message" : "You're account have been temporarily locked <br/> because you're probably infected by a virus" }
],
/*
quota, in bytes or seconds. 0 is unlimited.
*/
"bytes_quota" : "0",
"time_quota" : "0",
/*
message
variables : $upbytes $downbytes $duration
*/
"update_msg" : "Up : $upbytes, Down: $downbytes, Time: $duration",
"over_quota_msg" : "Sorry you exceed your quota",
"blacklist_msg" : "Sorry, you're account have been locked",
"update_error_msg" : "An error occured during authentication process, please restart your browser",
}
[/code]
je tourne en rond depuis un moment et commence à désespérer... le pire c'est
que je suis sur que c'est un petit truc qui me bloque et je ne voit pas du tout
d'où cela peut venir
merci d'avance
Original issue reported on code.google.com by [email protected]
on 23 Jan 2012 at 2:19
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.