Captive Portal

I'm using pfSense and they told me I should ask you guys about this question since m0n0wall's implimentation of Captive Portal is used directly in pfSense.

I'd like to setup a number of captive portal access points that centrally authenticate with a RADIUS server in my datacenter.

Here is what I'm worried about.

I'd eventually like to have a number of these out in the wild (hopefully, a large number). What if I change IPs of my RADIUS server? As it stands, since I have to use an IP address I'm going to be screwed. I'd have to login to each box and update the IP addresses - BLAH...

Isn't this one (of many) reason(s) why we have hostnames? If I used a hostname, I'd be fine (after DNS propagates, of course).


So, I'd like to know what you all think of this "hack" I've tried in order to work around this issue:


I've edited the following files:

Code:

/etc/inc/captiveportal.inc
/usr/local/www/services_captiveportal.php

and

Code:

/usr/local/www/services_captiveportal_ip_edit.php

and I've made a few mods.

In captiveportal.inc on line 227 I made this:

Code:

$radiusip = $config['captiveportal']['radiusip'];

look like this:

Code:

$radiusip = gethostbyname($config['captiveportal']['radiusip']);

I did the same thing with radiusip2 as well. Then I made line 719 go from this:

Code:

fwrite($fd, $ipent['ip'] . "," . $ruleno ."\n");

to this:

Code:

fwrite($fd, gethostbyname($ipent['ip']) . "," . $ruleno ."\n");

(So I could allow hostnames rather than just IP addresses).


The neat thing about the gethostbyname() function is that if you pass it an IP, it just spits the IP right back (at least, from what I can tell) - so this shouldn't "break" anything already there, just allow you to add the ablity to put in hostnames.

Oh, and I commented out the checks that give you errors if you DON'T enter IP addresses (starting on line 122 in services_captiveportal.php and line 61 in services_captiveportal_ip_edit.php)


So, here is what I'm curious about:

1) Obviously, will this work as I expect?
2) Will pfSense (or, I guess, m0n0wall) ever "update" values on it's own (in other words, will pfSense have to be "reset" in someway for it to check for changes in the hostname's resolving IP addresses?)
3) If the hostnames won't be looked up often, is there anyway I can run a cronjob of some sort that will automate that?
4) If this isn't the way I should be going, does anyone have any other ideas as to how I should prevent having to login to each box and change the RADIUS server IP addresses for IP changes...?


Thanks all!