pfSense Gold Subscription

Author Topic: Captive Portal accepts clients without Voucher  (Read 95 times)

0 Members and 1 Guest are viewing this topic.

Offline Greyhat

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Captive Portal accepts clients without Voucher
« on: December 06, 2017, 03:55:12 am »
I have a pfSense setup with 2 pfSense 2.3.2p2 in a master slave configuration.
I have 2 Internet connections that are chosen policy based (with fallback).
On a separate Interface (opt5) I intiated a Captive Portal with Vouchers.
Everything worked fine but after a spontaneous reboot of the pfSense all traffic is passed from OPT5 to the Internet with a Voucher being asked for.
CP shows no active users.
All traffic is passed until the Captive Portal is disabled and re-enabled again.
Once re-enabled the portal works fine again - until the next pfCrash when everything is passed again.
Any ideas what happened or how to further analyse?
The config seems to be correct as everything works after disabling and enabling

Peer

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2158
  • Karma: +166/-9
    • View Profile
Re: Captive Portal accepts clients without Voucher
« Reply #1 on: December 06, 2017, 06:00:07 am »
I have a pfSense setup with 2 pfSense 2.3.2p2 in a master slave configuration.
... and what about the bug in an old version, corrected in the latest stable version  ;)

On a separate Interface (opt5) I intiated a Captive Portal with Vouchers.
Everything worked fine but after a spontaneous reboot of the pfSense all traffic is passed from OPT5 to the Internet with a Voucher being asked for.
"with" (as you said)  or "without" ?

All traffic is passed until the Captive Portal is disabled and re-enabled again.
Once re-enabled the portal works fine again - until the next pfCrash when everything is passed again.
Any ideas what happened or how to further analyse?
No.
pfSense doesn't crash - mine stays of for months or years if needed.
As soon as it restarted, go console or SSH access and run dmesg - dump it to pastebin.com (NOT in the forum) - and paste link here.
Like to see if FreeBSD complains about your hardware - some driver not ok (Realtek problem or whatever). We'll see.

Detecting why it crashes (reports, logs, details) is also very important. Never say it crahes, show what it says when it crashed, We can't see nothing from here.

The config seems to be correct as everything works after disabling and enabling
Often the setup is not good, or hardware not good.
As said, pfSense works - I do not think a double WAN is a problem (I don't have one).

Offline Greyhat

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Captive Portal accepts clients without Voucher
« Reply #2 on: December 06, 2017, 08:01:31 am »
Unfortunately this is a nanoBDS platform that does not support the current 2.4.2 software.
It has been stable for years but nowerdays keeps crashing once or twice a week.
I tried to avoid hardware problems by exchanging promary ans secondary (identical) firewall. Same crashes.
I collected crash dumps (or at least logs) using the serial line output
A crashdump is under
https://pastebin.com/SBcsDe2g
https://pastebin.com/WKuPMk2Q

More dumps on request

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2158
  • Karma: +166/-9
    • View Profile
Re: Captive Portal accepts clients without Voucher
« Reply #3 on: December 06, 2017, 02:05:39 pm »
Unfortunately this is a nanoBDS platform that does not support the current 2.4.2 software.
2.3.5 includes a boatload with fixes. That's why one upgrades ;)

It has been stable for years but nowerdays keeps crashing once or twice a week.
I tried to avoid hardware problems by exchanging promary ans secondary (identical) firewall. Same crashes.
I collected crash dumps (or at least logs) using the serial line output
A crashdump is under
https://pastebin.com/SBcsDe2g
https://pastebin.com/WKuPMk2Q

More dumps on request
I'm not an expert in reading crash dumps, but i found something : 252 occurrences of the process "filterdns".
This is what I have :
Code: [Select]
[2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ps ax | grep 'filterdns'
19927  -  Is       0:04.57 /usr/local/sbin/filterdns -p /var/run/filterdns-cpzone1-cpah.pid -i 300 -c /var/etc/filterdns-cpzone1-captiveportal.conf -d 1
20510  -  Ss       0:24.97 /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
92118  -  Is       0:02.35 /usr/local/sbin/filterdns -p /var/run/filterdns.pid -i 300 -c /var/etc/filterdns.conf -d 1
34116  1  S+       0:00.00 grep filter
thus : 3.

Run :
Code: [Select]
ps ax | grep 'filterdns'to what you have.

Offline Greyhat

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Captive Portal accepts clients without Voucher
« Reply #4 on: December 07, 2017, 08:48:59 am »
You are right the filterdns is really strange. It usually is in my setting only 2 or 3 times present. In crahses (also in VMs with "real " installations) it is very frequent. So this might be the reason for one problem. A possible reason is quite a number of Laiases using FQDNs.
I tried to update but it seems that the last version is 2.3.4p1. 2.3.5 is not in the release path? I am afk for the weekend. Thanks for the help so far.