pfSense English Support > Captive Portal

Captive Portal accepts clients without Voucher

(1/1)

Greyhat:
I have a pfSense setup with 2 pfSense 2.3.2p2 in a master slave configuration.
I have 2 Internet connections that are chosen policy based (with fallback).
On a separate Interface (opt5) I intiated a Captive Portal with Vouchers.
Everything worked fine but after a spontaneous reboot of the pfSense all traffic is passed from OPT5 to the Internet with a Voucher being asked for.
CP shows no active users.
All traffic is passed until the Captive Portal is disabled and re-enabled again.
Once re-enabled the portal works fine again - until the next pfCrash when everything is passed again.
Any ideas what happened or how to further analyse?
The config seems to be correct as everything works after disabling and enabling

Peer

Gertjan:

--- Quote from: Greyhat on December 06, 2017, 03:55:12 am ---I have a pfSense setup with 2 pfSense 2.3.2p2 in a master slave configuration.

--- End quote ---
... and what about the bug in an old version, corrected in the latest stable version  ;)


--- Quote from: Greyhat on December 06, 2017, 03:55:12 am ---On a separate Interface (opt5) I intiated a Captive Portal with Vouchers.
Everything worked fine but after a spontaneous reboot of the pfSense all traffic is passed from OPT5 to the Internet with a Voucher being asked for.

--- End quote ---
"with" (as you said)  or "without" ?


--- Quote from: Greyhat on December 06, 2017, 03:55:12 am ---All traffic is passed until the Captive Portal is disabled and re-enabled again.
Once re-enabled the portal works fine again - until the next pfCrash when everything is passed again.
Any ideas what happened or how to further analyse?

--- End quote ---
No.
pfSense doesn't crash - mine stays of for months or years if needed.
As soon as it restarted, go console or SSH access and run dmesg - dump it to pastebin.com (NOT in the forum) - and paste link here.
Like to see if FreeBSD complains about your hardware - some driver not ok (Realtek problem or whatever). We'll see.

Detecting why it crashes (reports, logs, details) is also very important. Never say it crahes, show what it says when it crashed, We can't see nothing from here.


--- Quote from: Greyhat on December 06, 2017, 03:55:12 am ---The config seems to be correct as everything works after disabling and enabling

--- End quote ---
Often the setup is not good, or hardware not good.
As said, pfSense works - I do not think a double WAN is a problem (I don't have one).

Greyhat:
Unfortunately this is a nanoBDS platform that does not support the current 2.4.2 software.
It has been stable for years but nowerdays keeps crashing once or twice a week.
I tried to avoid hardware problems by exchanging promary ans secondary (identical) firewall. Same crashes.
I collected crash dumps (or at least logs) using the serial line output
A crashdump is under
https://pastebin.com/SBcsDe2g
https://pastebin.com/WKuPMk2Q

More dumps on request

Gertjan:

--- Quote from: Greyhat on December 06, 2017, 08:01:31 am ---Unfortunately this is a nanoBDS platform that does not support the current 2.4.2 software.

--- End quote ---
2.3.5 includes a boatload with fixes. That's why one upgrades ;)


--- Quote from: Greyhat on December 06, 2017, 08:01:31 am ---It has been stable for years but nowerdays keeps crashing once or twice a week.
I tried to avoid hardware problems by exchanging promary ans secondary (identical) firewall. Same crashes.
I collected crash dumps (or at least logs) using the serial line output
A crashdump is under
https://pastebin.com/SBcsDe2g
https://pastebin.com/WKuPMk2Q

More dumps on request

--- End quote ---
I'm not an expert in reading crash dumps, but i found something : 252 occurrences of the process "filterdns".
This is what I have :

--- Code: ---[2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ps ax | grep 'filterdns'
19927  -  Is       0:04.57 /usr/local/sbin/filterdns -p /var/run/filterdns-cpzone1-cpah.pid -i 300 -c /var/etc/filterdns-cpzone1-captiveportal.conf -d 1
20510  -  Ss       0:24.97 /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
92118  -  Is       0:02.35 /usr/local/sbin/filterdns -p /var/run/filterdns.pid -i 300 -c /var/etc/filterdns.conf -d 1
34116  1  S+       0:00.00 grep filter
--- End code ---
thus : 3.

Run :

--- Code: ---ps ax | grep 'filterdns'
--- End code ---
to what you have.

Greyhat:
You are right the filterdns is really strange. It usually is in my setting only 2 or 3 times present. In crahses (also in VMs with "real " installations) it is very frequent. So this might be the reason for one problem. A possible reason is quite a number of Laiases using FQDNs.
I tried to update but it seems that the last version is 2.3.4p1. 2.3.5 is not in the release path? I am afk for the weekend. Thanks for the help so far.

Navigation

[0] Message Index

Go to full version