22.05 - CP clients have connectivity issues after x amount of time
-
@heper said in 22.05 - CP clients have connectivity issues after x amount of time:
i doubt it's a gui issue.
because currently i'm under the impression that i might be hitting the same issue:with or without per-user-bandwidth enabled (i guess when disabled, everyone gets added to the same unlimited pipe-pair?)
with manual disconnect on gui
when CP-client triggers the idle-timeoutIn any case, captiveportal_disconnect() gets called, and this will delete conditionally delete the pipe ($pipeno) of that user.
If all users use the same pipe, then that will will impact all the users that use that pipe.
edit : removed my script, you - @heper know how to dump the connected portal user database and see pipes used per user..edit : lol, 12 minutes to late : all your users use the same pipe number.
I did this to restore unique pipeno usage :
/usr/local/captiveportal/index.html
$pipeno = captiveportal_get_next_dn_ruleno('auth', 2000, 64500, true); ....... } $auth_result = captiveportal_authenticate_user($user, $passwd, $clientmac, $clientip, $pipeno, $context);I changed the true for false on the first line
Added an 'else' condition.$pipeno = captiveportal_get_next_dn_ruleno('auth', 2000, 64500, false); ....... } else $auth_result = captiveportal_authenticate_user($user, $passwd, $clientmac, $clientip, $pipeno, $context);Now, if a pipe gets attributed, but the login fails, the pipe will get freed up again.
My users have now unique pipes.
-
@gertjan said in 22.05 - CP clients have connectivity issues after x amount of time:
edit : removed my script, you - @heper know how to dump the connected portal user database and see pipes used per user..
i copy/pasted your script yesterday & adjusted it to not print_r the entire array, but only the information i wanted. =)
-
@gertjan
i won't change the index.php or any other file on my production system unless it's by an official patch or at the request of netgate.current testing indicates i can work around the bug.
- by preventing anyone from disconnecting manually (blanked out the logout page)
- by setting the idle timeout to 10 hours to cover the entire school-day
- by setting the per-user-bw value's high enough because everyone uses the same pipeno
i'll keep close watch on it today, but i think/believe you found the root cause.
-
@heper
If this is the issue, there will be an official patch, and with a little luck an update for the pfSense patch package with a build in patch, so it will be a one click solution.@heper said in 22.05 - CP clients have connectivity issues after x amount of time:
i won't change the index.php or any other file on my production system unless it's by an official patch or at the request of netgate.
I fully understand ;)
-
Yes, me too.
Just replicating that here now. Hopefully we should have something more official available soon.
Steve
-
i've monitored cp-situation fairly closely the entire day.
i didn't notice any dropouts throughout the day with the workaround i have in place.thanks for looking into this & figuring out what the issue is
-
I have replicated this and we are reviewing it. I'll open a bug report that better describes the issue momentarily:
https://redmine.pfsense.org/issues/13488
Please add anything there that may be pertinent.
Steve
-
the same thing happens when per-user-bw is disabled:
- all users use the same pipe
- on disconnect that pipe gets removed
should i add this to the redmine myself or will you change the summary ?
- all users use the same pipe
-
Actually, bandwidth set, for all users, or not, or set individually when using FreeRadius, it doesn't matter.
The issue has nothing to do with bandwidth, but bandwidth usage made it more 'visible'.
Your video was spot on : all connected users together use the set bandwidth of one user (10 Mbits down). Looking again at the limiters list did the rest.Solving this one is easy.
I'm often think about what jimp said ones in the past : we will have to re write all this captive portal (Italian food) 'code', he mentioned Python if I recall well. As "/etc/inc/captiveportal.inc" is a bit .... messy.
-
Ah, OK, that is likely a hangover from ipfw where all traffic had to use a pipe in order to be filtered at L2. Though the pipe was set at unlimited bandwidth.
Yes, add that or I can when I've tested it later today.Steve
-
Ok, yup, it's exactly that. Adding it.
-
G Gertjan referenced this topic on
-
G Gertjan referenced this topic on
-
G Gertjan referenced this topic on
-
G Gertjan referenced this topic on
-
G Gertjan referenced this topic on
-
G Gertjan referenced this topic on
-
@gertjan said in 22.05 - CP clients have connectivity issues after x amount of time:
I did this to restore unique pipeno usage :
/usr/local/captiveportal/index.html
$pipeno = captiveportal_get_next_dn_ruleno('auth', 2000, 64500, true); ....... } $auth_result = captiveportal_authenticate_user($user, $passwd, $clientmac, $clientip, $pipeno, $context);I changed the true for false on the first line
Added an 'else' condition.$pipeno = captiveportal_get_next_dn_ruleno('auth', 2000, 64500, false); ....... } else $auth_result = captiveportal_authenticate_user($user, $passwd, $clientmac, $clientip, $pipeno, $context);Now, if a pipe gets attributed, but the login fails, the pipe will get freed up again.
My users have now unique pipes.
@Gertjan
Would you be so kind to share the modified 22.05- index.php ?
(Or a real diff)I'm having the same issue, and would like to try this fix, but dont really understand what should be changed.
-
Sorry, never managed to make a "diff" - tried many times, but the obtained patch file isn't usefull (for me) otherwise I would use that myself, and it would be easier to communicate here, I agree.
The original code (from github):
Step 1: before the first line "$pipeno = captiveportal_get_next_dn_ruleno('auth',......", add
$auth_result = array();Step 2 : change the (now second) line
$pipeno = captiveportal_get_next_dn_ruleno('auth', 2000, 64500, true);for
$pipeno = captiveportal_get_next_dn_ruleno('auth', 2000, 64500, false);Step 3 - goto the closing line 262 "}"
and add an "else" behind and remove the following empty line.The result looks like :
-
@gertjan Thanks!
I'm a total php noob, but;
That "} else" ..
shouldn't be a "} else {"
with a "}" below the "$auth_result =" line ?
-
@level4 said in 22.05 - CP clients have connectivity issues after x amount of time:
That "} else" ..
shouldn't be a "} else {"
with a "}" below the "$auth_result =" line ?You can place
$auth_result = captiveportal_authenticate_user($user, $passwd, $clientmac, $clientip, $pipeno, $context);between { .... }, true. Like :
....... } else { $auth_result = captiveportal_authenticate_user($user, $passwd, $clientmac, $clientip, $pipeno, $context); }Or
....... } else { $auth_result = captiveportal_authenticate_user($user, $passwd, $clientmac, $clientip, $pipeno, $context); }But as this is just one line, so no need.
-
G Gertjan referenced this topic on
-
G Gertjan referenced this topic on
-
G Gertjan referenced this topic on
-
G Gertjan referenced this topic on
-
G Gertjan referenced this topic on
-
G Gertjan referenced this topic on
