Valid vouchers blocked
-
Hello!
I created a custom portal login page as well as error and logout page und uploaded them in the configuration. The whole thing is a server for testing the funcionality of voucher based wlan access, that was provided by our IT support.
All the pages work well, except that sometimes on some devices, it seems as if users are blocked from internet access. This happens mostly after activating a device that was in sleep mode for a certain time. No re-login appears and the blocking seems complete across browsers and apps and does not change any more.
The vouchers and users in question are still listed active until expiration time. It is not clear where I can look in Status or Diagnostics what goes wrong, the only thing I can see is that there is 0 bytes of traffic.
Any hints or suggestions?
Best regards -
All the pages work well, except that sometimes on some devices, it seems as if users are blocked from internet access. This happens mostly after activating a device that was in sleep mode for a certain time. No re-login appears and the blocking seems complete across browsers and apps and does not change any more.
When this happens, do the easy check right away : visit Status => Captive Portal => [ZONE] ans see if the device's IP and MAC are listed. If they are, the pass rules are present for this devices the captive portal is deactivated.
The technical check, see https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting
See tables :
–- table(cpzone1_allowed_up), set(0) ---
--- table(cpzone1_allowed_down), set(0) ---The vouchers and users in question are still listed active until expiration time. It is not clear where I can look in Status or Diagnostics what goes wrong, the only thing I can see is that there is 0 bytes of traffic.
Ah. but are the devices, identified by voucher, IP and MAC listed ?
If so, all ok for pfSense. -
Thank you! At the moment, the auth tables contain the logged devices, and all are "online". I have to wait until the error appears again.
-
As soon as you got the message, I just found out that my wireless device (an iPhone) replies to 'ping' when it is connected.
So, ping your device on your (== pfSense) side.Check your DHCP pool, typically the DHCP lease time should be bigger as the "soft" and/or "hard" captive-portal-time out.
Btw :
- not all devices reply on ping.
- I'm not sure, but it might be a good idea to add a ICMP rule on your portal interface.
-
Ah, it seems the _auth_up and _auth_down tabels get truncated when a change is made in the configuration.
-
Yep, that's a new 'feature' I guess.
For now, "do not calibrate the system while it's running" ;)
https://forum.pfsense.org/index.php?topic=147413.0
