Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Valid vouchers blocked

    Scheduled Pinned Locked Moved Captive Portal
    6 Posts 2 Posters 897 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RK243
      last edited by

      Hello!
      I created a custom portal login page as well as error and logout page und uploaded them in the configuration. The whole thing is a server for testing the funcionality of voucher based wlan access, that was provided by our IT support.
      All the pages work well, except that sometimes on some devices, it seems as if users are blocked from internet access. This happens mostly after activating a device that was in sleep mode for a certain time. No re-login appears and the blocking seems complete across browsers and apps and does not change any more.
      The vouchers and users in question are still listed active until expiration time. It is not clear where I can look in Status or Diagnostics what goes wrong, the only thing I can see is that there is 0 bytes of traffic.
      Any hints or suggestions?
      Best regards

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        @RK243:

        All the pages work well, except that sometimes on some devices, it seems as if users are blocked from internet access. This happens mostly after activating a device that was in sleep mode for a certain time. No re-login appears and the blocking seems complete across browsers and apps and does not change any more.

        When this happens, do the easy check right away : visit Status => Captive Portal => [ZONE] ans see if the device's IP and MAC are listed. If they are, the pass rules are present for this devices the captive portal is deactivated.

        The technical check, see https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting
        See tables :
        –- table(cpzone1_allowed_up), set(0) ---
        --- table(cpzone1_allowed_down), set(0) ---

        @RK243:

        The vouchers and users in question are still listed active until expiration time. It is not clear where I can look in Status or Diagnostics what goes wrong, the only thing I can see is that there is 0 bytes of traffic.

        Ah. but are the devices, identified by voucher, IP and MAC listed ?
        If so, all ok for pfSense.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • R
          RK243
          last edited by

          Thank you! At the moment, the auth tables contain the logged devices, and all are "online". I have to wait until the error appears again.

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            As soon as you got the message, I just found out that my wireless device (an iPhone) replies to 'ping' when it is connected.
            So, ping your device on your (== pfSense) side.

            Check your DHCP pool, typically the DHCP lease time should be bigger as the "soft" and/or "hard" captive-portal-time out.

            Btw :

            1. not all devices reply on ping.
            2. I'm not sure, but it might be a good idea to add a ICMP rule on your portal interface.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • R
              RK243
              last edited by

              Ah, it seems the _auth_up and _auth_down tabels get truncated when a change is made in the configuration.

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan
                last edited by

                Yep, that's a new 'feature' I guess.

                For now, "do not calibrate  the system while it's running"  ;)

                https://forum.pfsense.org/index.php?topic=147413.0

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.