Captive portal & DHCP - problem
-
Hello,
I am running into a very strange issue that I have not been able to track down.
Running 1.2RC3 (full). pfSense is used mainly as a captive portal login for our wireless users with back end Radius authentication.
Public IP are used on LAN side (no NAT) so we can support PPTP VPN.On the LAN side, DHCP server hands out IPs with default lease time 10 minutes and max lease 60 minutes.
On the captive portal, the portal time out is set to 20 minutes.Occasionally, a machine on the LAN side gets a valid IP address, it can ping the LAN-WAN gateway but beyond that everything is blocked.
Renewing the IP on the client machine always get back the same IP address and all outbound traffic is blocked (also including those that's in the captive portal "allowed IP addresses"). It looks like the IP has been black listed in the system.Interestingly, if I look at the captive portal login status page. I can see someone else already login portal using the same IP address.
Is there a corellation between the DHCP address handed out and what's showing up in the captive portal Login status?
I understand that before a DHCP address is handed out, it checks to make sure the address is not being used. In this case, it looks good but the portal login Status is showing someone else is using it.
Could this have caused the IP to be "black listed"?.
Anyway, at this point, if I manually assign a DIFFERENT IP address to the machine, everything is fine.
Looking at the arp cache on our lan switches, everything is correct.
Somehow, pfsense is black listing the IP.
-
1.2-RC4 has CP fixes. Please update before sending us on a wild goose chase. Thanks.
-
OK. I will apply RC-4.
Hopefully, what i'm seeing will no longer occur. It's been driving me nuts.
BTW, I'm just seeking for advise and it's not my intention to send out a goose chase.
Many thanks. -
@sullrich,
Can I use the pfSense-Full-Update-1.2-RC4.tgz at http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/updates/or should I use the LiveCD-installer from scratch.
thanks
-
Either of those will work.
-
Just a quick feedback …
So far so good. After upgrading to 1.2RC4, I'm no longer seeing those issues described above.
I'll let you know if I find anything new.Thanks
-
5 days since I upgraded to 1.2RC4 …
All of sudden today, my pfsense box stop responding.
At the console, I see this message repeated:xl0: connection watch dog time-out
Tried to switch to another virtual console but nothing. I hit the power button, pfsense started the shutdown process and power off.
I boot the box again.
I did not setup remote syslog before therefore I couldn't see what had happen. Remote syslog is now setup & I'll monitor the box...
I found several threads regarding timeout issue under heavy load but that was a while back. Not sure if that is the case here.note: xl0 is the LAN interface.
edit: caught this in syslog
Jan 23 14:22:16 kernel: xl0: tx underrun, increasing tx start threshold to 120 bytes
Jan 23 14:22:16 kernel: xl0: transmission error: 90edit2: sorry, I shouldn't put this here. I will start a new post in hardware section.