Multi WAN + Captive Portal Working!
-
I have been ripping my hair out for weeks trying to get multi wan and cp working on the same box with pfs 2.0 without success, so I thought I'd play about with pfs 1.2.3 and see whats new ;D
1.2.3-PRERELEASE-TESTING-VERSION
built on Mon Jan 26 16:38:45 EST 2009As noted by other users, clicking on the captive portal gui tab gives out an error but a fix can be found thanks to Gertjan .
http://forum.pfsense.org/index.php/topic,13401.msg73659.html#msg73659
I have not tested vlans with cp as I dont use them so I cant confirm if its been working.
Thanks alot to the dev team
-
2.0 should work on the latest snapshots AFAIK.
1.2.3 needs a hand tweak before been considered safe to be used in the combination you want.
Since 1.2.3 switched to 7.1 it can even do per user bandwidth and read the bandwidth values from radius but you need to edit code in accordance to
http://cvstrac.pfsense.com/chngview?cn=26873
http://cvstrac.pfsense.com/chngview?cn=26872 -
Nothing has changed related to multi-WAN or captive portal, so I doubt if this is really the case. It's possible something in switching to FreeBSD 7.1 would change this, but not likely.
Hosts that match rules specifying a gateway are not bypassing the portal for you?
-
Ermal: Thank you very much, I changed the relevant parts you posted in my pfs 1.2.3 setup and it worked perfectly, I set download speed to 200K/bs and tested with speedtest.net, works great!
Ill have another look at pfs 2.0 during this week, Im guessing I missed some sort of configuration along the way but I've read reports here that routing thru a particular gw fails, in my case both policy based routing and load balancing doesnt work, only by setting the lan rule to use default gw, can I browse the net, interestingly enough, if I set the lan rule to use "dualwan" gw (which is my WAN+WAN2 combined) pfs itself can communicate with the outside world, grabbing package info and new firmware from the pfs servers, just clients dont have internet connectivity unless I amend the rule above to route through default gw.
Chris: If i set lan users to route through my WAN2 gw for HTTP traffic, it works fine, not as before where as you stated correctly it would bypass the captive portal and let users through unauthenticated, I was under the assumption that wouldnt be fixed until pfs 2.0. I cant do anymore tests at the moment as most of my clients have woken up (its just past 8am here in london), so Ill fully test policy based routing and other stuff much later on tonight.
1.2.3-PRERELEASE-TESTING-VERSION
built on Mon Jan 26 23:30:30 EST 2009I have this version installed with NTOP, IMSpector, Squid3,Lightsquid, CP and Dual WAN running off the same box…finally!
I will test further, plus throw in some VIP carps for WAN2's /29 block.
Thanks very much guys!
Slam
-
I am in doubt CP is working ok for you since with multiwan you should not be able to look at the login form and you are skipping the dummynet outbound shaping.
2.0 has a kernel patch for the login form for per user bandiedth you have to issue "sysctl net.inet.ip.pfil.inbound="ipfw,pf"
-
Well I dont really know whats going on but all that i know is dualwan and cp is working for me on pfs 1.2.3, I have updated to the bleeding edge snapshot and redone those changes you initially pointed out.
If you or any other dev wants to poke around and see whats going on in my box send me a pm and ill reply with the details.
Slam
P.S Im typing this minute from the set up I described so it must be working :)
-
Well its been 2 days since I put pfs 1.2.3 in to production environment (yes I know! but im crazy and desperate).
Its been working fine, handling ~ 30 users thru captive portal, only problem I have noticed is when you upgrade to latest snapshot, upon reboot, any CP users browser just "hangs" after authenticating, I panicked and thought something was changed on latest snapshot, I soon realised that I had to reapply the changes I originally applied that Ermal pointed out (Thanks Ermal!!!).
Im hoping to get VIP's working with this as well as an external radius server for AAA, if only I could get pfs 2.0 to work with the same setup!
Thanks
Slam
-
Just an update, pfs 1.2.3 is running quite nicely, I have ~50 users authenticating via captive portal on dual wan box very well, Ive scraped the carp setup as Im migrating my wan2 connection to my wan1 provider (2x16mb), I understand they (the isp) are trialing line bonding, I have read bits here and there on the forum about it working on pfs, Ill give that a go next when the isp have finalised things!
Cheers
Slam
-
Interesting - thanks for the report.
-
OK I'm really happy with this, its solved a lot of problems where extra hardware was needed for both LB+CP, thats done away with now and everything is running off one box.
Unrelated but I'll post anyway, might help someone in the future
I think a proxy server, NTOP and/or some other monitoring applications will have to be put on a 2nd box for my needs, most probably running slackware, I did have a slight problem with heavy network latency, but I've narrowed down the problem to my main WDS master, which is connected to 8 WDS slaves, ALL of which are running DD-WRT, one of the tricks was to set WDS masters "Transmission fixed rate" to "24Mbps" instead of "Auto", seems setting WDS master to auto would create huge lag in the network and pings to my pfs box would hit 2000+ms!!!So far so good
I have donated some money to PFS today, I would also like to ask any pfs users to confirm if LB+CP works for them on pfs 1.2.3, if so please post here, I would like to see Ermals changes also added to pfs 1.2.3 final!
Regards
Slam
-
OK I'm really happy with this, its solved a lot of problems where extra hardware was needed for both LB+CP, thats done away with now and everything is running off one box.
Unrelated but I'll post anyway, might help someone in the future
I think a proxy server, NTOP and/or some other monitoring applications will have to be put on a 2nd box for my needs, most probably running slackware, I did have a slight problem with heavy network latency, but I've narrowed down the problem to my main WDS master, which is connected to 8 WDS slaves, ALL of which are running DD-WRT, one of the tricks was to set WDS masters "Transmission fixed rate" to "24Mbps" instead of "Auto", seems setting WDS master to auto would create huge lag in the network and pings to my pfs box would hit 2000+ms!!!So far so good
I have donated some money to PFS today, I would also like to ask any pfs users to confirm if LB+CP works for them on pfs 1.2.3, if so please post here, I would like to see Ermals changes also added to pfs 1.2.3 final!
Regards
Slam
I would like to see the changes made also! :) That's a huge feature if it's really working.
-
Actually with the changes i posted above it should work.
I was not aware but 1.2.3 has the necessary kernel changes from 2.0 to allow this. -
Hello there !
These are good news to hear!
I was looking for the exact same thing..
Do you think i should go for a v.2 prerelease, use the last 1.2.3 prelease or use the prelease Slam mentioned with the above modifications?
(1.2.3-PRERELEASE-TESTING-VERSION built on Mon Jan 26 16:38:45 EST 2009)?Do you think that it would work if i configure the wan interfaces as pppoe with static ip's?