Captive Portal fails regularly after upgrading from 2.0.1 to 2.0.2

debremarkos

Hi after gitsyncing and going to 2.0.3 I had a number of other issues, such as under heavy load the firewall blocking everything with nothing entered into the syslog. we have 800 captive portal users and everything was working well in 2.0.1 . I have reverted back to 2.0.1 . The main reason was due to the crashing and the fact that the web gui became really slow, and crashed alot. I run 2 other pfsense devices and I have not gone back to 2.0.2 on them as they do not use captive portal. On all the devices that I have upgraded i have found the performance of the webgiu gets much worse after the upgrade with me having to remove the status widget from the dashboard to make some small improvements.

niebla

Web GUI seems very fast with 2.02. Have not gitsynced yet. Is there a 2.0.3 release? I have not seen it.

debremarkos

when you gitsync you will goto 2.0.3 pre release

m4st3rc1p0

he is right is there any workaround, a lot of error message coming out. Also Captive portal is not working.

@debremarkos:

when you gitsync you will goto 2.0.3 pre release

eri--

The latest 2.0.3 is stable from our testing.
Can you try because at the time there were some changes being done.
Now it is marked as stable on our side!

m4st3rc1p0

heres the error i got

Jan 31 19:57:20 	lighttpd[21213]: (connections.c.305) SSL: 1 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Jan 31 19:57:20 	lighttpd[21213]: (connections.c.305) SSL: 1 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

@ermal:

The latest 2.0.3 is stable from our testing.
Can you try because at the time there were some changes being done.
Now it is marked as stable on our side!

heper

yesterday i've deployed 2.0.3 with a ssl cert from startssl & Radius auth on a Win2K8r2

i've seen that too:

Jan 31 19:57:20 	lighttpd[21213]: (connections.c.305) SSL: 1 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Jan 31 19:57:20 	lighttpd[21213]: (connections.c.305) SSL: 1 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

doesn't seem to affect the portal … i've had +40 portal users all day without complaints

Slam

Running latest snapshot of PRERELEASE-2.0.3 (31/01/2013)

I can also confirm what the last 2 posters have reported, though it doesnt seem to affect the CP users.

I am also seeing a lot of the following.

Jan 31 20:23:57 lighttpd[18696]: (connections.c.137) (warning) close: 25 Connection reset by peer
Jan 31 20:23:57 lighttpd[18696]: (connections.c.137) (warning) close: 25 Connection reset by peer

Jan 31 20:02:55 lighttpd[18696]: (request.c.1133) GET/HEAD with content-length -> 400
Jan 31 20:02:55 lighttpd[18696]: (request.c.1133) GET/HEAD with content-length -> 400

Jan 31 19:56:03 lighttpd[18696]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'redirurl' (attacker '10.0.0.109', file '/usr/local/captiveportal/index.php')
Jan 31 19:56:03 lighttpd[18696]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'redirurl' (attacker '10.0.0.109', file '/usr/local/captiveportal/index.php')

Jan 31 17:55:50 lighttpd[18696]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'info_hash' (attacker '10.0.0.78', file '/usr/local/captiveportal/index.php')
Jan 31 17:55:50 lighttpd[18696]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'info_hash' (attacker '10.0.0.78', file '/usr/local/captiveportal/index.php')

Jan 31 17:35:49 lighttpd[18696]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'checklic' (attacker '10.0.0.74', file '/usr/local/captiveportal/index.php')
Jan 31 17:35:49 lighttpd[18696]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'checklic' (attacker '10.0.0.74', file '/usr/local/captiveportal/index.php')

eri--

@heper:

yesterday i've deployed 2.0.3 with a ssl cert from startssl & Radius auth on a Win2K8r2

i've seen that too:

Jan 31 19:57:20 	lighttpd[21213]: (connections.c.305) SSL: 1 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Jan 31 19:57:20 	lighttpd[21213]: (connections.c.305) SSL: 1 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

doesn't seem to affect the portal … i've had +40 portal users all day without complaints

That's just a warning because it tries to forward anything on tcp to port 80 which has been reduced only to tcp traffic on 2.1 version of pfSense.
Since the client is trying an https://www.pfsense.org but the firewall redirection sends it to a simple HTTP talking webserver you get the warning.

eri--

@Abdsalem:

Running latest snapshot of PRERELEASE-2.0.3 (31/01/2013)

I can also confirm what the last 2 posters have reported, though it doesnt seem to affect the CP users.

I am also seeing a lot of the following.

Jan 31 20:23:57 lighttpd[18696]: (connections.c.137) (warning) close: 25 Connection reset by peer
Jan 31 20:23:57 lighttpd[18696]: (connections.c.137) (warning) close: 25 Connection reset by peer

Jan 31 20:02:55 lighttpd[18696]: (request.c.1133) GET/HEAD with content-length -> 400
Jan 31 20:02:55 lighttpd[18696]: (request.c.1133) GET/HEAD with content-length -> 400

Jan 31 19:56:03 lighttpd[18696]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'redirurl' (attacker '10.0.0.109', file '/usr/local/captiveportal/index.php')
Jan 31 19:56:03 lighttpd[18696]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'redirurl' (attacker '10.0.0.109', file '/usr/local/captiveportal/index.php')

Jan 31 17:55:50 lighttpd[18696]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'info_hash' (attacker '10.0.0.78', file '/usr/local/captiveportal/index.php')
Jan 31 17:55:50 lighttpd[18696]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'info_hash' (attacker '10.0.0.78', file '/usr/local/captiveportal/index.php')

Jan 31 17:35:49 lighttpd[18696]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'checklic' (attacker '10.0.0.74', file '/usr/local/captiveportal/index.php')
Jan 31 17:35:49 lighttpd[18696]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'checklic' (attacker '10.0.0.74', file '/usr/local/captiveportal/index.php')

There have been some more fixes after that specifically for this.
Actually in general you will get better performance from 2.0.[2|3] than 2.0.1 since of a bug in php.

m4st3rc1p0

hi, its not working for me, im using mac address to pass via portal and its not working, the only thing that works is that when you put the ip address of the said station. Can anyone help ?