CP page wont load after 2.1 upgrade
-
Recently upgraded to 2.1 and love the new features however I cannot get the CP to load now.
When a client connects i can see the URL change to that of my PFsense box but the page never comes up. (Page cannot be displayed)
I do not see anything in my firewall log.
I noticed it now uses a different port to host the page on since it now supports multiple instances.
I aslo tried using the default CP page.Notice: I have Auth turned off and only want my users to click I agree.
Any ideas on where to look?
Thanks
-
I'm seeing the same thing. Restored a 2.0.3 config to a 2.1 install on an Alix 2d13.
I'm wondering if there is something up with the conversion of the single captive portal in 2.0.3 to the zones of 2.1?
There seems to be no way to edit the zone name or the description of the zone from the web gui after an upgrade.
I created a new zone to look at the differences and so I can add the zone name and description to the converted config.
I noticed that the converted zone has a zoneid of 8000 while the newly created zone has a zoneid of 8002. So maybe the converted zone needs to have a zoneid of 8001 instead, or maybe zones count by 2 so there is a port for http or https… I'll test, yes the zoneid counts by 2...
I tried adding the name and description, still no go. I seem to be running into lack of memory issues. PHP processes keep dieing, out of swap space errors. I think the CP setup php script died on me because of OOM.
For some reason there are a whole bunch of php processes just sitting around, 16 after a reboot, using 16-22Mb resident memory each. I wonder how I can reduce the memory usage?
Josh
-
I'm running on an old dell 260. So i have plenty of memory.
I tried deleting all the CP instances and started over. but no luck
I have confirmed that going to the page manually works http://192.168.1.1:8002
I can then click I Agree and it lets me surf.
So something with the redirection is not working.
My understanding is when enabled you can see a rule added to redirect traffic.
Any ideas where that is?
-
If you take a look at captiveportal.inc, starting at line 523, is where the captive portal rules are set.
https://github.com/pfsense/pfsense/blob/67e5e3c6dbf7aa05a4b4fbaa2ebcee8328aa5648/etc/inc/captiveportal.inc#L523In the past I helped update a captive portal troubleshooting page on the wiki that has some tips. It hasn't been updated for the 2.1 version with zones though.
https://doc.pfsense.org/index.php/Captive_Portal_TroubleshootingJosh
-
Following the tips in the troubleshooting doc I found that my issue was DNS related. If I use an IP address to visit a site the captive portal page comes up like it should.
I also updated the doc to with info about the new context ipfw feature.
So I think everything works fine. I was testing the system without a WAN connection which caused my problems. Memory is still tight, I might try to see how I can reduce the Captive Portal lighty php processes memory usage. Maybe a custom php.ini just for those processes that removes unused modules, or maybe the script can include less/unset some data structures. Maybe it would be possible to replace the CP PHP Cgi with something that takes much less memory. Maybe a shell script instead? If each process used 2Mb then there would be much less of a chance of the system hitting the limit.
I'll give it a try in production and see how 2.1 CP works out on an Alix. It's too bad there isn't a 384 or 512Mb alix board out. The new Alix will have 2Gb which should solve the problem also.
Josh
-
I am NOT using Pfsense as my DNS server on that leg of the network. Maybe that is my issue…
I had net.inet.ip.fastforwarding enabled which according to the troubleshooting document can break it.
I have since set it to 0 and restarted but that did not fix it.
I'm going to try to reach a site by IP now.
-
If you are not using PFSense DNS, then you must include the DNS servers you are handing out in DHCP in the allowed IP addresses tab of the captive portal settings. If DNS is blocked, no redirect will occur.
-
Thanks everyone for the help.
It appears it was two issues.
One was I did not allow my DNS server out and the other is I had fastforwarding turned on.
Thanks again!