One week vouchers expire in less than 24h

miichael

I've got the same problem with 2.1.5.
My idle time is 30 min, hard idle time is 45 min.

Out of nowhere the system logs show the following while trying to login:
Nov 11 16:06:53 pfsense logportalauth[21694]: FAILURE: xxxxxx, 00:19:66:37:aa:53, 192.168.123.199, voucher expired

It started when about half of the vouchers were in use (the vouchers are intended to to be used for half a year). Now every used voucher is marked as used and expired.

And there seems to be no solution at all - or is there?
And is there a way to unmark a voucher as expired?

Please help.

Derelict

Did you make a change to the voucher settings?  That can invalidate entire rolls.  Don't know if they'd show up as expired though.

If you test one that's working from the same roll and test a known unused one in Status->Captive Portal->Zone->Test Vouchers do they report the same thing?

miichael

Yes, I changed the hard idle time from 90 to 45 min. yesterday. The vouchers though were marked as used and expired today, some 10-15 h later. Thus I don't see a relation - up to now.

The only valid vouchers are those, that were not unsed until now. Every used voucher is tested as used and expired.

Is there a way to reactivate the expired vouchers? Otherwise, my users get angy with me.

Derelict

I thought changing the captive portal would not invalidate the voucher rolls.  Are you sure you didn't change anything on the Vouchers tab?

miichael

Things on the Voucher-Tab like "# of Roll Bits"
and in "Services: Captive portal: Edit Voucher Rolls" are not touched.

In the Services: Captive portal:XXX I changed "Hard timeout" from 90 to 45. It's all.

Derelict

Sorry.  No idea where to go from there.

I just changed the timeout on a test system and the vouchers still test fine.

Just guessing now…  You're positive about the math for the voucher duration?  I get 262,800 minutes for 6 months.

Your system clock isn't like 2015 or something right?

Do you remote syslog?  Has the portalauth log wrapped since you started seeing this?  Anything in there?

miichael

I'm desperate. The most important thing for me would be how to reset the vouchers. Do you know any way?

The math is right 280 000 min., the date is also right. The portalauth.log reports the fault (sued and expired vouchers) about 15:40.

The syslog says around this time:

Nov 11 15:13:28 pfsense kernel: arp: 192.168.123.176 moved from 02:0f:b5:38:26:ba to 84:a6:c8:38:26:ba on bge0
Nov 11 15:15:45 pfsense check_reload_status: Synching vouchers
Nov 11 15:15:48 pfsense check_reload_status: Syncing firewall
Nov 11 15:15:54 pfsense check_reload_status: Synching vouchers
Nov 11 15:15:56 pfsense check_reload_status: Syncing firewall
Nov 11 15:16:16 pfsense check_reload_status: Synching vouchers
Nov 11 15:16:18 pfsense check_reload_status: Syncing firewall
Nov 11 15:16:26 pfsense kernel: arp: 192.168.123.168 moved from 02:0f:b5:3b:c3:9d to 5c:8d:4e:3b:c3:9d on bge0
Nov 11 15:21:06 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 12 Connection reset by peer
Nov 11 15:21:26 pfsense check_reload_status: Synching vouchers
Nov 11 15:21:28 pfsense check_reload_status: Syncing firewall
Nov 11 15:22:10 pfsense kernel: arp: 192.168.123.176 moved from 84:a6:c8:38:26:ba to 02:0f:b5:38:26:ba on bge0
Nov 11 15:22:34 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 16 Connection reset by peer
Nov 11 15:23:05 pfsense kernel: arp: 192.168.123.176 moved from 02:0f:b5:38:26:ba to 84:a6:c8:38:26:ba on bge0
Nov 11 15:28:11 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 12 Connection reset by peer
Nov 11 15:30:45 pfsense kernel: arp: 192.168.123.176 moved from 84:a6:c8:38:26:ba to 02:0f:b5:38:26:ba on bge0
Nov 11 15:32:22 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 18 Connection reset by peer
Nov 11 15:34:03 pfsense kernel: arp: 192.168.123.173 moved from 5c:8d:4e:3b:c3:9d to 02:0f:b5:3b:c3:9d on bge0
Nov 11 15:34:08 pfsense kernel: arp: 192.168.123.168 moved from 5c:8d:4e:3b:c3:9d to 02:0f:b5:3b:c3:9d on bge0
Nov 11 15:34:24 pfsense check_reload_status: Synching vouchers
Nov 11 15:34:27 pfsense check_reload_status: Synching vouchers
Nov 11 15:34:27 pfsense check_reload_status: Syncing firewall
Nov 11 15:34:29 pfsense check_reload_status: Syncing firewall
Nov 11 15:36:57 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 16 Connection reset by peer
Nov 11 15:38:01 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 12 Connection reset by peer
Nov 11 15:49:38 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 12 Connection reset by peer
Nov 11 15:54:01 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 12 Connection reset by peer
Nov 11 15:57:57 pfsense kernel: arp: 192.168.123.107 moved from 40:b0:fa:c8:2f:1f to 02:0f:b5:c8:2f:1f on bge0
Nov 11 15:59:52 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 12 Connection reset by peer
Nov 11 16:02:26 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 12 Connection reset by peer

This doesn't seem to me very unsual. I seem los, again. Any hint please?

Derelict

Doesn't have anything to do with expired vouchers but it looks like you have IP address conflicts all over the place.

Sorry.  No idea how to reactivate vouchers - if it's even possible.

miichael

The conflicts may be a result of multiple use of a voucher on different computers in my network.

I'll put the topic "reset of vouchers" as a new topic - there is maybe someone not reading our topic.

Thanks for reading
Michael

orangetek

I am also getting this problem after changing the hard timeout value from empty to some number. I am using 2.2.3. A temporary fix is to remove the hard timeout value.