Clients can't reconnect after pfsense reboot
-
Hi everybody.
I just made a fresh test installation as pre-production pilot - 2.4.4-RELEASE (amd64).
Configured everything (I'll use pfsense as captive portal) and everything worked perfectly as captive portal without user authentication (a simple splash screen with login button and no auth is enough for me).However, i soon discovered that after reboot clients can't reconnect anymore.
To be more accurate, devices can still connect to the network, get a valid ip address, and their mac addresses are still listed in Captive Portal Status. But when a browser is opened client side a blank page appears with a tiny message ("You are connected"), and browser is stuck there, with no chance of browsing.
To get it working again i have to manually disconnect user entries in Captive Portal Status. After that, connecting with the same device splash screen is normally displayed and clients can browse again.Any ideas about that? I'm thinking about some magic ipfw flushing happening at reboot, but i may be barking at the wrong tree of course.
Thank you -
Hi,
You discovered that the pfSense database with connected clients was not flushed, but "ipfw", the captive portal firewall was reset.
A "disconnect all portal clients" (and stop the portal during upgrade) before upgrading would have masked this issue.
Anyway, your up and running again ;)
-
Sorry i did not understand, what should i do in order to make client re-connect safely after each reboot?
Thank you
-
Click here :
-
Ok, this is what i'm actually doing to restore the service.
But of course i can't do this each time pfSense is rebooted and have 300 clients blocked waiting for my action, so i was looking for a long term solution.Thank you
-
I have the exact same issue. Can someone help?
-
As there is no solution yet, I will try to install 2.3.5 and see if its better with that. I will post again for updates
-
@kengo i still can't understand what's going on. I tried to manually re-insert client IPs from sqlite (as they still exist there) in ipfw relevant tables (auth_up, auth_down) but they still can't reconnect.
I must be missing something running under the hood
-
@prophet I'm trying 2.3.5 at this moment and I still have the same problem. If you turn off captive portal, does the problem persist? Mine doesn't so I think its a captive portal issue
-
@kengo I confirm that the issue is related to captive portal
-
@kengo if you dive deeper you will find that Captive portal status is fine after reboot (you can see authenticated clients, stats etc), while firewall is flushed. But based on what i see, it is not enough to recreate firewall rules in auth_down and auth_up tables (the only ones that seem to change when a client connect to captive portal) to make it work again, so there must be something else going on...
-
@prophet thanks for all the info. i actually have an older box running pfsense 2.4.1 and there are no issues so far with the captive portal. i will try to update this version of pfsense to 2.4.1 and see how it goes.
-
@kengo so with 2.4.1 everything works after reboot? did i get it right?
-
@prophet no, i was trying to upgrade the 2.3.5 version of pfsense to 2.4.1 (according to the dashboard) but what happened was it upgraded directly to 2.4.4 and still the same issue persists. i cannot get it to work. as soon as i turn on captive portal, the internet connection is lost.
-
@prophet said in Clients can't reconnect after pfsense reboot:
@kengo I confirm that the issue is related to captive portal
2.3.5 == 2.4.4 main difference is the code-base. The first is 32 bits - the latter 64 bits.
So, totally normal that you found the same issue.The issue has a name and a number : https://redmine.pfsense.org/issues/8783
-
@gertjan sorry but this isn't the same issue.
When pfSense is up i can save/edit anything without problems.I only have problems after reboot, with clients stuck at "You are connected" message in their browser.
-
@prophet said in Clients can't reconnect after pfsense reboot:
@gertjan sorry but this isn't the same issue.
When pfSense is up i can save/edit anything without problems.Can't tell what happens with 2.4.1 - that's old code and ditched because of "security issues".
There is no such thing as a bug list "2.4.1". You're free to use it as long as you accept that product is unsupportable.
So, again, ok to me
I only have problems after reboot, with clients stuck at "You are connected" message in their browser.
And that's the situation right now with 2.4.4 and 2.3.5 (can't test that - have no 32 bits devices).And "Save" on the captive portal's setting will "redo" the ipfw firewall rules and tables. The captive portal's "connected client database" will not get emptied. This is what this issue is all about.
-
-
@prophet said in Clients can't reconnect after pfsense reboot:
by the way bug #8783 is marked as "resolved", so it can't be the same issue. if it was i wouldn't be here :)
You're right.
When 8783 repaired something, this arrived https://redmine.pfsense.org/issues/8616 (other might exist). -
Will be testing older versions of pfsense 2.2 and 2.3 tonight. i will post an update again.
