Pfsense, No internet when it is said "You are connected".
-
Hello,
I have the same issue ( 2.4.4-RELEASE-p1) and many others reported. The only solution is, don''t make any changes in CP settings when the users are connected. After making any changes, you need to "disconnect all user" from status. We have to wait until the bug get fixed.
Version 2.4.4-RELEASE-p1 (amd64)
built on Mon Nov 26 11:40:26 EST 2018
FreeBSD 11.2-RELEASE-p4 -
İs there any solution?
-
@deniz-sahan As far as i know, no solution yet
-
@olakara said in Pfsense, No internet when it is said "You are connected".:
We have to wait until the bug get fixed.
And which bug is that? If there is a bug - and you want it fixed there would be a redmine..
This?
https://redmine.pfsense.org/issues/8616Doesn't even look like anyone has validated it, etc.
-
@johnpoz said in Pfsense, No internet when it is said "You are connected".:
@olakara said in Pfsense, No internet when it is said "You are connected".:
We have to wait until the bug get fixed.
And which bug is that? If there is a bug - and you want it fixed there would be a redmine..
This?
https://redmine.pfsense.org/issues/8616Yes.
Doesn't even look like anyone has validated it, etc.
You can ! Come over and I pay you even a beer or two while doing so ! ;)
Enable portal - use the captive portal network to login - now change the portal setting : a simple "Save" will do. The pfSense GUI still mentions you as "logged in on the captive portal" but the underlying ipfw rules (tables entries) are gone : -> you hit the firewall again (that good !) but the portal login page can't be shown anymore because pfSense logic thinks (you'rer still in the database) you are already logged in.A real Captive portal issue : takes 120 seconds to make it work (and to break it !)
But, it's a non urgent matter. It takes 10 seconds to "correct" the issue : throw out all users !
Or even less time : do not change settings !!
For the moment, the old mechanical engineer's rule should be used :
Shut the engin down before any maintenance.
(throw out the user before - or, more better in this case : after any modifications)
This always works and gives a predictable result ;)Another "computer guy" rule should also be applied : only do captive portal maintenance during "non rush hours".
Btw, as I already said : ones set up, and the captive portal settings are good, no need to change them any more. I wonder what setup makes it necessary that change these settings often ...So now and then this forum thread will be updated by a guy how "just discovered the issue" - but it' already known for several month - half a year or so.
-
@gertjan said in Pfsense, No internet when it is said "You are connected".:
Btw, as I already said : ones set up, and the captive portal settings are good, no need to change them any more. I wonder what setup makes it necessary that change these settings often ...
i'm testing the CP in an environment with less than 300 devices, but some of the android devices not getting the login page. so the users have to do additional steps like clicking on the popup message "'sign in to Wi-Fi network'' or browse an http site. even throwing all users will not bring the login page on some devices - they have to disconnect the wifi and reconnect.
sometimes disconnecting a single user from status will also make the same issue ...some of the new users will get the message 'you are connected''
-
@olakara said in Pfsense, No internet when it is said "You are connected".:
but some of the android devices not getting the login page. so the users have to do additional steps like clicking on the popup message "'sign in to Wi-Fi network''
Well, it's up to the device - the OS, if it does a "captive portal presence test".
Remember : the captive portal magic becomes close to transparent (no human intervention except the authentication itself) if it is also supported by the connected client and pfSense.
pfSense by itself can't force the behavior od a connected device.In a worse case, it boils down to the manual way :
@olakara said in Pfsense, No internet when it is said "You are connected".:browse an http site
@olakara said in Pfsense, No internet when it is said "You are connected".:
ometimes disconnecting a single user from status will also make the same issue ...some of the new users will get the message 'you are connected''
Here is that "You are connected" message : https://github.com/pfsense/pfsense/blob/d188b7251a83b4a8a39ba50dfaf9a1cba35cad17/src/usr/local/captiveportal/index.php#L80
Two lines above, you see the "elseif" condition.But first, look at line 62 https://github.com/pfsense/pfsense/blob/d188b7251a83b4a8a39ba50dfaf9a1cba35cad17/src/usr/local/captiveportal/index.php#L62
$cpsession is initiated with what come back from
captiveportal_isip_logged($clientip)This means that $cpsession will get loaded with what is present in the sqllight database, the table that contains all logged in users. It's this table that you see when you look at the connected portal users in the GUI.
See here https://github.com/pfsense/pfsense/blob/d188b7251a83b4a8a39ba50dfaf9a1cba35cad17/src/etc/inc/captiveportal.inc#L2756 what "captiveportal_isip_logged($clientip)" does. Surprise : the IP is used in a 'SQL like' statement : "select where ip = $clientip
This will return something (a row with session details) IF the user is in the database table, or to be more precise : his IP is found in the table.So, $cpsession contains data (an array with a connected user's device info) if a match for it's IP is found.
You should check that, when you force logout a user/device that shows the issue, that the IP he is using is really gone from the "Connected users list" in the GUI.
Back to
} elseif (!empty($cpsession) && (!isset($_POST['logout_id']) || !isset($config['captiveportal'][$cpzone]['logoutwin_enable']))) {https://github.com/pfsense/pfsense/blob/d188b7251a83b4a8a39ba50dfaf9a1cba35cad17/src/usr/local/captiveportal/index.php#L80
If $cpsession is empy (means no $clientip was found in the database) then
!empty($cpsession)becomes False.
The reminder && ( ................) of the elseif isn't important anymore : the entire elseif becomes False,
"'You are connected" will not get shown, treatment continues and eventually, further below, the captive login page will be transferred to the client.But : You see the "'You are connected", so I tend to say : the IP that that device is using is present in the database.
You didn't disconnected this user - or worse, you did, but it's still there - or the IP is there multiple times (dono if that's possible).
Up to you to tell (show !) us what happens.Look at the "'You are connected" in the source.
After showing the message, it's flushed to the connected user: he sees the message, and "return" right after that means : there will be no portal login page because pfSense found out that the user is already connected (== his IP is present in the table/database)Btw : your /usr/local/captiveportal/index.php file corresponds with this file https://github.com/pfsense/pfsense/blob/master/src/usr/local/captiveportal/index.php ?
Your DHCP pool is big enough - something like 1000 IP's ?
-
@gertjan sorry, i wasn't aroud. the network is /22 and 90% of ips allotted in DHCP pool.
-
@olakara said in Pfsense, No internet when it is said "You are connected".:
Hello,
I have the same issue ( 2.4.4-RELEASE-p1) and many others reported. The only solution is, don''t make any changes in CP settings when the users are connected. After making any changes, you need to "disconnect all user" from status. We have to wait until the bug get fixed.@johnpoz said in Pfsense, No internet when it is said "You are connected".:
This? https://redmine.pfsense.org/issues/8616
Hello,
I made a fix for it : https://github.com/pfsense/pfsense/pull/4031
You can now install this fix using patch package. Two things you need to know :
Please enter https://github.com/pfsense/pfsense/compare/master...Augustin-FL:patch-captivportal-reconfigure-no-configbump.diff as "URL/Commit ID". The pull request link above may not work properly because it has been designed for patching pfsense:master (which is the dev, future 2.4.5 version).After installing the patch, click on "Disconnect All" in captive portal status page, otherwise you might have SQL errors in your logs (the errors should be about sqlite complaining of "unknown columns bw_up/bw_down").
Don't hesitate to report me issues or to thumb up this PR on Github !EDIT : Netgate decided to fix this issue in a different way (using https://github.com/pfsense/pfsense/pull/4042). Please use this pull request instead. Here are updated steps :
- Please enter https://github.com/pfsense/pfsense/compare/RELENG_2_4_4...Augustin-FL:fix-reconfig-for-2-4-4.diff as "URL/Commit ID". The pull request link above may not work properly because it has been designed for patching pfsense:master (which is the dev, future 2.5.0 version).
- After installing the patch, click on "Disconnect All" in captive portal status page, otherwise you might have pipe leaks
@gertjan said in Pfsense, No internet when it is said "You are connected".:
You can ! Come over and I pay you even a beer or two while doing so ! ;)
May i also request a beer ? ;)
-
This post is deleted! -
@free4
is the patch set up for 2.4.4-p2 ?? -
@shood Yes. I just updated my previous post
-
@free4 please help me to run this patch ...
Patch Fetched Successfully
but unable to apply or test getting below message .
Patch can NOT be applied cleanly (detail)
Patch can NOT be reverted cleanly (detail) -
Patch Test Output apply
/usr/bin/patch --directory=/ -t -p2 -i /var/patches/5c544011ac364.patch --check --forward --ignore-whitespaceHmm... Looks like a unified diff to me...
The text leading up to this was:|From 4573641589d50718b544b778cea864cfd725078a Mon Sep 17 00:00:00 2001
|From: jim-p
|Date: Tue, 15 Nov 2011 16:28:45 -0500
|Subject: [PATCH] Add a gui field to set the source tracking timeout for sticky
| connections.
|
|---
| etc/inc/filter.inc | 2 ++
| usr/local/www/system_advanced_misc.php | 20 +++++++++++++++++---
| 2 files changed, 19 insertions(+), 3 deletions(-)
|
|diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
|index 29864dfb08..fdd43b70aa 100644
|--- a/etc/inc/filter.inc+++ b/etc/inc/filter.inc No file to patch. Skipping... Hunk #1 ignored at 280. 1 out of 1 hunks ignored while patching inc/filter.inc Hmm... The next patch looks like a unified diff to me... The text leading up to this was:
|diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php
|index d25c96d9fe..e1da77245a 100644
|--- a/usr/local/www/system_advanced_misc.php+++ b/usr/local/www/system_advanced_misc.php No file to patch. Skipping... Hunk #1 ignored at 56. Hunk #2 ignored at 103. Hunk #3 ignored at 192. Hunk #4 ignored at 274. Hunk #5 ignored at 284. 5 out of 5 hunks ignored while patching local/www/system_advanced_misc.php done -
What "URL/Commit ID" ae you using ?
-
@gertjan https://github.com/pfsense/pfsense/commit/4573641589d50718b544b778cea864cfd725078a.patch
colored text -
Why ?
@free4 said in Pfsense, No internet when it is said "You are connected".:
Hello,
I made a fix for it : https://github.com/pfsense/pfsense/pull/4031 -
@gertjan which one should I give url??
-
The issue discussed in this thread : https://github.com/pfsense/pfsense/pull/4031
Dono where you took your patch URL from (except that it is something proposed by @jimp last September, so ... old).
-
@abuledi please use https://github.com/pfsense/pfsense/compare/master...Augustin-FL:patch-captivportal-reconfigure-no-configbump.diff as "URL/Commit ID"
