CP loop/ Re-login



  • I keep seeing CONCURRENT LOGIN - REUSING OLD SESSION: unauthenticated, , in the Portal Auth logs. The problem is when a guest signs into captive portal and gets a new IP before his 24 hour session times out he then re-directed back to captive portal to sign in. I have seen it where if the guest gets an IP and if that IP is currently logged in by another user in captive port that new guest that just received that IP will be stuck in a sign in loop. I have the Idle timeout blank, Hard timeout set for 1 day, DHCP range is aggressively set for a /20 and default lease time is set for 24 hours. I'm running version 2.1.5, Any feedback would be greatly appreciated.



  • @mbutz89:

    Any feedback would be greatly appreciated.

    Are you sure ? ;)
    The first one :
    @mbutz89:

    I'm running version 2.1.5

    Sorry, the guy who remembered something about that version, 2.1.5, just converted as a shoe-seller …. and we lost his mail ....
    (just to say ones more : YOU should be an EXPERT if your chose to keep ancient version. And EXPERTS never ask question, because they know already why - for the other common mortels as you and me : keep stuff up to date and live will be ...... well .... not simpler but at least we all have the same questions ans so the same answers at the right time)

    @mbutz89:

    DHCP range is aggressively set for a /20 and default lease time is set for 24 hours.

    Some wise guy said ones : DHCP lease time should be twice the CP time out (hard and/or soft)

    @mbutz89:

    I keep seeing CONCURRENT LOGIN - REUSING OLD SESSION: unauthenticated, , in the Portal Auth logs. The problem is when a guest signs into captive portal and gets a new IP before his 24 hour session times out he then re-directed back to captive portal to sign in. I have seen it where if the guest gets an IP and if that IP is currently logged in by another user in captive port that new guest that just received that IP will be stuck in a sign in loop.

    I have a question : all clients do login in with their correct MAC address and correct individual IP, right ?
    You permit concurrent login ?
    What about your CP settings ?



  • I do not have control on what version we run in the field. I do run the most up to date version at home though.

    I have a question : all clients do login in with their correct MAC address and correct individual IP, right ? Well they get assigned a DHCP lease if that's what you're asking.
    You permit concurrent login ? Yes I permit concurrent logins
    What about your CP settings ? No idle timeout, 1 day hard timeout
    Mac filtering: Have tried both settings.
    Authentication: We use Radius on most of our sites.


  • Banned

    @mbutz89:

    I do not have control on what version we run in the field.

    Then perhaps you should advise those who have the control that they are running unsupported firewall version affected by many security issue long fixed in the versions that are supported. You are also missing tons of non-security bugfixes.

    https://doc.pfsense.org/index.php/Versions_of_pfSense_and_FreeBSD