Any Change And Save Update Captive Portal Bug



  • Not setting an idle time and hard time out is "not recommended".

    And remember the subject of this thread : if you re save the portal settings, your users will have troubles re connecting (firewall rule are flushed ...).

    When using user/password or vouchers or then it is normal hat user have to retype their access credentials.
    That's what happens what you give access to "untrusted users" on an trusted network (the portal).
    If you trust your employees, consider using this :
    0_1546600730552_1a93acc6-047b-4dd4-a4a9-fce4059b63b0-image.png
    on a seperate portal instance.


  • Rebel Alliance

    @magokbas said in Any Change And Save Update Captive Portal Bug:

    @Gertjan:

    Hi,

    Yep, probably true. I see the same thing.
    This time the ipfw firewall rules are (still) destroyed, but the session stays present in captive portal SQLITE database : the user seems to be logged in but without ipfw rules they're hitting into the wall.

    Temporarily solution : Finish up you config, and don't change settings when users are connected  ;)

    yeah I am doing it right now. I can not even touch it. a very annoying situation

    There is now a fix avaliable for this issue: https://forum.netgate.com/topic/137824/pfsense-no-internet-when-it-is-said-you-are-connected/13



  • @free4

    Thank you for creating this patch!
    Could you please explain how to install the patch?
    I have tried to install via the patch installer:

    0_1546844771105_76da9f3b-471d-486a-92e0-1ff56357a500-grafik.png

    0_1546844804075_118c96ee-a923-47d4-a395-bf43547c3576-grafik.png


  • Rebel Alliance

    @streetsfinest said in Any Change And Save Update Captive Portal Bug:

    @free4

    Thank you for creating this patch!
    Could you please explain how to install the patch?
    I have tried to install via the patch installer:

    0_1546844771105_76da9f3b-471d-486a-92e0-1ff56357a500-grafik.png

    0_1546844804075_118c96ee-a923-47d4-a395-bf43547c3576-grafik.png

    You need to add ".diff" at the end of the patch URL.

    https://github.com/pfsense/pfsense/pull/4031.diff
    Otherwise your settings seems good



  • @free4
    Ah okay!
    Now i get the following information after testing:

    0_1546845152461_92204a18-d756-40e2-92d3-680f871e14c3-grafik.png

    0_1546845171215_a34b7b09-fe0b-49d5-a106-93dc7e716821-grafik.png

    /usr/bin/patch --directory=/ -t -p2 -i /var/patches/5c32f2a9d342c.patch --check --forward --ignore-whitespace
    
    Hmm...  Looks like a unified diff to me...
    The text leading up to this was:
    --------------------------
    |diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc
    |index 9b4856f774..b08bd350e0 100644
    |--- a/src/etc/inc/captiveportal.inc
    |+++ b/src/etc/inc/captiveportal.inc
    --------------------------
    Patching file etc/inc/captiveportal.inc using Plan A...
    Hunk #1 succeeded at 225.
    Hunk #2 succeeded at 233.
    Hunk #3 succeeded at 371.
    Hunk #4 succeeded at 391.
    Hunk #5 succeeded at 415.
    Hunk #6 succeeded at 563.
    Hunk #7 succeeded at 605.
    Hunk #8 succeeded at 698.
    Hunk #9 succeeded at 911.
    Hunk #10 succeeded at 967.
    Hunk #11 succeeded at 1101.
    Hunk #12 succeeded at 1219.
    Hunk #13 succeeded at 1234.
    Hunk #14 succeeded at 1683.
    Hunk #15 succeeded at 1706.
    Hunk #16 succeeded at 2208.
    Hunk #17 succeeded at 2431.
    Hmm...  The next patch looks like a unified diff to me...
    The text leading up to this was:
    --------------------------
    |diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc
    |index 6d082a01d7..f1cc340192 100644
    |--- a/src/etc/inc/globals.inc
    |+++ b/src/etc/inc/globals.inc
    --------------------------
    Patching file etc/inc/globals.inc using Plan A...
    Hunk #1 failed at 69.
    1 out of 1 hunks failed while patching etc/inc/globals.inc
    Hmm...  The next patch looks like a unified diff to me...
    The text leading up to this was:
    --------------------------
    |diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc
    |index 97fb3d6a3e..51398ca6cb 100644
    |--- a/src/etc/inc/upgrade_config.inc
    |+++ b/src/etc/inc/upgrade_config.inc
    --------------------------
    Patching file etc/inc/upgrade_config.inc using Plan A...
    Hunk #1 succeeded at 5921 (offset -13 lines).
    Hmm...  The next patch looks like a unified diff to me...
    The text leading up to this was:
    --------------------------
    |diff --git a/src/usr/local/www/status_captiveportal.php b/src/usr/local/www/status_captiveportal.php
    |index bdfd441f5a..3963fd2ed5 100644
    |--- a/src/usr/local/www/status_captiveportal.php
    |+++ b/src/usr/local/www/status_captiveportal.php
    --------------------------
    Patching file usr/local/www/status_captiveportal.php using Plan A...
    Hunk #1 succeeded at 268.
    done
    
    ```java
    /usr/bin/patch --directory=/ -f -p2 -i /var/patches/5c32f2a9d342c.patch --check --reverse --ignore-whitespace
    
    Hmm...  Looks like a unified diff to me...
    The text leading up to this was:
    --------------------------
    |diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc
    |index 9b4856f774..b08bd350e0 100644
    |--- a/src/etc/inc/captiveportal.inc
    |+++ b/src/etc/inc/captiveportal.inc
    --------------------------
    Patching file etc/inc/captiveportal.inc using Plan A...
    Hunk #1 succeeded at 227 with fuzz 2 (offset 2 lines).
    Hunk #2 failed at 237.
    Hunk #3 succeeded at 376 with fuzz 2 (offset 3 lines).
    Hunk #4 failed at 399.
    Hunk #5 succeeded at 1513 (offset 1091 lines).
    Hunk #6 failed at 1663.
    Hunk #7 failed at 1709.
    Hunk #8 failed at 1806.
    Hunk #9 failed at 1991.
    Hunk #10 failed at 2047.
    Hunk #11 failed at 2181.
    Hunk #12 failed at 2299.
    Hunk #13 failed at 2321.
    No such line 2773 in input file, ignoring
    Hunk #14 failed at 2770.
    Hunk #15 failed at 2793.
    Hunk #16 failed at 3295.
    Hunk #17 failed at 3505.
    14 out of 17 hunks failed while patching etc/inc/captiveportal.inc
    Hmm...  The next patch looks like a unified diff to me...
    The text leading up to this was:
    --------------------------
    |diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc
    |index 6d082a01d7..f1cc340192 100644
    |--- a/src/etc/inc/globals.inc
    |+++ b/src/etc/inc/globals.inc
    --------------------------
    Patching file etc/inc/globals.inc using Plan A...
    Hunk #1 failed at 69.
    1 out of 1 hunks failed while patching etc/inc/globals.inc
    Hmm...  The next patch looks like a unified diff to me...
    The text leading up to this was:
    --------------------------
    |diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc
    |index 97fb3d6a3e..51398ca6cb 100644
    |--- a/src/etc/inc/upgrade_config.inc
    |+++ b/src/etc/inc/upgrade_config.inc
    --------------------------
    Patching file etc/inc/upgrade_config.inc using Plan A...
    Hunk #1 failed at 5934.
    1 out of 1 hunks failed while patching etc/inc/upgrade_config.inc
    Hmm...  The next patch looks like a unified diff to me...
    The text leading up to this was:
    --------------------------
    |diff --git a/src/usr/local/www/status_captiveportal.php b/src/usr/local/www/status_captiveportal.php
    |index bdfd441f5a..3963fd2ed5 100644
    |--- a/src/usr/local/www/status_captiveportal.php
    |+++ b/src/usr/local/www/status_captiveportal.php
    --------------------------
    Patching file usr/local/www/status_captiveportal.php using Plan A...
    Hunk #1 failed at 268.
    1 out of 1 hunks failed while patching usr/local/www/status_captiveportal.php
    done
    
    
    

  • Rebel Alliance

    @streetsfinest remove what's inside "patch content"

    Then re-fetch your patch (i don't know wtf happened with your patch x) )



  • @free4
    Done!
    0_1546846336987_8bb65df7-9b23-4e6e-9fd9-1a6c22ffd430-grafik.png

    0_1546846353197_0f92d6b3-77e0-4183-9eea-3fbaca60e622-grafik.png 0_1546846365864_3640d31e-03e7-4dad-b7b3-7d0ddf3922ad-grafik.png
    0_1546846381417_65350cd1-aa75-4f56-a65b-dae8ca21a937-grafik.png

    After that i got the same issue as i had before.
    Could it be an issue with custom portal page?



  • I'm seeing the same thing here.

    I guess because @free4 is patching against pfsense:master (a futur "dev" version) and we are using 2.4.4-P1 ?
    Thus files like
    /etc/inc//etc/captiveportal.inc
    /etc/inc/globals.inc
    /etc/inc/upgrade_config.inc
    /usr/local/www/status_captiveportal.php
    are different.



  • When you take
    /etc/inc//etc/captiveportal.inc
    /etc/inc/globals.inc
    /etc/inc/upgrade_config.inc
    /usr/local/www/status_captiveportal.php
    from master (here it is : https://github.com/pfsense/pfsense )then all goes well : I can apply :

    0_1546847918184_630b139c-592b-44dc-90c8-3130170aaff9-image.png

    But : updating these file can have 'nasty' side effects.
    Make local copies of the original files, so you can go back if needed.

    edit : I did this : downloading master files from here : (example) : https://raw.githubusercontent.com/pfsense/pfsense/master/src/etc/inc/globals.inc
    Before overwriting the original /etc/inc/globals.inc make a copie like cp /etc/inc/globals.inc /etc/inc/globals.inc.old
    Do this for the other 3 files also.

    Then Fetch the patch.
    Test the patch (should mark all ok in green : can patch and can revert).
    Apply.

    Going back : Revert.
    Delete /etc/inc/globals.inc
    And move /etc/inc/globals.inc.old to /etc/inc/globals.inc

    mv /etc/inc/globals.inc.old to /etc/inc/globals.inc
    

    Same for the other 3 files.

    Disable the portal.
    Enable the portal
    (last 2 steps are need for database re creation)

    For myself : i'm applying right now ^^


  • Rebel Alliance

    @gertjan said in Any Change And Save Update Captive Portal Bug:

    I guess because @free4 is patching against pfsense:master (a futur "dev" version) and we are using 2.4.4-P1 ?

    You are probably right
    I'll have a look into it later



  • I connected a user "x".
    Then I changed a setting on the captive portal page : like the totally useless "Logout popup window" enabled to disabled, and Save.
    As before, Status => Captive portal showed I was still logged in.
    Inspecting "ipfw table all list" shooed the same thing !! I yes, I was still connected (could surf the net).

    Jan 7 09:08:53 logportalauth 66497 Zone: cpzone1 - Reconfiguring captive portal(cpzone1).
    Jan 7 09:09:27 logportalauth 73286 Zone: cpzone1 - ACCEPT: x, 90:b9:31:77:5e:26, 192.168.2.9
    Jan 7 09:11:01 php-fpm 18906 /services_captiveportal.php: Beginning configuration backup to .https://acb.netgate.com/save
    Jan 7 09:11:07 php-fpm 18906 /services_captiveportal.php: End of configuration backup to https://acb.netgate.com/save (success).
    Jan 7 09:11:07 logportalauth 18906 Zone: cpzone1 - Reconfiguring captive portal(cpzone1).

    My tables with authorized users were still ok ! :

    ipfw table all list
    ...
    --- table(cpzone1_auth_up), set(0) ---
    192.168.2.9/32 90:b9:31:77:5e:26 2090 274 42493 1546848787
    ...
    --- table(cpzone1_auth_down), set(0) ---
    192.168.2.9/32 2091 199 68608 1546848787
    ...
    

    This is looking really good !!

    Btw : I'm using FreeRadius authentication. My test user "x" has a "Amount of Download and Upload Traffic" set to some 10 Mbytes daily. I guess resetting the ipfw entries in tables cpzone1**_auth_up** and cpzone1**_auth_down** and recreating them will imply some loss (values reset), but hey, I can live with that.



  • @streetsfinest said in Any Change And Save Update Captive Portal Bug:

    After that i got the same issue as i had before.
    Could it be an issue with custom portal page?

    You didn't "Apply" - see my image.

    After applying, you should see
    0_1546850464011_a55b4676-0aad-47d7-95d2-6efdd6a2d7fa-image.png

    The patch package can patch IF and only if the original files match exacly what diff should find before patching.
    Otherwise it refuses to patch. Better yet : you can't patch.

    So, as I said, take the four files mentioned above from github master before.

    Btw : I use a home made portal page. Works fine. As long as the portal page has all, the pfSense variables and the 'html' syntax is ok, they all work.



  • @gertjan

    I will try the master files from github.
    But i think it would be better solution if everbody could use the builtin files of the 2.4.4 p1 image.
    When i tried, i did not have the possibilty to click on the "apply button", there was only the "test button" which gave the message that the patch was interrupted. (see the pictures above).



  • @streetsfinest said in Any Change And Save Update Captive Portal Bug:

    But i think it would be better solution if everbody could use the builtin files of the 2.4.4 p1 image.

    @free4 is aware of that

    @free4 said in Any Change And Save Update Captive Portal Bug:

    I'll have a look into it later

    But hey, this is "patching" which means : you have to know something about files and so.
    As said above : ones you have the master files, you can test.

    And be careful : testing means : you'll notice that an issue disappears. What you also might notice : new issues - and these are completely unknown.



  • 2.4.4-P2 is out which means that this patch applies direct : the "Test" doesn't show warnings anymore.



  • i have also problem with my pfsense2.3.5_2
    how can i love the problem sir ?0_1552051474708_Screenshot_7.png


  • Banned

    @netx34 said in Any Change And Save Update Captive Portal Bug:

    i have also problem with my pfsense2.3.5_2

    First step: UPDATE to a currently supported version (2.4.4p2).



  • @Grimson currently im in

    0_1552055207799_Screenshot_14.png

    can i update to the latest2.4.4p2 ? and all the setting and captive portal / wifi user client


  • Banned



  • @grimson thank you sir,


Log in to reply