Sync captive portal logged in state



  • Hi

    i am wondering if there is a solution for the problem described below :
    https://redmine.pfsense.org/issues/4552

    i've 2 firewalls, version 2.4.3, high availability configured for each interface, and also DHCP server and captive portal configured

    the problem is that clients can get IP from the both DHCP servers, it's fine, but when trying to access internet, if the client get authenticated via the captive portal of the backup, he still cannot have access to internet even if the authentication is success, because he is listed only on the Backup whereas the active gateway is on the Master who still doesn(t know that the user is logged because the state of the logged users aren't synced between the backup to the master

    is there a way to sync captive portal logged users between the Master and the Backup ?

    thanks a lot


  • Netgate

    Sounds like you have not set up your DHCP correctly.

    In general, when you run HA, you configure the DHCP server to give the CARP VIP on that interface as the default gateway. Else it will give them the interface address which is almost certainly not what you want.


  • Netgate

    @citronvolcano said in Sync captive portal logged in state:

    is there a way to sync captive portal logged users between the Master and the Backup?

    Not that I know of. Last time I ran an HA captive portal I am pretty sure I told it not to sync the CP settings and just disabled the captive portal on the secondary. In the event of a failover it was better to just allow the traffic than to break 3000 CP sessions all at once.

    Yes, there would be a "vulnerability" in that a savvy user could just manually set their gateway to the secondary's interface address and bypass the portal but that was deemed a lesser concern. The access was "free" anyway. The primary reason HA was implemented was keeping the front desk from getting slammed in the event of a failure, which equates to keeping the guests happy.