Pfsense, No internet when it is said "You are connected".
-
@johnpoz this is the whole problem with pf now. Unfortunately we do indeed have many of these. We do use these for CP. Users Macs/iPhones/androids all get the error that indeed says just that. Now we have another revision that feels like we are beta testing software and troubleshooting.
I indeed have more information about this is related to users that have logged in before and try again. The only difference on these boxes is the firmware update.
Instead of believing customers and helping solve their issues. Just saying BS. Why would we login to lie about an issue? This is an unfortunate turn.
-
@MTNet and the browers says you are connected but never by passes it and no internet if you close it. It’s the same problem detailed above..
-
But what problem are you actually seeing? Which post above are you saying you have the same problem as?
We can only guess at this point.Edit: Ah,OK I see your second reply there now.
Did you try the patch suggested above?
Does it fail when the connection is lost or seemingly at random?
Steve
-
Once the user gets the page they always get the page. Reboot of the device and pfsense don’t clear it.
Honestly we have been migrating CP off of pfsense. So we didn’t spend much time troubleshooting. We’ve tried deleting it and recreating it all of the above short of downgrading.
We had some short term success upgrading and then the user reauthed the first time then later the issue can back.
-
The point is anyone running 100 sites should be able to provide actual troubleshooting information instead of just saying "mine doesn't work either."
It takes time to build out a duplicate network that might (might) imitate the issue you are having.
If you are experiencing the problem then you already have an environment (or 100 of them, apparently) Where is the break down? Is it DNS? DHCP? Is it ipfw? Is it pf? does the captive portal entry still exist? Is the IP address/MAC address pair changing from the pair that was logged in? Anyone running 100 captive portals ought to know exactly what the pieces are necessary for the user experience. Which one is breaking?
Lots of possibilities there. At this point what is wrong is a mystery for lack of specific troubleshooting information provided.
-
Did you read this forum? If you are familiar with these at all you would have most of the questions you just asked answered.
-
- we have over 100 so it’s not isolated
2 they stopped working with a recent update.
3 you’re getting dhcp because you are getting redirected to the page that says your connected
4 if it’s the first time logging in you connect fine. Not dhcp/ipfw/dns
5 users are reporting that downgrading fixed their issue.
Seems like a ton of technical information right there to me.
- we have over 100 so it’s not isolated
-
Still nothing actionable. What did you contribute to a better understanding of the issue?
-
@MTNet said in Pfsense, No internet when it is said "You are connected".:
Seems like a ton of technical information right there to me.
Actually ZERO of it!!
-
Well, we're talking about the "You are connected" bug, so, the why and what is known for months now.
There was a solution, actually two solutions available as patches, one was abandoned and the remaining one isn't compatible with 2.4.4-p3 at the moment.
https://github.com/pfsense/pfsense/pull/4042 - see the bottom.A initial work around works well, though :
Do not edit portal settings when users are connected.
Or
If you have to edit portal settings , just hit this button after the edit :
-
That wouldn't be fixed by downgrading pfsense.. According to the redmine all version are affected by this bug.
So he is saying he is editing the CP settings at 100 sites? To cause this?
There is zero "technical" information provided by him..
-
Mmm, editing the captive portal at every site seem unlikely at best.
If that is the case though a better post would have been 'We are seeing the same symptoms described here: https://redmine.pfsense.org/issues/8616'.
You say you have tried 'all of the above', does that mean you tried that patch and it didn't work for you?
Steve
-
^ exactly zero useful info..
If you read his first post from another thread he is running "2.3.4 p1" and can not update, etc..
So he has 100 sites all running 2.3.4 - WTF???
-
@stephenw10 said in Pfsense, No internet when it is said "You are connected".:
you tried that patch and it didn't work for you?
I used one of the patches, the now retired version of @free4, on 2.4.4-p2.
That solved the issue that wasn't really an issue for me. I stopped editing the captive portal config years ago. -
That’s fine then. If you are from Netgate you know who we are and we are not lying about the number of units. If you would like to ASK questions that would help solve this feel free. I’m not going to argue with if enough information was provided.
As said the only difference is updating. And they are updated to the latest.
We are not editing CP.
-
@Gertjan that helped initially then we had users report it again.
-
My point was not that you were lying about the number of units.. Not trying to argue with you... My point is that you have provided ZERO info in trying to help you that is worth anything..
So you updated all of your 2.3.4p1 boxes to 2.4.4p3 and now they have a connected but no internet problem... And you are not editing any captive portal settings when this happens?
And then you roll back to what 2.4.4p1? And your saying you have no issues? Or you rolling them back to 2.3.4?
If your not editing the captive portal then your issue is not related to the current redmine issue being discussed..
I find it difficult to comprehend that someone that has 100 some deployments has no clue how too provide actual useful info the problem they are experiencing.
-
Your first post said you called BS. Sorry but that’s not how we prefer to operate. It puts people that could help in a defensive position and that doesn’t seem to be a good spot to help.
You are still insulting us. Have a good day.
-
@MTNet said in Pfsense, No internet when it is said "You are connected".:
If you are from Netgate you know who we are and we are not lying about the number of units.
Indeed I do and you are not.
So you are seeing something slightly different to what others here have reported though it seems likely to be related.
It's the first time I'm been made aware that this is affecting users when the captive portal has not been changed and re-saved.
Just to be clear do you know what version you first saw this on? It looks like the re-saving issue appeared in 2.4.4. It would not surprise me to find whatever variant you are hitting did also.
Steve
-
Hello everyone,
Let's try to calm down okay?@ohbobva , @MTNet and @jurhein I understand that this problem is very annoying. To this date, you (and everyone having facing this captive portal problem) have 3 options :
- Click on "Disconnect All" every time you reboot your pfSense or edit some captive portal settings
- Install the patch that has been chosen to address this issue. I updated my previous post to provide guidelines on how to install this patch on 2.4.4-p3.
- Downgrade your pfSense to a previous version. This issue is present on all 2.4.X version, 2.3.X are unaffected. Because of the multiple production and security fixes made in 2.4.4 I would not recommend doing this however.
On Netgate side ( @Derelict , @stephenw10 @rbgarga )...would it be possible to merge pull request 4042 quite quickly, if possible ? This PR is ready to be merged, and is resolving a very impacting problem for pfSense's captive portal (as you can see from angry comments on this thread...)
-
I'll poke the devs.
Have you seen this issue outside making changes to the captive portal?
Steve
-
@stephenw10 yes..kind of.
I originally faced the issue as a regular pfSense user. I am part of a network/infra team for an IT university, we are running pfSense captive portal for LAN events. We encountered the issue during one of these events.
Few weeks/month after the event, I tried to reproduce the bug using lab environment/VM (the idea was to check vaguely what caused this issue, was it reproducible?). I created the redmine ticket at that time.
I tried to understand the root cause ("when and what introduced this bug?") only few month later (for those interested, the root cause is explained at the end of this post)
-
Update :
I re applied the patch https://github.com/pfsense/pfsense/pull/4042.diff (this is the "patch ID" I used).
/etc/inc/captiveportal.inc was complaing with one chunck (the 12th one) because in "master" there is a new function :
function captiveportal_reserve_ruleno($ruleno)
so I decides to make a backup of my /etc/inc/captiveportal.inc and and replace it with the master version ( https://raw.githubusercontent.com/pfsense/pfsense/master/src/etc/inc/captiveportal.inc ).Now, the patch applies perfectly well.
Great work !
Again : applied against "2.4.4-p3" with updated (current Master) /etc/inc/captiveportal.inc
-
Ok, great.
@Gertjan I assume you are seeing this fix the issue that locks users out if you edit the captive portal?
@MTNet Can you test this patch to confirm it fixes the variant you're seeing? I'm not sure anyone else is seeing this without editing the config. If anyone else is though please test this patch against 2.4.4p3.
Steve
-
@stephenw10 said in Pfsense, No internet when it is said "You are connected".:
@Gertjan I assume you are seeing this fix the issue that locks users out if you edit the captive portal?
Yep.
It's all here : https://github.com/pfsense/pfsense/pull/4042 ^^@stephenw10 said in Pfsense, No internet when it is said "You are connected".:
I'm not sure anyone else is seeing this without editing the config.
Oh, they will. It's a valid for every captive portal setup.
- Your portal is used.
- You edit the portal config page : ipfw firewall rules are flushed, but database contains still the logged in user.
- You win : you'll see the "You are already logged in" text.
But .... because there are close to none-admins that edit their captive portal settings page after an initial system setup,, the error isn't really known - doesn't show up ...
I could see the error because I actually was looking for it.Btw : I borrowed the latest version /etc/inc/captiveportal.inc from "Master" so I might benefit other pull requests.
-
Right exactly. That patch was proven against p2 to fix the issue after editing. I would expect it to work against p3 also.
The question is; is anyone else, other than @MTNet, seeing this issue without editing the config?
If they are it needs testing against that situation.Steve
-
Why should we need any testing? MTNet has 100 deployments and its happening on all of them ;) <rolleyes>
And the overwhelming amount of technical info provided should be enough... I mean it could be put into a book its so detailed..
-
@Gertjan said in Pfsense, No internet when it is said "You are connected".:
Update :
I re applied the patch https://github.com/pfsense/pfsense/pull/4042.diff (this is the "patch ID" I used).
/etc/inc/captiveportal.inc was complaing with one chunck (the 12th one) because in "master" there is a new function :
function captiveportal_reserve_ruleno($ruleno)
so I decides to make a backup of my /etc/inc/captiveportal.inc and and replace it with the master version ( https://raw.githubusercontent.com/pfsense/pfsense/master/src/etc/inc/captiveportal.inc ).Now, the patch applies perfectly well.
Great work !
Again : applied against "2.4.4-p3" with updated (current Master) /etc/inc/captiveportal.inc
tried this steps in 2.4.4-p3. patched works but the problem is the users who are logged already in captive portal are not displaying in the captive portal status (active users)? and in the services for captive portal users, numbers of users is 0. Have you encountered this?
right now I am using 2.3.2 version. waiting for the fix to the latest version of pfsense.
thanks!
-
Please be specific about what circumstances you are seeing that under. As far as I'm aware with that patch applied in 2.4.4p3 editing the captive portal and re-saving no-longer results in users logged in but unable to connect.
However there seems to be another set of reports here for the case in which users are falling into that situation without the captive portal having been edited. If that is happening the patch would likely not address that.Steve
-
( https://raw.githubusercontent.com/pfsense/pfsense/master/src/etc/inc/captiveportal.inc ).
what i did to fix the issue is i replace the original captiveportal.inc with the captiveportal.inc from "master" w/o patching using winSCP.
sorry for my english
-
@jurhein said in Pfsense, No internet when it is said "You are connected".:
( https://raw.githubusercontent.com/pfsense/pfsense/master/src/etc/inc/captiveportal.inc ).
what i did to fix the issue is i replace the original captiveportal.inc with the captiveportal.inc from "master" w/o patching using winSCP.
sorry for my english
can you check the captive portal status (active users), if connected users are showing and in the service for captive portal users, if numbers of users is 0. thanks!
-
So are you seeing that just happen spontaneously without editing the captive portal?
Steve
-
@dyobetem
yes the connected users are showing and in the service for captive portal users the number is not 0, again i did not run the patch using system patches [package] what i did is replacing the captiveportal.inc using winSCP.. im on latest version 2.4.4 p3, and im using a shellcmd package [captiveportal_disconnect_all.php] so that when you restart the pfsense all users disconnect and then re-login
sorry my english is not good
-
@jurhein said in Pfsense, No internet when it is said "You are connected".:
@dyobetem
yes the connected users are showing and in the service for captive portal users the number is not 0, again i did not run the patch using system patches [package] what i dead is replacing the captiveportal.inc using winSCP.. im on latest version 2.4.4 p3, and im using a shellcmd package [captiveportal_disconnect_all.php] so that when you restart the pfsense all users disconnect and then re-login
sorry my english is not good
care to share that shellcmd package [captiveportal_disconnect_all.php] nad how to use that?. I want to try this also. as of now I am using 2.3.2 version of pfsense and I want to try the latest for my captive portal. thanks!
-
How is it we have people still on the 2.3 line - and not even the latest in that line?? That whole 2.3 line has been EOL and was warned about it for well over a year.
if anything why are you not on 2.3.5p2 ?
-
yeah its true that it has been EOL. maybe its just a personal preference for some of us to used that version (users using 2.3.2) and maybe some users don't want to upgrade :)
-
using the shellcmd and script is working perfectly after pfsense reboot. all connected users in captive portal are disconnected and need to login again. (this is for 2.4.4 p3 without replacing the captiveportal.inc (from master)
when i tried to replaced the captiveportal.inc it and reboot my pfsense and login again my voucher. voucher login success but its not diplaying the voucher i am using in my captive portal status and number of users connected is 0.
-
- proof that may captiveportal fix [pfsense 2.4.4 p3]
- edit captiveportal while users are login
- reboot pfsense and re-login [captive portal status and number of users connected is not 0]
- credits to @Gertjan
https://www.youtube.com/watch?v=ffZYJ3iBS10
-
that fix is using the php file (captiveportal_disconnect_all.php), and yes that is perfectly working after rebooting the pfsense.
how about the file (captiveportal.inc) that you replaced using the captiveportal.inc(master) in this link: https://raw.githubusercontent.com/pfsense/pfsense/master/src/etc/inc/captiveportal.inc
when i tried that replacing via winscp. logged in captive portals is not showing in the captive portal status and no. of users is 0. you've post in this thread that you replaced it with a new captiveportal.inc from the said link.
-