Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal performance issues - specifically with UDP

    Captive Portal
    2
    4
    621
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AndrewDuey
      last edited by

      Oh pfSense gods please help me with my plight :)

      We have a video streaming device which resides in a vlan that where captive portal is active. We are seeing high frame loss (enough to make the video stream un-viewable despite it being around .5% of video frames) between this segment and the main LAN. We do not see video frame loss inside this network segment (where it doesn't pass through the pfsense firewall) but do high video frame loss when traversing the firewall. If I disable captive portal then things look great but when I re-enabled captive portal then video frames drop left and right.

      The streaming appliance is using the RTSP protocol (UDP video transport). The stream looks to be about 12mbps for the quality we're sending. All switching equipment are mid-level Extreme Networks switches with a minimum of 1G ports.

      If I re-enable captive portal and switch to using RTSP over TCP (TCP port 8080) then things look dramatically better but you can tell there are still some underlying network issues (lag, and still the occasional lost video frame).

      Pinging the video streaming device from inside the same vlan (no firewall but same number of switches) all ping times are <1ms with 0% loss yet pinging it from the main LAN I get an average 33ms with spikes up to 200ms! (still 0% loss) so clearly crossing the firewall is an issue.

      Running internet bandwidth tests from both segments said things are running well (pushing over 100mb x 100mb) and that's out across the internet yet somehow we can't push 12mb across firewall with captive portal enabled.

      It doesn't appear to be bandwidth (see above speed test) or CPU related (gui shows 1% CPU utilization when we see the issue on a 8 core x HT box).

      I have added the MAC address of the streaming device to the captive portal allow list and added it's IP to the approved list (although it didn't make a difference so I removed it).

      Anyone have any ideas? I need captive portal enabled on this segment (and yes there's an engineering reason to have this streaming device inside this network segment).

      My background: I've been running pfsense for about a decade and know my way around really well. I've also googled the heck out of this thing and came up with nothing.

      We're running Netgate XG-1537 hardware and pfsense 2.4.4-RELEASE-p2.

      Thanks in advance!

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @AndrewDuey
        last edited by

        @AndrewDuey said in Captive Portal performance issues - specifically with UDP:

        We have a video streaming device which resides in a vlan that where captive portal is active

        The video device is on the same LAN as the the visiting user ?
        I that case the captive portal isn't event used to access this device.
        Can this device access the Internet ? It's gateway setup is correct ? DNS ?

        @AndrewDuey said in Captive Portal performance issues - specifically with UDP:

        I have added the MAC address of the streaming device to the captive portal allow list and added it's IP to the approved list (although it didn't make a difference so I removed it).

        Normally, the IP and or MAC of the server-type of device on a captive portal LAN should be white listed. In that case, it's like the captive portal isn't there for that device.

        Did you try to replace all AP's with pure wired connection ?

        There is no reason why UDP frames should be dropped.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        A 1 Reply Last reply Reply Quote 0
        • A
          AndrewDuey @Gertjan
          last edited by

          @Gertjan Thanks for the reply.

          Most clients are inside the same vlan/subnet and you are correct, they don't pass through captive portal (or the firewall) at all. These clients work great.

          We do have a few clients that are outside the Guest VLAN/subnet on the main LAN. These are the clients that are connecting through pfSense to get to the Video server. When captive portal is enabled on the guest VLAN/subnet we see massive video frame drops (the video is nearly worthless). As soon as we disable captive portal, POW, it's great.

          We did this as an all wired solution and we are seeing these drops before even throw wireless into the mix.

          Thanks,
          --Andrew

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            What are the firewall rules for this VLAN ?

            Can't really help you with VLAN setup itself - but you can test this : hook up the AP on the LAN, and activate a captive portal on LAN. You see the same issue ?

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.