Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hard timeout doesn't work

    Scheduled Pinned Locked Moved
    Captive Portal
    2
    5
    553
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guntery
      last edited by

      Hi all,

      I'm about to start from scratch as this feature is not working. Idle timeout works fine.

      I gather there is a cron every minute which checks each client. I have made the Hard timeout 5mins.

      When I hover over the client in CP status it shows the idle timeout and session but nothing about hard timeout.
      Nothing is showing in the logs - I expected a DISCONNECT log

      I am using external radius auth. Any ideas how to debug it?

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @guntery
        last edited by Gertjan

        @guntery said in Hard timeout doesn't work:

        I gather there is a cron every minute which checks each client.

        Correct.
        You can even see it :
        Access the console, option 8 and type

        ps ax | grep 'prune'

        Every 60 seconds it executes, checks all connected users, and do what "needs to be done".

        But .... if a (the FreeRadius) package is used for your portal instance, then things like hard time out , soft time out (and more) are controlled by radius - so you have to set things up over there.
        That is, I'm pretty sure it would work like that.

        edit : I tested :

        When I set a time out of 5 minutes :

        fe2409e8-89b2-4f33-854f-62c9bbb79582-image.png

        and this suer logs in (it' me) I see a :

        bf45b855-43f2-42ce-a959-1cc52d724dee-image.png

        after 5 minutes.
        It's a SESSION TIMEOUT. Somewhat the same thing as a "DISCONNECT" I guess.
        And of course, the user was disconnected.

        So, it works ....

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • G
          guntery
          last edited by

          Thanks,
          you are correct the idle timeout and hard timeout are ignored. damn!

          Is there a command line method to DISCONNECT a user?

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @guntery
            last edited by

            @guntery said in Hard timeout doesn't work:

            Is there a command line method to DISCONNECT a user?

            No one ready right now.
            There is a command line script that disconnect all users from all portal instances, published by myself and others in this forum part.

            But first, you have visit this GUI page :

            5d3b5177-2d78-4e9c-92e1-72860d4b9bd8-image.png

            Hover your mouse of the dustbind of the user you want to disconnect.
            Now, have a look at the second most information shown on your screen :

            8450a23e-4d09-490e-ad63-2042f0cabdc6-image.png

            and there you see how to select the to be disconnected using its "connection ID", the "f273c20eb7b0174c" string in my example.

            Now you have everything to do a "SELECT" upon the connected user database, and have it removed.

            You'll be needing probably the "pfSense Ultimate Manual**" , to guide you when modifying the PHP command line script file.

            ** The source code - you have a copy already

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • G
              guntery
              last edited by

              @Gertjan said in Hard timeout doesn't work:

              pfSense Ultimate Manual

              thanks for that (https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-book.pdf)

              it shows a little more detail on the hard timeout. And mentions radius. It looks like it actually should work regardless of authentication method...

              I found under the CP authentication section there is a Session timeout check box for "Use RADIUS Session-Timeout attributes"

              If I disable this the hard timeout works with freeradius! cheers

              1 Reply Last reply Reply Quote 0
              • First post
                Last post