Captive portal stops working after a few days

tseip

Hi,

we have a strange problem with the captive portal since upgrading to version 21.05:

The captive portal works fine, it is currently set with anonymous authentication, so people just have to press a button to access the internet.
After a few days, it suddenly does not show the login page anymore
If I restart the captive portal service, it doesnt works. If I edit it, change nothing and press save, it starts working again - for another few days

The same configuration worked flawless for months in the 2.4 branch.

Any idea where I could look for the error? I see nothing in the system logs that points to an error.

This is the ipfw table while it isn't working:

--- table(cp_ifaces), set(0) ---
lagg0.255 2100 8628399 5185327906 1631093750
--- table(guest_wlan_auth_up), set(0) ---
--- table(guest_wlan_host_ips), set(0) ---
10.255.255.1/32 0 833 123981 1631093440
10.255.255.2/32 0 1518234 109248008 1631093749
--- table(guest_wlan_pipe_mac), set(0) ---
--- table(guest_wlan_auth_down), set(0) ---
--- table(guest_wlan_allowed_up), set(0) ---
1.1.1.1/32 2004 40507 6336551 1631028924
8.8.8.8/32 2006 1432 444604 1631039186
--- table(guest_wlan_allowed_down), set(0) ---
1.1.1.1/32 2005 53370 3772761 1631093748
8.8.8.8/32 2007 13449 984549 1631093749

This is the ipfw table while it is working, directly after "restart":

--- table(cp_ifaces), set(0) ---
lagg0.255 2100 88 7228 1631093812
--- table(guest_wlan_auth_up), set(0) ---
--- table(guest_wlan_host_ips), set(0) ---
10.255.255.1/32 0 0 0 0
10.255.255.2/32 0 14 887 1631093812
--- table(guest_wlan_pipe_mac), set(0) ---
--- table(guest_wlan_auth_down), set(0) ---
--- table(guest_wlan_allowed_up), set(0) ---
1.1.1.1/32 2004 7 752 1631093809
8.8.8.8/32 2006 7 1471 1631093808
--- table(guest_wlan_allowed_down), set(0) ---
1.1.1.1/32 2005 7 433 1631093809
8.8.8.8/32 2007 7 480 1631093808

tseip

@tseip said in Captive portal stops working after a few days:

--- table(guest_wlan_host_ips), set(0) ---
10.255.255.1/32 0 833 123981 1631093440
10.255.255.2/32 0 1518234 109248008 1631093749

Ha! And sometimes just "talking" about it helps:
The script that generates the tables seem to miss the other CARP IP. The current configuration has 10.255.255.1 as CARP VIP and 10.255.255.2-3 are the firewalls. There is only one firewall listed - could this be the problem?

Gertjan

@tseip

Using a lagg interface as the captive portal interface - never tested this myself. Is this for availability ? Bandwith ?
Using 1.1.1.1 or 8.8.8.8.... dono if your captive portal users agree with the fact that you transmit their requests to these companies....
My DNS is the IP of the captive portal's interface.
Behind this interface unbound is running (as a resolver).
Using 2.5.2 for month now, and all the versions before : rock solid.
So, my advise : do less, thus do it better ^^

Neverstopdreaming

@tseip I have the same issue you describe. No portal offered to the clients.
I'm using 2.5.2 version in two different sites with HA on each.
It just stops working after some days on both sites (2 failures in 15 days) and the temporary solution is "edit and save".
I don't think the secondary IP is the reason, it's the standby and it's not used by the clients.
I looked at the logs but I don't find anything that looks interesting.