Upgrade 2.5.2 to 2.6.0, upgrade success, Limiters not passing
-
So, I am actually experiencing this problem on 2.6.0 with limiters, without Captive Portal enabled. We were using Captive Portal a week ago, but we just switched over to using just RADIUS MAC authentication. I actually upgraded to 2.6.0 in the middle of the migration (that was a really poor choice as now I can't revert) and had to disable Captive Portal earlier than anticipated. I had tried the Captive Portal patch while we were still using Captive Portal, but that caused so much lag that I instantly reverted and didn't have time to do any further testing. After finishing the migration, I tried setting up limiters and found that they couldn't work without the Captive Portal patch either. I installed the patch again, and I was able to limit the downstream bandwidth for individual users (for some reason I can't get upstream limiters to work, but that is probably just a poor configuration on my part). When I enable the limiters, I start dropping tons of packets as soon as the link comes under load from my host (even with a very small load like a video game).
-
Check if ipfw is still active. Try running
ipfw showat the command line.
It should return an error. If if returns a list of ipfw rules then it's still active and Limiters cannot work correctly. If you have not rebooted since disabling the CP then do so.Steve
-
@stephenw10
'ipfw show' returns an error:
ipfw: retrieving config failed: Protocol not available
And I have definitely rebooted since disabling Captive Portal. That was certainly a good suggestion, though, as I have 100 users and try to reboot as seldom as possible. -
Hmm so how exactly do you have the Limiters configured?
I've not been able to replicate any issues as long as ipfw is not enabled.
-
@stephenw10
So, I did some more testing today and discovered that normal traffic over the limiters isn't causing any issues. It is actually only specific video games that are experiencing the issue. When I launch a multiplayer game of Heroes of the Storm with the limiters, my latency goes through the roof and I start dropping packets, but without the limiters, it works better, but with still some packet loss. However, I run a co-op vs AI game with the limiters enabled and I have no problems at all. I tried Overwatch, and a multiplayer game blows up my connection so badly that I get instantly disconnected, whether or not I have the limiters enabled. It looks like I am on the wrong thread, I apologize. I'll have to do some more research to figure out where I should actually be posting this. As of note, I didn't have this issue on 2.5.2 and I did the uPnP and latency spike patch at the same time as the captive portal patch. Sorry for not testing further earlier, Steve. -
No worries, thanks for confirming.
-
@destello Apologies if I missed it somewhere but may I ask what the latency spike patch is? I'm running 2.6.0 CE, bare metal, no captive portal, and getting terrible latency spikes and packet loss on heavy parallel downloads even when I limit to 12% or less of my downstream cap. I'd heard of the captive portal issue but your mention here is the first I recall seeing with respect to a latency spike patch. Thanks!
-
This, in the System Patches package:
Steve
-
Bingo!! Disable Limiters was the solution for me.
Where limiters are actives the ping to google.com crush every time but ping 8.8.8.8 answer without problem; with limiters disable ping to google and 8.8.8.8 are ok -
Test a 2.7 or 22.05 snapshot if you can. Limiters + Captive Portal is fixed there.
-
@stephenw10 Just to confirm, there is no System Patch to fix the Captive Portal/Limiter interaction on 22.01, the only option is to disable Captive Portal or upgrade to the Beta/Devel Branch of 22.05?
I couldn't see anything regarding this on the System Patches Package.
-
That's correct, there is no run-time patch for the issue.
https://redmine.pfsense.org/issues/12954Steve
