Captive Portal blocking allowed IP addresses with bandwidth in 2.6.0
I'm sure this is bug introduced in pfSense CE 2.6.0 version, because it showed since we upgraded from 2.5.2 version.
We have devices with static IP address is on allowlist in the captive portal settings. These devices can't connect to internet but they can access firewall via ping to it.
The problem occurs when I set the bandwidth up/down to the allowed ip address to bypass captive portal without authentication. Also, the connection is not cut off immediately after the modification. It is cut off after consuming the amount of data (bytes) set for it by the two bandwidth fields in the captive portal service edit window for zone. I think the limiter (up/down) works here as a quota size for this IP instead of being a speed limit for it.
Note: When we increase the bandwidth value, the connection takes longer time and more packets or a larger amount of bytes event is interrupted by pfSense.
Note 2: To fix this error temporarily, we can just open up their entry in the allowed IPs list, hit the save button, then the stuck devices can communicate with captive portal again.
Has anyone else seen this behavior?
I'm working on collection more information to do a bug report as issue in redmine.pfsense.org
I looked but didn't see anything that matches what I want in the current bug list and topics raised, but there is something similar about "Allowed MAC addresses bypass Captive Portal" as follows:
Bug report is here: (https://redmine.pfsense.org/issues/14020).
From what I recall , these issues were solved with patches pfSense package ages ago :
The bad news : you have to dig them up, here, in this forum or redmine.
The good news : 2.7.0 - coming out soon - will take care of things.
I was using 2.6.0 quiet long time, and issues (important to me) were solved after some forum interaction.