Portal's intermittent workings and its troubleshooting



  • I have continued testing with CP and these are my findings.

    After I followed the advice of adding ISP's DNS as allowed IPs the CP worked and showed its logon screen ONCE and ONCE only.

    http://forum.pfsense.org/index.php/topic,19585.msg103573.html#msg103573

    When the idle time for the connected client had passed it could still surf without any problem and needed not logon.

    I then deinstalled a number of packages since CP didnt work:

    imspector
    squid
    squidguard
    freeradius

    (A) At this point and after a reboot I could for the first time get CP working as intended!

    I could logon, deconnect, logon again, everything seemed ok.

    After this I reinstalled imspector and voila! CP stopped working again.

    So I deinstalled imspector and rebooted agin.

    So now I'm back at the same stage config wise where CP did work (A) perfectly earlier but now it doesn't, and I have rebooted and reset states several times just to be sure.

    I have enabled/disabled CP and reset states several times but still client can surf. And there's no entry under Status/Captive portal at all.

    Could someone with some more insight into the inner workings of CP try to explain the behavior I have explained here an in the other thread?

    Maybe CP is a stable feature used correctly (and that being having no packages at all?) but I haven't seen it so far and feel a bit stressed about using something that so often has given me problems when used with packages.

    I'm especially interested in how it is possible for the reinstall-deinstall of imspector to completely break CP despite reboots thereafter?

    For me its a large drawback to not be able to use imspector or squid so I have to do some thinking into this. One obvious way would be to add a second pfS box but that's a bad solution at this point since I have taken steps to remove other HW earlier and doing this would be to go in the wrong direction. Maybe a second virtual installation in a server that's already running a few could work but that would increase the number of possible points of error so it doesn't feel good either.

    Ideas and inputs welcome.

    I'm using:
    1.2.3-RC3
    built on Sun Oct 4 07:33:41 UTC 2009
    FreeBSD 7.2-RELEASE-p4 i386

    and all the latest versions of mentioned packages.

    TIA,



  • I have an interesting update.

    I have verified the following:
    On the interface with CP active, http works whereas ICMP (ping) does NOT.
    On other surface (LAN) both works naturally.

    At this time squid is removed but imspector is running.

    Maybe that could give someone some lead.

    –------- UPDATE

    Testing entering http://pfSIP:8000/ manually AND logging on (gives blank page first since one didn't enter another URL first and being redirected) BUT then I CAN ping from the CP interface.

    So, it seems http traffic is unaffected by CP at this interface whereas other protocols may be effected correctly.

    ------ UPDATE

    If I now remove the user manually from status page in pfS the ability to PING on the CP interface stops!
    BUT, browsing still works. I have taken special care to surf new pages to not use browser cache.

    Verified second time that CP doesn't effect http traffic.

    –--- UPDATE

    I have now removed imspector yet again and rebooted.
    ping don't work. http work.

    Verified third time that CP doesn't effect http traffic.

    –-- UPDATE

    It seems that other protocols too are affected correctly, I can not use IRC either on the CP interface. http still work though and no sign of users in CP status page.

    Let me know if there's some specific analysis I could do on traffic to pin this one down.

    Cheers,



  • Ok, I'm at it again and have found some new info in my case.

    I actually had yeat another close to working experience with pfS CP and it happened like this:

    I removed the VLANs I had defined, NOTE however that none of them was in use or assiged to any interface, but they were defined in Interfaces|assign|VLAN

    After I did that CP seemed to suddenly work immediately!

    I culd enable/disable CP on different interfaces and everything worked as expected and logon page was directed to every time it should.

    At this time I was just about to write a "solved" comment to this monologue thread.

    And at this point squid as well as imspector was running and working on both LAN and GUEST interfaces and I could switch between them back and forth.

    Then I did one specific thing that seemed to have killed CP again.

    I, in effort to test stuff out, went to Status|Captive portal and removed the entry there for the client being authenticated through CP. After I did that and still now a long time after - and much after both timeout settins on captive portal settings page have passed - the client in question can surf with no problem or need to re-authenticate at all. I don't see any changes when I changes settings for interface or turn CP on/off - it just stopped working.

    What's up? Can still noone here after my notes make any educated guesses about what's going on?!

    Now I don't even have squid or imspector installed, I removed them both to rule them out in the troubleshooting, but that, even after reboots doesn't change anything. CP worked briefly but now seems vanished again.

    I'm using:

    1.2.3-RC3
    built on Tue Oct 6 01:32:12 UTC 2009
    FreeBSD 7.2-RELEASE-p4 i386

    And I have interfaces like this:

    WAN interface (fxp0)
    LAN interface (xl0)
    GUEST interface (vr0)  - attached to SOHO AP with crossover cable

    Anyone..?


Log in to reply