Captive portal Error sending request: sendto: Permission denied



  • 
    clog -f system.log
    Jul 10 10:49:17 pfSense kernel: load_dn_sched dn_sched FIFO loaded
    Jul 10 10:49:17 pfSense kernel: load_dn_sched dn_sched QFQ loaded
    Jul 10 10:49:17 pfSense kernel: load_dn_sched dn_sched RR loaded
    Jul 10 10:49:17 pfSense kernel: load_dn_sched dn_sched WF2Q+ loaded
    Jul 10 10:49:17 pfSense kernel: load_dn_sched dn_sched PRIO loaded
    Jul 10 10:49:33 pfSense check_reload_status: syncing firewall
    Jul 10 10:50:35 pfSense check_reload_status: syncing firewall
    Jul 10 10:53:26 pfSense kernel: IP firewall unloaded
    Jul 10 10:53:36 pfSense check_reload_status: syncing firewall
    Jul 10 12:35:09 pfSense kernel: ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based forwarding enabled, default to accept, logging disabled
    Jul 10 12:35:15 pfSense kernel: in_cksum_skip: out of data by 34425
    Jul 10 12:35:16 pfSense kernel: in_cksum_skip: out of data by 15045
    Jul 10 12:35:17 pfSense kernel: in_cksum_skip: out of data by 39270
    Jul 10 12:35:25 pfSense kernel: in_cksum_skip: out of data by 13770
    Jul 10 12:35:28 pfSense last message repeated 2 times
    Jul 10 12:35:28 pfSense kernel: in_cksum_skip: out of data by 16320
    Jul 10 12:35:30 pfSense kernel: in_cksum_skip: out of data by 10200
    Jul 10 12:35:30 pfSense kernel: in_cksum_skip: out of data by 16320
    Jul 10 12:35:35 pfSense kernel: in_cksum_skip: out of data by 13770
    Jul 10 12:35:37 pfSense check_reload_status: syncing firewall
    Jul 10 12:35:44 pfSense kernel: IP firewall unloaded
    Jul 10 12:36:09 pfSense check_reload_status: syncing firewall
    Jul 10 12:36:21 pfSense kernel: ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based forwarding enabled, default to accept, logging disabled
    Jul 10 12:36:26 pfSense kernel: in_cksum_skip: out of data by 16320
    Jul 10 12:36:27 pfSense kernel: in_cksum_skip: out of data by 16320
    Jul 10 12:36:37 pfSense kernel: in_cksum_skip: out of data by 65025
    Jul 10 12:36:40 pfSense check_reload_status: syncing firewall
    Jul 10 12:36:46 pfSense kernel: in_cksum_skip: out of data by 49470
    Jul 10 12:37:11 pfSense check_reload_status: syncing firewall
    Jul 10 12:37:16 pfSense kernel: in_cksum_skip: out of data by 13770
    Jul 10 12:38:11 pfSense kernel: IP firewall unloaded
    Jul 10 12:38:12 pfSense check_reload_status: syncing firewall
    
    
    
    clog -f  portalauth.log 
    Jul 10 13:49:41 pfSense logportalauth[23642]: ERROR: tester, 4c:00:10:40:18:43, 192.168.0.245, Error sending request: sendto: Permission denied
    Jul 10 13:51:02 pfSense logportalauth[53013]: ERROR: tester, 4c:00:10:40:18:43, 192.168.0.245, Error sending request: sendto: Permission denied
    Jul 10 15:36:36 pfSense logportalauth[18125]: ERROR: tester, 4c:00:10:40:18:43, 192.168.0.8, Error sending request: sendto: Permission denied
    Jul 10 15:37:15 pfSense logportalauth[45627]: ERROR: tester, 4c:00:10:40:18:43, 192.168.0.8, Error sending request: sendto: Permission denied
    Jul 10 15:37:59 pfSense logportalauth[12011]: ERROR: tester, 4c:00:10:40:18:43, 192.168.0.8, Error sending request: sendto: Permission denied
    
    


  • Not enough info to tell you what's happening. Is that authenticating to RADIUS? Does the RADIUS server reside on the same interface as you have captive portal enabled?



  • @cmb:

    Not enough info to tell you what's happening. Is that authenticating to RADIUS? Does the RADIUS server reside on the same interface as you have captive portal enabled?

    RADIUS server is in local network (192.168.0.200/24 with gw 192.168.0.254/24) . pfsense v2 with enabled cp on lan (192.168.0.254/24)



  • Then you need a pass-through entry or allowed IP entry for the firewall's interface IP, in that scenario CP will block the RADIUS.



  • @cmb:

    Then you need a pass-through entry or allowed IP entry for the firewall's interface IP, in that scenario CP will block the RADIUS.

    Good info.
    I have same setup scenario, but with  pfsense v1 and it work.Maybe in v2  ipfw policy is different(i think),but this setup scenario don't work there.
    Other,in v2 CP  login procedure is more slowly than v1.Please fix/improve this.



  • That same behavior from previous versions should be retained, I opened a ticket. http://redmine.pfsense.org/issues/741

    @savago:

    Other,in v2 CP  login procedure is more slowly than v1.Please fix/improve this.

    I've done a lot of testing, and helped multiple ISPs deploy 2.0 CP in production and never seen any slowness in the login. Would need a pcap of that traffic to determine why it's slow for you.



  • @cmb:

    I've done a lot of testing, and helped multiple ISPs deploy 2.0 CP in production and never seen any slowness in the login.

    What accounting/billing software they are using ? Remote disconnection is not available with pfSense,it dos not support remote disconnection using POD packets
    ,auto disconnection is working via reauthentication in this scenario, pls correct me if i am  wrong.
    I would like to increase interim update value (60 ) to 300/600,where to look for this ?



  • @savago:

    What accounting/billing software they are using ?

    CPDI, Platypus, and home brew custom systems, of the ones that I know what they're using.

    @savago:

    I would like to increase interim update value (60 ) to 300/600,where to look for this ?

    I believe in radius.inc.


Log in to reply