Captive portal Error sending request: sendto: Permission denied

savago

clog -f system.log
Jul 10 10:49:17 pfSense kernel: load_dn_sched dn_sched FIFO loaded
Jul 10 10:49:17 pfSense kernel: load_dn_sched dn_sched QFQ loaded
Jul 10 10:49:17 pfSense kernel: load_dn_sched dn_sched RR loaded
Jul 10 10:49:17 pfSense kernel: load_dn_sched dn_sched WF2Q+ loaded
Jul 10 10:49:17 pfSense kernel: load_dn_sched dn_sched PRIO loaded
Jul 10 10:49:33 pfSense check_reload_status: syncing firewall
Jul 10 10:50:35 pfSense check_reload_status: syncing firewall
Jul 10 10:53:26 pfSense kernel: IP firewall unloaded
Jul 10 10:53:36 pfSense check_reload_status: syncing firewall
Jul 10 12:35:09 pfSense kernel: ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based forwarding enabled, default to accept, logging disabled
Jul 10 12:35:15 pfSense kernel: in_cksum_skip: out of data by 34425
Jul 10 12:35:16 pfSense kernel: in_cksum_skip: out of data by 15045
Jul 10 12:35:17 pfSense kernel: in_cksum_skip: out of data by 39270
Jul 10 12:35:25 pfSense kernel: in_cksum_skip: out of data by 13770
Jul 10 12:35:28 pfSense last message repeated 2 times
Jul 10 12:35:28 pfSense kernel: in_cksum_skip: out of data by 16320
Jul 10 12:35:30 pfSense kernel: in_cksum_skip: out of data by 10200
Jul 10 12:35:30 pfSense kernel: in_cksum_skip: out of data by 16320
Jul 10 12:35:35 pfSense kernel: in_cksum_skip: out of data by 13770
Jul 10 12:35:37 pfSense check_reload_status: syncing firewall
Jul 10 12:35:44 pfSense kernel: IP firewall unloaded
Jul 10 12:36:09 pfSense check_reload_status: syncing firewall
Jul 10 12:36:21 pfSense kernel: ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based forwarding enabled, default to accept, logging disabled
Jul 10 12:36:26 pfSense kernel: in_cksum_skip: out of data by 16320
Jul 10 12:36:27 pfSense kernel: in_cksum_skip: out of data by 16320
Jul 10 12:36:37 pfSense kernel: in_cksum_skip: out of data by 65025
Jul 10 12:36:40 pfSense check_reload_status: syncing firewall
Jul 10 12:36:46 pfSense kernel: in_cksum_skip: out of data by 49470
Jul 10 12:37:11 pfSense check_reload_status: syncing firewall
Jul 10 12:37:16 pfSense kernel: in_cksum_skip: out of data by 13770
Jul 10 12:38:11 pfSense kernel: IP firewall unloaded
Jul 10 12:38:12 pfSense check_reload_status: syncing firewall

clog -f  portalauth.log 
Jul 10 13:49:41 pfSense logportalauth[23642]: ERROR: tester, 4c:00:10:40:18:43, 192.168.0.245, Error sending request: sendto: Permission denied
Jul 10 13:51:02 pfSense logportalauth[53013]: ERROR: tester, 4c:00:10:40:18:43, 192.168.0.245, Error sending request: sendto: Permission denied
Jul 10 15:36:36 pfSense logportalauth[18125]: ERROR: tester, 4c:00:10:40:18:43, 192.168.0.8, Error sending request: sendto: Permission denied
Jul 10 15:37:15 pfSense logportalauth[45627]: ERROR: tester, 4c:00:10:40:18:43, 192.168.0.8, Error sending request: sendto: Permission denied
Jul 10 15:37:59 pfSense logportalauth[12011]: ERROR: tester, 4c:00:10:40:18:43, 192.168.0.8, Error sending request: sendto: Permission denied

cmb

Not enough info to tell you what's happening. Is that authenticating to RADIUS? Does the RADIUS server reside on the same interface as you have captive portal enabled?

savago

@cmb:

Not enough info to tell you what's happening. Is that authenticating to RADIUS? Does the RADIUS server reside on the same interface as you have captive portal enabled?

RADIUS server is in local network (192.168.0.200/24 with gw 192.168.0.254/24) . pfsense v2 with enabled cp on lan (192.168.0.254/24)

cmb

Then you need a pass-through entry or allowed IP entry for the firewall's interface IP, in that scenario CP will block the RADIUS.

savago

@cmb:

Then you need a pass-through entry or allowed IP entry for the firewall's interface IP, in that scenario CP will block the RADIUS.

Good info.
I have same setup scenario, but with  pfsense v1 and it work.Maybe in v2  ipfw policy is different(i think),but this setup scenario don't work there.
Other,in v2 CP  login procedure is more slowly than v1.Please fix/improve this.

cmb

That same behavior from previous versions should be retained, I opened a ticket. http://redmine.pfsense.org/issues/741

@savago:

Other,in v2 CP  login procedure is more slowly than v1.Please fix/improve this.

I've done a lot of testing, and helped multiple ISPs deploy 2.0 CP in production and never seen any slowness in the login. Would need a pcap of that traffic to determine why it's slow for you.

savago

@cmb:

I've done a lot of testing, and helped multiple ISPs deploy 2.0 CP in production and never seen any slowness in the login.

What accounting/billing software they are using ? Remote disconnection is not available with pfSense,it dos not support remote disconnection using POD packets
,auto disconnection is working via reauthentication in this scenario, pls correct me if i am  wrong.
I would like to increase interim update value (60 ) to 300/600,where to look for this ?

cmb

@savago:

What accounting/billing software they are using ?

CPDI, Platypus, and home brew custom systems, of the ones that I know what they're using.

@savago:

I would like to increase interim update value (60 ) to 300/600,where to look for this ?

I believe in radius.inc.