Captive Portal - mac pass through sometimes fails



  • I don't want to post as a redmine bug just yet, in-case I might ask for some advice:

    Scenario:

    I have a list of macs in the captive portal mac-pass-through list.
    Sometimes the pass-through will not work, and the user will be directed to the CP login page. (happened now with 3 different users/macs out of approx. 20)

    After login, (as I have the CP configured to automatically add authenticated user to MAC-pass-through list), then the MAC will appear in the list with the text "Automatically added….". However, in the list that same MAC now appears twice!

    Furthermore- if someone logs in AGAIN, the MAC-pass-through might show the same mac 3 or 4 times! That causes some errors in the system log, so perhaps the same MAC should not be added if it already exists!

    But, my main concern is why it happens (that someone listed in the list cannot "pass through" ). What conditions might cause that?

    Could it be another user "spoofing" the mac address, so 2 computers try to connect with the same mac and something fails?

    Any advice on how to diagnose the root of the trouble would be greatly appreciated. Than I can post something useful to redmine, instead of just observations!

    Thank you.



  • Same problem here, or very similar.  I have about 20 users in the pass-through mac list, and once in a while someone doesn't "pass-through", i mean, they are getting the login-page, even though it normally works fine.  This is a serious problem, because I can't trust that users will continue to have access.

    This has happened with several of the latest snapshots that I have been using, both i386 and amd64.  Most recent is amd64 built on Wed Jul 13 23:14:07 EDT 2011.

    Simply accessing the pass-through entry in question and re-saving clears the problem.  I think this is a bug, there is a bug post by mickey holland #1370 about not showing pass-through activity in the status page… but nothing about it failing.

    Any ideas?  Should I post this as a bug?



  • Fairly sure i solved the matter with some config changes. As I recall, we had a router which was overiding the macs, but later we configured our routers to layer 2 transparent mode and all was fine.



  • hmmm… I don't think i have that situation, nothing that should change the mac... it's like the pfsense box just "forgets" one or more entries until i manually re-add it, then it "remembers".  Actually i'm not positive it's ever done more than one at a time, but for some reason i think it has.  If there is something flaky in my network, something misbehaving, it shouldn't fix it to re-save the pass-through-mac entry.

    Too bad i can't find any log that would have any entry about a user being allowed or denied by the pass-through-mac!

    I just shut it off for now, can't have users suddenly unable to access the internet.

    Does anyone know of something, a log deep inside perhaps that i can check out if this happens again so that i can give more information on the problem?  Now the only thing i can say is, "Sometimes the pass-through doesn't work until the entry in question is re-saved."  Oh, also, it did seem to happen after I had added a new entry (failure happened with an old entry), but not sure if that was always the case.


Log in to reply