Carp and captive portal



  • I have 2 routers setup in a carp node. It is working very nicely but I have noticed 2 strange behaviors.

    1. When I add a mac pass through rule to the captive portal on the master it is added to the slave as would be expected. However when I then remove the rule from the master the log shows it does a sync with the slave but the rule is not removed from the slave. I even tried a forced sync from filter reload and it still did not remove the rule. If I add a new pass through to the master it then syncs the new rule to the slave and removes the old one. It looks like the slave is not reading the reload to delete the pass through. I have tried this on several of the latest snapshots and am currently on the latest one.

    2. When a user authenticates in the master captive portal the data is not copied to the slave. However if I unplug the master the slave will pick up operation and continue to allow surfing even the user authentication is not in the captive portal. The problem this presents is that when the master comes back up all users have to re-authenticate to continue to serve. It would be cool if the master would check with the slave and copy any authentications as it comes back online.


  • Rebel Alliance Developer Netgate

    Try the mac passthrough test again but keep one in there, and then add a second, and delete the second.

    There was a bug a while back with aliases where it wouldn't delete the last IP from an alias, and I'm wondering if this might be similar - it deletes just fine but will not delete the last entry from the list.

    Not sure about the CP DB sync bits, someone else may have to check on that. I though if your states and such were setup to sync properly it should keep the state in both directions. Check the CARP settings on the slave and make sure you have the state sync enabled and pointed to the sync IP of the primary (NOTE: That is the state sync, not the xmlrpc sync. That should be off on the secondary. Read the notes under the options for more info)



  • Tried what you suggested with the mac pass through in the captive portal. That is true. all but the last mac will delete. Not a big deal because we almost have more then one mac in the list.

    I was not talking about the states. They are syncing OK. I was referring to the captive portal login info. So in other works when someone logs in through the captive portal that computer info is stored in status/captive portal. That only shows in the master router. It is not shown in the slave. however when the master is taken offline you can continue to surf with re entering the username and password, so the info must be read by the slave somehow. Maybe it just doesn't show on the screen.


Locked