CP works/prompts client to authenticate one day, not the next?



  • Hi - I have pfSense 2.0 RC3 setup with Captive Portal.  Encountered an issue where a particular client PC is prompted (correctly) to login on day 1.  Authenticates.  Is able to successfully browse the web.  No issues.  However on day 2, the same client connects to the access point (open, no encryption), but is not prompted to authenticate through the captive portal.  As a result, they cannot browse the web at all.  Even if I try to force the client to 192.168.1.1:8000 portal to the login page, it still doesn't load the authentication page.  Whereas, if I turn on a second client laptop PC and connect to the same access point, it is prompted by the captive portal to authenticate.  I've tried to ipconfig /release and /renew on the problematic machine without success.  Even tried to flush the temporary internet cache files on the problematic PC and it still didn't work.  What causes this?



  • What authentication method? (user name and password? voucher? radius?)

    What timeout?

    @miles267:

    However on day 2, the same client connects to the access point (open, no encryption), but is not prompted to authenticate through the captive portal.  As a result, they cannot browse the web at all.

    Did the client attempt to browse the web and fail OR did they not see the authentication page and conclude they wouldn't be able to browse the web?

    @miles267:

    I've tried to ipconfig /release and /renew on the problematic machine without success.  Even tried to flush the temporary internet cache files on the problematic PC and it still didn't work.  What causes this?

    Maybe the client needs to get a new IP address to be forced to authenticate and the DHCP server just renewed the old address.

    I suspect the client didn't logout and just reconnected before the captive portal session timed out.

    I've been using CP for some months now and not seen any problem with vouchers not timing out. (I've been testing with 5 hour voucher timeout.) When I haven't had my voucher codes handy I have logged in with (local) username and password and that definitely times out after a while. I didn't set a timeout for local username and password and haven't looked at the setting but I would guess that the timeout period is more than a day.



  • @wallabybob:

    What authentication method? (user name and password? voucher? radius?)

    What timeout?
    Username and password.  No voucher or radius.  No idle timeout.  Hard timeout set to 60 mins.  The default settings.

    @miles267:

    However on day 2, the same client connects to the access point (open, no encryption), but is not prompted to authenticate through the captive portal.  As a result, they cannot browse the web at all.

    Did the client attempt to browse the web and fail OR did they not see the authentication page and conclude they wouldn't be able to browse the web?
    The client closed their browser, went to sleep then powered back on and re-launched browser.  Was never prompted to re-login to captive portal and was unable to browse any web page.  Tried to ipconfig /release and ipconfig /renew and browse again without success.  Then, rebooted the client PC and was once against prompted for captive portal login.

    @miles267:

    I've tried to ipconfig /release and /renew on the problematic machine without success.  Even tried to flush the temporary internet cache files on the problematic PC and it still didn't work.  What causes this?

    Maybe the client needs to get a new IP address to be forced to authenticate and the DHCP server just renewed the old address.

    I suspect the client didn't logout and just reconnected before the captive portal session timed out.
    I typically do not manually logout of the captive portal.  Just assumed the captive portal would handle the logout and prompting for credential when appropriate.  In the event users neglect to click a logout option.

    I've been using CP for some months now and not seen any problem with vouchers not timing out. (I've been testing with 5 hour voucher timeout.) When I haven't had my voucher codes handy I have logged in with (local) username and password and that definitely times out after a while. I didn't set a timeout for local username and password and haven't looked at the setting but I would guess that the timeout period is more than a day.

    Are there any recommended parameters for username/password authentication?  as far as idle and hard timeouts, etc.?  Thanks.


Log in to reply