Pfsense 2.0.1 - users not disconnected after hard timeout - RADIUS auth



  • Hello,

    since some weeks I am using pfsense 2.0.1 CP with RADIUS auth. Authentication works but it seems like Hard timeout is not working.
    I set the hard timeout to 180min and the idle timeout to 60min.

    When I go to:
    Diagnostics –> CaptivePortal
    the last activity of some users is 12h or more in the past but they are still "online". In
    Diagnostics --> System Logs --> Portal Auth
    there is no disconnect or timeout for these users. The Dashboard Widget also shows these users.

    So I am not 100% sure if hard timeout is not working or if the GUI is just telling me something wrong.

    I am using pfsense 2.0.1 AMD64
    squid2 (transparent)
    squidguard
    freeradius2 (username/password auth)

    Thank you for your help!



  • The first thing I would do is see if "Reauthenticate connected users every minute" is checked under the main "Captive Portal" page.  You'll find it in the Authentication section, about halfway down the page.



  • @nachtfalke: update to 2.0.3 - lots of CP fixes in it, most likely will solve your problem.



  • pfsense CP NAS doesn't support RADIUS POD (Packet of Disconnect), you'd have to enable "re-auth every min", check http://redmine.pfsense.org/issues/2573 for more.



  • Hi,

    thank oyu for your feedback.

    I will of course update to 2.0.3 if it is released. I know that there were many fixes.

    @dhatz
    I thought that Hard Timeout is an independent CP feature. Re-authenticate users every minute will spam my RADIUS even if its possible that it will work. What do you think - could Session-Timeout enabled on CP and set on RADIUS solve this problem ?

    Thanks


Log in to reply