Idle timeout caused by negative session time and wrong volume count in 2.0.3
-
I use captiveportal with an external radius server for authentification and accounting. I installed version 2.0.3 because the last activity wasn't updated in 2.0.2. In version 2.0.1 captive portal with radius authentification worked not bad but seldom there was a negative session time.
Version 2.0.2 didn't work because of missing update of last activity. But 2.0.3 isn't better because
First problem:
I had 26'000 times negative session time (see attached log) within 22 hours. This produces an idle timeout in the condition "if ($lastact && (($pruning_time - $lastact) >= $uidletimeout)) ". It must be that "$lastact" is negative. Therefore captiveportal with timeout function is unusable.Second problem:
The volume log in our radius server shows small volumes only. I have seen that the volume isn't added to the previous values during the interim update. It only transmit the volume since last update. I have seen that the function getVolume is based in IPFW also. As you can see in the attachment the entrystats volume values are reseted to 0 after one minute.Both problems have a link to the ipfw function of FreeBSD.
I'm a little bit confused why nobody else has the same problem. I loaded the update image. Is it possible that the update function from version 2.0.1 -> 2.0.2 -> 2.0.3 has mixed old and new program code? The dashboard shows me version 2.0.3 or has somebody same issues?
Is there a quick fix or should I change to version 2.1?
Thank you for your help.
larg_ses_time_debug.txt -
2.0.2 which I am using has the same problems. The accounting volume can be made to work by disabling any speed limits on the captive portal page and not sending any Max-Bandwidth* attributes. I don't use any session attributes, so I am not sure if this can cause problems as well.
-
I'm having this same problem. Has there been any fix or workaround?
-
Sorry I no good news.I had to disable all timeout function.The last activity isn't updated with version 2.0.3.
I changed to release 2.1 already. For my purpose it's more stable than current production release and it's maintained.Bugs are fixed in short time while in 2.0 nothing happens. -
Is there any improvement in 2.1 over 2.x.x in Session Timeout handling and Accounting when limits are set?
-
Theoretically it's the same handling, but it works with 2.1
In 2.0.2 and 2.0.3 the last activity date isn't reseted nor updated always. So pfsense logouts useres just after login.
I use an external Radius server for authorization.