4. Idle timeout caused by negative session time and wrong volume count in 2.0.3

Idle timeout caused by negative session time and wrong volume count in 2.0.3

  • E

    I use captiveportal with an external radius server for authentification and accounting. I installed version 2.0.3 because the last activity wasn't updated in 2.0.2. In version 2.0.1 captive portal with radius authentification worked not bad but seldom there was a negative session time.

    Version 2.0.2 didn't work because of missing update of last activity. But 2.0.3 isn't better because

    First problem:
    I had 26'000 times negative session time (see attached log) within 22 hours. This produces an idle timeout in the condition "if ($lastact && (($pruning_time - $lastact) >= $uidletimeout)) ". It must be that "$lastact" is negative. Therefore captiveportal with timeout function is unusable.

    Second problem:
    The volume log in our radius server shows small volumes only. I have seen that the volume isn't added to the previous values during the interim update. It only transmit the volume since last update. I have seen that the function getVolume is based in IPFW also. As you can see in the attachment the entrystats volume values are reseted to 0 after one minute.

    Both problems have a link to the ipfw function of FreeBSD.

    I'm a little bit confused why nobody else has the same problem. I loaded the update image. Is it possible that the update function from version 2.0.1 -> 2.0.2 -> 2.0.3 has mixed old and new program code? The dashboard shows me version 2.0.3 or has somebody same issues?

    Is there a quick fix or should I change to version 2.1?

    Thank you for your help.




    larg_ses_time_debug.txt

    0
  • T

    2.0.2 which I am using has the same problems. The accounting volume can be made to work by disabling any speed limits on the captive portal page and not sending any Max-Bandwidth* attributes. I don't use any session attributes, so I am not sure if this can cause problems as well.

    0
  • J

    I'm having this same problem. Has there been any fix or workaround?

    0
  • E

    Sorry I no good news.I had to disable all timeout function.The last activity isn't updated with version 2.0.3.
    I changed to release 2.1 already. For my purpose it's more stable than current production release and it's maintained.Bugs are fixed in short time while in 2.0 nothing happens.

    0
  • T

    Is there any improvement in 2.1 over 2.x.x in Session Timeout handling and Accounting when limits are set?

    0
  • E

    Theoretically it's the same handling, but it works with 2.1

    In 2.0.2 and 2.0.3 the last activity date isn't reseted nor updated always. So pfsense logouts useres just after login.

    I use an external Radius server for authorization.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy