Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    One week vouchers expire in less than 24h

    Captive Portal
    10
    25
    4724
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nothing last edited by

      I have a roll of vouchers with 10080 minutes. It happens almost every day - vouchers expire in less than one day after they have been activated. I guess it happens the moment the hard timeout hit (360mins).

      Is there any suggestions how to better log and trace vouchers lifespan?
      (pfs 2.1 64bit, carp cluster)

      Here is part of portal logs:

      Dec 11 09:10:06 logportalauth[27110]: FAILURE: f8336cb2, , x.x.x.x, voucher expired
      Dec 11 09:10:06 logportalauth[27110]: f8336cb2 (0/223) already used and expired
      Dec 10 17:23:58 logportalauth[43722]: TIMEOUT: f8336cb2
      Dec 10 16:15:07 logportalauth[47535]: Voucher login good for 10080 min.: f8336cb2

      Looks like it travels through the time :)

      1 Reply Last reply Reply Quote 0
      • N
        nothing last edited by

        That's how I have the vouchers configured:


        1 Reply Last reply Reply Quote 0
        • W
          woni last edited by

          I have this very strainght problem too. There exists a ticket https://redmine.pfsense.org/issues/3369
          Is there a workaround until the issue is solved?

          pfs 2.1

          1 Reply Last reply Reply Quote 0
          • N
            nothing last edited by

            How many vouchers you have in the roll and how many of them are already used and expired?
            My roll was 255 vouchers big and the problems started when I used and expired 2/3 of the vouchers.

            Workaround is to delete the roll and issue new one.

            /the bug report is mine/

            1 Reply Last reply Reply Quote 0
            • W
              woni last edited by

              I have 5000 vouchers in a roll.
              Sorry, but your workaround is not a really good solution for me.
              With 2.01, it's working.

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                Can you try this on a 2.1.1 snapshot? ( See https://forum.pfsense.org/index.php/topic,71546.0.html ) – Several issues in CP and with Vouchers were fixed. If it's still broken on 2.1.1, update the ticket.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • N
                  nothing last edited by

                  Cool :)
                  Thanks!

                  1 Reply Last reply Reply Quote 0
                  • N
                    nothing last edited by

                    Sorry, it doesn't work OK.
                    The problem I observe now is that all activated (but not currently in use) vouchers expire as usual.

                    Disregard that, I've misunderstood the logic of expiration.

                    1 Reply Last reply Reply Quote 0
                    • W
                      woni last edited by

                      Hi Jimp,
                      I can't test it with 2.1.1 cause this system is in a productive area with a lot of users. On a testsystem with few users, I never have had this problem.
                      What files in 2.1.1 was changed? Can I put this files into 2.1 ?

                      Thx

                      1 Reply Last reply Reply Quote 0
                      • jimp
                        jimp Rebel Alliance Developer Netgate last edited by

                        @woni:

                        Hi Jimp,
                        I can't test it with 2.1.1 cause this system is in a productive area with a lot of users. On a testsystem with few users, I never have had this problem.
                        What files in 2.1.1 was changed? Can I put this files into 2.1 ?

                        Thx

                        I don't know the exact files/changes. There were a few that might be relevant and not all of them specifically in the CP code. 2.1.1 is nearly ready for release, it should be fine for production use at this stage.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • N
                          nlan last edited by

                          Has this problem been fixed? Because I'm still getting this error with 2.1.4..  :-\

                          1 Reply Last reply Reply Quote 0
                          • P
                            Paul6552 last edited by

                            Had the problem with 2.1, upgraded to 2.1.4 - the problem still exists

                            1 Reply Last reply Reply Quote 0
                            • Gertjan
                              Gertjan last edited by

                              @Paul6552:

                              Had the problem with 2.1, upgraded to 2.1.4 - the problem still exists

                              You re-used vouchers created in 2.1 in 2.1.4 ?

                              No "help me" PM's please. Use the forum.

                              1 Reply Last reply Reply Quote 0
                              • P
                                Paul6552 last edited by

                                re-used and new one from 2.1.4, with both the same problem

                                1 Reply Last reply Reply Quote 0
                                • periko
                                  periko last edited by

                                  Can u please give me details of the voucher, I'm working on this and haven't not seen problems like this, please some details to test.
                                  Running 2.1.4 x86.

                                  Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
                                  www.bajaopensolutions.com
                                  https://www.facebook.com/BajaOpenSolutions
                                  Quieres aprender PfSense, visita mi canal de youtube:
                                  https://www.youtube.com/c/PedroMorenoBOS

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    miichael last edited by

                                    I've got the same problem with 2.1.5.
                                    My idle time is 30 min, hard idle time is 45 min.

                                    Out of nowhere the system logs show the following while trying to login:
                                    Nov 11 16:06:53 pfsense logportalauth[21694]: FAILURE: xxxxxx, 00:19:66:37:aa:53, 192.168.123.199, voucher expired

                                    It started when about half of the vouchers were in use (the vouchers are intended to to be used for half a year). Now every used voucher is marked as used and expired.

                                    And there seems to be no solution at all - or is there?
                                    And is there a way to unmark a voucher as expired?

                                    Please help.

                                    1 Reply Last reply Reply Quote 0
                                    • Derelict
                                      Derelict LAYER 8 Netgate last edited by

                                      Did you make a change to the voucher settings?  That can invalidate entire rolls.  Don't know if they'd show up as expired though.

                                      If you test one that's working from the same roll and test a known unused one in Status->Captive Portal->Zone->Test Vouchers do they report the same thing?

                                      Chattanooga, Tennessee, USA
                                      The pfSense Book is free of charge!
                                      DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        miichael last edited by

                                        Yes, I changed the hard idle time from 90 to 45 min. yesterday. The vouchers though were marked as used and expired today, some 10-15 h later. Thus I don't see a relation - up to now.

                                        The only valid vouchers are those, that were not unsed until now. Every used voucher is tested as used and expired.

                                        Is there a way to reactivate the expired vouchers? Otherwise, my users get angy with me.

                                        1 Reply Last reply Reply Quote 0
                                        • Derelict
                                          Derelict LAYER 8 Netgate last edited by

                                          I thought changing the captive portal would not invalidate the voucher rolls.  Are you sure you didn't change anything on the Vouchers tab?

                                          Chattanooga, Tennessee, USA
                                          The pfSense Book is free of charge!
                                          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                          1 Reply Last reply Reply Quote 0
                                          • M
                                            miichael last edited by

                                            Things on the Voucher-Tab like "# of Roll Bits"
                                            and in "Services: Captive portal: Edit Voucher Rolls" are not touched.

                                            In the Services: Captive portal:XXX I changed "Hard timeout" from 90 to 45. It's all.

                                            1 Reply Last reply Reply Quote 0
                                            • Derelict
                                              Derelict LAYER 8 Netgate last edited by

                                              Sorry.  No idea where to go from there.

                                              I just changed the timeout on a test system and the vouchers still test fine.

                                              Just guessing now…  You're positive about the math for the voucher duration?  I get 262,800 minutes for 6 months.

                                              Your system clock isn't like 2015 or something right?

                                              Do you remote syslog?  Has the portalauth log wrapped since you started seeing this?  Anything in there?

                                              Chattanooga, Tennessee, USA
                                              The pfSense Book is free of charge!
                                              DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                              Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                              1 Reply Last reply Reply Quote 0
                                              • M
                                                miichael last edited by

                                                I'm desperate. The most important thing for me would be how to reset the vouchers. Do you know any way?

                                                The math is right 280 000 min., the date is also right. The portalauth.log reports the fault (sued and expired vouchers) about 15:40.

                                                The syslog says around this time:

                                                
                                                Nov 11 15:13:28 pfsense kernel: arp: 192.168.123.176 moved from 02:0f:b5:38:26:ba to 84:a6:c8:38:26:ba on bge0
                                                Nov 11 15:15:45 pfsense check_reload_status: Synching vouchers
                                                Nov 11 15:15:48 pfsense check_reload_status: Syncing firewall
                                                Nov 11 15:15:54 pfsense check_reload_status: Synching vouchers
                                                Nov 11 15:15:56 pfsense check_reload_status: Syncing firewall
                                                Nov 11 15:16:16 pfsense check_reload_status: Synching vouchers
                                                Nov 11 15:16:18 pfsense check_reload_status: Syncing firewall
                                                Nov 11 15:16:26 pfsense kernel: arp: 192.168.123.168 moved from 02:0f:b5:3b:c3:9d to 5c:8d:4e:3b:c3:9d on bge0
                                                Nov 11 15:21:06 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 12 Connection reset by peer
                                                Nov 11 15:21:26 pfsense check_reload_status: Synching vouchers
                                                Nov 11 15:21:28 pfsense check_reload_status: Syncing firewall
                                                Nov 11 15:22:10 pfsense kernel: arp: 192.168.123.176 moved from 84:a6:c8:38:26:ba to 02:0f:b5:38:26:ba on bge0
                                                Nov 11 15:22:34 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 16 Connection reset by peer
                                                Nov 11 15:23:05 pfsense kernel: arp: 192.168.123.176 moved from 02:0f:b5:38:26:ba to 84:a6:c8:38:26:ba on bge0
                                                Nov 11 15:28:11 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 12 Connection reset by peer
                                                Nov 11 15:30:45 pfsense kernel: arp: 192.168.123.176 moved from 84:a6:c8:38:26:ba to 02:0f:b5:38:26:ba on bge0
                                                Nov 11 15:32:22 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 18 Connection reset by peer
                                                Nov 11 15:34:03 pfsense kernel: arp: 192.168.123.173 moved from 5c:8d:4e:3b:c3:9d to 02:0f:b5:3b:c3:9d on bge0
                                                Nov 11 15:34:08 pfsense kernel: arp: 192.168.123.168 moved from 5c:8d:4e:3b:c3:9d to 02:0f:b5:3b:c3:9d on bge0
                                                Nov 11 15:34:24 pfsense check_reload_status: Synching vouchers
                                                Nov 11 15:34:27 pfsense check_reload_status: Synching vouchers
                                                Nov 11 15:34:27 pfsense check_reload_status: Syncing firewall
                                                Nov 11 15:34:29 pfsense check_reload_status: Syncing firewall
                                                Nov 11 15:36:57 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 16 Connection reset by peer
                                                Nov 11 15:38:01 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 12 Connection reset by peer
                                                Nov 11 15:49:38 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 12 Connection reset by peer
                                                Nov 11 15:54:01 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 12 Connection reset by peer
                                                Nov 11 15:57:57 pfsense kernel: arp: 192.168.123.107 moved from 40:b0:fa:c8:2f:1f to 02:0f:b5:c8:2f:1f on bge0
                                                Nov 11 15:59:52 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 12 Connection reset by peer
                                                Nov 11 16:02:26 pfsense lighttpd[93478]: (connections.c.137) (warning) close: 12 Connection reset by peer
                                                
                                                

                                                This doesn't seem to me very unsual. I seem los, again. Any hint please?

                                                1 Reply Last reply Reply Quote 0
                                                • Derelict
                                                  Derelict LAYER 8 Netgate last edited by

                                                  Doesn't have anything to do with expired vouchers but it looks like you have IP address conflicts all over the place.

                                                  Sorry.  No idea how to reactivate vouchers - if it's even possible.

                                                  Chattanooga, Tennessee, USA
                                                  The pfSense Book is free of charge!
                                                  DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                                  1 Reply Last reply Reply Quote 0
                                                  • M
                                                    miichael last edited by

                                                    The conflicts may be a result of multiple use of a voucher on different computers in my network.

                                                    I'll put the topic "reset of vouchers" as a new topic - there is maybe someone not reading our topic.

                                                    Thanks for reading
                                                    Michael

                                                    1 Reply Last reply Reply Quote 0
                                                    • O
                                                      orangetek last edited by

                                                      I am also getting this problem after changing the hard timeout value from empty to some number. I am using 2.2.3. A temporary fix is to remove the hard timeout value.

                                                      1 Reply Last reply Reply Quote 0
                                                      • First post
                                                        Last post