Hard time out/DHCP lease different IP address


  • Pfsesne 2.1.3
    Captive Portal
    Authentication via Active Directory with Radius
    Squid

    Question

    I have an idle timeout set to 6 hours. My DHCP lease is also set to 6 hours. Lets say I get a user that authenticates onto the CP and then turns off their wireless connection after 20 minutes. An hour or so later they turn their wifi back on, if they were to receive a different IP address from the original one they had, should this user just be able to carry on browsing the Internet or would they need to re authenticate as they are now on a new IP address?

    cheers


  • Hi.

    Consider that the portal session ID is still valid a soft time out might change this, if its set.

    Anyway, valid, or not, the DHCP protocol just flows through the portal interface -it isn't blocked. Otherwise the PC could do anything because NO IP == no connection possible.

    The DHCP protocol is capable to handle the situation yuo asked for.
    The lease (IP) is still valid on the server.
    Look at the DHCP logs and in the DHCP server 'database'.
    What you will see is that the client asks for the IP it had before (on this network) - again, this is visible in the DHCP server (pfSense) log.
    The DHCP server could give another one, but normally is gives the save one.

    If the IP is different, AND you autherised concurrent login in the portal settings, then the portal session will be updated with the new IP.
    If not, yes, the client should re-authenticate.

    The DHCP server and portal logic recognizes the clients PC because it sees the MAC address.


  • Hi Gertjan

    I am looking at the logs and I can now see what's happening as you have pointed out already

    logportalauth[83783]: CONCURRENT LOGIN - REUSING IP 172.110.14.67 WITH DIFFERENT MAC ADDRESS 18:20:32:27:17:b3: username timestamp

    cheers