Captive portal service stopping



  • Hello,

    I've been using Pf for quite some time now with minimal fuss.  Recently though, the captive portal service has been stopping at its own accord - generally at the most inconvenient times (early AM).
    The only thing that has changed on the network has been an increase in the number of AP's and users.

    Conf.

    x64 VM 2 CPU 3G Ram Ver. 2.1.4

    I saw somewhere it could be related to DHCP lease time so here's some more info

    • DHCP lease 3 Hours

    • CP hard time out 2 Hours

    • Radius Auth

    • No concurrent logins

    User numbers could get up to around 150

    Any Ideas?


  • Netgate

    Anything in any of the logs when it stops working?

    I routinely have thousands of users on hundreds of APs, but I'm not using RADIUS.

    The DHCP lease time/CP timeout problem shouldn't affect everyone at once, and it looks like you're fine there anyway (lease is longer than timeout).



  • @Derelict:

    Anything in any of the logs when it stops working?

    I routinely have thousands of users on hundreds of APs, but I'm not using RADIUS.

    The DHCP lease time/CP timeout problem shouldn't affect everyone at once, and it looks like you're fine there anyway (lease is longer than timeout).

    Actually, the lease is set to longer than the timeout, but leases are re-negotiated at 50% elapsed time. So, at 1.5 hours, a client will attempt to renegotiate their lease (and that's less than the 2 hour hard timeout for CP).

    You could try increasing the lease duration to see what happens.



  • What do you mean by "service stopping"? Shows stopped under Status>Services? What happens when it stops working?

    @ember1205:

    Actually, the lease is set to longer than the timeout, but leases are re-negotiated at 50% elapsed time. So, at 1.5 hours, a client will attempt to renegotiate their lease (and that's less than the 2 hour hard timeout for CP).

    That's ok, the only scenario where you'll create a problem is if you let an IP be re-assigned to a different device in less time than your hard timeout. As long as your lease time is more than your hard timeout, that won't happen. The renewal at 1.5 hours makes the lease good for another 3 hours at that point, still beyond (and actually further beyond) the hard timeout.



  • @cmb:

    What do you mean by "service stopping"? Shows stopped under Status>Services? What happens when it stops working?

    Yes the service just shows stopped.  Nothing I can see in the log.  When it stops it just does not allow users to access the login page.
    It seems that previously authenticated users and pass-through can continue to work (not sure what happens with timeout as this is part of CP)



  • The service status there is only for the web server process that serves the portal page. So the question is what's happening to the lighttpd instance that runs CP. There should be something about lighttpd in one of the logs (probably system) somewhere. It wouldn't be a captive portal related log.