Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems with Captive Portal (seems solved)

    Scheduled Pinned Locked Moved Captive Portal
    13 Posts 4 Posters 11.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      albertmm
      last edited by

      Hello,

      I have made a post in spanish forum about a Captive Portal problem, but I put it here too in english.

      I have a powerful machine with pFSense 1.2 Release installed (Dell PowerEdge 1950, Quad Core, 4 Gbytes of RAM). I have WAN, LAN, DMZ and WLAN interfaces configured. In the LAN, I have 150 users, 19 servers in DMZ, and public ethernet IP in WLAN, with 19 Virtual IP (public too, Proxy ARP), tah gave external access to services.

      The problema that I have, is when I configure Captive Portal in WLAN interface, configured to validate users with Radius - Windows Server 2003 IAS. Aparently, it works, but when is working 30 minutes, it starts to kill connections, and to have a low bandwidth for users. I usually not have more than 50 users on WLAN, and a minimum of 5 or 6.

      I searched over the forum, and the internet, and I haven't success.

      Any suggest?

      Thanks in advanced, and sorry for my poor english.

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Are you using the "reauthenticate users every minute" option? This option was never meant for very large environments. The process is not threaded which means it will only send one request at a time and waits for the result before it performs the next request. Within a minute you can't reauthenticate many users this way. Search the m0n0wall mailinglist for more details as it has been discussed there. The pfSense captive portal is nearly a 100% copy of the m0n0wall code so we have the same limitations here. Without that option turned on it will run even for installations with many users.

        1 Reply Last reply Reply Quote 0
        • A
          albertmm
          last edited by

          @hoba:

          Are you using the "reauthenticate users every minute" option? This option was never meant for very large environments. The process is not threaded which means it will only send one request at a time and waits for the result before it performs the next request. Within a minute you can't reauthenticate many users this way. Search the m0n0wall mailinglist for more details as it has been discussed there. The pfSense captive portal is nearly a 100% copy of the m0n0wall code so we have the same limitations here. Without that option turned on it will run even for installations with many users.

          Hello,

          no, I don't use any 'special options' like 'reauthenticate users every minute'. In fact, I've disabled the timeouts, logoff banner etc. I only have options for the radius server.

          I will look monowall forum.

          Thanks

          1 Reply Last reply Reply Quote 0
          • A
            albertmm
            last edited by

            Hello,

            today I tried with no radius auth, configuring a local user account, and the problem persists. When the system is working 30 or 40 minutes, then it hungs the captive portal.

            Bye.

            1 Reply Last reply Reply Quote 0
            • S
              SlickNetAaron
              last edited by

              What kind of setup do you have for your WLAN?

              Is this a  local hotspot or are you a wireless ISP or a business setting?

              50 users on 1 AP is way too many!  Usually 30 is the max - and that is if you have all of your client devices setup correctly.  50 Laptops on 1 AP probably won't work!

              At an absolute maximum, you have about 20mb of usable bandwidth on 802.11g.  If you have 50 users, of course your bandwidth is going to be cut and users are going to be dropped off.

              If you can explain your wireless environment more, that will help give us more insight.  I doubt it is a pfSense problem - other than pfSense isn't a very good platform for doing wireless.  Much better to have a dedicated AP.

              Regards,
              Aaron

              1 Reply Last reply Reply Quote 0
              • A
                albertmm
                last edited by

                @SlickNetAaron:

                What kind of setup do you have for your WLAN?

                Is this a  local hotspot or are you a wireless ISP or a business setting?

                50 users on 1 AP is way too many!  Usually 30 is the max - and that is if you have all of your client devices setup correctly.  50 Laptops on 1 AP probably won't work!

                At an absolute maximum, you have about 20mb of usable bandwidth on 802.11g.  If you have 50 users, of course your bandwidth is going to be cut and users are going to be dropped off.

                If you can explain your wireless environment more, that will help give us more insight.  I doubt it is a pfSense problem - other than pfSense isn't a very good platform for doing wireless.  Much better to have a dedicated AP.

                Regards,
                Aaron

                Hello,

                thanks for your interest.

                I have a WLAN interface (Intel Pro 1000 Gigabit Ethernet) connected to my Cisco Switch to a port mapped to a VLAN (number 101). Then , I have 9 Linksys Access Points connected to this VLAN, all arround the building.

                I have the problem only when the Captive Portal is enabled. If not, wireless network works perfectly. When I enabled it, the connection goes slower, and in a lapse of time, captive portal doesn't work, and some connections (for example, SSH from WLAN to DMZ) doesn't work too (and the rules are OK).

                I've tried with Captive Portal auth over Radius on Windows Server, and with Local Auth, and the problem is the same.

                Thanks,

                Bye

                1 Reply Last reply Reply Quote 0
                • S
                  SlickNetAaron
                  last edited by

                  Well, now I'm not sure.  I'm just going to throw out some questions to see if it might ring some bells.

                  What kind of Linksys APs are you running?  Are they running 3rd party firmware? How are they configured?  Pure AP/

                  I'm pretty sure CP shouldn't affect any traffic between LAN & DMZ at all - Only between WAN and any non-wan interfaces.

                  My network is fully routed (and no VLANs), except my AP is in bridged mode - directly attached to pfSense.  I don't have the traffic you have either.

                  My only thought is there may be a bug/conflict with CP and using VLANs?  CP has not given me one bit of trouble.  It performs as I expect it to.

                  Aaron

                  1 Reply Last reply Reply Quote 0
                  • H
                    hoba
                    last edited by

                    CP works fine on vlans. I have such a setup with a netgear WAG102 that originally supports vlans. Every vlan is a seperate virtual accesspoint. I have 3 vlans/wireless networks this way, one for company use with wpa hidden ssid, one visible with wpa-psk that only grants access to our conference room subnet and the internet for presentations and tutorials and one visible unencrypted hotspot vlan/wlan with captive portal. Works like a charm.

                    1 Reply Last reply Reply Quote 0
                    • A
                      albertmm
                      last edited by

                      Hello,

                      thanks to everybody.

                      I will make more tests. If I not suceed, I will explain, with screenshots, all my topology, and report exactly the problem, in a few days.

                      Bye,

                      1 Reply Last reply Reply Quote 0
                      • A
                        albertmm
                        last edited by

                        Hello,

                        seems that the problem is solved. Before I configured the captive portal, I made some test with schedules. The fact of having schedules programmed (instead they are not in use in any rule), seems that made problems to Captive Portal (I have read something similar in the forum).

                        Now, the CP is working since last friday.

                        Thanks,

                        Bye

                        1 Reply Last reply Reply Quote 0
                        • H
                          hoba
                          last edited by

                          Schedules and Captive Portal is not compatible to be used together. This is a known limitation.

                          1 Reply Last reply Reply Quote 0
                          • K
                            KuBuntU
                            last edited by

                            @hoba:

                            Schedules and Captive Portal is not compatible to be used together. This is a known limitation.

                            Is it still same problems with shedule an captive portal at 1.2 rls ?
                            i have shedule running and i cant get captive portal running.

                            Regards KuBuntU

                            1 Reply Last reply Reply Quote 0
                            • H
                              hoba
                              last edited by

                              Yes, this applies to any version of pfSense and I doubt that this will work in 1.3 either as nobody intends to make this work currently.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.