Slow CP page and general throughput.



  • I am using pfsense 2.0.1 for the captive portal mainly, providing WiFi access to a pub.  Things work well until it's really busy.

    When it starts to get busy, we get complaints from customers and stuff that they either cannot connect (the CP page doesn't appear, or takes an age), and that web browsing is slow.

    I have a single 80M line coming into a router in front of the pfsense, with nothing else connected.  I have not connected the line directly to the WAN, but was going to at some point.

    My router stats never show the WAN as going above around 30-40M.
    Similarly with pfsense, email reports show the same from its WAN.
    The email reports graphs show CPU, memory, states etc well within I think.  I will attach a couple below shortly.  Pfsense reboots automatically in the morning, which can be seen on the graphs.

    When it's busy, there can be 100 or so active CP users, although when I get complaints, there can be as little as 40 people online.

    I have pretty much ruled out access points as a problem, as the problem is throughout building, not localised.

    I am using squid, mainly to log sites visited, although as most are https theses days, there's little benefit, so I turned that off last night.

    I was wondering if my spec is OK or I need better hardware?  Given the graphs, I wasn't sure?

    Thanks for any pointers or input.

    Spec of machine: Intel(R) Pentium(R) D CPU 3.00GHz - I thought I could see the RAM in the GUI, but cannot, but believe it is 1GB.


  • Banned

    Squid + CP -> does NOT work. Ditch it.



  • Really?  No good with lots of users?

    I actually turned it off the night before last, and not heard anything yesterday in terms of complaints.  Was going to go in when busy today to see what things were like.

    Is there anyway to log DNS requests or anything to log traffic?

    In the CP setup page, what is "maximum concurrent connections?".  Is this the total the php server will dish out at once, or per person?

    Thanks - Very speedy response!


  • LAYER 8 Netgate

    Maximum concurrent connections is to the portal page itself.  Once a user is through the portal it means nothing.

    This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in to the captive portal, but rather how many users can load the portal page or authenticate at the same time! Possible setting allowed is: minimum 4 connections per client IP address, with a total maximum of 100 connections.

    Not sure why you're messing with squid with a reasonably-healthy traffic graph like that.  Do you get billed by the octet or something?



  • @Lectrician:

    I am using pfsense 2.0.1 for the captive portal mainly, providing WiFi access to a pub.  Things work well until it's really busy.

    if you continue to have issues, then you should really really consider trying to update to a current release. CP has changed a lot since then, some things have been dramatically improved.

    @Lectrician:

    In the CP setup page, what is "maximum concurrent connections?".  Is this the total the php server will dish out at once, or per person?

    in newer versions theres an explanation in the GUI for that setting:

    This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in to the captive portal, but rather how many users can load the portal page or authenticate at the same time! Possible setting allowed is: minimum 4 connections per client IP address, with a total maximum of 100 connections.


  • LAYER 8 Netgate

    Just saw the same thing.  Dude. 2.0.1?



  • Sorry, yes, 2.0.1.  I typo'ed on the original post.

    I am going to upgrade at some point, I do have a slight re-write on the CP page during authentication which appends a daily file with a users name/email/postcode which is requested on the CP page.  I have worked this into the 2.1 release, but not gone live with it onto the server yet as little time.

    Do the stats look OK?  The hardware able to cope?  Intel(R) Pentium(R) D CPU 3.00GHz?

    I assume Squid Proxy no good on the newer version either?

    Thanks.


  • LAYER 8 Netgate

    What does squid get you?

    Why add complexity?  Disable it and see if your problems go away.

    60 CP users is nothing.

    What access points are you using?



  • Looking to replace the AP's at some point, they are older 3COM ones.

    Squid was in use when we only had a pair of 8M lines available, but was used more so for it's ability to log http traffic.

    Squid is now off, will see how things go.

    With the CP max users, what happens if too many are requesting the log in page?  It will timeout on them?  When busy, it is not uncommon to see several users authenticate within minutes, and I wonder if when really busy, this is perhaps a problem?

    On the newer version, you can have more than one CP.  Does the max concurrent users apply then per CP or for all CPs?  Reason I ask, the pub is actually two completely seperate buildings, running as two pubs, sharing this WiFi.  One in one interface and one on the other.  With the newer version, each could have it's own CP.

    PC stats acceptable for running this?


  • LAYER 8 Netgate

    If it's the hardware you should be seeing high CPU.

    Your processor graph says that's not the case.

    Don't know why you're wrapped around the axle about that max users setting.  You might think you're stressing CP but you're not.  Unless it's something about that ancient version you're running.

    30-40 associations sounds like about the place an AP might be falling on its face.  When it's slow, how does it work if you connect with wired ethernet?

    I think you're looking at pfSense when your problem lies elsewhere.



  • There are 6 separate APs, spread around the two buildings.  I would not expect to see more than 20 or so users per unit (I have logged into them when busy).  I am generally not onsite when it's busy which is difficult.  2 APs are on one interface and 4 on the other.

    I am not fixated on the CP max users as such, I was just wondering what happens when several people try to connect at once, and the max is reached.  I understand it's not the amount of users that can pass through, just the amount that view the login screen, but at times, looking at the logs, several people do login in quick succession.

    iPhones recently do not seem to throw up the captive portal login when you connect the AP any longer.  They used to.  I wonder if this could be causing users problems, as they assume they are connected when they're not?  Many these days don't even open browsers, it's straight to FB, email, twit etc.

    Need to find some time to update to the latest version I guess, but will see how things go now squid is disabled.

    Ubiquiti AP's are supposed to be very good in terms of number of users?  I have used a few of them poreviously, and thinking of replacing with these.  They also allow roaming between APs, although I think this is software based, and not too sure how it works.  Need to have a closer look.

    Thanks.


Log in to reply