High Ping on Lan WHEN Captive Portal is active



  • Hello everyone,

    Here is my setup:
    Pfsense 2.2.3
    Proc is a AMD 64 X2 4600+
    2 WAN and 1 LAN, Captive portal on the Lan.
    2% State table size, 4% MBUF Usage, CPU usage always low.

    When on the LAN network, The ping is usually 10~30ms, but a lot of times I end up with a ping going around 300 to 3000ms… even sometimes a lost ping.
    If i deactivate it, it's going down to ~10ms

    I have around 30 to 50 users on the network, and a very low internet connection (1MB on the first Wan, 10MB on the second one).

    On the LAN side, I have a switch with 4 access points going from there.

    What can it be?

    Thanks a lot for your help, I hope I'm posting in the right section
    (And forgive my english if there is any big mistakes in my message)

    Babar



  • Up because subject updated. Thx



  • Hello,

    When you talk about 'ping', you ping the pfSense box (this is the place you should ping), or some host on the Internet (which of course, can situation the problem everywhere, not only locally) ?

    When your 'ping' is Ok, what WAN is used ? And when its very slow ?

    You tested with only ONE WAN interface ?

    Portal users are authenticated, right ?

    Why not running captive Portal running from a dedicated interface ?

    LAN Firewall rules ?



  • sorry, must have been more concise. Yeah that's the ping on the Pfsense box that is very slow. 1ms without Captive portal, 41ms with at best, but generaly more around 2000ms… :(

    Got the same problem with only 1 WAN yes

    Portal users are authenticated yes, I'm using the built-in user manager (could it be the problem knowing I have 300+ users?)

    Captive portal is run on the whole LAN network, if that's what you mean by "Dedicated interface"

    Gonna C/p the rules as soon as I'm on my pfsense network, thanks!



  • @bqbqr:

    sorry, must have been more concise. Yeah that's the ping on the Pfsense box that is very slow. 1ms without Captive portal, 41ms with at best, but generaly more around 2000ms… :(

    Ping FROM pfSense to 'else where' or ping from client PC, connected to LAN - wired or Wifi - try both - through pfSense to the outside (internet) ?

    @bqbqr:

    Portal users are authenticated yes, I'm using the built-in user manager (could it be the problem knowing I have 300+ users?)

    Ones authenticated, firewall rules will not block or slow down pings ….
    If the pfSense box can handle the load.

    @bqbqr:

    Captive portal is run on the whole LAN network, if that's what you mean by "Dedicated interface"

    LAN is the 'admin' netwrok, ment to attach trusted devices etc.
    An extra NIC (will be called OPT1, but you can rename it) is advised to receive the Captive Portal facility.



  • Ping FROM pfSense to 'else where' or ping from client PC, connected to LAN - wired or Wifi - try both - through pfSense to the outside (internet) ?

    From any computer on the Wifi to the pfsense. IF i'm connected by RJ45, ping from a computer to the pfsense box is then normal.
    And when I deactivate the CP, Ping from wifi to pfsense is normal. (less than 10ms)

    If the pfSense box can handle the load.

    I let everyone today connecting without authentication and it seem to handle the load perfectly today (Better than with portal activated)

    An extra NIC (will be called OPT1, but you can rename it) is advised to receive the Captive Portal facility.

    That's a good advice, I'm gonna try that.

    Thanks for the tip :)



  • Got more data:
    So, the trouble I had with the high ping from computer on network to PFsense box is cleared: It was because the computer was in the pass through mac in the CP.

    Now my problem is that for a ping from the LAN to the network is very high IF CP is activated
    And it's doing that on Lan for administration and OPT1 for clients…

    Got something between 80 and 200ms to google.com without CP and something between 500 and Timeout WITH CP.
    And of course, internet is very slow when CP on

    Again, could it be that I got too many users in the pfsense user manager? (Idk why I focus on that but that's my last idea... ^^)

    Thanks!



  • @bqbqr:

    Got more data:
    So, the trouble I had with the high ping from computer on network to PFsense box is cleared: It was because the computer was in the pass through mac in the CP.

    When a device (PC) has its MAC on the pass through list this will not influence the PING reply time.

    I have some devices (among them: some PC's) on the MAC pass through list (Captive portal settings page).
    I never saw what you described here.

    @bqbqr:

    Now my problem is that for a ping from the LAN to the network is very high IF CP is activated
    And it's doing that on Lan for administration and OPT1 for clients…
    Got something between 80 and 200ms to google.com without CP and something between 500 and Timeout WITH CP.
    And of course, internet is very slow when CP on

    You have what I have :
    A WAN NIC, a LAN NIC and a OPT1 NIC - your own devices are on the LAN, clients are on the Captive Portal, which is OPT1.
    It's NOT because I have clients connected to my portal http://www.test-domaine.fr/munin/brit-hotel-fumel.net/pfsense.brit-hotel-fumel.net/index.html#portalusers that my "Internet becomes slower". Actually, it does ;) but the ping (to the outside world) stays practicality the same.

    @bqbqr:

    Again, could it be that I got too many users in the pfsense user manager? (Idk why I focus on that but that's my last idea… ^^)

    If you have more then 'several thousands' users in your "User Manager', that might be related …. :)
    So : no way, that can't be related.

    Next time, login to SSH on your pfSense box, and ping from there to google.com. Timings is the same ? Different ?
    Do also a trace route.

    Do you have packages installed (some really do f*ck up the system) ?

    Another way to solve the issue: re-install from scratch. Do not re-use your actual setting (the config.xml file). Setting up pfSEnse isn't hard, and doesn't take much time. It look like that something is broken, and it can be pfSense - I'm using the SAME ONE as you. Tell us afterwards everything that you took away from 'default'.



  • And now, I also have DNS service crashing once in a while..

    Gonna redo everyhting from scratch yeah, seem like the best idea because I really have some weird things

    Quick question if I may ask:

    After building the new pfsense box, If do a backup, inject the user list into the xml file and restore the pfsense box with the updated xml file, It should work right?

    Also, can all of my problem come from a bad hardware? I've done a big memtem86+ and everything seems ok but I'm still wondering why it's not flawless

    Thanks a lot for your help Gertjan



  • @bqbqr:

    After building the new pfsense box, If do a backup, inject the user list into the xml file and restore the pfsense box with the updated xml file, It should work right?

    That will be the best way to have the identical situation back.
    => Hardware : no change
    => Software : no change
    => Settings : no change
    means
    =>> same situation.

    Redo settings from scratch. Just do de minimum so things start working. Then add settings step by step ….



  • So i misexplained what I wanted to do,

    1: Backup the Old box
    2: Set the new box. without using anything from the Old box
    3: Backup the new box when set up is OK
    4: Inject in the newbox.xml the user list from oldbox.xml
    5: Restore newbox.xml on the newbox.

    Seems like the right thing to do for keepin my user list .. no?



  • @bqbqr:


    Seems like the right thing to do for keepin my user list .. no?

    You can keep your user list from the 'old' XML file: It's a copy and paste thing between files ;)
    XML files are human readable and have a simple structure.