Project

General

Profile

Actions

Bug #14020

open

Captive Portal breaks policy routing for allowed IP addresses with specified bandwidth after upgrade to 2.6.0

Added by Mohammad Adnan Ataya almost 2 years ago.

Status:
New
Priority:
High
Assignee:
-
Category:
Captive Portal
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.6.0
Affected Architecture:
amd64

Description

The topic on forum.netgate is here: (https://forum.netgate.com/topic/178194/captive-portal-blocking-allowed-ip-addresses-with-bandwidth-in-2-6-0).

This bug showed since we upgraded from 2.5.2 version.

Problem description:
We have devices with static IP address is on allowlist in the captive portal settings. These devices can't connect to internet but they can access firewall via ping to it.
The problem occurs when I set the bandwidth up/down to the allowed ip address to bypass captive portal without authentication. Also, the connection is not cut off immediately after the modification. It is cut off after consuming the amount of data (bytes) set for it by the two bandwidth fields in the captive portal service edit window for zone. I think the limiter (up/down) works here as a quota size for this IP instead of being a speed limit for it.
Note: When we increase the bandwidth value, the connection takes longer time and more packets or a larger amount of bytes event is interrupted by pfSense.
Note 2: To fix this error temporarily, we can just open up their entry in the allowed IPs list, hit the save button, then the stuck devices can communicate with captive portal again.

Here is the issue:
When the captive portal is disabled everything is routed correctly.
But when I enable the captive portal, devices that are allowed to bypass the captive portal via ip address are suddenly stopped.
Only devices that authenticated through the captive portal are still correctly routed over WAN and connected to internet.

There is a similar issue about "Blocking allowed MAC addresses that need bypass Captive Portal" onlink: (https://redmine.pfsense.org/issues/13323)
and the topic is: (https://forum.netgate.com/topic/161952/captive-portal-blocking-white-listed-mac-addresses-in-2-5-0).

No data to display

Actions

Also available in: Atom PDF