Project

General

Profile

Actions

Bug #4150

closed

Captive Portal doesn't work with > 120 VLAN interfaces

Added by Ethan Hayon over 6 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Category:
Captive Portal
Target version:
Start date:
12/26/2014
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Captive portal is not authenticating users (just letting everyone on) when a zone is attached to more than 120 VLAN interfaces. I need to run captive portal on over 1000 VLANS.


Files

cp_vlanissue.xml (188 KB) cp_vlanissue.xml config file Ethan Hayon, 12/29/2014 08:36 AM
Screen Shot 2014-12-29 at 3.17.34 PM.png (22.3 KB) Screen Shot 2014-12-29 at 3.17.34 PM.png Ethan Hayon, 12/29/2014 02:13 PM
Actions #1

Updated by Ermal Luçi over 6 years ago

There really is nothing to prevent this from working.
Though i am sure you would get better solution for this if you go through professional services.

Actions #2

Updated by Chris Buechler over 6 years ago

  • Status changed from New to Feedback
  • Target version deleted (2.2)
  • Affected Version deleted (2.2)
  • Affected Architecture added
  • Affected Architecture deleted (amd64)

will need more details, likely this isn't 2.2-specific if there is any actual problem here.

Actions #3

Updated by Ethan Hayon over 6 years ago

Thanks guys. So it looks like the exact number is 117 VLANS, but when I add any more, the captive portal starts letting everyone through. You're right, this is most likely not a 2.2 specific issue. What other information can I provide to help debug the issue?

uname -a output:

FreeBSD t31.localdomain 10.1-RELEASE-p3 FreeBSD 10.1-RELEASE-p3 #0 8bdb2f8(releng/10.1)-dirty: Fri Dec 26 09:41:29 CST 2014 root@pfsense-22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10 amd64

I've attached the config file, it's a bit long with all the VLAN config. The system contains 255 vlans right, now, 117 of which are attached to CP zone 2. Which log files would be helpful for you?

Thanks,
Ethan

Actions #4

Updated by Ethan Hayon over 6 years ago

Ok, I did a little digging and I found out what's happening. IPFW isn't inserting all of the necessary CP rules because the rule is too long.

See attached image. Would you recommend I break the rule up into multiple smaller rules?

Thanks,
Ethan

Actions #6

Updated by Chris Buechler over 6 years ago

  • Status changed from Feedback to Confirmed
  • Assignee set to Ermal Luçi
  • Target version set to 2.2
  • Affected Version set to All

Thanks!

Ethan: we'll need an ICLA from you to accept that.

To Ermal for review of pull request.

Actions #7

Updated by Ermal Luçi over 6 years ago

Updated the pull request, though its not correct as implemented even as a workaround.

Actions #8

Updated by Chris Buechler over 6 years ago

  • Target version changed from 2.2 to 2.2.1

thanks, let's not break anything worse than it already is there, will push to 2.2.1

Actions #9

Updated by Ethan Hayon over 6 years ago

ICLA submitted. Thanks guys! Making me love pfsense more and more each day

Actions #10

Updated by Ermal Luçi over 6 years ago

  • Status changed from Confirmed to Feedback
Actions #11

Updated by Ermal Luçi over 6 years ago

  • % Done changed from 0 to 100
Actions #12

Updated by Chris Buechler over 6 years ago

  • Target version changed from 2.2.1 to 2.2.2
Actions #13

Updated by Chris Buechler over 6 years ago

  • Target version changed from 2.2.2 to 2.2.3
Actions #14

Updated by Chris Buechler over 6 years ago

  • Target version changed from 2.2.3 to 2.3
Actions #15

Updated by Jim Thompson about 6 years ago

  • Assignee changed from Ermal Luçi to Chris Buechler

reassigned to cmb

Actions #17

Updated by Jim Thompson over 5 years ago

bump

Actions #18

Updated by Chris Buechler over 5 years ago

  • Status changed from Feedback to Resolved

fixed

Actions

Also available in: Atom PDF