Bug #4150
closedCaptive Portal doesn't work with > 120 VLAN interfaces
100%
Description
Captive portal is not authenticating users (just letting everyone on) when a zone is attached to more than 120 VLAN interfaces. I need to run captive portal on over 1000 VLANS.
Files
Updated by Ermal Luçi almost 10 years ago
There really is nothing to prevent this from working.
Though i am sure you would get better solution for this if you go through professional services.
Updated by Chris Buechler almost 10 years ago
- Status changed from New to Feedback
- Target version deleted (
2.2) - Affected Version deleted (
2.2) - Affected Architecture added
- Affected Architecture deleted (
amd64)
will need more details, likely this isn't 2.2-specific if there is any actual problem here.
Updated by Ethan Hayon almost 10 years ago
- File cp_vlanissue.xml cp_vlanissue.xml added
Thanks guys. So it looks like the exact number is 117 VLANS, but when I add any more, the captive portal starts letting everyone through. You're right, this is most likely not a 2.2 specific issue. What other information can I provide to help debug the issue?
uname -a output:
FreeBSD t31.localdomain 10.1-RELEASE-p3 FreeBSD 10.1-RELEASE-p3 #0 8bdb2f8(releng/10.1)-dirty: Fri Dec 26 09:41:29 CST 2014 root@pfsense-22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10 amd64
I've attached the config file, it's a bit long with all the VLAN config. The system contains 255 vlans right, now, 117 of which are attached to CP zone 2. Which log files would be helpful for you?
Thanks,
Ethan
Updated by Ethan Hayon almost 10 years ago
Ok, I did a little digging and I found out what's happening. IPFW isn't inserting all of the necessary CP rules because the rule is too long.
See attached image. Would you recommend I break the rule up into multiple smaller rules?
Thanks,
Ethan
Updated by Ethan Hayon almost 10 years ago
Addressed here: https://github.com/pfsense/pfsense/pull/1409
Updated by Chris Buechler almost 10 years ago
- Status changed from Feedback to Confirmed
- Assignee set to Ermal Luçi
- Target version set to 2.2
- Affected Version set to All
Thanks!
Ethan: we'll need an ICLA from you to accept that.
To Ermal for review of pull request.
Updated by Ermal Luçi almost 10 years ago
Updated the pull request, though its not correct as implemented even as a workaround.
Updated by Chris Buechler almost 10 years ago
- Target version changed from 2.2 to 2.2.1
thanks, let's not break anything worse than it already is there, will push to 2.2.1
Updated by Ethan Hayon almost 10 years ago
ICLA submitted. Thanks guys! Making me love pfsense more and more each day
Updated by Ermal Luçi almost 10 years ago
- Status changed from Confirmed to Feedback
Updated by Ermal Luçi almost 10 years ago
- % Done changed from 0 to 100
Applied in changeset 98bf4991dc31f97fc7315a6b8aba433de9d39cea.
Updated by Chris Buechler almost 10 years ago
- Target version changed from 2.2.1 to 2.2.2
Updated by Chris Buechler over 9 years ago
- Target version changed from 2.2.2 to 2.2.3
Updated by Chris Buechler over 9 years ago
- Target version changed from 2.2.3 to 2.3
Updated by Jim Thompson over 9 years ago
- Assignee changed from Ermal Luçi to Chris Buechler
reassigned to cmb
Updated by Luiz Souza about 9 years ago
Applied in changeset 28c54319caab5374fd87973e304ef083aa46653e.