News: No news.
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
July 24, 2014, 23:36:58
Pages: [1]
  Print  
Topic: Must Reboot To Access Internet  (Read 2003 times)
« on: August 14, 2013, 00:31:27 »
GB49 *
Posts: 5

I'm running 1.34 on a Soekris 5501-60 (433MHz, 256RAM).  I have 2 Ubiquiti bullets as access points connected to Soekris. They are several channels apart.
Using the local captive portal, no radius.
If a user roams from AP to AP they will get a proper IP but can NOT load webpage. No Internet access. This happens after the monowall has been running a a couple days or couple hours. Its random.
 ipconfig/release & renew gives same IP and I can ping and load all access point config pages and load the monowall page but no access to the Internet. The only fix is to reboot monowall or hard reboot Soekris. Then everything works great.
Things to try are new compact flash. Change LAN & WAN ports. Rewrite monowall to flash. Replace Soekris.

Any other ideas? My customers are starting to get urked.

Thanks,
GB
 
« Last Edit: August 14, 2013, 02:49:53 by GB49 » Logged
« Reply #1 on: August 14, 2013, 05:00:23 »
Lee Sharp ****
Posts: 410

How long will you let idle connections last in the captive portal?  It should be shorter than the DHCP lease.  If you get an IP that was authorized with a different MAC, bad things happen.
Logged
« Reply #2 on: August 14, 2013, 20:17:30 »
GB49 *
Posts: 5

I'll check that time period this afternoon.

I forgot to mention that when I'm denied Internet access I get the "page cannot be displayed" error. But once I reboot monowall & refresh my browser I get my custom login page and after entering my user and pass I can get back on the internet.
Its like the rebooting of the monowall clears my DHCP lease/mac address, allowing me to log back in for internet access.

Thanks,
GB
Logged
« Reply #3 on: August 14, 2013, 23:14:58 »
GB49 *
Posts: 5

How long will you let idle connections last in the captive portal?  It should be shorter than the DHCP lease.  If you get an IP that was authorized with a different MAC, bad things happen.

On site right now and captive portable idle was set for 120 minutes and DHCP was set to default time which is also 120 minutes. I left the portal at 120 minutes and set DHCP lease for 300 minutes.
Will see what happens.
Logged
« Reply #4 on: August 15, 2013, 00:42:46 »
Lee Sharp ****
Posts: 410

Also, a bounce to the captive portal service can do what you need without bouncing the entire firewall.
Logged
« Reply #5 on: August 15, 2013, 04:54:36 »
GB49 *
Posts: 5

***Solved***

After checking arp table in monowall I found the Ubiquiti Nano PtP station MAC was overtaking the client MAC. I was seeing the same MAC with different host names at the same time. Captive Portal did not like that. This also explains why a reboot of Monowall worked for a little due to the flushing of the arp table.

Solution was to enable WDS (transparent bridge) on both end of the PtP 5GHz Nano radios.


-GB
« Last Edit: August 23, 2013, 04:40:04 by GB49 » Logged
 
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines