[isf-wifidog] IPTables locking up with OpenWRT - another distro?

andrewhodel at gmail.com andrewhodel at gmail.com
Lun 1 Fév 11:05:22 EST 2010 

I would keep track of the sysload on the particular ap's you are having  
trouble with.

We use wifidog on openwrt 8.09 for 200+ nodes with a custom auth server and  
have experienced the same issue on rare occassions. However, when we  
experience the issue the sysload usually shoots up to around 6+ and  
requires a hard reboot to resolve. This can be seen by looking at the last  
gateway update for the node which is down.

In my experience it is usually the same node that has the problem, and  
about once a month on one node out of 200 isn't bad. From my logs the issue  
is not related to the number of authenticated users, as we have had it  
happen with as few as 6 while other nodes with the exact same hardware  
handle 20+ authenticated users without issue.

If I had to guess at this point I would blame it on a hardware issue with  
that particular node.

You may want to test that you are actually having the problem on all nodes  
and not just one or a few in particular. I would also recommend slimming  
down openwrt as much as possible, there's a lot you do not need.

I will also say that with the number of users we have per auth server at  
times, 350+, the wifidog auth server would become unstable. You may also  
want to try splitting your nodes amongst multiple auth servers if you are  
having more then 100 users online at any given time. We had to rewrite a  
much leaner auth server to remedy this issue.



Regards,
Andrew Hodel



On Feb 1, 2010 9:52am, Steve Congrave <steve at congrave.com> wrote:
> I agree that OpenWRT is easy to use - we do have a partial build using the

> latest version but I'm reluctant to continue down that path until I'm sure

> that the iptables was resolved as others report the same problems. Our

> implementation makes a lot of use of iptables in a dynamic way and that  
> may

> be the cause of the problem as we change rules so frequently.



> What are the DNS oddities that you experience because the result of the

> iptables problem is the client being denied access that looks exactly  
> like a

> dns issue from the client end?



> I appreciate your feedback.



> Steve



> -----Original Message-----

> From: wifidog-bounces at listes.ilesansfil.org

> [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Aaron Z

> Sent: Monday, February 01, 2010 7:30 AM

> To: WiFiDog List

> Subject: [isf-wifidog] IPTables locking up with OpenWRT - another distro?



> Can you upgrade to the current version of OpenWRT (8.09.x) or is that not

> possible?

> We recently rolled out 40ish WAPS running OpenWRT 8.09 and WiFiDog (with a

> custom WiFiDog backend) on WRT54GL hardware and are very happy with them.  
> We

> have them in libraries and use WiFiDog for the public network

> (authentication against our patron database and access control only) and a

> WPA2 encrypted network for staff use.

> We do a nightly reboot (to force them to check for updates and because of

> some DNS oddities that seem to crop up after the WAP has been running for  
> a

> few days) but we are very happy with it. I personally find OpenWRT easier  
> to

> work with than DD-Wrt, but that is probably just be a personal preference.





> Aaron Z



> ----- "Steve Congrave" steve at congrave.com> wrote:



> > From: "Steve Congrave" steve at congrave.com>

> > To: "WiFiDog Captive Portal" wifidog at listes.ilesansfil.org>

> > Sent: Monday, February 1, 2010 1:58:06 AM GMT -05:00 US/Canada Eastern

> > Subject: [isf-wifidog] IPTables locking up with OpenWRT - another  
> distro?

> >

> > https://dev.openwrt.org/ticket/2558

> >

> > This ticket is showing as closed but it appears that others are still

> > having

> > problems.

> >

> > Our routers (WRT54GL) running OpenWRT 7.09 are locking up at least

> > once a

> > day - much more often when they have 5 or 6 customers connected and

> > we

> > implemented the update at https://dev.openwrt.org/changeset/16141

> >

> > We have tried everything that we can think of to get this working but

> > it's

> > hard to even find a workaround as there seems to be no way of testing

> > for it

> > happening. At the moment we are running a reboot every 2 hours just to

> > get

> > around this but it's hardly satisfactory.

> >

> > Is anyone else on the list having a problem - has anyone fixed it yet?

> > Have

> > you all moved away from OpenWRT because of it?

> >

> > What other distro would you suggest to try instead of OpenWRT on a

> > Linksys

> > WRT54GL for WifiDog?

> >

> >

> >

> >

> > _______________________________________________

> > WiFiDog mailing list

> > WiFiDog at listes.ilesansfil.org

> > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog

> _______________________________________________

> WiFiDog mailing list

> WiFiDog at listes.ilesansfil.org

> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog



> _______________________________________________

> WiFiDog mailing list

> WiFiDog at listes.ilesansfil.org

> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listes.ilesansfil.org/pipermail/wifidog/attachments/20100201/9aea9787/attachment-0001.htm>

Plus d'informations sur la liste de diffusion WiFiDog