[isf-wifidog] IPTables locking up with OpenWRT - another distro?

Jean-Philippe Menil jean-philippe.menil at univ-nantes.fr
Mer 17 Fév 11:56:33 EST 2010


Steve Congrave a écrit :
> This is a problem that we get on about 50% of our nodes every day and we are
> also stumped as to what causes it.
> 
> We don't know if it's an OpenWRT problem or a WiFidog problem but it
> manifests itself in the same way - customers connect fine to the node and
> when authenticated they can access the Web. At some point afterwards - 1 to
> 4 hours later, customers suddenly get blocked from accessing the web. They
> can access any static routes setup in IPTables and they can ping the auth
> server IP - but everything else is blocked and they just get 'cannot connect
> to...' standard browser messages.
> 
> We have tried changing the DHCP lease times with no effect.
> 
> We test for memory leaks and that isn't the problem.
> 
> We have used variants of the WRT54GL and the WRG54-TM and it makes no
> difference.
> 
> At this point I have a reboot established every 2 hours so that we can
> maintain some sort of service but it is so frustrating as no-one has ever
> found the fix and most people never seem to see the problem. You are one of
> the first that I have seen with the identical problem.
> 
> We are trying to create a new build using the latest OpenWRT and the new 2.6
> kernal to see if that fixes the problem - we did consider a new version of
> IPTables as OpenWRT uses quite an old version but this is all still work in
> progress so we won't know if it helps until it's completed and tested.
> 
> It's a nasty little bug that frustrates the heck out of me!
> 
> Steve
> 
> 
> -----Original Message-----
> From: wifidog-bounces at listes.ilesansfil.org
> [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of
> aaronz at pls-net.org
> Sent: Wednesday, February 17, 2010 8:33 AM
> To: WiFiDog Captive Portal
> Subject: Re: [isf-wifidog] IPTables locking up with OpenWRT - another
> distro?
> 
> We are seeing something that reminded me of this thread, it may be IPTables
> related, but it has me stumped:
> Daily SOME (not all) users on one particular WAP are not able to get to
> anyplace but the WAP when they connect. 
> They get an IP address and can ping the local address of the WAP
> (192.168.1.1). They show up in the dhcp.leases file and can be pinged from
> the router, but they cannot ping (for example) Google.com by name or by IP
> address. 
> When this is happening, I can ping google.com from the command line of the
> WAP without any issues. Oddly, this will affect one person on the WAP while
> 3-4 other patrons on the same WAP are fine.
> 
> When it was having this issue yesterday I ran  "wifidog-init status" and got
> the following result:
> #root@??????:~#  wifidog-init status
> #WiFiDog status
> #
> #Version: 1.1.5
> #Uptime: 261d 8h 36m 39s ##This seems to be off on many of our boxes as they
> reboot nightly. It may be due to the fact that WiFi Dog starts up before the
> time gets synced.
> #Has been restarted: no
> #Internet Connectivity: yes
> #Auth server reachable: yes
> #Clients served this session: 0
> #
> #0 clients connected.
> 
> Has anyone seen this? I am currently seeing this at only one of the 43
> active WAPs that we are running (which I find odd being as they were all
> created with the same script).
> 
> Thanks
> 
> Aaron Z
> 
> ----- "Steve Congrave" <steve at congrave.com> wrote:
> 
>> From: "Steve Congrave" <steve at congrave.com>
>> To: "WiFiDog Captive Portal" <wifidog at listes.ilesansfil.org>
>> Sent: Monday, February 1, 2010 10:52:24 AM GMT -05:00 US/Canada Eastern
>> Subject: Re: [isf-wifidog] IPTables locking up with OpenWRT - another
> distro?
>> I agree that OpenWRT is easy to use - we do have a partial build using
>> the
>> latest version but I'm reluctant to continue down that path until I'm
>> sure
>> that the iptables was resolved as others report the same problems.
>> Our
>> implementation makes a lot of use of iptables in a dynamic way and
>> that may
>> be the cause of the problem as we change rules so frequently.
>>
>> What are the DNS oddities that you experience because the result of
>> the
>> iptables problem is the client being denied access that looks exactly
>> like a
>> dns issue from the client end?
>>
>> I appreciate your feedback.
>>
>> Steve 
>>
>> -----Original Message-----
>> From: wifidog-bounces at listes.ilesansfil.org
>> [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Aaron Z
>> Sent: Monday, February 01, 2010 7:30 AM
>> To: WiFiDog List
>> Subject: [isf-wifidog] IPTables locking up with OpenWRT - another
>> distro?
>>
>> Can you upgrade to the current version of OpenWRT (8.09.x) or is that
>> not
>> possible?
>> We recently rolled out 40ish WAPS running OpenWRT 8.09 and WiFiDog
>> (with a
>> custom WiFiDog backend) on WRT54GL hardware and are very happy with
>> them. We
>> have them in libraries and use WiFiDog for the public network
>> (authentication against our patron database and access control only)
>> and a
>> WPA2 encrypted network for staff use.
>> We do a nightly reboot (to force them to check for updates and because
>> of
>> some DNS oddities that seem to crop up after the WAP has been running
>> for a
>> few days) but we are very happy with it. I personally find OpenWRT
>> easier to
>> work with than DD-Wrt, but that is probably just be a personal
>> preference.
>>
>>
>> Aaron Z
>>
>> ----- "Steve Congrave" <steve at congrave.com> wrote:
>>
>>> From: "Steve Congrave" <steve at congrave.com>
>>> To: "WiFiDog Captive Portal" <wifidog at listes.ilesansfil.org>
>>> Sent: Monday, February 1, 2010 1:58:06 AM GMT -05:00 US/Canada
>> Eastern
>>> Subject: [isf-wifidog] IPTables locking up with OpenWRT - another
>> distro?
>>> https://dev.openwrt.org/ticket/2558
>>>
>>> This ticket is showing as closed but it appears that others are
>> still
>>> having
>>> problems.
>>>
>>> Our routers (WRT54GL) running OpenWRT 7.09 are locking up at least
>>> once a
>>> day - much more often when they have 5 or 6 customers connected and
>>> we
>>> implemented the update at https://dev.openwrt.org/changeset/16141
>>>
>>> We have tried everything that we can think of to get this working
>> but
>>> it's
>>> hard to even find a workaround as there seems to be no way of
>> testing
>>> for it
>>> happening. At the moment we are running a reboot every 2 hours just
>> to
>>> get
>>> around this but it's hardly satisfactory.
>>>
>>> Is anyone else on the list having a problem - has anyone fixed it
>> yet?
>>> Have
>>> you all moved away from OpenWRT because of it?
>>>
>>> What other distro would you suggest to try instead of OpenWRT on a
>>> Linksys
>>> WRT54GL for WifiDog?
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> WiFiDog mailing list
>>> WiFiDog at listes.ilesansfil.org
>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> 
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
Hi,

i use wifidog only on a linux server, with more than 1000
users connected simultaneously. And i've never meet this problem.
I expect a bug in your openwrt version.
Is the version of the openwrt, the same as the other?
-------------- section suivante --------------
Une pièce jointe autre que texte a été nettoyée...
Nom: jean-philippe_menil.vcf
Type: text/x-vcard
Taille: 433 octets
Desc: non disponible
URL: <http://listes.ilesansfil.org/pipermail/wifidog/attachments/20100217/1673109a/attachment.vcf>


Plus d'informations sur la liste de diffusion WiFiDog