[isf-wifidog] IPTables locking up with OpenWRT - another distro?

Steve Congrave steve at congrave.com
Mer 17 Fév 11:55:34 EST 2010


We are currently using OpenWRT Kamikaze 7.09

Yes, I suspect the problem is OpenWRT too and not WiFidog

Steve

-----Original Message-----
From: wifidog-bounces at listes.ilesansfil.org
[mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Jean-Philippe
Menil
Sent: Wednesday, February 17, 2010 9:57 AM
To: WiFiDog Captive Portal
Subject: Re: [isf-wifidog] IPTables locking up with OpenWRT - another
distro?

Steve Congrave a écrit :
> This is a problem that we get on about 50% of our nodes every day and 
> we are also stumped as to what causes it.
> 
> We don't know if it's an OpenWRT problem or a WiFidog problem but it 
> manifests itself in the same way - customers connect fine to the node 
> and when authenticated they can access the Web. At some point 
> afterwards - 1 to
> 4 hours later, customers suddenly get blocked from accessing the web. 
> They can access any static routes setup in IPTables and they can ping 
> the auth server IP - but everything else is blocked and they just get 
> 'cannot connect to...' standard browser messages.
> 
> We have tried changing the DHCP lease times with no effect.
> 
> We test for memory leaks and that isn't the problem.
> 
> We have used variants of the WRT54GL and the WRG54-TM and it makes no 
> difference.
> 
> At this point I have a reboot established every 2 hours so that we can 
> maintain some sort of service but it is so frustrating as no-one has 
> ever found the fix and most people never seem to see the problem. You 
> are one of the first that I have seen with the identical problem.
> 
> We are trying to create a new build using the latest OpenWRT and the 
> new 2.6 kernal to see if that fixes the problem - we did consider a 
> new version of IPTables as OpenWRT uses quite an old version but this 
> is all still work in progress so we won't know if it helps until it's
completed and tested.
> 
> It's a nasty little bug that frustrates the heck out of me!
> 
> Steve
> 
> 
> -----Original Message-----
> From: wifidog-bounces at listes.ilesansfil.org
> [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of 
> aaronz at pls-net.org
> Sent: Wednesday, February 17, 2010 8:33 AM
> To: WiFiDog Captive Portal
> Subject: Re: [isf-wifidog] IPTables locking up with OpenWRT - another 
> distro?
> 
> We are seeing something that reminded me of this thread, it may be 
> IPTables related, but it has me stumped:
> Daily SOME (not all) users on one particular WAP are not able to get 
> to anyplace but the WAP when they connect.
> They get an IP address and can ping the local address of the WAP 
> (192.168.1.1). They show up in the dhcp.leases file and can be pinged 
> from the router, but they cannot ping (for example) Google.com by name 
> or by IP address.
> When this is happening, I can ping google.com from the command line of 
> the WAP without any issues. Oddly, this will affect one person on the 
> WAP while
> 3-4 other patrons on the same WAP are fine.
> 
> When it was having this issue yesterday I ran  "wifidog-init status" 
> and got the following result:
> #root@??????:~#  wifidog-init status
> #WiFiDog status
> #
> #Version: 1.1.5
> #Uptime: 261d 8h 36m 39s ##This seems to be off on many of our boxes 
> as they reboot nightly. It may be due to the fact that WiFi Dog starts 
> up before the time gets synced.
> #Has been restarted: no
> #Internet Connectivity: yes
> #Auth server reachable: yes
> #Clients served this session: 0
> #
> #0 clients connected.
> 
> Has anyone seen this? I am currently seeing this at only one of the 43 
> active WAPs that we are running (which I find odd being as they were 
> all created with the same script).
> 
> Thanks
> 
> Aaron Z
> 
> ----- "Steve Congrave" <steve at congrave.com> wrote:
> 
>> From: "Steve Congrave" <steve at congrave.com>
>> To: "WiFiDog Captive Portal" <wifidog at listes.ilesansfil.org>
>> Sent: Monday, February 1, 2010 10:52:24 AM GMT -05:00 US/Canada 
>> Eastern
>> Subject: Re: [isf-wifidog] IPTables locking up with OpenWRT - another
> distro?
>> I agree that OpenWRT is easy to use - we do have a partial build 
>> using the latest version but I'm reluctant to continue down that path 
>> until I'm sure that the iptables was resolved as others report the 
>> same problems.
>> Our
>> implementation makes a lot of use of iptables in a dynamic way and 
>> that may be the cause of the problem as we change rules so 
>> frequently.
>>
>> What are the DNS oddities that you experience because the result of 
>> the iptables problem is the client being denied access that looks 
>> exactly like a dns issue from the client end?
>>
>> I appreciate your feedback.
>>
>> Steve
>>
>> -----Original Message-----
>> From: wifidog-bounces at listes.ilesansfil.org
>> [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Aaron Z
>> Sent: Monday, February 01, 2010 7:30 AM
>> To: WiFiDog List
>> Subject: [isf-wifidog] IPTables locking up with OpenWRT - another 
>> distro?
>>
>> Can you upgrade to the current version of OpenWRT (8.09.x) or is that 
>> not possible?
>> We recently rolled out 40ish WAPS running OpenWRT 8.09 and WiFiDog 
>> (with a custom WiFiDog backend) on WRT54GL hardware and are very 
>> happy with them. We have them in libraries and use WiFiDog for the 
>> public network (authentication against our patron database and access 
>> control only) and a
>> WPA2 encrypted network for staff use.
>> We do a nightly reboot (to force them to check for updates and 
>> because of some DNS oddities that seem to crop up after the WAP has 
>> been running for a few days) but we are very happy with it. I 
>> personally find OpenWRT easier to work with than DD-Wrt, but that is 
>> probably just be a personal preference.
>>
>>
>> Aaron Z
>>
>> ----- "Steve Congrave" <steve at congrave.com> wrote:
>>
>>> From: "Steve Congrave" <steve at congrave.com>
>>> To: "WiFiDog Captive Portal" <wifidog at listes.ilesansfil.org>
>>> Sent: Monday, February 1, 2010 1:58:06 AM GMT -05:00 US/Canada
>> Eastern
>>> Subject: [isf-wifidog] IPTables locking up with OpenWRT - another
>> distro?
>>> https://dev.openwrt.org/ticket/2558
>>>
>>> This ticket is showing as closed but it appears that others are
>> still
>>> having
>>> problems.
>>>
>>> Our routers (WRT54GL) running OpenWRT 7.09 are locking up at least 
>>> once a day - much more often when they have 5 or 6 customers 
>>> connected and we implemented the update at 
>>> https://dev.openwrt.org/changeset/16141
>>>
>>> We have tried everything that we can think of to get this working
>> but
>>> it's
>>> hard to even find a workaround as there seems to be no way of
>> testing
>>> for it
>>> happening. At the moment we are running a reboot every 2 hours just
>> to
>>> get
>>> around this but it's hardly satisfactory.
>>>
>>> Is anyone else on the list having a problem - has anyone fixed it
>> yet?
>>> Have
>>> you all moved away from OpenWRT because of it?
>>>
>>> What other distro would you suggest to try instead of OpenWRT on a 
>>> Linksys WRT54GL for WifiDog?
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> WiFiDog mailing list
>>> WiFiDog at listes.ilesansfil.org
>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> 
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
Hi,

i use wifidog only on a linux server, with more than 1000 users connected
simultaneously. And i've never meet this problem.
I expect a bug in your openwrt version.
Is the version of the openwrt, the same as the other?



Plus d'informations sur la liste de diffusion WiFiDog