[isf-wifidog] IPTables locking up with OpenWRT - another distro?
Steve Congrave
steve at congrave.com
Mer 17 Fév 11:55:34 EST 2010
We are currently using OpenWRT Kamikaze 7.09
Yes, I suspect the problem is OpenWRT too and not WiFidog
Steve
-----Original Message-----
From: wifidog-bounces at listes.ilesansfil.org
[mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Jean-Philippe
Menil
Sent: Wednesday, February 17, 2010 9:57 AM
To: WiFiDog Captive Portal
Subject: Re: [isf-wifidog] IPTables locking up with OpenWRT - another
distro?
Steve Congrave a écrit :
> This is a problem that we get on about 50% of our nodes every day and
> we are also stumped as to what causes it.
>
> We don't know if it's an OpenWRT problem or a WiFidog problem but it
> manifests itself in the same way - customers connect fine to the node
> and when authenticated they can access the Web. At some point
> afterwards - 1 to
> 4 hours later, customers suddenly get blocked from accessing the web.
> They can access any static routes setup in IPTables and they can ping
> the auth server IP - but everything else is blocked and they just get
> 'cannot connect to...' standard browser messages.
>
> We have tried changing the DHCP lease times with no effect.
>
> We test for memory leaks and that isn't the problem.
>
> We have used variants of the WRT54GL and the WRG54-TM and it makes no
> difference.
>
> At this point I have a reboot established every 2 hours so that we can
> maintain some sort of service but it is so frustrating as no-one has
> ever found the fix and most people never seem to see the problem. You
> are one of the first that I have seen with the identical problem.
>
> We are trying to create a new build using the latest OpenWRT and the
> new 2.6 kernal to see if that fixes the problem - we did consider a
> new version of IPTables as OpenWRT uses quite an old version but this
> is all still work in progress so we won't know if it helps until it's
completed and tested.
>
> It's a nasty little bug that frustrates the heck out of me!
>
> Steve
>
>
> -----Original Message-----
> From: wifidog-bounces at listes.ilesansfil.org
> [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of
> aaronz at pls-net.org
> Sent: Wednesday, February 17, 2010 8:33 AM
> To: WiFiDog Captive Portal
> Subject: Re: [isf-wifidog] IPTables locking up with OpenWRT - another
> distro?
>
> We are seeing something that reminded me of this thread, it may be
> IPTables related, but it has me stumped:
> Daily SOME (not all) users on one particular WAP are not able to get
> to anyplace but the WAP when they connect.
> They get an IP address and can ping the local address of the WAP
> (192.168.1.1). They show up in the dhcp.leases file and can be pinged
> from the router, but they cannot ping (for example) Google.com by name
> or by IP address.
> When this is happening, I can ping google.com from the command line of
> the WAP without any issues. Oddly, this will affect one person on the
> WAP while
> 3-4 other patrons on the same WAP are fine.
>
> When it was having this issue yesterday I ran "wifidog-init status"
> and got the following result:
> #root@??????:~# wifidog-init status
> #WiFiDog status
> #
> #Version: 1.1.5
> #Uptime: 261d 8h 36m 39s ##This seems to be off on many of our boxes
> as they reboot nightly. It may be due to the fact that WiFi Dog starts
> up before the time gets synced.
> #Has been restarted: no
> #Internet Connectivity: yes
> #Auth server reachable: yes
> #Clients served this session: 0
> #
> #0 clients connected.
>
> Has anyone seen this? I am currently seeing this at only one of the 43
> active WAPs that we are running (which I find odd being as they were
> all created with the same script).
>
> Thanks
>
> Aaron Z
>
> ----- "Steve Congrave" <steve at congrave.com> wrote:
>
>> From: "Steve Congrave" <steve at congrave.com>
>> To: "WiFiDog Captive Portal" <wifidog at listes.ilesansfil.org>
>> Sent: Monday, February 1, 2010 10:52:24 AM GMT -05:00 US/Canada
>> Eastern
>> Subject: Re: [isf-wifidog] IPTables locking up with OpenWRT - another
> distro?
>> I agree that OpenWRT is easy to use - we do have a partial build
>> using the latest version but I'm reluctant to continue down that path
>> until I'm sure that the iptables was resolved as others report the
>> same problems.
>> Our
>> implementation makes a lot of use of iptables in a dynamic way and
>> that may be the cause of the problem as we change rules so
>> frequently.
>>
>> What are the DNS oddities that you experience because the result of
>> the iptables problem is the client being denied access that looks
>> exactly like a dns issue from the client end?
>>
>> I appreciate your feedback.
>>
>> Steve
>>
>> -----Original Message-----
>> From: wifidog-bounces at listes.ilesansfil.org
>> [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Aaron Z
>> Sent: Monday, February 01, 2010 7:30 AM
>> To: WiFiDog List
>> Subject: [isf-wifidog] IPTables locking up with OpenWRT - another
>> distro?
>>
>> Can you upgrade to the current version of OpenWRT (8.09.x) or is that
>> not possible?
>> We recently rolled out 40ish WAPS running OpenWRT 8.09 and WiFiDog
>> (with a custom WiFiDog backend) on WRT54GL hardware and are very
>> happy with them. We have them in libraries and use WiFiDog for the
>> public network (authentication against our patron database and access
>> control only) and a
>> WPA2 encrypted network for staff use.
>> We do a nightly reboot (to force them to check for updates and
>> because of some DNS oddities that seem to crop up after the WAP has
>> been running for a few days) but we are very happy with it. I
>> personally find OpenWRT easier to work with than DD-Wrt, but that is
>> probably just be a personal preference.
>>
>>
>> Aaron Z
>>
>> ----- "Steve Congrave" <steve at congrave.com> wrote:
>>
>>> From: "Steve Congrave" <steve at congrave.com>
>>> To: "WiFiDog Captive Portal" <wifidog at listes.ilesansfil.org>
>>> Sent: Monday, February 1, 2010 1:58:06 AM GMT -05:00 US/Canada
>> Eastern
>>> Subject: [isf-wifidog] IPTables locking up with OpenWRT - another
>> distro?
>>> https://dev.openwrt.org/ticket/2558
>>>
>>> This ticket is showing as closed but it appears that others are
>> still
>>> having
>>> problems.
>>>
>>> Our routers (WRT54GL) running OpenWRT 7.09 are locking up at least
>>> once a day - much more often when they have 5 or 6 customers
>>> connected and we implemented the update at
>>> https://dev.openwrt.org/changeset/16141
>>>
>>> We have tried everything that we can think of to get this working
>> but
>>> it's
>>> hard to even find a workaround as there seems to be no way of
>> testing
>>> for it
>>> happening. At the moment we are running a reboot every 2 hours just
>> to
>>> get
>>> around this but it's hardly satisfactory.
>>>
>>> Is anyone else on the list having a problem - has anyone fixed it
>> yet?
>>> Have
>>> you all moved away from OpenWRT because of it?
>>>
>>> What other distro would you suggest to try instead of OpenWRT on a
>>> Linksys WRT54GL for WifiDog?
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> WiFiDog mailing list
>>> WiFiDog at listes.ilesansfil.org
>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
Hi,
i use wifidog only on a linux server, with more than 1000 users connected
simultaneously. And i've never meet this problem.
I expect a bug in your openwrt version.
Is the version of the openwrt, the same as the other?
Plus d'informations sur la liste de diffusion WiFiDog