[Chilli] Captive portal "looping" problem - maybe radius / radius-proxy timeout problem ?

Sun Jul 14 15:24:28 UTC 2013

Ok - an update.

Adding in syslog-ng and remote logging *was* a good idea for sure!

This is the error that seems to be related to my problem: -

Jul 14 15:16:17 5.54.29.155 syslog: main-proxy.c: 142: out of connections

I wonder is there somehow a connect leak?

This AP would not be that busy.  I see that in the source code there is a max number of requests set to 16 and I would think that this should be perfectly good so I wonder is there some kind of connection leak?

Derek

Log file output: -

Jul 14 15:20:46 5.54.29.155 syslog: main-proxy.c: 142: out of connections
Jul 14 15:20:46 5.54.29.155 syslog: main-proxy.c: 102: 000. inuse=1 prev=-001 next=-001 url=http://MY-UAM-AAA-URL?stage=counters&status=update&user=AC-3C-0B-30-XX-XX&ap=02-DB-36-1D-XX-XX&mac=AC-3C-0B-30-XX-XX&ip=10.0.0.54&sessionid=51e075db00000009&nasid=dc9fdb3xxxx&duration=241&bytes_down=0&pkts_down=0&bytes_up=0&pkts_up=0 fd=29

On 14 Jul 2013, at 15:33, Derek Conniffe <derek at hssl.ie> wrote:

> Hi everyone,
> 
> I've been playing with coova chilli for years and its feature set is great and I really love new features (especially chilli_proxy that appeared in 1.2.9)!.
> 
> I'm having a problem and I think I've also seen this problem over the years too.
> 
> I'm using coova chilli 1.2.9 and right now I'm using chilli-proxy with HTTP authentication (so no radius server at all) and I'm using mac authentication.
> 
> The problem is that for some reason coova chilli thinks the user isn't authorised so it sends the user to the login page (uamhomepage) *but* I have checking in my home page to see if the user is actually authenticated (in the DB) or not and, if they are, I try to redirect them to www.google.com - I'd hope this situation wouldn't happen but it does regularly.  Its worse actually because I can sometimes see devices looping through my uamhomepage page over and over again and then, maybe, eventually getting Google.  (coova chilli keeps thinking the client isn't authenticated - when this happens I can see that my web server handling the chilli proxy requests as per the uamaaaurl directive is *NOT* getting the coova chilli request at all!).
> 
> I see this problem more if the internet connection to the coova chilli enabled AP is slow.  This makes me think its some kind of radius timeout issue.  I did add the line "radiustimeout=90" to my chilli conf file (I think that sets the radius timeout to 90 seconds) but this didn't appear to have any effect.
> 
> I haven't seen anything in the chilli log output yet but mostly this is because I haven't been getting detailed logs in my APs.  Now I'm trying to use remote syslog to a dedicated server so this might help.
> 
> The issue could be in chilli_proxy.  If so I might have to go back to having a freeradius server but I'd hate to do that.
> 
> Has anyone else seen this type of problem before?
> 
> thanks for any info!
> 
> Derek
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli