Messages

1

23.1 Legacy Series / Re: Captive Portal seems to be broken following update to 23.1.2

« on: March 09, 2023, 02:26:43 pm »

So I just mocked around with sqlite on my instance, and there seem to be no problem with my database.
I can manually select all entries in the table.

So I tried to manually fire off the query generated in db.py - and it seems sqlite don't like double quotes in a query:

Code: [Select]

sqlite> select cc.sessionid sessionId, cc.username userName from cp_clients cc where cc.zoneid = 0 and cc.deleted = 0 and cc.username is not null and cc.username <> "" order by case when cc.username is not null then cc.username else cc.ip_address end, cc.created desc;
Parse error: no such column:
   0 and cc.username is not null and cc.username <> "" order by case when cc.use
                                      error here ---^
sqlite>
Code at line 245 in /usr/local/opnsense/scripts/OPNsense/CaptivePortal/lib/db.py (from the error message) looks like this:

Code: [Select]

cur.execute(""" select   cc.sessionid   sessionId
                        ,        cc.username    userName
                        from     cp_clients cc
                        where   cc.zoneid = :zoneid
                        and     cc.deleted = 0
                        and     cc.username is not null
                        and     cc.username <> ""   <---- problem here !!!
                        order by case when cc.username is not null then cc.username else cc.ip_address end
                        ,        cc.created desc
                        """, {'zoneid': zoneid})

Workaround:
In /usr/local/opnsense/scripts/OPNsense/CaptivePortal/lib/db.py line 251 - replace the double quotes (") with single quotes (').
After doing this on my box, the captive portal and my whitelist is working again, and I get no more errors about forced database repair.

Although I still get spammed in the logs with an error message about no active session, user not found.
Don't know what that is about - oh well...

Code: [Select]

2023-03-09T14:12:40 Error api [2023-03-09T14:12:40+01:00][ERROR] no active session, user not found
2023-03-09T14:12:39 Error api [2023-03-09T14:12:39+01:00][ERROR] no active session, user not found
2023-03-09T14:12:35 Error api [2023-03-09T14:12:35+01:00][ERROR] no active session, user not found
2023-03-09T14:12:35 Error api [2023-03-09T14:12:35+01:00][ERROR] no active session, user not found
2023-03-09T14:12:29 Error api [2023-03-09T14:12:29+01:00][ERROR] no active session, user not found
2023-03-09T14:12:28 Error api [2023-03-09T14:12:28+01:00][ERROR] no active session, user not found
2023-03-09T14:12:23 Notice captiveportal starting captiveportal background process
So I guess this needs to be officially fixed in the next release.
Take this info for what it is: not a permanent solution. Use at your own risk.

2

23.1 Legacy Series / Re: Captive Portal seems to be broken following update to 23.1.2

« on: March 09, 2023, 11:46:20 am »

Yep I have the same problem.
Same logs about corrupt database. Cannot downgrade sqlite either.

I CAN login to my portal (I just have a simple login button with no password authentication or anything else).
But, I do have my portal setup with some allowed IPs - these usually show permanently in the session list, and they still do, but they do not work. They are blocked and I have to login from an IP, that should otherwise be allowed.
After login, I can connect to Internet again.

But it defeats the purpose for me. I need to be able to whitelist my IPs.

attaching screenshots

3

21.7 Legacy Series / Re: How to add custom options in DHCP pools?

« on: January 08, 2022, 03:49:53 pm »

Happy new year to everyone.
I'm still hoping anyone maybe have an idea how to add custom options to DHCP config file.

4

21.7 Legacy Series / How to add custom options in DHCP pools?

« on: December 22, 2021, 12:29:17 am »

Hi,

I really hope someone can help me on how to insert custom options in dhcpd.conf file.

Basically I have a main pool, with the option "Deny unknown clients" checked on, and an additional pool in the same subnet, with this checked off.

I also have registered a client MAC address, to make it a "known" client.

The problem I am facing is, that I need to have an "allow unknown-clients" in the additional pool, in order to ONLY assign addresses from this pool to unknown clients, and not allow to assign to known clients, and there is no option in the GUI to do this.

Normally it would work fine with the current setup, but not if the client have previously been assigned an address from the second pool. In that case, the client will request the previous address, and dhcp server will just ACK it, instead of NAK, so the client can discover and be offered an address from the correct pool instead.

So - here is roughly what my dhcpd.conf file looks like, and what I wish to achieve.

Code: [Select]

subnet 192.168.10.0 netmask 255.255.255.0 {
  pool {
    deny unknown-clients;
    range 192.168.10.128 192.168.10.191;
  }

  pool {
    allow unknown-clients;    <-- I wish to insert this line
    range 192.168.10.64 192.168.10.127;
  }

  option routers 192.168.10.1;
  option domain-name-servers 192.168.10.1;

}

host s_opt3_1 {
  hardware ethernet aa:bb:cc:dd:ee:ff;
}

Without the allow line above, the client is still allowed to request a previous assigned address from the wrong pool, even though I want it to get an address from the first pool.

Code: [Select]

2021-12-21T23:56:46 dhcpd[24062] DHCPACK on 192.168.10.71 to aa:bb:cc:dd:ee:ff (foobar) via bridge0
2021-12-21T23:56:46 dhcpd[24062] DHCPREQUEST for 192.168.10.71 from aa:bb:cc:dd:ee:ff via bridge0

If I can add the allow line, the dhcp server would NAK the request (since it's a known client, and dhcp would only allow unknown clients in this pool).

I have this setup working on another dhcp server, and it's also shown as an example in this man file under the section "Address pools" - https://www.math-linux.com/man/man5/dhcpd.conf.5.html

So how can I achieve this?
I cannot edit the file directly, since any changes is overwritten on dhcpd restart.

Thanks to anyone with the solution.