I had the same problem a few months ago.
In my case the cause was the radius accounting database was getting
full, so the radius was slowing down, which caused the captive portal to
be extremely slow.
Funny thing was it was only for some users. (the most active ones with
most accounting records in the database) Other users could log in at
normal speed.

Regards,

H.

In this case, that's caused by using HTTPS with a trusted cert, the
browser is doing an OCSP request to validate the cert, which is also
getting redirected to the captive portal. It then waits about 10
seconds for that to timeout, then loads the page. (Dwane is a support
customer and sent me a pcap offlist) Common problem with all CP
systems if you search on it. The work around is to add a bypass entry
for the IP(s) of the OCSP server(s) used by the certificate provider.
In this case, it's going to ocsp.godaddy.com, which goes to Akamai.
That could get redirected to any number of IPs, which is somewhat
problematic. It seems to always resolve to the same IP right now at
least, from numerous different locations I tried it, and from the
capture as well.

The easiest work around is to hard code ocsp.godaddy.com as an
override in the DNS forwarder or further upstream on your network to
point to 72.167.239.239 and add an IP passthrough entry for
72.167.239.239. Then it'll be able to make that request to OCSP, which
will eliminate the delay. The only risk in that is if the IP changes
and that IP stops answering OCSP requests. That probably doesn't
happen much or at all though, so that's an adequate work around (and
seems to be what everyone else does including on many commercial CP
systems). May just have to be updated to a new IP once every few years
if the delay returns.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org