Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal https login page stopped working on pfsense 2.1

    Scheduled Pinned Locked Moved Captive Portal
    1 Posts 1 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      Fabio de Souza
      last edited by

      Hello all.

      We've been using pfsense for a while and it always did its job perfectly.
      Basically we have a pfsense captive portal to authenticate students from our school. Until one week ago we had no problems with pfsense 2.0.1, but we believe that someone has exploited some lighttpd vulnerabilities (CVE-2011-4362 and CVE-2012-5533) and that fact made us install a new machine with the latest pfsense available (2.1).

      Well… now we have new problems...
      Sometimes the captive portal service stops working and we can see 2 information in the logs:
      lighttpd[26290]: (mod_fastcgi.c.3370) got a FDEVENT_OUT and didn't know why: 5
      kernel: pid 26290 (lighttpd), uid 0: exited on signal 6 (core dumped)

      The only way to get the captive portal working again is to restart its service. We installed a watchdog package to do it for us. For a while it is helping us to have time to lunch, take shower and try to have normal life… :D
      We intend to open a new discussion to talk about this problem.

      The issue that we were not able to solve yet is related to the https certificate that we used to have on version 2.0.1. On version 2.0.1, users were authenticated on a https captive portal, but now, if we enable that option, students are not redirected to the login page.
      We get this message in the system log everytime some student tries to access any site:
      lighttpd[35647]: (connections.c.1731) SSL: 1 -1 error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

      It would be great if some of you guys could help us.

      Thank you all.

      Fabio.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.