Full Internet connectivity with expired voucher



  • PFS 2.1 64bit
    I've noticed it accidentally - The client computer has full access to Internet with expired voucher:
    The user exist in "Active Users" tab with session created more than 10 days ago (the voucher is 1week).
    Testing the voucher says - expired?! The client is not prompted to enter voucher code - it just works. Killing the firewall states doesn't make any difference. I also have hard timeout set to 360 minutes.

    I don't want to restart any service before finding the reason for this to happend - quite serious security issue.
    Any suggestions where to look?





  • Could you execute this command:
    ps ax | grep minicron

    Maybe the same problem
    http://forum.pfsense.org/index.php/topic,67739.0.html



  • 51492  ??  Is    0:00.00 /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
    51866  ??  S      0:03.81 minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
    52202  ??  Is    0:00.00 /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /etc/rc.expireaccounts
    52799  ??  I      0:00.24 minicron: helper /etc/rc.expireaccounts  (minicron)
    52866  ??  Is    0:00.00 /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /etc/rc.update_alias_url_data
    53096  ??  I      0:00.01 minicron: helper /etc/rc.update_alias_url_data  (minicron)

    However, on the slave node I have two extra lines:

    46536  ??  Is    0:00.00 /usr/local/bin/minicron 60 /var/run/cp_prunedb_cpzone.pid /etc/rc.prunecaptiveportal cpzone
    46718  ??  I      0:14.54 minicron: helper /etc/rc.prunecaptiveportal cpzone (minicron)

    Wonder how they have disappeared from the master node!?
    As I knew it would happen - clicking Save on Captive Portal settings fixed it…
    Now I should make another cron job to watch over this minicron job and send alerts if it disappears again.