Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Full Internet connectivity with expired voucher

    Captive Portal
    2
    3
    901
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nothing last edited by

      PFS 2.1 64bit
      I've noticed it accidentally - The client computer has full access to Internet with expired voucher:
      The user exist in "Active Users" tab with session created more than 10 days ago (the voucher is 1week).
      Testing the voucher says - expired?! The client is not prompted to enter voucher code - it just works. Killing the firewall states doesn't make any difference. I also have hard timeout set to 360 minutes.

      I don't want to restart any service before finding the reason for this to happend - quite serious security issue.
      Any suggestions where to look?



      1 Reply Last reply Reply Quote 0
      • M
        mikenl last edited by

        Could you execute this command:
        ps ax | grep minicron

        Maybe the same problem
        http://forum.pfsense.org/index.php/topic,67739.0.html

        1 Reply Last reply Reply Quote 0
        • N
          nothing last edited by

          51492  ??  Is    0:00.00 /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
          51866  ??  S      0:03.81 minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
          52202  ??  Is    0:00.00 /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /etc/rc.expireaccounts
          52799  ??  I      0:00.24 minicron: helper /etc/rc.expireaccounts  (minicron)
          52866  ??  Is    0:00.00 /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /etc/rc.update_alias_url_data
          53096  ??  I      0:00.01 minicron: helper /etc/rc.update_alias_url_data  (minicron)

          However, on the slave node I have two extra lines:

          46536  ??  Is    0:00.00 /usr/local/bin/minicron 60 /var/run/cp_prunedb_cpzone.pid /etc/rc.prunecaptiveportal cpzone
          46718  ??  I      0:14.54 minicron: helper /etc/rc.prunecaptiveportal cpzone (minicron)

          Wonder how they have disappeared from the master node!?
          As I knew it would happen - clicking Save on Captive Portal settings fixed it…
          Now I should make another cron job to watch over this minicron job and send alerts if it disappears again.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post