Full Internet connectivity with expired voucher
-
PFS 2.1 64bit
I've noticed it accidentally - The client computer has full access to Internet with expired voucher:
The user exist in "Active Users" tab with session created more than 10 days ago (the voucher is 1week).
Testing the voucher says - expired?! The client is not prompted to enter voucher code - it just works. Killing the firewall states doesn't make any difference. I also have hard timeout set to 360 minutes.I don't want to restart any service before finding the reason for this to happend - quite serious security issue.
Any suggestions where to look?
-
Could you execute this command:
ps ax | grep minicronMaybe the same problem
http://forum.pfsense.org/index.php/topic,67739.0.html -
51492 ?? Is 0:00.00 /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
51866 ?? S 0:03.81 minicron: helper /usr/local/bin/ping_hosts.sh (minicron)
52202 ?? Is 0:00.00 /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /etc/rc.expireaccounts
52799 ?? I 0:00.24 minicron: helper /etc/rc.expireaccounts (minicron)
52866 ?? Is 0:00.00 /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /etc/rc.update_alias_url_data
53096 ?? I 0:00.01 minicron: helper /etc/rc.update_alias_url_data (minicron)However, on the slave node I have two extra lines:
46536 ?? Is 0:00.00 /usr/local/bin/minicron 60 /var/run/cp_prunedb_cpzone.pid /etc/rc.prunecaptiveportal cpzone
46718 ?? I 0:14.54 minicron: helper /etc/rc.prunecaptiveportal cpzone (minicron)Wonder how they have disappeared from the master node!?
As I knew it would happen - clicking Save on Captive Portal settings fixed it…
Now I should make another cron job to watch over this minicron job and send alerts if it disappears again.