Captive Portal not working on 17.7.9

[ckals]

Hi,
after Update from 17.7.7 to 17.7.9 the Captive Portal that i had setup stoped working.
I get an DHCP Client lease but the login Page doesen't show up.

Any Ideas about this?

[fichtner]

Hi @ckals,

I'm not aware of any changes in that area. Try to restart the captive portal from the GUI and see if the issue persists.

Cheers,
Franco

[ckals]

Hi @fichtner Franco,

i already tried to restart the captive portal. But still nothing. i also tried to restart the whole OPNsense Box.
Yesterday before the Update the Portal working fine like a charm.....

Is there any option in GUI where i can rollback to the previous firmware ?

[ckals]

Maybe if it helps... wehen im in the GUEST-LAN (behind the captive portal) and start a portscan on the firewall's IP i can only see that the DNS at port 53 is running, no ports open for the login page/Webserver ?

[fichtner]

You can try from the shell by typing:

# opnsense-revert -r 17.7.7 opnsense

But I am a bit reluctant to say it will help, because we haven't modified CP in a long time.

[fichtner]

lighttpd was updated as well recently, maybe that could be an issue, too

# opnsense-revert -r 17.7.7 lighttpd

[ckals]

May thank to @fichtner !

Revert lighttpd to the older version helped - now the captive portal is working.
now i have also an open port 8000 on the firewall ip when i make an portscan !
Maybe someone should look deeper in that behaviour?

[fichtner]

hrm, @AdSchellevis will have to let us know where the CP web server logs to so we can find / reproduce the error

[ckals]

Ok let me know if you need any log files (if u know the location) - i hope the are still there...

[ckals]

I found this in the GUI Logs....
Looks like that lighttpd everytime start/stop (crashes?) when someone tried to log in (open the login page) ?

[AdSchellevis]

at my end it doesn't seem able to daemonize, with -D it starts normal... odd:

# /usr/local/sbin/lighttpd  -f /var/etc/lighttpd-cp-zone-0.conf
daemonized server failed to start; check error log for details

[AdSchellevis]

The current version of lighttpd (1.4.48) seems to die when doing a chroot,

server.chroot = "/var/captiveportal/zone0"

[AdSchellevis]

@ckals for now it's best to only revert the lighttpd version, we will look into a permanent solution for this for the next version.

[fichtner]

The bottom of this is: lighttpd 1.4.45 was used until 17.7.8, then FreeBSD updated to 1.4.48 which shows this odd behaviour. The behaviour, however, dates back as far as 1.4.46 and seems to be caused by devfs not being mounted properly inside the chroot directory, where lighttpd tries to find /dev/null but fails, which wasn't the case on versions lower than 1.4.46.

Very hard to debug within the code as logging is apparently off and the daemon uses a pipe to pass information up and down the (grand)child running in the chroot directory... :o

[fichtner]

There is a patch available, would you be willing to test @ckals ?

# opnsense-revert lighttpd
# opnsense-patch ac6a1ef

Also linking forum thread: https://forum.opnsense.org/index.php?topic=6618.0

Cheers,
Franco

[fichtner]

Two external confirmations in the forum. Enough to close this but all feedback is still welcome. Thanks!