Good day,
I'm evaluating opnsense for use as central captive portal in our enterprise.
However, after updating to the latest version, Captive portal is not able to start, the log showing some permission issue.
2025-08-06T07:47:02 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/server.c.1978) Configuration of plugins failed. Going down.
2025-08-06T07:47:02 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.1712) [ERROR]: spawning gw failed.
2025-08-06T07:47:02 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.568) bind() unix:/var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
2025-08-06T07:47:02 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
2025-08-06T07:39:27 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/server.c.1978) Configuration of plugins failed. Going down.
2025-08-06T07:39:27 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.1712) [ERROR]: spawning gw failed.
2025-08-06T07:39:27 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.568) bind() unix:/var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
2025-08-06T07:39:27 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
2025-08-06T07:39:15 Error lighttpd (/usr/obj/u
I also notice segmentation fault during the update.
OOT, is there any way to evaluate the business version (perhaps trial version)?
I want to make sure everything is work as expected before purchasing to business subscription.
I see no problems at 25.7.1_1 in my testing environment.
Any chance you have enabled "Strict security" in Administration?
Quote from: sopex8260 on August 06, 2025, 11:34:44 AMI see no problems at 25.7.1_1 in my testing environment.
Any chance you have enabled "Strict security" in Administration?
Are you referring to `HTTP Strict Transport Security`? if yes, it's disabled.
How I repro the error is:
1. Launch ec2 with ami opensense t3.micro
2. update to the latest firmware 25.1 into 25.7.2 (upon update there is segmentation fault error in the console)
3. Add captive zone 0 and it won't start.
Are you using AWS EC2?
Can you run this command to compare the output?
# grep wwwonly /etc/group /etc/master.passwd
/etc/group:wwwonly:*:789:
/etc/master.passwd:wwwonly:*:789:789::0:0:World Wide Web Only:/nonexistent:/usr/sbin/nologin
Cheers,
Franco
Hi,
I'm having exactly the same issue since upgrading to 25.7.1. The lighttpd instance for the api dispatcher will not run and this will be in /var/log/lighttpd/latest.log:
<29>1 2025-08-15T09:48:26+10:00 <omitted> lighttpd 33291 - [meta sequenceId="16"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/server.c.1974) server started (lighttpd/1.4.79)
<27>1 2025-08-15T09:48:26+10:00 <omitted> lighttpd 33291 - [meta sequenceId="17"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
<27>1 2025-08-15T09:48:26+10:00 <omitted> lighttpd 33291 - [meta sequenceId="18"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.568) bind() unix:/var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
<27>1 2025-08-15T09:48:26+10:00 <omitted> lighttpd 33291 - [meta sequenceId="19"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.1712) [ERROR]: spawning gw failed.
<27>1 2025-08-15T09:48:26+10:00 <omitted> lighttpd 33291 - [meta sequenceId="20"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/server.c.1978) Configuration of plugins failed. Going down.
# grep wwwonly /etc/group /etc/master.passwd
/etc/group:wwwonly:*:789:
/etc/master.passwd:wwwonly:*:789:789::0:0:World Wide Web Only:/nonexistent:/usr/sbin/nologin
I've managed to get lighttpd to work temporarily if I comment the following line from /var/etc/lighttpd-api-dispatcher.conf
server.username = "wwwonly"
I seems like the user wwwonly cannot access the fastcgi sockets.
I have the same problem apparently. I noticed some days ago captive portal won't work. Also noticed the same logs.
I'm not sure what's going on.
What's the current permission of the socket itself?
# ls -lah /var/lib/php/tmp/php-fastcgi-cp.socket*
The scripts should ensure everything is set to the correct user and you already proved that the system knows the user to use.
Cheers,
Franco
Also, will it start if you remove the sockets beforehand?
Cheers,
Franco
There is no such socket at all.
```
root@OPNsense:~ # ls -la /var/lib/php/tmp/
total 277
drwxr-x--- 2 wwwonly wheel 1088 Aug 18 14:16 .
drwxr-x--- 5 root wheel 512 Jul 6 23:35 ..
-rw-r----- 1 wwwonly wheel 34546 Jul 25 18:23 configdmodelfield.data
-rw-rw---- 1 wwwonly wheel 913 Jul 25 18:23 mdl_cache_OPNsense_Cron_Cron.json
-rw-rw---- 1 wwwonly wheel 8781 Aug 18 14:16 mdl_cache_OPNsense_Firewall_Alias.json
-rw-rw---- 1 wwwonly wheel 229 Jul 25 18:23 mdl_cache_OPNsense_Firewall_Category.json
-rw-rw---- 1 wwwonly wheel 152616 Jul 25 18:23 mdl_cache_OPNsense_HAProxy_HAProxy.json
-rw-rw---- 1 wwwonly wheel 2028 Jul 25 18:23 mdl_cache_OPNsense_IPsec_IPsec.json
-rw-rw---- 1 wwwonly wheel 1947 Jul 25 18:23 mdl_cache_OPNsense_TrafficShaper_TrafficShaper.json
-rw-rw---- 1 wwwonly wheel 2485 Jul 25 18:23 mdl_cache_OPNsense_Wireguard_Client.json
-rw-rw---- 1 wwwonly wheel 853 Jul 25 18:23 mdl_cache_OPNsense_Wireguard_Server.json
-rw-rw---- 1 wwwonly wheel 22798 Aug 18 14:14 opnsense_acl_cache.json
-rw-rw---- 1 wwwonly wheel 23893 Aug 18 09:44 opnsense_menu_cache.xml
srwxr-xr-x 1 root wheel 0 Aug 11 00:09 php-fastcgi.socket-0
srwxr-xr-x 1 root wheel 0 Aug 7 13:22 php-fastcgi.socket-1
srwxr-xr-x 1 root wheel 0 Aug 18 09:56 php-fastcgi.socket-2
srwxr-xr-x 1 root wheel 0 Aug 13 19:06 php-fastcgi.socket-3
srwxr-xr-x 1 root wheel 0 Aug 12 13:05 php-fastcgi.socket-4
srwxr-xr-x 1 root wheel 0 Aug 18 09:45 php-fastcgi.socket-5
```
Does this fix the issue?
# chmod 1750 /var/lib/php/tmp
Cheers,
Franco
No, this is the log now:
<27>1 2025-08-18T14:45:43+03:00 OPNsense.ikenet lighttpd 98149 - [meta sequenceId="2"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
<27>1 2025-08-18T14:45:43+03:00 OPNsense.ikenet lighttpd 98149 - [meta sequenceId="3"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.568) bind() unix:/var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
<27>1 2025-08-18T14:45:43+03:00 OPNsense.ikenet lighttpd 98149 - [meta sequenceId="4"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.1712) [ERROR]: spawning gw failed.
<27>1 2025-08-18T14:45:43+03:00 OPNsense.ikenet lighttpd 98149 - [meta sequenceId="5"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/server.c.1978) Configuration of plugins failed. Going down.
So I only gave the chmod command and pressed start on captive portal in services list. No reboot. The file listing is now showing your change:
root@OPNsense:~ # ls -la /var/lib/php/tmp/
total 277
drwxr-x--T 2 wwwonly wheel 1088 Aug 18 14:31 .
drwxr-x--- 5 root wheel 512 Jul 6 23:35 ..
-rw-r----- 1 wwwonly wheel 34546 Jul 25 18:23 configdmodelfield.data
-rw-rw---- 1 wwwonly wheel 913 Jul 25 18:23 mdl_cache_OPNsense_Cron_Cron.json
-rw-rw---- 1 wwwonly wheel 8781 Aug 18 14:31 mdl_cache_OPNsense_Firewall_Alias.json
-rw-rw---- 1 wwwonly wheel 229 Jul 25 18:23 mdl_cache_OPNsense_Firewall_Category.json
-rw-rw---- 1 wwwonly wheel 152616 Jul 25 18:23 mdl_cache_OPNsense_HAProxy_HAProxy.json
-rw-rw---- 1 wwwonly wheel 2028 Jul 25 18:23 mdl_cache_OPNsense_IPsec_IPsec.json
-rw-rw---- 1 wwwonly wheel 1947 Jul 25 18:23 mdl_cache_OPNsense_TrafficShaper_TrafficShaper.json
-rw-rw---- 1 wwwonly wheel 2485 Jul 25 18:23 mdl_cache_OPNsense_Wireguard_Client.json
-rw-rw---- 1 wwwonly wheel 853 Jul 25 18:23 mdl_cache_OPNsense_Wireguard_Server.json
-rw-rw---- 1 wwwonly wheel 22798 Aug 18 14:14 opnsense_acl_cache.json
-rw-rw---- 1 wwwonly wheel 23893 Aug 18 09:44 opnsense_menu_cache.xml
srwxr-xr-x 1 root wheel 0 Aug 11 00:09 php-fastcgi.socket-0
srwxr-xr-x 1 root wheel 0 Aug 7 13:22 php-fastcgi.socket-1
srwxr-xr-x 1 root wheel 0 Aug 18 09:56 php-fastcgi.socket-2
srwxr-xr-x 1 root wheel 0 Aug 13 19:06 php-fastcgi.socket-3
srwxr-xr-x 1 root wheel 0 Aug 12 13:05 php-fastcgi.socket-4
srwxr-xr-x 1 root wheel 0 Aug 18 09:45 php-fastcgi.socket-5
And
# chmod 1777 /var/lib/php/tmp
?
Nope, same error:
<29>1 2025-08-18T15:48:14+03:00 OPNsense.ikenet lighttpd 60549 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/server.c.1974) server started (lighttpd/1.4.79)
<27>1 2025-08-18T15:48:14+03:00 OPNsense.ikenet lighttpd 60549 - [meta sequenceId="2"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
<27>1 2025-08-18T15:48:14+03:00 OPNsense.ikenet lighttpd 60549 - [meta sequenceId="3"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.568) bind() unix:/var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
<27>1 2025-08-18T15:48:14+03:00 OPNsense.ikenet lighttpd 60549 - [meta sequenceId="4"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.1712) [ERROR]: spawning gw failed.
<27>1 2025-08-18T15:48:14+03:00 OPNsense.ikenet lighttpd 60549 - [meta sequenceId="5"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/server.c.1978) Configuration of plugins failed. Going down.
root@OPNsense:~ # ls -la /var/lib/php/tmp/
total 277
drwxrwxrwt 2 wwwonly wheel 1088 Aug 18 15:46 .
drwxr-x--- 5 root wheel 512 Jul 6 23:35 ..
-rw-r----- 1 wwwonly wheel 34546 Jul 25 18:23 configdmodelfield.data
-rw-rw---- 1 wwwonly wheel 913 Jul 25 18:23 mdl_cache_OPNsense_Cron_Cron.json
-rw-rw---- 1 wwwonly wheel 8781 Aug 18 15:46 mdl_cache_OPNsense_Firewall_Alias.json
-rw-rw---- 1 wwwonly wheel 229 Jul 25 18:23 mdl_cache_OPNsense_Firewall_Category.json
-rw-rw---- 1 wwwonly wheel 152616 Jul 25 18:23 mdl_cache_OPNsense_HAProxy_HAProxy.json
-rw-rw---- 1 wwwonly wheel 2028 Jul 25 18:23 mdl_cache_OPNsense_IPsec_IPsec.json
-rw-rw---- 1 wwwonly wheel 1947 Jul 25 18:23 mdl_cache_OPNsense_TrafficShaper_TrafficShaper.json
-rw-rw---- 1 wwwonly wheel 2485 Jul 25 18:23 mdl_cache_OPNsense_Wireguard_Client.json
-rw-rw---- 1 wwwonly wheel 853 Jul 25 18:23 mdl_cache_OPNsense_Wireguard_Server.json
-rw-rw---- 1 wwwonly wheel 22798 Aug 18 15:14 opnsense_acl_cache.json
-rw-rw---- 1 wwwonly wheel 23893 Aug 18 09:44 opnsense_menu_cache.xml
srwxr-xr-x 1 root wheel 0 Aug 11 00:09 php-fastcgi.socket-0
srwxr-xr-x 1 root wheel 0 Aug 7 13:22 php-fastcgi.socket-1
srwxr-xr-x 1 root wheel 0 Aug 18 09:56 php-fastcgi.socket-2
srwxr-xr-x 1 root wheel 0 Aug 13 19:06 php-fastcgi.socket-3
srwxr-xr-x 1 root wheel 0 Aug 12 13:05 php-fastcgi.socket-4
to me it feels like someone is not creating the socket lighttpd tries to attach to. And it only gives misleading permission error log when the whole socket is missing.
But lighttpd is supposed to create these sockets ;)
I'm rearranging directory handling a bit to avoid permission clobbering:
https://github.com/opnsense/core/commit/066514a7ac
And then try to reproduce. BRB.
Cheers,
Franco
Wondering whether this is a tmpfs thing?
# df -h | grep tmpfs
Cheers,
Franco
Cannot reproduce this either way, but I'll ship the improvements in 25.7.2 (tomorrow) and would ask for you to test again based on that version.
Cheers,
Franco
Unfortunately it doesn't work any better in the OPNsense 25.7.2-amd64. Same logs, and the directory looks like this:
root@OPNsense:~ # tail -10 /var/log/lighttpd/lighttpd_20250825.log
<29>1 2025-08-25T10:23:24+03:00 OPNsense.ikenet lighttpd 82174 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.81/src/server.c.1971) server started (lighttpd/1.4.81)
<27>1 2025-08-25T10:23:24+03:00 OPNsense.ikenet lighttpd 82174 - [meta sequenceId="2"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.81/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
<27>1 2025-08-25T10:23:24+03:00 OPNsense.ikenet lighttpd 82174 - [meta sequenceId="3"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.81/src/gw_backend.c.568) bind() unix:/var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
<27>1 2025-08-25T10:23:24+03:00 OPNsense.ikenet lighttpd 82174 - [meta sequenceId="4"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.81/src/gw_backend.c.1712) [ERROR]: spawning gw failed.
<27>1 2025-08-25T10:23:24+03:00 OPNsense.ikenet lighttpd 82174 - [meta sequenceId="5"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.81/src/server.c.1975) Configuration of plugins failed. Going down.
root@OPNsense:~ # tail -10 /var/log/lighttpd/lighttpd_20250825.log
root@OPNsense:~ # ls -la /var/lib/php/tmp/
total 281
drwxrwxrwt 2 wwwonly wheel 960 Aug 25 10:16 .
drwxr-x--- 5 root wheel 512 Jul 6 23:35 ..
-rw-r----- 1 wwwonly wheel 34639 Aug 24 21:45 configdmodelfield.data
-rw-rw---- 1 wwwonly wheel 913 Aug 24 21:45 mdl_cache_OPNsense_Cron_Cron.json
-rw-rw---- 1 wwwonly wheel 12345 Aug 25 10:16 mdl_cache_OPNsense_Firewall_Alias.json
-rw-rw---- 1 wwwonly wheel 229 Aug 24 21:45 mdl_cache_OPNsense_Firewall_Category.json
-rw-rw---- 1 wwwonly wheel 152535 Aug 24 21:45 mdl_cache_OPNsense_HAProxy_HAProxy.json
-rw-rw---- 1 wwwonly wheel 2028 Aug 24 21:45 mdl_cache_OPNsense_IPsec_IPsec.json
-rw-rw---- 1 wwwonly wheel 1947 Aug 24 21:46 mdl_cache_OPNsense_TrafficShaper_TrafficShaper.json
-rw-rw---- 1 wwwonly wheel 2485 Aug 24 21:45 mdl_cache_OPNsense_Wireguard_Client.json
-rw-rw---- 1 wwwonly wheel 982 Aug 24 21:45 mdl_cache_OPNsense_Wireguard_Server.json
-rw-rw---- 1 wwwonly wheel 22790 Aug 25 09:47 opnsense_acl_cache.json
-rw-rw---- 1 wwwonly wheel 23893 Aug 25 10:23 opnsense_menu_cache.xml
srwxr-xr-x 1 root wheel 0 Aug 24 21:46 php-fastcgi.socket-0
srwxr-xr-x 1 root wheel 0 Aug 24 21:46 php-fastcgi.socket-1
srwxr-xr-x 1 root wheel 0 Aug 24 21:46 php-fastcgi.socket-2
srwxr-xr-x 1 root wheel 0 Aug 24 21:46 php-fastcgi.socket-3
Hi,
wanted to join this thread. I have the some problems. First I thought I messed up with the firewall rules, but seems something "special". Happy I found this thread and others mentioning the same issues.
Not sure I can contribute much to it. If is is not directly related the the functionality of the portal itself, it seems to run for some users, it might be related to some config or side effects from other plugins. If this would make sense, what would be the best way to share the list of installed plugins?
Best
Martin
I'm still having the same issue on 25.7.3. After booting, it looks like lighttpd is not creating these sockets:
root@opnsense:~ # sockstat | grep /var/lib/php/tmp/php-fastcgi.socket-
root php-cgi 96915 0 stream /var/lib/php/tmp/php-fastcgi.socket-0
root php-cgi 96461 0 stream /var/lib/php/tmp/php-fastcgi.socket-0
root php-cgi 95886 0 stream /var/lib/php/tmp/php-fastcgi.socket-0
root php-cgi 95568 0 stream /var/lib/php/tmp/php-fastcgi.socket-0
root php-cgi 95045 0 stream /var/lib/php/tmp/php-fastcgi.socket-0
root php-cgi 92984 0 stream /var/lib/php/tmp/php-fastcgi.socket-0
root php-cgi 66399 0 stream /var/lib/php/tmp/php-fastcgi.socket-3
root php-cgi 65970 0 stream /var/lib/php/tmp/php-fastcgi.socket-3
root php-cgi 65465 0 stream /var/lib/php/tmp/php-fastcgi.socket-3
root php-cgi 64972 0 stream /var/lib/php/tmp/php-fastcgi.socket-3
root php-cgi 64305 0 stream /var/lib/php/tmp/php-fastcgi.socket-3
root php-cgi 63720 0 stream /var/lib/php/tmp/php-fastcgi.socket-3
root php-cgi 52184 0 stream /var/lib/php/tmp/php-fastcgi.socket-2
root php-cgi 51868 0 stream /var/lib/php/tmp/php-fastcgi.socket-2
root php-cgi 51428 0 stream /var/lib/php/tmp/php-fastcgi.socket-2
root php-cgi 51386 0 stream /var/lib/php/tmp/php-fastcgi.socket-2
root php-cgi 51195 0 stream /var/lib/php/tmp/php-fastcgi.socket-2
root php-cgi 50723 0 stream /var/lib/php/tmp/php-fastcgi.socket-2
root php-cgi 10796 0 stream /var/lib/php/tmp/php-fastcgi.socket-4
root php-cgi 10502 0 stream /var/lib/php/tmp/php-fastcgi.socket-4
root php-cgi 10336 0 stream /var/lib/php/tmp/php-fastcgi.socket-4
root php-cgi 9756 0 stream /var/lib/php/tmp/php-fastcgi.socket-4
root php-cgi 9508 0 stream /var/lib/php/tmp/php-fastcgi.socket-4
root php-cgi 8480 0 stream /var/lib/php/tmp/php-fastcgi.socket-4
Yes, it hasn't started working for me either.
It looks like as we have the exact same issue on Version 25.7.3_7.
We satrted with the Captive portal years ago and never changed the configuration.
I did grab the latest config template when I found out that there was a problem with the captive portal.
No change regarding the problem with an unaltered default config.
Anything we can help you with?
Let's try this again from the top:
1. These sockets with the wrong permissions are only created by the web GUI, not the captive portal. So kill all lighttpd to be able to free the sockets:
# killall lighttpd
# rm /var/lib/php/tmp/php-fastcgi.*
2. Bring back the GUI and check if the sockets have the right permission (wwwonly/wheel)
# configctl webgui restart
# ls -lah /var/lib/php/tmp/
If the permissions match do you maybe have some web GUI include file or rc.conf setup that would start this away from our code breaking the correct startup and permission sequence?
Cheers,
Franco
Hi, I did the commands above. No help. The directory looks like this:
root@OPNsense:~ # ls -lah /var/lib/php/tmp/
total 273
drwxrwxrwt 2 wwwonly wheel 960B Sep 30 11:55 .
drwxr-x--- 5 root wheel 512B Jul 6 23:35 ..
-rw-r----- 1 wwwonly wheel 34K Sep 12 17:04 configdmodelfield.data
-rw-rw---- 1 wwwonly wheel 913B Sep 12 17:04 mdl_cache_OPNsense_Cron_Cron.json
-rw-rw---- 1 wwwonly wheel 11K Sep 30 11:46 mdl_cache_OPNsense_Firewall_Alias.json
-rw-rw---- 1 wwwonly wheel 229B Sep 12 17:04 mdl_cache_OPNsense_Firewall_Category.json
-rw-rw---- 1 wwwonly wheel 147K Sep 12 17:04 mdl_cache_OPNsense_HAProxy_HAProxy.json
-rw-rw---- 1 wwwonly wheel 2.0K Sep 12 17:04 mdl_cache_OPNsense_IPsec_IPsec.json
-rw-rw---- 1 wwwonly wheel 1.8K Sep 12 17:04 mdl_cache_OPNsense_TrafficShaper_TrafficShaper.json
-rw-rw---- 1 wwwonly wheel 2.4K Sep 12 17:04 mdl_cache_OPNsense_Wireguard_Client.json
-rw-rw---- 1 wwwonly wheel 957B Sep 12 17:04 mdl_cache_OPNsense_Wireguard_Server.json
-rw-rw---- 1 wwwonly wheel 22K Sep 30 11:41 opnsense_acl_cache.json
-rw-rw---- 1 wwwonly wheel 23K Sep 30 11:48 opnsense_menu_cache.xml
srwxr-x--- 1 root wheel 0B Sep 30 11:55 php-fastcgi.socket-0
srwxr-x--- 1 root wheel 0B Sep 30 11:55 php-fastcgi.socket-1
srwxr-x--- 1 root wheel 0B Sep 30 11:55 php-fastcgi.socket-2
srwxr-x--- 1 root wheel 0B Sep 30 11:55 php-fastcgi.socket-3
and here is all my rc.conf, I have not manually edit it:
root@OPNsense:~ # grep . /etc/rc.conf.d/*
/etc/rc.conf.d/acme_http_challenge:acme_http_challenge_enable=YES
/etc/rc.conf.d/acme_http_challenge:acme_http_challenge_conf="/var/etc/lighttpd-acme-challenge.conf"
/etc/rc.conf.d/acme_http_challenge:acme_http_challenge_pidfile="/var/run/lighttpd-acme-challenge.pid"
/etc/rc.conf.d/acme_http_challenge:acme_http_challenge_setup="/usr/local/opnsense/scripts/OPNsense/AcmeClient/setup.sh"
/etc/rc.conf.d/captiveportal:captiveportal_defer="YES"
/etc/rc.conf.d/captiveportal:captiveportal_enable="YES"
/etc/rc.conf.d/ddclient:ddclient_enable="NO"
/etc/rc.conf.d/ddclient_opn:ddclient_opn_enable="YES"
/etc/rc.conf.d/ddclient_opn:ddclient_opn_setup="/usr/local/opnsense/scripts/ddclient/setup.sh"
/etc/rc.conf.d/dnctl:dummynet_enable="YES"
/etc/rc.conf.d/dnctl:dnctl_enable="YES"
/etc/rc.conf.d/dnctl:dnctl_rules="/usr/local/etc/dnctl.conf"
/etc/rc.conf.d/dnctl:dnctl_setup="/usr/local/opnsense/scripts/shaper/setup.sh"
/etc/rc.conf.d/dnctl:dnctl_skip="YES"
/etc/rc.conf.d/dnsmasq:dnsmasq_enable="NO"
/etc/rc.conf.d/flowd:#
/etc/rc.conf.d/flowd:# Automatic generated configuration for netflow.
/etc/rc.conf.d/flowd:# Do not edit this file manually.
/etc/rc.conf.d/flowd:#
/etc/rc.conf.d/flowd:flowd_enable="NO"
/etc/rc.conf.d/flowd_aggregate:#
/etc/rc.conf.d/flowd_aggregate:# Automatic generated configuration for netflow.
/etc/rc.conf.d/flowd_aggregate:# Do not edit this file manually.
/etc/rc.conf.d/flowd_aggregate:#
/etc/rc.conf.d/flowd_aggregate:flowd_aggregate_enable="NO"
/etc/rc.conf.d/haproxy:haproxy_enable=YES
/etc/rc.conf.d/haproxy:haproxy_setup="/usr/local/opnsense/scripts/OPNsense/HAProxy/setup.sh"
/etc/rc.conf.d/haproxy:haproxy_pidfile="/var/run/haproxy.pid"
/etc/rc.conf.d/haproxy:haproxy_config="/usr/local/etc/haproxy.conf"
/etc/rc.conf.d/haproxy:haproxy_hardstop=YES
/etc/rc.conf.d/haproxy:haproxy_softreload=NO
/etc/rc.conf.d/ipfw:firewall_enable="YES"
/etc/rc.conf.d/ipfw:firewall_script="/usr/local/etc/rc.ipfw"
/etc/rc.conf.d/ipfw:ipfw_skip="YES"
/etc/rc.conf.d/kea:kea_enable="YES"
/etc/rc.conf.d/kea:kea_setup="/usr/local/sbin/pluginctl -c kea_sync"
/etc/rc.conf.d/monit:# DO NOT EDIT THIS FILE -- OPNsense auto-generated file
/etc/rc.conf.d/monit:monit_enable="NO"
/etc/rc.conf.d/netflow:#
/etc/rc.conf.d/netflow:# Automatic generated configuration for netflow.
/etc/rc.conf.d/netflow:# Do not edit this file manually.
/etc/rc.conf.d/netflow:#
/etc/rc.conf.d/netflow:netflow_enable="NO"
/etc/rc.conf.d/radiusd:radiusd_enable="NO"
/etc/rc.conf.d/suricata:suricata_enable="NO"
/etc/rc.conf.d/syslog_ng:syslog_ng_enable="YES"
/etc/rc.conf.d/syslog_ng:syslog_ng_oomprotect="ALL"
/etc/rc.conf.d/syslog_ng:syslog_ng_pidfile="/var/run/syslog-ng.pid"
/etc/rc.conf.d/syslog_ng:syslog_ng_skip="YES"
/etc/rc.conf.d/telegraf:telegraf_setup="/usr/local/opnsense/scripts/OPNsense/Telegraf/setup.sh"
/etc/rc.conf.d/telegraf:telegraf_enable="YES"
/etc/rc.conf.d/telegraf:telegraf_confdir="/usr/local/etc/telegraf.d"
/etc/rc.conf.d/wireguard:# disable the wireguard rc scripts when installed, bootup handled via rc.syshook
/etc/rc.conf.d/wireguard:wireguard_enable="NO"
root@OPNsense:~ # grep . /etc/rc.conf
# -- BEGIN BSD Installer automatically generated configuration -- #
# -- Written on Wed Sep 6 16:42:32 UTC 2017-- #
keymap='fi'
# -- END of BSD Installer automatically generated configuration -- #
Just at a glance acme-client plugin could be interfering here with the lighttpd challenge -- if someone else with the problem could confirm they are using it too that would be useful.
I'll try to check later today after releasing 25.7.4.
Cheers,
Franco
acme works, so it doesn't get blocked due it. Not to say it woulnd't interfere.
Yes, we are using acme-challenge.
We can confirm NOT using acme-client plugin and have the same captive portal problem.