Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Captive Portal no longer works after the update to version 19.7.10
« previous
next »
Print
Pages: [
1
]
Author
Topic: Captive Portal no longer works after the update to version 19.7.10 (Read 3444 times)
micha
Newbie
Posts: 6
Karma: 0
Captive Portal no longer works after the update to version 19.7.10
«
on:
January 28, 2020, 12:20:32 pm »
Hi there,
after the update to version 19.7.10 I can't connect with Firefox to the Captive Portal login page. Error message: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
After disabling ocsp_must_staple in Firefox via about:config (security.ssl.enable_ocsp_must_staple setting=false) it works again.
Is this a bug or am I doing something wrong?
Cheers,
Micha
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Captive Portal no longer works after the update to version 19.7.10
«
Reply #1 on:
January 28, 2020, 01:35:41 pm »
Hi micha,
You may be running into:
https://github.com/opnsense/core/issues/3891
Which was fixed on 19.7.10... to diagnose go to your captive portal settings and check "enforce local group" ... it is probably set to something but you want to set it to none.
Cheers,
Franco
Logged
micha
Newbie
Posts: 6
Karma: 0
Re: Captive Portal no longer works after the update to version 19.7.10
«
Reply #2 on:
January 28, 2020, 02:55:52 pm »
Hello Franco,
thank you for your answer.
But my problem is a different one: I can register. With the Chrome Browser it works without problems. With Firefox everything works if I have turned off OCSP_must_staple. The problem is that with Firefox OCSP_must_staple is enabled by default. The normal Firefox user gets only an error message instead of the login page.
The configuration of the weberver responsible for the logon page of the Captive Portal seems to have OCSP_must_staple enabled. I am trying to figure out how to disable OCSP_must_staple on lighttpd. It is also strange that OCSP_must_staple is disabled on the WebGUI.
Cheers,
Micha
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Captive Portal no longer works after the update to version 19.7.10
«
Reply #3 on:
January 28, 2020, 05:03:50 pm »
Sorry, I misread being prompted by "19.7.10" specifically.
Lighttpd does not do OCSP stapling as it seems:
https://redmine.lighttpd.net/issues/2469
It means it never worked before and that would indicate your SSL certificate changed. Are you using Let's Encrypt?
You need a new certificate that does not mandate OCSP stapling and it can be turned off for Let's Encrypt easily.
Cheers,
Franco
Logged
micha
Newbie
Posts: 6
Karma: 0
Re: Captive Portal no longer works after the update to version 19.7.10
«
Reply #4 on:
February 04, 2020, 11:30:30 am »
I was affected by the problem that the acme client always had OCSP stapling enabled (
#794
)
To fix the problem I corrected the configuration file manually. Then it worked for me again. Now the certificate has expired and was automatically renewed with OCSP stapling enabled again.
Now I have installed a certificate that does not come from Let's Encrypt manually. Now it works again.
But in the future I would like to use certificates from Let's Encrypt again. I would like to validate them using the DNS API method. Unfortunately I still have problems connecting the OPNsense acme-client to my PowerDNS...
Cheers,
Micha
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Captive Portal no longer works after the update to version 19.7.10
