Captive Portal Not Working

Started by hip.dimmy, August 06, 2025, 10:00:12 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 06, 2025, 10:00:12 AM
Good day,

I'm evaluating opnsense for use as central captive portal in our enterprise.

However, after updating to the latest version, Captive portal is not able to start, the log showing some permission issue.

Code Select
2025-08-06T07:47:02 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/server.c.1978) Configuration of plugins failed. Going down.
2025-08-06T07:47:02 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.1712) [ERROR]: spawning gw failed.
2025-08-06T07:47:02 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.568) bind() unix:/var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
2025-08-06T07:47:02 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
2025-08-06T07:39:27 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/server.c.1978) Configuration of plugins failed. Going down.
2025-08-06T07:39:27 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.1712) [ERROR]: spawning gw failed.
2025-08-06T07:39:27 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.568) bind() unix:/var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
2025-08-06T07:39:27 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
2025-08-06T07:39:15 Error lighttpd (/usr/obj/u
I also notice segmentation fault during the update.

OOT, is there any way to evaluate the business version (perhaps trial version)?
I want to make sure everything is work as expected before purchasing to business subscription.


August 06, 2025, 11:34:44 AM #1
I see no problems at 25.7.1_1 in my testing environment.

Any chance you have enabled "Strict security" in Administration?
August 07, 2025, 06:37:07 AM #2
Quote from: sopex8260 on August 06, 2025, 11:34:44 AMI see no problems at 25.7.1_1 in my testing environment.

Any chance you have enabled "Strict security" in Administration?

Are you referring to `HTTP Strict Transport Security`? if yes, it's disabled.

How I repro the error is:
1. Launch ec2 with ami opensense t3.micro
2. update to the latest firmware 25.1 into 25.7.2 (upon update there is segmentation fault error in the console)
3. Add captive zone 0 and it won't start.

Are you using AWS EC2?
August 07, 2025, 07:50:02 AM #3
Can you run this command to compare the output?

# grep wwwonly /etc/group /etc/master.passwd
/etc/group:wwwonly:*:789:
/etc/master.passwd:wwwonly:*:789:789::0:0:World Wide Web Only:/nonexistent:/usr/sbin/nologin


Cheers,
Franco
August 15, 2025, 04:05:02 AM #4
Hi,

I'm having exactly the same issue since upgrading to 25.7.1. The lighttpd instance for the api dispatcher will not run and this will be in /var/log/lighttpd/latest.log:

<29>1 2025-08-15T09:48:26+10:00 <omitted> lighttpd 33291 - [meta sequenceId="16"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/server.c.1974) server started (lighttpd/1.4.79)
<27>1 2025-08-15T09:48:26+10:00 <omitted> lighttpd 33291 - [meta sequenceId="17"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
<27>1 2025-08-15T09:48:26+10:00 <omitted> lighttpd 33291 - [meta sequenceId="18"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.568) bind() unix:/var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
<27>1 2025-08-15T09:48:26+10:00 <omitted> lighttpd 33291 - [meta sequenceId="19"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.1712) [ERROR]: spawning gw failed.
<27>1 2025-08-15T09:48:26+10:00 <omitted> lighttpd 33291 - [meta sequenceId="20"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/server.c.1978) Configuration of plugins failed. Going down.


# grep wwwonly /etc/group /etc/master.passwd
/etc/group:wwwonly:*:789:
/etc/master.passwd:wwwonly:*:789:789::0:0:World Wide Web Only:/nonexistent:/usr/sbin/nologin
August 15, 2025, 05:18:39 AM #5
I've managed to get lighttpd to work temporarily if I comment the following line from /var/etc/lighttpd-api-dispatcher.conf

server.username = "wwwonly"


I seems like the user wwwonly cannot access the fastcgi sockets.
August 18, 2025, 09:22:49 AM #6
I have the same problem apparently. I noticed some days ago captive portal won't work. Also noticed the same logs.
August 18, 2025, 11:31:35 AM #7
I'm not sure what's going on.

What's the current permission of the socket itself?

# ls -lah /var/lib/php/tmp/php-fastcgi-cp.socket*

The scripts should ensure everything is set to the correct user and you already proved that the system knows the user to use.


Cheers,
Franco
August 18, 2025, 11:33:51 AM #8
Also, will it start if you remove the sockets beforehand?


Cheers,
Franco
August 18, 2025, 01:25:36 PM #9 Last Edit: August 18, 2025, 01:27:20 PM by ikkeT
There is no such socket at all.
```
root@OPNsense:~ # ls -la /var/lib/php/tmp/
total 277
drwxr-x---  2 wwwonly wheel   1088 Aug 18 14:16 .
drwxr-x---  5 root    wheel    512 Jul  6 23:35 ..
-rw-r-----  1 wwwonly wheel  34546 Jul 25 18:23 configdmodelfield.data
-rw-rw----  1 wwwonly wheel    913 Jul 25 18:23 mdl_cache_OPNsense_Cron_Cron.json
-rw-rw----  1 wwwonly wheel   8781 Aug 18 14:16 mdl_cache_OPNsense_Firewall_Alias.json
-rw-rw----  1 wwwonly wheel    229 Jul 25 18:23 mdl_cache_OPNsense_Firewall_Category.json
-rw-rw----  1 wwwonly wheel 152616 Jul 25 18:23 mdl_cache_OPNsense_HAProxy_HAProxy.json
-rw-rw----  1 wwwonly wheel   2028 Jul 25 18:23 mdl_cache_OPNsense_IPsec_IPsec.json
-rw-rw----  1 wwwonly wheel   1947 Jul 25 18:23 mdl_cache_OPNsense_TrafficShaper_TrafficShaper.json
-rw-rw----  1 wwwonly wheel   2485 Jul 25 18:23 mdl_cache_OPNsense_Wireguard_Client.json
-rw-rw----  1 wwwonly wheel    853 Jul 25 18:23 mdl_cache_OPNsense_Wireguard_Server.json
-rw-rw----  1 wwwonly wheel  22798 Aug 18 14:14 opnsense_acl_cache.json
-rw-rw----  1 wwwonly wheel  23893 Aug 18 09:44 opnsense_menu_cache.xml
srwxr-xr-x  1 root    wheel      0 Aug 11 00:09 php-fastcgi.socket-0
srwxr-xr-x  1 root    wheel      0 Aug  7 13:22 php-fastcgi.socket-1
srwxr-xr-x  1 root    wheel      0 Aug 18 09:56 php-fastcgi.socket-2
srwxr-xr-x  1 root    wheel      0 Aug 13 19:06 php-fastcgi.socket-3
srwxr-xr-x  1 root    wheel      0 Aug 12 13:05 php-fastcgi.socket-4
srwxr-xr-x  1 root    wheel      0 Aug 18 09:45 php-fastcgi.socket-5
```
August 18, 2025, 01:36:32 PM #10
Does this fix the issue?

# chmod 1750 /var/lib/php/tmp


Cheers,
Franco
August 18, 2025, 02:01:37 PM #11 Last Edit: August 18, 2025, 02:03:53 PM by ikkeT Reason: adding info
No, this is the log now:

<27>1 2025-08-18T14:45:43+03:00 OPNsense.ikenet lighttpd 98149 - [meta sequenceId="2"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
<27>1 2025-08-18T14:45:43+03:00 OPNsense.ikenet lighttpd 98149 - [meta sequenceId="3"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.568) bind() unix:/var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
<27>1 2025-08-18T14:45:43+03:00 OPNsense.ikenet lighttpd 98149 - [meta sequenceId="4"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.1712) [ERROR]: spawning gw failed.
<27>1 2025-08-18T14:45:43+03:00 OPNsense.ikenet lighttpd 98149 - [meta sequenceId="5"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/server.c.1978) Configuration of plugins failed. Going down.

So I only gave the chmod command and pressed start on captive portal in services list. No reboot. The file listing is now showing your change:

root@OPNsense:~ # ls -la /var/lib/php/tmp/
total 277
drwxr-x--T  2 wwwonly wheel   1088 Aug 18 14:31 .
drwxr-x---  5 root    wheel    512 Jul  6 23:35 ..
-rw-r-----  1 wwwonly wheel  34546 Jul 25 18:23 configdmodelfield.data
-rw-rw----  1 wwwonly wheel    913 Jul 25 18:23 mdl_cache_OPNsense_Cron_Cron.json
-rw-rw----  1 wwwonly wheel   8781 Aug 18 14:31 mdl_cache_OPNsense_Firewall_Alias.json
-rw-rw----  1 wwwonly wheel    229 Jul 25 18:23 mdl_cache_OPNsense_Firewall_Category.json
-rw-rw----  1 wwwonly wheel 152616 Jul 25 18:23 mdl_cache_OPNsense_HAProxy_HAProxy.json
-rw-rw----  1 wwwonly wheel   2028 Jul 25 18:23 mdl_cache_OPNsense_IPsec_IPsec.json
-rw-rw----  1 wwwonly wheel   1947 Jul 25 18:23 mdl_cache_OPNsense_TrafficShaper_TrafficShaper.json
-rw-rw----  1 wwwonly wheel   2485 Jul 25 18:23 mdl_cache_OPNsense_Wireguard_Client.json
-rw-rw----  1 wwwonly wheel    853 Jul 25 18:23 mdl_cache_OPNsense_Wireguard_Server.json
-rw-rw----  1 wwwonly wheel  22798 Aug 18 14:14 opnsense_acl_cache.json
-rw-rw----  1 wwwonly wheel  23893 Aug 18 09:44 opnsense_menu_cache.xml
srwxr-xr-x  1 root    wheel      0 Aug 11 00:09 php-fastcgi.socket-0
srwxr-xr-x  1 root    wheel      0 Aug  7 13:22 php-fastcgi.socket-1
srwxr-xr-x  1 root    wheel      0 Aug 18 09:56 php-fastcgi.socket-2
srwxr-xr-x  1 root    wheel      0 Aug 13 19:06 php-fastcgi.socket-3
srwxr-xr-x  1 root    wheel      0 Aug 12 13:05 php-fastcgi.socket-4
srwxr-xr-x  1 root    wheel      0 Aug 18 09:45 php-fastcgi.socket-5
August 18, 2025, 02:21:58 PM #12
And

# chmod 1777 /var/lib/php/tmp


?
August 18, 2025, 02:49:49 PM #13
Nope, same error:

<29>1 2025-08-18T15:48:14+03:00 OPNsense.ikenet lighttpd 60549 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/server.c.1974) server started (lighttpd/1.4.79)
<27>1 2025-08-18T15:48:14+03:00 OPNsense.ikenet lighttpd 60549 - [meta sequenceId="2"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
<27>1 2025-08-18T15:48:14+03:00 OPNsense.ikenet lighttpd 60549 - [meta sequenceId="3"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.568) bind() unix:/var/lib/php/tmp/php-fastcgi-cp.socket-0: Permission denied
<27>1 2025-08-18T15:48:14+03:00 OPNsense.ikenet lighttpd 60549 - [meta sequenceId="4"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/gw_backend.c.1712) [ERROR]: spawning gw failed.
<27>1 2025-08-18T15:48:14+03:00 OPNsense.ikenet lighttpd 60549 - [meta sequenceId="5"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.79/src/server.c.1978) Configuration of plugins failed. Going down.
root@OPNsense:~ # ls -la /var/lib/php/tmp/
total 277
drwxrwxrwt  2 wwwonly wheel   1088 Aug 18 15:46 .
drwxr-x---  5 root    wheel    512 Jul  6 23:35 ..
-rw-r-----  1 wwwonly wheel  34546 Jul 25 18:23 configdmodelfield.data
-rw-rw----  1 wwwonly wheel    913 Jul 25 18:23 mdl_cache_OPNsense_Cron_Cron.json
-rw-rw----  1 wwwonly wheel   8781 Aug 18 15:46 mdl_cache_OPNsense_Firewall_Alias.json
-rw-rw----  1 wwwonly wheel    229 Jul 25 18:23 mdl_cache_OPNsense_Firewall_Category.json
-rw-rw----  1 wwwonly wheel 152616 Jul 25 18:23 mdl_cache_OPNsense_HAProxy_HAProxy.json
-rw-rw----  1 wwwonly wheel   2028 Jul 25 18:23 mdl_cache_OPNsense_IPsec_IPsec.json
-rw-rw----  1 wwwonly wheel   1947 Jul 25 18:23 mdl_cache_OPNsense_TrafficShaper_TrafficShaper.json
-rw-rw----  1 wwwonly wheel   2485 Jul 25 18:23 mdl_cache_OPNsense_Wireguard_Client.json
-rw-rw----  1 wwwonly wheel    853 Jul 25 18:23 mdl_cache_OPNsense_Wireguard_Server.json
-rw-rw----  1 wwwonly wheel  22798 Aug 18 15:14 opnsense_acl_cache.json
-rw-rw----  1 wwwonly wheel  23893 Aug 18 09:44 opnsense_menu_cache.xml
srwxr-xr-x  1 root    wheel      0 Aug 11 00:09 php-fastcgi.socket-0
srwxr-xr-x  1 root    wheel      0 Aug  7 13:22 php-fastcgi.socket-1
srwxr-xr-x  1 root    wheel      0 Aug 18 09:56 php-fastcgi.socket-2
srwxr-xr-x  1 root    wheel      0 Aug 13 19:06 php-fastcgi.socket-3
srwxr-xr-x  1 root    wheel      0 Aug 12 13:05 php-fastcgi.socket-4
August 18, 2025, 02:51:12 PM #14
to me it feels like someone is not creating the socket lighttpd tries to attach to. And it only gives misleading permission error log when the whole socket is missing.
Print
Go Up Pages1
User actions