Werid pfSense Fault
Thursday, July 9, 2009 at 2:13PM In my recent play time with the pfSense captive portal I came across a strange fault. Basically when the HTTPS (SSL) option for login is enabled on the captive portal it uses the HTTPS server name that is set in the config to check against the Common Name on the SSL certificate so it doesn't produces a name mismatch error.
In my testing I changed the HTTPS server name a few times then back to the original that was on the certificate. After having done this and connecting to the captive portal I would get a generic DNS can't connect error... not good. I had just added a new restrictive rule set to the captive portal interface and I thought that was dropping packets.
I remembered about the Diagnostics: Packet Capture tool that is included in the UI (which is really cool btw). This tool helped me debug the problem by capturing the failed connection attempt to a capture file which I then downloaded and loaded it into Wireshark for analysis.
;)
For some strange reason the original system name (pfsense.local, not the same as the hostname) that worked before, now would not resolve the name. I didn't have time to mess about with it further so I just added the name to the Services: DNS forwarder as shown above.
That solved my problem, an ugly hack workaround but I don't care. I may look into it further if I get the time and if anyone knows about this let me know.
PFSense in Graham's Blog 