[ previous ] [ next ] [ threads ]
 From:  YvesDM <ydmlog at gmail dot com>
 To:  Lee Sharp <leesharp at hal dash pc dot org>
 Cc:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Captive portal , Firefox 3.5 and SSL3.0
 Date:  Sat, 12 Sep 2009 19:02:13 +0200
On Sat, Sep 12, 2009 at 6:40 PM, Lee Sharp <leesharp at hal dash pc dot org> wrote:

> What IP?
> The reason that I ask is that this is happening with a lot more software,
> and in some cases, halting login completely.  (Like McAfee Site Advisor)
>  With a little discussion, we can find these sites, and keep an IP allow
> list to minimize this behavior.
>                Lee


first of all, forget my part about ssl 3.0.
I was testing in a double NAT environment which obviously gave me
strange results.
Connecting everything directly made that problem disappear.

Ok, this is what I did for the OCSP stuff. My certificates are issued
by Usertrust.
We sniffed the line while opening the browser, which learned us it
tried to connect to ocsp.comodoca.com.
We looked up the ip of that host and it gave us 3 ip's,, and
I've added the first one in the allowed list (any to ip) of the
captive portal and used an entry in the dns forwarder to make sure
ocsp.comodoca.com always resolved to that ip. You could add all ip's
too of course.

As you know the ocsp ip's will depend on the issuer of your
certificates, so in case you 're having same issues, it's best to do a
sniff on one of your systems and see what happens.

Hope this helps
Kind regards