@free4 ThankU, I will continue working this out. Thx

@guillame
I've tested pfSense with a "Nordnet" router and a satellite connection a month ago.
Works well, as expected, because what the 'WAN' actually is, A/VDSL RTC, PPPoE, over Wifi or satellite, it doesn't matter.

@abraham11
I save the CSV file on the PC them open it with Excell or LibreOffice in my case.
You end-up with a list of voucher numbers in Column A
Then I have a second tab with a preformated print and the values of the tickets just feel the preformated print.
Ready to print
And them use scissor to cut them 😊
Simple and easy

nevermind, looks like a vlan issue

My Issue is different than @refugeesonline. We are facing random voucher expiry before remaining time. Almost 2500+ voucher active and few of them having this behavior.

vouchers are 7 Days, 15 Days & also 30 Days. Expiry happening randomly with different rolls , one client created 1 Year voucher which I also not recommend and suggested him to use Radius authentication ( PfSense Radius ) for long terms users.

We have fresh install of 2.5 stable system. NO RAM DISK, NO HA setup. All installations on SSD 480G. We have no issue with System reboots we did it few times and all is well.

Nice !!

I replied yesterday -see above - to a post that dates from ..... not the spammer just above but to Erik_CH and @free4 - messages from 2019......
Woken up by some BS of Veralder who want me to look at some Swedish consultancy site - to find issue https://redmine.pfsense.org/issues/11842 - testing that solution - posting a solution for the solution ....
To discover just now that it was actually a spammer ( ? ) that made me contribute to pfSense.

Great.

I need a drink.

Finally I found out a workaround
I have another pfsense box with version 2.4.5 and on that one I was able to generate a short private and public key .
So I copy paste them to the 2.5.1 box ... and bingo it works !
Six character long voucher code 😊

@westr said in two logins on same portal page (Voucher + No_Auth):

and be sent to a separate VLAN

Somewhere on the net, a local LAN or VLAN : where ever you want.

Thank You @gertjan I missed one setting. It's work Now.

@free4
It was working fine without any issues in previous releases
Anyway, thanks for the information

Your customizing, right ?

Use https://pfsense.yourlan.tld/system_usermanager.php as an example.

Normally, when you use a page like "https://pfsense.yourlan.tld/system_usermanager.php" you should be logged in.
But, as you create your won "user edit" page, you could throw away that need. Just borrow (copy) the code you need to update the user's settings - the 'saving part is happening after the line that says :

if ($_POST['save'] && !$read_only) {

Something like : have to look up the user ID first, and if it exists, compare the old password with what the user entered (first "old" password box) and if there is a match, update the user's password with what he entered in the "new" password second box.
This way, you allow only known users to change their own password.

It's solved! I noticed that some columns were missing from the radacct table. I copied a new MySQL schema radacct table and it already works.

@argilla

How do the portal user login ?
=> to log in, user have to be collected. To do this, users are redirected to the portal's web server, so a login page shows up. These credntials are posted against the portal server, who sends it to the Radius server for checking.
When the user is authorized, a firewall rule make the users device (IP and MAC) totally transparent.
This means it's not 'easy' for a user to get back to the login page of the portal at this moment.
Question : does the portal user actually logged in multiple times ?

Years ago, I detected in the "radacct" Freeradius table entries that seem be be abandone, there as a start time, but no interval updates neither a stop time.
A newer entry for the same logged in user existed.
This might be what you are seeing now.

I created this :
ac259eab-4b33-4908-89b0-d75c88395040-image.png

<?php try { $link = new PDO('mysql:host=radius.local.net;port=3307;dbname=radius', 'radius', 'verysecretpassword'); // Check connection if($link === false) { die("ERROR: Could not connect."); } // Attempt delete query execution $sql = "DELETE FROM `radacct` WHERE `acctstoptime` IS NULL and `acctstarttime` < (NOW() - INTERVAL 610 MINUTE)"; $stmt = $link->prepare($sql); $stmt->execute(); unset($stmt); } catch (PDOException $e) { print "Error!: " . $e->getMessage() . "<br/>"; die(); } ?>

When there are entries with an empty STOP time "acctstoptime" and a acctstarttime that more then 610 minutes in the past, that entry gets deleted.
Now, these 'stray' entries get removed.
I has no more issues.
Actually, don't recall what the issue really was.
(I should stop this cron task, see what happens)

pfSense shows the correct number f logged in users ?

edit :
Can you 'debug' the radius process , like the FreeRadius3 package of pfSense ?

You have to stop the radius process, and then launch it by hand :

radius -X

@moelharrak said in Create vouchers with specific Download/Upload:

erent Bandwidth or the Download/Upload are inherent from captive portal configuration?
and what is the best solution to create an account that can be used by many devices ( seminar for example) but also can specify the Bandwidth ?

Hi,

The best solution is to use a radius server (such as FreeRadius).
FreeRadius is an authentication server. It takes some user lists as input (eg : an SQL database, a plain text file, etc...) and provide "access granted"/"access denied" messages as output.

FreeRadius can indicate some settings to pfSense when responding "access granted" ("Access-Accept") for one user.

Session-Timeout (a per-user hard timeout) pfSense-Max-Total-Octets (a per-user max allowed traffic) pfSense-Bandwidth-Max-Up (a per-user upload speed) and pfSense-Bandwidth-Max-Down (a per-user download speed)

You will find more info on the documentation i guess.

@decipher2099 hi,

It's not supported.

You could play around with ipfw commands (the technology used by the captive portal to allow/block users) but you will face a lot of issues (such as your MACs not being displayed in the GUI, being wiped at each captive portal change, etc).

If this feature ever existed, it would not be implemented in shell...but using an HTTP API

Netgate had plans to implement an API for pfsense....then dropped it. More info here : https://www.netgate.com/blog/more-on-aes-ni.html

@gertjan: That’s why I have turned off the router functionality, except for the router being able to report to the Linksys cloud servers for remote management. I have turned off DHCP on the Linksys AP and instead have turned on DHCP on the SG-1100’s OPT port. All Wi-Fi clients thus bypass the router functionality of the Velop system.

@lens said in Log guest users traffic internal IP and destination IP:

I just need to be able to prove that a certain request at a certain time was not from myself the owner.

Another solution might be : route all the traffic from the captive portal's interface over a VPN.
At least, use the LAN for yourself, and some OPTx interface for the captive portal.

Btw : i'm using the captive portal for a hotel, in France. I've abandoned years ago any form of 'extra' logging. Even the MAC addresses that are recorded are fake ones, created just for our captive portal's Wifi (at least, iOS is doing so be default).
What exists today : some IP - my WAN IP, hits some questionable IP address. Traffic content will be complete unknown as it is all TLS these days.
Never had a message from HADOPI (except the day the night auditor decided to use our connection to download some Disney movies ...)

These these I have the users share my single Orange VDSL "24 Mbits.sec" connection (the fibre is coming soon).

Also : pfBlockerNG with some feeds that lists famous download peers will help you.

The bandwidth monitoring can also show suspected 'full scale' downloads :

3ed6ae49-68a4-44c4-94aa-f1fe1792117d-image.png

= 4 years of stats.

Keep in mind taht even 'Windows' uses P2P to download the winter edition of windows 10 ^^