pfsense 2.5.2 can't auto delete pass-through MAC after voucher expired

tianakex

@maherg hello, did you find any solution?

maherg

@tianakex no bro

nobody is answering and i didn't get any solution.

tianakex

@maherg did you try rolling back to 2.4.4?

maherg

@tianakex no i am still on 2.5.2 because i want to use wireguard vpn but now i am not using auto add pass-through MAC

tianakex

@maherg just in case i found the solution, if you still need it

maherg

This post is deleted!

tianakex

@maherg I am in 2.6.0 but it should work for you
Edit /etc/inc/captiveportal.inc
find the captiveportal_prune_old_automac function and add the code below my descirption "/auto delete mac passthrougth at voucher expiration/"

function captiveportal_prune_old_automac() {
	global $g, $config, $cpzone, $cpzoneid;

	if (is_array($config['captiveportal'][$cpzone]['passthrumac']) &&
	    isset($config['captiveportal'][$cpzone]['passthrumacadd'])) {
		$tmpvoucherdb = array();
		$macrules = "";
		$writecfg = false;
		foreach ($config['captiveportal'][$cpzone]['passthrumac'] as $eid => $emac) {
			if ($emac['logintype'] != "voucher") {
				continue;
			}
			if (isset($config['captiveportal'][$cpzone]['noconcurrentlogins'])) {
				if (isset($tmpvoucherdb[$emac['username']])) {
					$temac = $config['captiveportal'][$cpzone]['passthrumac'][$tmpvoucherdb[$emac['username']]];
					$pipeno = captiveportal_get_dn_passthru_ruleno($temac['mac']);
					if ($pipeno) {
						captiveportal_free_dn_ruleno($pipeno);
						$macrules .= "table {$cpzone}_pipe_mac delete any,{$temac['mac']}\n";
						$macrules .= "table {$cpzone}_pipe_mac delete {$temac['mac']},any\n";
						$macrules .= "pipe delete {$pipeno}\n";
						++$pipeno;
						$macrules .= "pipe delete {$pipeno}\n";
					}
					$writecfg = true;
					captiveportal_logportalauth($temac['username'], $temac['mac'],
					    $temac['ip'], "DUPLICATE {$temac['username']} LOGIN - TERMINATING OLD SESSION");
					unset($config['captiveportal'][$cpzone]['passthrumac'][$tmpvoucherdb[$emac['username']]]);
				}
				$tmpvoucherdb[$emac['username']] = $eid;
			}
			/*auto delete mac passthrougth at voucher expiration*/
			if (voucher_auth($emac['username']) <= 0) {
				$pipeno = captiveportal_get_dn_passthru_ruleno($emac['mac']);
				if ($pipeno) {
					captiveportal_free_dn_ruleno($pipeno);
					$macrules .= "table {$cpzone}_pipe_mac delete any,{$emac['mac']}\n";
					$macrules .= "table {$cpzone}_pipe_mac delete {$emac['mac']},any\n";
					$macrules .= "pipe delete {$pipeno}\n";
					++$pipeno;
					$macrules .= "pipe delete {$pipeno}\n";
				}
				$writecfg = true;
				captiveportal_logportalauth($emac['username'], $emac['mac'],
				    $emac['ip'], "EXPIRED {$emac['username']} LOGIN - TERMINATING SESSION");
				unset($config['captiveportal'][$cpzone]['passthrumac'][$eid]);
			}
			/*end auto delete mac passthrougth at voucher expiration*/
		}
		unset($tmpvoucherdb);
		if (!empty($macrules)) {
			@file_put_contents("{$g['tmp_path']}/macentry.prunerules.tmp", $macrules);
			unset($macrules);
			mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.prunerules.tmp");
		}
		if ($writecfg === true) {
			write_config("Prune session for auto-added macs");
		}
	}
}

tianakex

• restart the CP service
• make sure Concurrent user logins is disabled
• just dont edit the autoadded mac address because the CP will considere that you added it manually and will not be a voucher associated mac anymore and will not be pruned at the expiration of the code voucher

maherg

@tianakex thank you very much i will try this

LadiesMan217

@tianakex Hi may I know if this patch also works on pfsense 2.6?