Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 WAN, captive portal and vouchers - best practices?

    2.0-RC Snapshot Feedback and Problems - RETIRED
    3
    4
    3.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • OceanwatcherO
      Oceanwatcher
      last edited by

      I am helping a friend with a small "hotel" to set up his network. They typically have 2 computers in the office that are online during the day (and night) and the guests connect through some wireless access points that I spread around using different channels, but the same SSID.

      They have 2 incoming ADSL, each 512kb connections and I have a Pentium 3 that I am setting up with pfSense to try to make things a little better there.

      Up till now, they have been using WPA with a password that they give to the guests. The traffic is not high, I don't think I have seen more than 3 guests on at the same time ever.

      First of all - pfSense 2.0 is running absolutely fine here at home where I am testing things. But what would be a good setup for this little network?

      I have seen various comments regarding problems with load balancing and some types of sites. Obviously, in a hotel setting, you never know what sites the guest will access, so I have to make sure it always works.

      One option would of course be to use one outgoing for the guests and one for the staff. If it was possible to combine this with a failover, so that if one of the outgoing dropped, all traffic would be routed to the other, that would be nice?

      The second part is regarding the wireless. I have never set up a captive portal, but used it a lot myself while travelling. And I am wondering if I am understanding it correct if I assume that I can turn on captive portal, upload a login page to the firewall and generate vouchers that can be used for login?

      Does this mean that I don't need anything else like radius or any other mechanism to get it to work? For me, this sounds like the perfect setup. What would be the possible problems? I am thinking that generating 12 hour vouchers would be perfect for my friend here.

      Is there a way to set up a mechanism to trigger generation of vouchers? I am thinking about creating a database program that could use some kind of trigger to fetch a new batch of vouchers from pfSense when needed… Alternatively, I should maybe create a user that can log on to pfSense and only generate vouchers?

      I really love what I am seeing from pfSense and feel a little bit like a kid in a toystore :-) Thank you for providing us with this and I am looking forward to the release version!

      I am sorry if you expected some kind of deep, technical problem. My problems are more about getting my head around how things are done in pfSense and find the smoothest way for my friend to do things when I am not around. I will probably set it up so I can use VPN to log in and help him if necessary, but that comes later. Max 1 VPN session needed, so no big load on that either.

      Regards,

      Oceanwatcher
      2x SuperMicro 8core w/ 8 GB RAM running v. 2.3.1 - will eventually set them up with failover

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        Yeah vouchers will do what you want.

        About managing them the only way, for now, is to allow login to the page to someone or write an application to do this remotely.
        Otherwise it should be pretty straightforward.

        For using the 2 lines i would recommend failover for clients and loadbalancing for staff since you do not have bandwidth problems that will do and make sure that staff notices any problems with one of the lines.
        Though you can enable loadbalancing for clients https might have problems as other strange client softwares.

        1 Reply Last reply Reply Quote 0
        • OceanwatcherO
          Oceanwatcher
          last edited by

          @ermal:

          About managing them the only way, for now, is to allow login to the page to someone or write an application to do this remotely.

          Is there an API/way for an application to trigger the generation of vouchers? And to download the csv file?

          Right now, I guess I will do the generating of vouchers for them. A designer friend came up with a nice idea:

          Find some kind of labels that will fit our purpose - http://tiny.cc/b57c6 should be ok - and print some "businesscards with nice design and a little "usermanual". The print the vouchers on the stickers and place them on the cards.

          Of course, for a big establishment this will not work too well… But for a small place like my friend have, this will look very nice and work ok. Can always get the staff to attach the stickers during the nightshift :-) You can get two sided businesscards printed extremely cheap here.

          Regards,

          Oceanwatcher
          2x SuperMicro 8core w/ 8 GB RAM running v. 2.3.1 - will eventually set them up with failover

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by

            Hi,

            If you expect problems with load balancing, you could enable sticky connections in
            system - advanced - miscellaneous - load balancing

            Creating Vouchers:
            You could creat a new User which is only allowed to see the Main WebGUI Startup page, so your friend can check, if the WAN connections are up and further can browse to:
            service - captive portal - vouchers to create vouchers
            and to check, if a voucher has expired to
            status - captive portal

            Here there is an excel sheet for creating a voucher print
            http://ts-telecom.net/voucherdrucker.xls

            It is only german, but there is a scenario explained for a Captive Portal
            http://www.administrator.de/index.php?content=91413

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.