Voucher database synchronization
-
Hi,
sry for replying so late, I have been away for a couple of days.
Well I did test this but it feels kinda not working correctly.
These were my test, maybe I did something wrong, not sure
I have 2 pfsense, one in the DMZ and one in LAN.
The LAN manages the vouchers,
on the page -> status_captiveportal_test.php I did the testLAN shows:
sjQKqhaQPY3 (1/16) good for 1440 Minutes
Access granted for 1440 Minutes in total.DMZ shows:
sjQKqhaQPY3 (1/16) good for 1440 Minutes
Access granted for 1440 Minutes in total.so far so good, but when I actually use the voucher over the pfsense in the DMZ I can see in the log:
DMZ
System log -> Captive Portal
logportalauth[32176]: Voucher login good for 1 min.: sjQKqhaQPY3, , ip_addrlog also shows this:
php: /index.php: CaptivePortalVoucherSync XMLRPC reload data success with http://LAN_IP_ADDR:8080:8080 (pfsense.exec_php).My portal runs on 8080 (not 80) , I disabled https for now. Strange is, it shows the port nr twice. Not sure if this is just a log bug tho, as it seams to work correctly, except for the 1min duration instead of 1440.
any idear? The sync seams to work fine, but the time period seams odd to me. Also the user gets logged out after one minute, which is kinda to short of course :)
both boxes run the same Version
2.0-BETA5 (i386)
built on Tue Feb 1 18:26:31 EST 2011Thnx a lot
stefanero -
-
should I make a bugreport at the bugtracker?
since I got no featback I wonder if its a configuration issue or a bug :)
-
Hi,
I think I found kinda relation between the duration of the voucher and the length of the ticket.
Looks like only the 1st digit is actually "active" in the end.
For example:
I create 3 vouchers:
200 min
300 min
400 min
and on the test page(status_captiveportal_test.php) it shows :
FqGkVaxLwZc (3/4) good for 400 Minuteswhen a voucher is actullay used it shows in the system logs -> captive portal
Voucher login good for 4 min.: FqGkVaxLwZc,Same with 300 min, and then its valid 3 min duration, 200 min -> 2min duration…
Maybe this helps a little
Stefanero -
Can you please test with latest snapshot and also post the system log on the problematic portal.
-
Hi erml,
thank you for the reply,
I am now running
2.0-RC1 (i386)
built on Mon Mar 7 12:03:17 EST 2011I created some new voucher, when I go to test page first:
status_captiveportal_vouchers.php –> active_vouchers page
Warning: file(/var/db/voucher_active_4.db): failed to open stream: No such file or directory in /usr/local/www/status_captiveportal_vouchers.php on line 61 Warning: Invalid argument supplied for foreach() in /usr/local/www/status_captiveportal_vouchers.php on line 62but the rest test itself is okey,
PchcMGLVFct (4/3) good for 500 Minutes
Access granted for 500 Minutes in total.on the pfsense system logs
Last 50 system log entries Mar 8 16:09:56 php: : The command 'pfctl -K ' returned exit code '1', the output was 'pfctl: option requires an argument -- K usage: pfctl [-AdeghmNnOqRrvz] [-a anchor] [-D macro=value] [-F modifier] [-f file] [-i interface] [-K host | network] [-k host | network ] [-b host | network ] [-o [level]] [-p device] [-s modifier ] [-t table -T command [address ...]] [-x level]' Mar 8 16:09:56 php: : The command 'pfctl -k ' returned exit code '1', the output was 'pfctl: option requires an argument -- k usage: pfctl [-AdeghmNnOqRrvz] [-a anchor] [-D macro=value] [-F modifier] [-f file] [-i interface] [-K host | network] [-k host | network ] [-b host | network ] [-o [level]] [-p device] [-s modifier ] [-t table -T command [address ...]] [-x level]' Mar 8 16:09:56 php: : The command '/sbin/ipfw table 2 delete ' returned exit code '64', the output was 'ipfw: IP address required' Mar 8 16:09:56 php: : The command '/sbin/ipfw table 1 delete ' returned exit code '64', the output was 'ipfw: IP address required' Mar 8 16:09:46 php: /index.php: CaptivePortalVoucherSync XMLRPC reload data success with http://ip-addr:8080:8080 (pfsense.exec_php). Mar 8 16:09:46 php: /index.php: Captive Portal Voucher XMLRPC sync data http://ip-addr:8080:8080.Last 50 Portal Auth log entries Mar 8 16:09:56 logportalauth[52446]: TIMEOUT: , , Mar 8 16:09:46 logportalauth[63795]: Voucher login good for 5 min.: PchcMGLVFct, , ip-addr-laptopbtw, when I redo the test, with the current logged in voucher I get:
PchcMGLVFct (4/2) active and good for 1 Minutes Access granted for 1 Minutes in total.hope to help
stefanero -
hmm
I just tryed some more, and now the user is at least not logged out anymore after the 5min in this case.
but i wonder if he ever will be logged out, since the voucher is not shown in the "active vouchers" page anymore.
and, when I now use the voucher again in the test page it sais -> denied.
stefanero
-
Well good morning,
I tryed latestet snapsshot
2.0-RC1 (i386) built on Wed Mar 9 18:16:20 EST 2011 You are on the latest version.and deleted all my existing vouchers on the system in the LAN, then created a new roll and syncted it to the DMZ server.
but still -> no go
system logs on dmz box:
Mar 10 08:11:22 php: /index.php: CaptivePortalVoucherSync XMLRPC reload data success with http://lan-server-ip:8080:8080 (pfsense.exec_php). Mar 10 08:11:22 php: /index.php: Captive Portal Voucher XMLRPC sync data http://lan-server-ip:8080:8080.captive logs on dmz box:
Mar 10 08:13:05 logportalauth[36258]: TIMEOUT: qNday4Qihc63, , ip-addr Mar 10 08:11:22 logportalauth[60559]: Voucher login good for 1 min.: qNday4Qihc63, , ip-addrand its a 1440 min voucher :-\ so again only the 1st digit is taken into account for voucher lifetime
the tests on the test pages were showing informations just fine.
Also in the Lan-pfsense I can see in the voucher status page:
qNday4Qihc63 1 03/10/2011 08:11:22 1432 min 03/11/2011 08:11:22cu
stefanero -
Hi again,
thought I tryed latest snapshot again.
But problem still present.
2.0-RC1 (i386) built on Sun Mar 13 06:53:56 EDT 2011Mar 14 09:36:31 logportalauth[61338]: Voucher login good for 1 min.: sJ74hkCMmQz, , 172.31.128.9cu
stefanero -
Hello,
still not working btw, "mar 20th" snapshot
-
Can you show me a screenshot of how you have configured the sync voucher section on pfSense?
-
Hi erml,
sure I can attached is a screenshot.
The internal pfsense runs on a class 10 - priv network, we use a different user and run on port 8080 instead of the default.
Like I already wrote in my previous posts, I think the syncronization is kinda working.
Going to Status -> Captive Portal, I can see the rolls from the Lan - pfSense and also the test page with a voucher from lan works fine.
Its only a matter when I actually use a voucher on a laptop.
cu
stefanero
-
Check tomorrow's snapshot. I am about to commit a fix for this.
-
Thank you very much.
I will let you know as soon as possible.
cu
stefanero -
Can this be implemented to sync on a non pfsense machine? To send info an sync with another DB?
-
If you can talk the same xmlrpc than yes you can implement it somewhere else.
-
Good morning,
well sry to tell but still no difference to the situation before.
Voucher Roll Activated at Expires in Expires at adjYYXFyUe73 1 03/25/2011 08:34:21 0 min 03/25/2011 08:35:21It should have been a 1440 min voucher and not just 1 minute. The sync works as before, I can test the vouchers on the test page showing up fine with a duration of 1440 minutes,
but when they get entered in the client, the duration is just the first digit of the duration of the voucher.so when a voucher runs 200 minutes, the duration is 2, when a voucher is valid 300 minutes the duration is 3… and so on.
regards
Stefanero -
Now should be all functioning properly.
Test with latest snapshots. -
Hi ermal,
this is looking good now, finally working :)
thnx a lot to you and sullrich
stefanero