Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal, Vouchers, Passthrough MAC w/Username

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    4 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD
      Derelict LAYER 8 Netgate
      last edited by

      Okay -

      I was all excited about multi-day vouchers using pass-through MAC with username but am seeing something really weird.

      I have three portals defined.

      The first one has no authentication.

      The second has no authentication.

      The third has vouchers enabled, Pass-through MAC addition, and Pass through MAC with username.

      I connect to that network, get the voucher page, enter the voucher, and it is accepted.  But I am immediately presented with the CP login page again.

      The MAC passthrough entry is added to the config for the correct portal instance, but the pass-through MAC entry in ipfw is added to the first instance instead of the third.

      If I don't use Pass-through MAC addition, the user is added to the correct instance.

      I restored my config to a test box and it worked fine so I'm pretty sure a restart will fix it.

      But there's something funny with adding multi instance CPs still.

      This is 2.1-RC0 July 22 15:44 amd64.  I don't think there have been any CP changes since.

      (It might be nice to log $cpzone in portalauth.log)

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Rebooted this morning and the MAC passthrough entries are still being added to the first CP instance of ipfw instead of the 3rd, even though the config entry is added to the correct CP instance.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          Aug  1 15:35:52 gw php: /index.php: The command '/sbin/ipfw -x meetings-q /tmp/macentry_meetings.rules.tmp' returned exit code '0', the output was '00002 pipe 4138 ip from any to any MAC a8:20:66:2b:bb:47 any 00003 pipe 4139 ip from any to any MAC any a8:20:66:2b:bb:47'

          Looks like a space is necessary in the mwexec command generation.  captiveportal.inc line 1871

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • E
            eri--
            last edited by

            Fixed thanks for reporting.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.