Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Voucher Length

    Scheduled Pinned Locked Moved Captive Portal
    44 Posts 18 Posters 51.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dirkche
      last edited by

      Aaaaah i see

      reads the previously generated private key and writes a matching public key into the file key.public.  So use the shell command cat (or more) to display the contents of the appropriate key file, copy the contents of the key file into the paste buffer then paste it into the appropriate field in the voucher configuration page.

      Copy and paste is recommended here so avoid making errors in manually copying the key to the voucher configuration page.

      I missed this step :-/

      EDIT: I think the problem is, that my command shell will not properly work
      executing openssl genrsa 31 > key.private will just write this:
      $ openssl genrsa 31 > key.private

      2#EDIT:
      ok cat key.private shows a key but cat key.public not after 1min cat key.private also dont works.

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        Here's an exact copy of the commands run on my system, a VIA C3 800MHz CPU (hardly a speed demon):```

        [2.0.1-RELEASE][admin@pfsense.example.org]/root(32): time openssl genrsa 31 > key.private
        Generating RSA private key, 31 bit long modulus
        .+++++++++++++++++++++++++++
        .+++++++++++++++++++++++++++
        e is 65537 (0x10001)
        0.052u 0.015s 0:00.09 66.6% 552+628k 0+2io 0pf+0w
        [2.0.1-RELEASE][admin@pfsense.example.org]/root(33): time openssl rsa -pubout < key.private > key.public
        writing RSA key
        0.021u 0.021s 0:00.04 100.0% 552+570k 0+1io 0pf+0w
        [2.0.1-RELEASE][admin@pfsense.example.org]/root(34): cat key.private
        -----BEGIN RSA PRIVATE KEY-----
        MCwCAQACBQCDnyRNAgMBAAECBAF3ThkCAwDwawIDAIwnAgMAmOMCAkxrAgJ5fg==
        -----END RSA PRIVATE KEY-----
        [2.0.1-RELEASE][admin@pfsense.example.org]/root(36): cat key.public
        -----BEGIN PUBLIC KEY-----
        MCAwDQYJKoZIhvcNAQEBBQADDwAwDAIFAIOfJE0CAwEAAQ==
        -----END PUBLIC KEY-----
        [2.0.1-RELEASE][admin@pfsense.example.org]/root(37):

        
By preceding the openssl commands by _time_ I get the shell to report the time the command takes to complete. Neither is particularly long. These commands were typed in an SSH session to the pfSense box.

@dirkche:

> ok cat key.private shows a key but cat key.public not after 1min cat key.private also dont works.

Did you issue the command to generate the public key?
        1 Reply Last reply Reply Quote 0
        • D
          dirkche
          last edited by

          Hmm your connected with cmd to your pfsense?
          I used the Shell as you can see on screen. Maybe the problem is here!?!?!

          Quote from: dirkche on Today at 05:25:57 am
          ok cat key.private shows a key but cat key.public not after 1min cat key.private also dont works.
          Did you issue the command to generate the public key?

          Yes i used both codes
          openssl genrsa 31 > key.private
          openssl rsa -pubout < key.private > key.public

          But its strange that i works but one minute after not more

          1 Reply Last reply Reply Quote 0
          • W
            wallabybob
            last edited by

            @dirkche:

            Hmm your connected with cmd to your pfsense?

            Are you accessing your pfSense from a Windows system? If so, you can use the WinSCP program (free download) to create a SSH session from Windows to Unix systems (including pfSense).

            1 Reply Last reply Reply Quote 0
            • D
              dirkche
              last edited by

              Thanks Wallabybob !!!!!!!!!!!!

              Ok again for all if someone needs still help :)

              Open SSH Connection with pfSense eg. with WINSCP:
              IP: Serverip
              Port: 22  (if u didnt changed it)
              User: root
              Pw: Your PW as on weblogin
              With SFTP Protocol

              then open terminal and fill in:
              openssl genrsa 31 > key31.private
              openssl rsa -pubout < key31.private > key31.public

              i used key31. because of generating a new file!!!!

              cat key31.private
              cat key31.public

              and copy and paste it on webgui into Services: Captive portal: Vouchers
              Characterset: i deleted all uppercase chars

              of Roll Bits                5

              of Ticket Bits         16

              of Checksum Bits 5

              and deleted all entries in "Voucher database synchronization".
              After SAVE it makes voucher lenghts of 6-7 chars !

              Thanks for HELP !!

              1 Reply Last reply Reply Quote 0
              • A
                ajmal4youyahoo.com
                last edited by

                Please refer the below link ;D

                http://doc.pfsense.org/index.php/Captive_Portal_Vouchers

                1 Reply Last reply Reply Quote 0
                • O
                  onlineph
                  last edited by

                  While generating a shorter voucher character ease the user input, I think it compromises the security. I am using as-is and explains to my younger sister why she needs to enter this very long voucher code. Anyway, it's just my opinion.

                  1 Reply Last reply Reply Quote 0
                  • M
                    meridio
                    last edited by

                    Hello world,

                    following the dirkche tips I obtain 10 digits vouchers!

                    Why???What am I miss?

                    1 Reply Last reply Reply Quote 0
                    • L
                      limona21
                      last edited by

                      I managed to make it work so it generates voucher with of length 6-7. Version 2.3.1.

                      1. First I generated public and private key using Terminal on my Mac. This generates private key.

                      ```
                      openssl genrsa 31 > key.private

                      
2\. This generates public key.
   ```
openssl rsa -pubout < key.private >key.public

                      3. Open the two files with some text editor and paste the values of the keys in the appropriate boxes in pfsense "voucher private key" and "voucher public key" windows.

                      4. Character set: 23456789abcdefghijklmnoprstuvzxy

                      5. # Roll bits: 4

                      6. # of Ticket bits: 16

                      7. # of Checksum bits: 10

                      8. I believe I didn't change Magic number. It is 9-digit number

                      9. Save and redownload the vouchers

                      I've got 6-7 length (wonder why the length is not fixed) vouchers now :) Hopefully someone can benefit from this post.

                      1 Reply Last reply Reply Quote 0
                      • S
                        simbora
                        last edited by

                        _First generate a key "openssl genrsa 30 > key.private"

                        I'm not sure about the 30 but I tried a few times to get the smallest possible number, it was 29-30-31 or something. The lowest one it would accept.

                        Then openssl rsa -pubout < key.private >key.public

                        And use the following values in the configuration screen:

                        Roll bits: #5 (This can be more but we didn't have to use many different rolls)
                        Ticket bits: #16
                        Checksum bits: #5

                        With this values I had a roll with 1023 vouchers with a length of 5-6 characters._

                        –-----------------------------------------------------------------------

                        here is my step:

                        Step: 1=>  openssl> genrsa 31 > key.private ( private key appear normal)
                        Step: 2 => openssl > rsa -pubout < key.private >key.public ( Got error after run this command as pic attached file)

                        can you pls explain step by step again as i got error to generate public key. or advise if command i had  run is wrong.

                        Thanks
                        Apiroh

                        publickeyerror.JPG_thumb
                        publickeyerror.JPG

                        E 1 Reply Last reply Reply Quote 0
                        • E
                          erzkristall23 @simbora
                          last edited by

                          I had to install an old version of OpenSSL to get this to work. I did the following under Ubuntu WSL:

                          # (Install compiling library Make)  
sudo apt-get install make 

# (Download the latest OpenSSL 1.0.2g binaries)  
wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz 

# (Extract the tar ball to the local directory)  
tar -xzvf openssl-1.0.2l.tar.gz 

# (Enter extracted OpenSSL directory)  
cd openssl-1.0.2l 

#  (Configure binaries for compiling)  
./config

# (install configured binaries)  
make

cd apps
./openssl genrsa 31 > key.private
./openssl rsa -pubout < key.private > key.public
cat key.private
cat key.public
                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.