Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client who disconnected with a logout button regains Internet access when the voucher (or FreeRadius account) he used is entered in another device

    Scheduled Pinned Locked Moved Captive Portal
    3 Posts 2 Posters 674 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      conanhughes
      last edited by conanhughes

      Hello, everyone! It's my first time posting, although I've been lurking this forum for guidance and tips for years already.

      Here's my problem. I created a basic, custom logout page with the code below. So when a client successfully enters a voucher code or Freeradius account, he's directed to this page with a logout button that allows manual disconnection. The button basically works; the client is removed in the list of active users in the Status: Captive Portal page and the system logs also indicates a zone disconnect for the client. He also loses his Internet access.

      However, if the client uses a second device to enter the same voucher code/Freeradius account in the captive portal, the previous, disconnected device regains access along with the second device until this second device is disconnected.

      EDIT: I also occasionally get a Failed setsockopt error message that appears at the top of my logout page for some reason.

      <?php 
      require_once("captiveportal.inc");
      
      global $config, $cpzone, $cpzoneid;
      
      $cpzone = $_REQUEST['zone'];
      $cpcfg = $config['captiveportal'][$cpzone];
      $cpzoneid = $cpcfg['zoneid'];
      
      $clientip = $_SERVER['REMOTE_ADDR'];
      
      $cpuser = captiveportal_isip_logged($clientip);
      show_remaining_time($cpuser); 
      
      ?>
      
      <b>Click the button below to disconnect.</b><p />
      <form method="post">
          <input type="submit" name="logout_button" id="logout_button" value="Logout" /><br/>
      </form>
      
      <?php
      
      if(array_key_exists('logout_button',$_POST)){
          
         echo "You are now logged out and have been disconnected" . "<br>";
      
         captiveportal_disconnect_client($cpuser[5], 6);
      }
      
      ?>
      

      Does anyone have any idea why this happens and how to fix it? I suppose there's a problem with the code I'm using. TBH, I've just begun learning PHP. :)

      EDIT: I don't know if it matters, but I also already enabled Disable Concurrent user logins.

      GertjanG 1 Reply Last reply Reply Quote 0
      • C
        conanhughes
        last edited by conanhughes

        I think I just found my own solution for my own problem. This might be related to a known issue (https://redmine.pfsense.org/issues/8441) that's already fixed in the latest released version. I'm going to install the latest pfsense now.

        EDIT: Yep, client disconnection works properly with version 2.4.3_1. I spent hours looking for a fix, should've check version logs first. :P

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @conanhughes
          last edited by Gertjan

          @conanhughes said in Client who disconnected with a logout button regains Internet access when the voucher (or FreeRadius account) he used is entered in another device:

          EDIT: I don't know if it matters, but I also already enabled Disable Concurrent user logins.

          Be careful with this one.
          Read https://www.netgate.com/docs/pfsense/captiveportal/using-captive-portal-with-freeradius.html

          The most recent update actually restored somewhat the "expected behavior".

          When you use the Captive portal and really want to understand what happens, there is something is more then the GUI to look at : https://www.netgate.com/docs/pfsense/captiveportal/captive-portal-troubleshooting.html
          You'll be seeing the "ipfw" firewall rules that make the portal actaully working. Probably impressive the first time you see them, but, hey, what the heck, you're running a firewall, these rules are what makes it work.
          (and you would have detected that the GUI said that there is no user connected anymore - but the rules said otherwise, permitting you to find a "problem" in a split second)

          It's not your question, but still missing today is the "Use the first login, and do not accept any others logins, when using vouchers - thus enforcing the rule : "one voucher - one user - one device, the first device he'll be using - and not share the voucher,, even with himself (the user)".

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.