One Voucher Per Device
-
@Gertjan @Derelict .
I am giving Internet Service in multuple labour camps.. my vouchers are for 30 days. as 4 to 5 persons live in one room so there are much chance they can see or stole room fellows cards.. and for me its not possible to delete mac of stolen voucher cause its time consuming and unprofessional approch..
2.4.3-1 was working well.
i regret why i update to 2.4.4
i am just asking please provide help piece of code and how to di that would do the same. -
-
@ishtiaqaj said in One Voucher Per Device:
nobody wants to help??
Because there is no answer that brings a solution for your case.
5 people in a room that steal vouchers will steel also passwords, and if you stop this (can you ?) then they will share the same device.
And then things will get worse : these 5 people could start thinking, and then they will find this device (15 $ at Amazone) that will connect to you wifi with one voucher (or one password/user) and knowing so your pfSense only sees the one IP/MAC of this device, so it seees just "one user". Or, this device will offer a locally generated, in the room, WiFi network that permit all 5 users to connect, and you can't see anything, so you can't do nothing, except throttling the bandwidth a max. .... -
Dear @Gertjan you are right they can connect more devices but share the fix speed(1mbps) so they will get slow speed. slow speed nobody like definately they will take new voucher.
-
With FreeRadius you can also add a new limitation factor : quantity of data a day, week or month.
When it's up, for the rest of the day, week or month the connection will be stopped. -
@ishtiaqaj same problem for mee too..any solutions ?
-
@ajmaltms said in One Voucher Per Device:
@ishtiaqaj same problem for mee too..any solutions ?
@ajmaltms no solution yet get... using old version 2.4.2..
@Derelict help us -
@ishtiaqaj okey..hope somebody will find a solution for this..
-
Did anyone document and open a bug report?
-
@Derelict I don't think a bug report is needed here....the problem seems due to settings misconfiguration. It should however be documented. I made a fist pull request to pfsense Docs, I'll wait for it to be approved before making the change.
@ishtiaqaj said in One Voucher Per Device:
I want one voucher for only and only for one device. (...) even if i enable pass-through mac.
this problem arise in version 2.4.4, in previous versions pfsense CP was working fine."Add connected users as Pass trough Mac" is not compatible with "disable concurrent connections". Because ....well because that's the purpose of pass-through.
- Pass through MAC : these MAC addresses will be whitelisted. As such, they will never be disconnected
- Disallow concurrent logins : disconnect the previous device when a new device use the same logins
Could you explain precisely why are you using pass through MAC addresses exactly ? I think you should use vouchers with a very long expiration date (eg, 6 month or more) instead ....
-
@free4 voucher with long expiration date means(hard timeout ) ??...
-
@ajmaltms said in One Voucher Per Device:
@free4 voucher with long expiration date means(hard timeout ) ??...
I was thinking that you was using vouchers
If you are using another authentication method, then you could set a very long "idle timeout"
-
@free4 yes..am using voucher code method..because i need to generate almost 500 vouchers every month..
-
I know it isn't a permanent solution, but here https://forum.netgate.com/topic/136995/one-voucher-per-device/3 I posted the link that locks down a voucher to "one voucher => one user".
I tested that code and it worked.
It needs some code patching .... true, but, hey, it's just PHP ;)
A more permanent solution would be a feature request (check if one already exists first) https://redmine.pfsense.org/projects/pfsense
-
@Gertjan for this method we need to install freeradius package ? am not familiar with pfsense..before i used mikrotik for voucher generation...
-
No.
It concerns vouchers, not an authentication against the local user database or FreeRadius (a "remote" database).The captive portal code that handles vouchers will disconnect an existing connection, a user that used a voucher, if the voucher is used again on another device (another IP, another MAC).
That situation can be changed as : if a voucher is used (once) then do not accept any other connections any more while the initial user is still logged in.If you set the soft- and hard time out rather high, no other used could use the voucher any more.
-
@Gertjan ok thanks..now got the idea
-
This post is deleted! -
@Gertjan i will explain my problem here..
my company providing internet in labourcamps..i want to create vouchers for 30 days..every month i want to provide new voucher..1 voucher for 1 phone..almost 500 members in camp..
disabled concurrent login
i created captive portal and vouchers with the help of youtube video and tried many options..but my voucher can use multiples phones..the last login is active..my problem is peoples using same card for 2 peoples(day shift peoples give voucher to night shift peoples while they going to work ) this is a big problem..any solutions?
-
That SHOULD delete the first MAC address and replace it with the second. There should only be one MAC address passed through at a time. That should stop them from sharing codes.
Chattanooga, Tennessee, USA
A comprehensive network diagram is worth 10,000 words and 15 conference calls.
DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
Do Not Chat For Help! NO_WAN_EGRESS(TM)
