• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

One Voucher Per Device

Captive Portal
12
147
34.6k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rayyanthameem @Gertjan
    last edited by Aug 19, 2019, 1:19 PM

    @Gertjan Do you have the original captiveportal.inc file? then I can compare to your modification and do that modification in github version.

    F 1 Reply Last reply Aug 19, 2019, 1:47 PM Reply Quote 0
    • G
      Gertjan
      last edited by Aug 19, 2019, 1:46 PM

      Noop.

      The pastebin files are what's left.
      I went back to version stock version.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      1 Reply Last reply Reply Quote 0
      • F
        free4 Rebel Alliance @rayyanthameem
        last edited by free4 Aug 19, 2019, 1:48 PM Aug 19, 2019, 1:47 PM

        @rayyanthameem the stock 2.4.4-p3 file : https://github.com/pfsense/pfsense/blob/RELENG_2_4_4/src/etc/inc/captiveportal.inc

        1 Reply Last reply Reply Quote 0
        • G
          Gertjan
          last edited by Gertjan Aug 19, 2019, 1:49 PM Aug 19, 2019, 1:48 PM

          @free4 : you're probably right : I based my edits on that file / version 2.4.4-p3.
          @rayyanthameem : a diff will tell you ^^

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          R 1 Reply Last reply Aug 19, 2019, 3:34 PM Reply Quote 0
          • R
            rayyanthameem @Gertjan
            last edited by Aug 19, 2019, 3:34 PM

            @Gertjan Failed!!.

            Patch didn't load, the device was able to connect internet without the voucher, CP changes took longer to save.

            in short multiple issues, not sure what is the problem.

            Here is the modified version: https://pastebin.com/66y1UgZf

            1 Reply Last reply Reply Quote 0
            • G
              Gertjan
              last edited by Aug 19, 2019, 9:36 PM

              Tip :

              The easiest file to edit / change first the https://pastebin.com/QLhNhgAW : the GUI web config page.

              Search for 'noconcurrentlogins' occurrences in that file.

              The only thing that changes in that file is that the state of 'noconcurrentlogins', it chances from

              //      $newcp['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false;
              

              = true or false

              to true, false or multiple.

              This is handled in several places, and easy to spot.

              Test this one first. You can see in the GUI that it works : changing settings in the GUI can be tested using the 'viconfig' command : you should see the state of (noconcurrentlogins) in captive portal settings page.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • W
                wazim4u @Gertjan
                last edited by Oct 19, 2019, 12:12 AM

                @Gertjan said in One Voucher Per Device:

                caveat

                I would like to know if you have some latest development on your patch ( one voucher per device ) for 2.5.0 version. I have taken risk to use 2.5-Development version for captive portal service up to 2200 user with voucher system. testing service is running for one week and so far there is no issue and all issues i was facing like reboot system or changing setting in 2.4.4-p3 captive portal gone... made life easy for me. i have implemented your patch again to lock user with first login. It is working fine since 1 week. with a little bit of issues so far which i think fixable.

                1-when you try to login again with already active voucher it gives error page in two forms field. one is giving notice ( reuse of authentication not allowed ) and second form ( voucher expired ) it should be only first one in this case.
                login-to-view

                2- Secondly it should be MAC based authentication not MAC & IP. if someone add voucher and his lease is changed from 1.1.1.1 to 2.2.2.2 he will not able to login again even MAC ( device ) is same. this is major problem at the moment.
                login-to-view

                3- Getting some crash error but doesn't effect captive portal operation.

                non numeric-value  encountered in etc/inc/captiveportal.inc on line 1955
                
                G 1 Reply Last reply Oct 21, 2019, 6:58 AM Reply Quote 0
                • G
                  Gertjan @wazim4u
                  last edited by Oct 21, 2019, 6:58 AM

                  @wazim4u said in One Voucher Per Device:

                  1-

                  These two 'error' screen show one after the other ?

                  2

                  I guess I understand. When a device comes back, and its original DHCP lease is already reused - re assigned - to another device this happens. The MAC/IP pair will be different.
                  Simple solution : make the DHCP lease pool size for the portal really big.
                  Furthermore, the portal_allow() function scans over the connected user database using this selection criteria :

                  	/* read in client database */
                  	$query = "WHERE ip = '{$clientip}'";
                  

                  which implies that the IP should be the same ...
                  ( change this to {$clientmac} and see what happens ^^)

                  3 ....

                  You changed the etc/inc/captiveportal.inc file so I don't know what is this '1955' line is doing.
                  Can you show some code on that sport ?

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  W 1 Reply Last reply Oct 21, 2019, 1:29 PM Reply Quote 0
                  • W
                    wazim4u @Gertjan
                    last edited by Oct 21, 2019, 1:29 PM

                    @Gertjan said in One Voucher Per Device:

                    $clientmac

                    1- Yes it comes side by side on Desktop like the image and on mobile view it comes up and down.

                    2- DHCP lease already one month. do you want me to make it more ? that's first solution secondly the option you have given to change client ip query to client mac. this option is in two places which one to change if you can please guide i will test and let you know.

                    A:

                    /* read in client database */
                    	$query = "WHERE ip = '{$clientip}'";
                    	if (isset($config['captiveportal'][$cpzone]['noconcurrentlogins'])) {
                    		$tmpusername = SQLite3::escapeString(strtolower($username));
                    		$query .= " OR (username != 'unauthenticated' AND lower(username) = '{$tmpusername}')";
                    	}
                    	$cpdb = captiveportal_read_db($query);
                    

                    B:

                    /* read in client database */
                    	$query = "WHERE ip = '{$clientip}'";
                    	$cpdb = captiveportal_read_db($query);
                    	foreach ($cpdb as $cpentry) {
                    		return $cpentry;
                    	}
                    

                    3- I didn't change anything in code for reference i will give 1955 image attached below.

                    login-to-view

                    1 Reply Last reply Reply Quote 0
                    • G
                      Gertjan
                      last edited by Gertjan Oct 21, 2019, 3:28 PM Oct 21, 2019, 3:27 PM

                      Hummmm.

                      See https://pastebin.com/V6uWHNz5 - that's the file, right ?
                      Convert line 2353 and 2370 into comments (put a // at the beginning of the line ).

                      DHCP pool size, not lease size.
                      Bigger pool means : leases will be recycled less faster == more chance that the same device gets the same IP when it reconnects.

                      For A: that one, yes.
                      Not B : you'll be changing the behaviuour that that function ( function captiveportal_isip_logged($clientip) ) and you'll break things.

                      $ridx +=2 is a very classic numerical expression for "add 2 to $ridx". Also, $rdix is set to "2000" up front, which is also a number - at least, last time I checked, it was.
                      So, your

                      non numeric-value encountered in etc/inc/captiveportal.inc on line 1955

                      scares me ....
                      You're running out of place for the dual rules (env ( 64500-2000) / 2 ) or 31250registred "logged in user" rules .... ???
                      You should see log messages like "Zone: {$cpzone} - WARNING! Captive portal has reached maximum login capacity"

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      W 2 Replies Last reply Oct 21, 2019, 9:18 PM Reply Quote 0
                      • W
                        wazim4u @Gertjan
                        last edited by wazim4u Oct 25, 2019, 11:23 AM Oct 21, 2019, 9:18 PM

                        @Gertjan

                        1. Converted line 2353 & 2370 as mentioned ( // ) now i can see only single page but message is Expired voucher " it should be reuse authentication not allowed or similar custom like concurrent login not allowed .

                        2- DHCP pool is already /19 8190 Available IPs and only 2500 users the lease time is 1 month.

                        /* read in client database */
                        	$query = "WHERE ip = '{$clientip}'";
                        

                        changing $clientip to $clientmac has no impact. i disabled whole line starting from $query and it worked with some error but connected me with other IP with same MAC . ( just tested or played around ) other MAC still not allowed to login.

                        3- there is no warning in logs for maximum login capacity we have only 2500 users as mentioned before.

                        i think DHCP option will be best to handle this at the moment. to keep same ip assigned to clients always.

                        1 Reply Last reply Reply Quote 0
                        • W
                          wazim4u @Gertjan
                          last edited by Oct 28, 2019, 4:19 PM

                          @Gertjan

                          did you get any way to unbind MAC with IP ? if only MAC is authentication for second login with same voucher so system can work perfectly . DHCP sometimes renew IP of some clients so we have to disconnect them to let them use the voucher again because it binds with MAC & IP . else your patch is working perfectly .

                          1 Reply Last reply Reply Quote 0
                          • G
                            Gertjan
                            last edited by Oct 29, 2019, 7:30 AM

                            @wazim4u said in One Voucher Per Device:

                            did you get any way to unbind MAC with IP ?

                            That means a rather big rewrite of most functions in /etc/inc/captiveportal.inc ....
                            Portal code is IP and MAC based ....
                            This exists :
                            login-to-view
                            but that one doesn't interest you ...

                            @wazim4u said in One Voucher Per Device:

                            DHCP sometimes renew IP of some clients so

                            Yep, and the DHCP will renew the IP -> and it will grant the SAME IP.
                            One exception : if this IP is already used by some other device (pool to small, so IP's get recycled).
                            On my portal, I always receive the same IP when I connect with my PC or Phone.

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            1 Reply Last reply Reply Quote 0
                            • I
                              Iahmad
                              last edited by Dec 25, 2019, 2:16 PM

                              hi all,
                              voucher to device binding is must require feather i ma requesting net gate management to add this feather to coming version..
                              @Gertjan @wazim4u @colleytech

                              1 Reply Last reply Reply Quote 1
                              • L
                                layek @Gertjan
                                last edited by Dec 26, 2019, 6:12 AM

                                @Gertjan how to get this option.

                                1 Reply Last reply Reply Quote 0
                                • G
                                  Gertjan
                                  last edited by Dec 26, 2019, 6:21 AM

                                  You mean a pfsense feature requests ?

                                  No "help me" PM's please. Use the forum, the community will thank you.
                                  Edit : and where are the logs ??

                                  L 1 Reply Last reply Dec 26, 2019, 6:35 AM Reply Quote 0
                                  • L
                                    layek @Gertjan
                                    last edited by Dec 26, 2019, 6:35 AM

                                    @Gertjan thanks for your reply. i want to setup vouchers for 1st device only.

                                    F 1 Reply Last reply Dec 26, 2019, 6:37 AM Reply Quote 0
                                    • F
                                      free4 Rebel Alliance @layek
                                      last edited by Dec 26, 2019, 6:37 AM

                                      @layek sure

                                      the feature request is here : https://redmine.pfsense.org/issues/9432

                                      feel free to make a pull request for implementing this feature !

                                      L 1 Reply Last reply Dec 26, 2019, 6:44 AM Reply Quote 0
                                      • L
                                        layek @free4
                                        last edited by Dec 26, 2019, 6:44 AM

                                        @free4 thats mean this feature not possible right now with latest version?

                                        1 Reply Last reply Reply Quote 0
                                        • A
                                          ajmaltms
                                          last edited by Dec 26, 2019, 6:47 AM

                                          upto 2.4.3 version its working fine..hope they will implement in latest version too in 2.4.4 series

                                          1 Reply Last reply Reply Quote 1
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.