• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

One Voucher Per Device

Captive Portal
12
147
34.6k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    wazim4u
    last edited by Dec 26, 2019, 8:12 AM

    @ajmaltms @ishtiaqaj @layek i took a risk as mentioned before and deployed 2.5 development version of pfsense on my two sites one about 2500 captive portal users & second 1500 captive portal users. i have applied patch given by Gertjan with some tricks ( DHCP Lease ) to make it work. since 2 months not a single issue i have found and everything works smoothly.

    only one device able to login no concurrent login " Reuse of identification not allowed" is message if you try to login with same voucher to other device. i have given details above in this thread already. Until we get some permanent solution you can go with this.

    @Gertjan as development version daily snapshot keep updating day by day so i request you to provide guide to make changes to /etc/inc/captiveportal.inc as its not logical to copy paste the captiveportal.inc old file with new updated one each time, can have multiple issues because of some code changes in new version. for me i have stopped updating development version since its working fine.

    G C 2 Replies Last reply Dec 26, 2019, 8:23 AM Reply Quote 0
    • G
      Gertjan @wazim4u
      last edited by Dec 26, 2019, 8:23 AM

      @wazim4u said in One Voucher Per Device:

      i took a risk as mentioned before and deployed 2.5 development version of pfsense on my two sites one about 2500 captive portal users & second 1500 captive portal users. i have applied patch given by Gertjan with some tricks ( DHCP Lease ) to make it work. since 2 months not a single issue i have found and everything works smoothly.
      only one device able to login no concurrent login " Reuse of identification not allowed" is message if you try to login with same voucher to other device. i have given details above in this thread already. Until we get some permanent solution you can go with this.

      Your talking about the other thread where I proposed another " Reuse of (voucher) identification not allowed " solution ?

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      1 Reply Last reply Reply Quote 0
      • W
        wazim4u
        last edited by Dec 26, 2019, 8:31 AM

        @Gertjan yes you mentioned in another thread but we have already discussed this in detail about this patch in this thread if you get back a little bit you will find our discussion. I was having two basic issues, First one is when Reuse of identification not allowed" appears it shows two login forms side by side & other problem was if IP changes for already logged in user it gives same error Reuse of identification not allowed" even this device is same.
        I have made 1 year Lease in DHCP & increase the IP Pool to make it work and there is no more issue.

        1 Reply Last reply Reply Quote 0
        • C
          colleytech @Gertjan
          last edited by Mar 16, 2020, 8:27 PM

          @Gertjan , this edited codes below were of great help to me, in ensuring one voucher per device and second device will not get connected with same voucher,,,,,

          now i installed a new pfsense 2.4.4 p3, but the code doesnt seem to be working,,,,
          @ajmaltms @Gertjan do u, by any chance still have the iso for 2.4.4 p2

          Here we go:
          This is the new /etc/inc/captiveportal.inc file:
          https://pastebin.com/V6uWHNz5
          This is the new /usr/local/www/services_captiveportal.php file.
          https://pastebin.com/QLhNhgAW

          1 Reply Last reply Reply Quote 0
          • G
            Gertjan
            last edited by Mar 17, 2020, 7:20 AM

            Noop.

            2.4.4-p2 doesn't exist any more.

            The code/script - several lines of PHP here and there, would most probably still work, it needed to be phrased in by hand.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            C 1 Reply Last reply Apr 24, 2020, 9:34 PM Reply Quote 0
            • I
              Iahmad
              last edited by Apr 23, 2020, 9:39 PM

              @wazim4u dear can you provide the two files links to download.

              W 1 Reply Last reply Apr 24, 2020, 9:34 PM Reply Quote 0
              • G
                Gertjan
                last edited by Apr 23, 2020, 9:54 PM

                The links are present above.

                See them as guidelines to change the "concurrent behavior" of vouchers.
                For me it was just a 'proof of concept', I'm not using vouchers myself.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • W
                  wazim4u @Iahmad
                  last edited by Apr 24, 2020, 9:34 PM

                  @ishtiaqaj Files are same as given above. Test them if they are not working let me know.
                  I am currently doing testing with FreeRADIUS server & Daloradius which is working perfectly with one voucher per device & Accounting. once my testing is over will move all built-in pfSense voucher system to Radius Based Voucher.

                  1 Reply Last reply Reply Quote 0
                  • C
                    colleytech @Gertjan
                    last edited by Apr 24, 2020, 9:34 PM

                    @Gertjan is there any update to the php script for one voucher for one device? when i use your code for one voucher a device, it allows every code to connect multiple devices, even if u select first login... kindly help review the code for 2.4.4 p3

                    W 1 Reply Last reply Apr 24, 2020, 9:44 PM Reply Quote 0
                    • W
                      wazim4u @colleytech
                      last edited by Apr 24, 2020, 9:44 PM

                      @colleytech I have no issue with Pfsense 2.5-Dev. 1200 Users 800 plus concurrent
                      recent log from 24-April-2020 given below. if someone tries to use same voucher, not allowed.

                      Apr 24 09:03:16	logportalauth	22958	Zone: Camp - CONCURRENT VOUCHER LOGIN - NOT ALLOWED KEEPING OLD SESSION : 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
                      
                      D C 2 Replies Last reply Apr 24, 2020, 9:59 PM Reply Quote 0
                      • I
                        Iahmad
                        last edited by Apr 24, 2020, 9:48 PM

                        @wazim4u you using the same files shared im this post??

                        W 2 Replies Last reply Apr 24, 2020, 9:54 PM Reply Quote 0
                        • W
                          wazim4u @Iahmad
                          last edited by Apr 24, 2020, 9:54 PM

                          @ishtiaqaj please find attached files from production system.

                          1V1D Patch.zip

                          1 Reply Last reply Reply Quote 0
                          • D
                            Derelict LAYER 8 Netgate @wazim4u
                            last edited by Apr 24, 2020, 9:59 PM

                            @wazim4u Hmm. That seems like it should log the voucher code that was attempted. Is it just on another line?

                            Chattanooga, Tennessee, USA
                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            W 1 Reply Last reply Apr 24, 2020, 10:06 PM Reply Quote 0
                            • W
                              wazim4u @Derelict
                              last edited by wazim4u Apr 24, 2020, 10:07 PM Apr 24, 2020, 10:06 PM

                              @Derelict I just copied one line to show as example given below more detailed log.

                              Zone: Camp - The SQL array (WHERE ip = '10.20.25.153' OR (username != 'unauthenticated' AND lower(username) = '1688815233')) : Array
                              Apr 24 09:03:16	logportalauth	22958	Zone: Camp - Enteringh portal_allow(): , ,
                              Apr 24 09:02:59	logportalauth	40266	Zone: Camp - CONCURRENT VOUCHER LOGIN - NOT ALLOWED KEEPING OLD SESSION : 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
                              Apr 24 09:02:59	logportalauth	40266	Zone: Camp - Found NOT last: 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
                              Apr 24 09:02:59	logportalauth	40266	Zone: Camp - config['captiveportal'][Camp]['noconcurrentlogins'] 2 exists = set: 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
                              Apr 24 09:02:59	logportalauth	40266	Zone: Camp - Voucher + ! unauthenticated + (cpentry == user): 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
                              Apr 24 09:02:59	logportalauth	40266	Zone: Camp - config['captiveportal'][Camp]['noconcurrentlogins'] exists = set: 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
                              Apr 24 09:02:59	logportalauth	40266	Zone: Camp - Entering for each loop 1688815233 = 1688815233: 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
                              
                              1 Reply Last reply Reply Quote 1
                              • D
                                Derelict LAYER 8 Netgate
                                last edited by Apr 24, 2020, 10:13 PM

                                Ah I was looking at 1688815233 and incorrectly assuming it was an epoch seconds time or something. Thanks.

                                Chattanooga, Tennessee, USA
                                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                1 Reply Last reply Reply Quote 0
                                • C
                                  colleytech @wazim4u
                                  last edited by Apr 24, 2020, 10:44 PM

                                  @wazim4u what happen when i connect same voucher to two devices is that
                                  1, both devices connects, even after applying the patch and selecting first login.
                                  2. logged in vouchers usually appear at status>captive portal> active users,,,
                                  now nothing like that, even under service>captive portal, logged in users usually show the number of people logged into the cp,,,,
                                  but now nothing like that,, which means, i cannot delete active vouchers,,,
                                  i have setup this system for a friend and it works fine, coming to mine nw, not working

                                  W 1 Reply Last reply Apr 24, 2020, 10:53 PM Reply Quote 0
                                  • W
                                    wazim4u @colleytech
                                    last edited by wazim4u Apr 24, 2020, 10:54 PM Apr 24, 2020, 10:53 PM

                                    @colleytech Your friend is lucky if it works for him. I may test it with 2.4.4-p3 and let you know. I tried before with 2.4.4-p3 it was showing no active users & more issues so i switched to 2.5 ( that time there was no 2.4.5 )

                                    once voucher is active second device cannot use it he will get error reuse of authentication not allowed "

                                    C ? 2 Replies Last reply Apr 25, 2020, 12:45 AM Reply Quote 0
                                    • C
                                      colleytech @wazim4u
                                      last edited by Apr 25, 2020, 12:45 AM

                                      @wazim4u do u have the 2.5 dev??

                                      W 1 Reply Last reply Apr 25, 2020, 12:53 AM Reply Quote 0
                                      • W
                                        wazim4u @colleytech
                                        last edited by wazim4u Apr 25, 2020, 12:53 AM Apr 25, 2020, 12:53 AM

                                        @colleytech thats what i said, yes I’ve 2 Production systems of pfSense 2.5 dev

                                        C 1 Reply Last reply Apr 25, 2020, 12:54 AM Reply Quote 0
                                        • C
                                          colleytech @wazim4u
                                          last edited by Apr 25, 2020, 12:54 AM

                                          @wazim4u i mean the iso for the 2.5 dev version

                                          W 1 Reply Last reply Apr 25, 2020, 12:57 AM Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.