One Voucher Per Device

Gertjan

The links are present above.

See them as guidelines to change the "concurrent behavior" of vouchers.
For me it was just a 'proof of concept', I'm not using vouchers myself.

wazim4u

@ishtiaqaj Files are same as given above. Test them if they are not working let me know.
I am currently doing testing with FreeRADIUS server & Daloradius which is working perfectly with one voucher per device & Accounting. once my testing is over will move all built-in pfSense voucher system to Radius Based Voucher.

colleytech

@Gertjan is there any update to the php script for one voucher for one device? when i use your code for one voucher a device, it allows every code to connect multiple devices, even if u select first login... kindly help review the code for 2.4.4 p3

wazim4u

@colleytech I have no issue with Pfsense 2.5-Dev. 1200 Users 800 plus concurrent
recent log from 24-April-2020 given below. if someone tries to use same voucher, not allowed.

Apr 24 09:03:16	logportalauth	22958	Zone: Camp - CONCURRENT VOUCHER LOGIN - NOT ALLOWED KEEPING OLD SESSION : 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154

Iahmad

@wazim4u you using the same files shared im this post??

wazim4u

@ishtiaqaj please find attached files from production system.

1V1D Patch.zip

Derelict

@wazim4u Hmm. That seems like it should log the voucher code that was attempted. Is it just on another line?

wazim4u

@Derelict I just copied one line to show as example given below more detailed log.

Zone: Camp - The SQL array (WHERE ip = '10.20.25.153' OR (username != 'unauthenticated' AND lower(username) = '1688815233')) : Array
Apr 24 09:03:16	logportalauth	22958	Zone: Camp - Enteringh portal_allow(): , ,
Apr 24 09:02:59	logportalauth	40266	Zone: Camp - CONCURRENT VOUCHER LOGIN - NOT ALLOWED KEEPING OLD SESSION : 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
Apr 24 09:02:59	logportalauth	40266	Zone: Camp - Found NOT last: 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
Apr 24 09:02:59	logportalauth	40266	Zone: Camp - config['captiveportal'][Camp]['noconcurrentlogins'] 2 exists = set: 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
Apr 24 09:02:59	logportalauth	40266	Zone: Camp - Voucher + ! unauthenticated + (cpentry == user): 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
Apr 24 09:02:59	logportalauth	40266	Zone: Camp - config['captiveportal'][Camp]['noconcurrentlogins'] exists = set: 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
Apr 24 09:02:59	logportalauth	40266	Zone: Camp - Entering for each loop 1688815233 = 1688815233: 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154

Derelict

Ah I was looking at 1688815233 and incorrectly assuming it was an epoch seconds time or something. Thanks.

colleytech

@wazim4u what happen when i connect same voucher to two devices is that
1, both devices connects, even after applying the patch and selecting first login.
2. logged in vouchers usually appear at status>captive portal> active users,,,
now nothing like that, even under service>captive portal, logged in users usually show the number of people logged into the cp,,,,
but now nothing like that,, which means, i cannot delete active vouchers,,,
i have setup this system for a friend and it works fine, coming to mine nw, not working

wazim4u

@colleytech Your friend is lucky if it works for him. I may test it with 2.4.4-p3 and let you know. I tried before with 2.4.4-p3 it was showing no active users & more issues so i switched to 2.5 ( that time there was no 2.4.5 )

once voucher is active second device cannot use it he will get error reuse of authentication not allowed "

colleytech

@wazim4u do u have the 2.5 dev??

wazim4u

@colleytech thats what i said, yes I’ve 2 Production systems of pfSense 2.5 dev

colleytech

@wazim4u i mean the iso for the 2.5 dev version

wazim4u

@colleytech download from given below link

https://www.pfsense.org/snapshots/

colleytech

@wazim4u thanks for the link

A Former User

@wazim4u

hi sir! you are using 2.5.0 and this patch (1V1D Patch.zip)? One voucher per device is really working?

thanks!

Iahmad

@Gertjan is there any chance pfsense management consider this function in official release,???

viktor_g

Please check https://redmine.pfsense.org/issues/9432#note-6

Gertjan

@viktor_g said in One Voucher Per Device:

Please check https://redmine.pfsense.org/issues/9432#note-6

@viktor_g
( I can see what you are doing )