One Voucher Per Device

Iahmad

@wazim4u you using the same files shared im this post??

wazim4u

@ishtiaqaj please find attached files from production system.

1V1D Patch.zip

Derelict

@wazim4u Hmm. That seems like it should log the voucher code that was attempted. Is it just on another line?

wazim4u

@Derelict I just copied one line to show as example given below more detailed log.

Zone: Camp - The SQL array (WHERE ip = '10.20.25.153' OR (username != 'unauthenticated' AND lower(username) = '1688815233')) : Array
Apr 24 09:03:16	logportalauth	22958	Zone: Camp - Enteringh portal_allow(): , ,
Apr 24 09:02:59	logportalauth	40266	Zone: Camp - CONCURRENT VOUCHER LOGIN - NOT ALLOWED KEEPING OLD SESSION : 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
Apr 24 09:02:59	logportalauth	40266	Zone: Camp - Found NOT last: 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
Apr 24 09:02:59	logportalauth	40266	Zone: Camp - config['captiveportal'][Camp]['noconcurrentlogins'] 2 exists = set: 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
Apr 24 09:02:59	logportalauth	40266	Zone: Camp - Voucher + ! unauthenticated + (cpentry == user): 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
Apr 24 09:02:59	logportalauth	40266	Zone: Camp - config['captiveportal'][Camp]['noconcurrentlogins'] exists = set: 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
Apr 24 09:02:59	logportalauth	40266	Zone: Camp - Entering for each loop 1688815233 = 1688815233: 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154

Derelict

Ah I was looking at 1688815233 and incorrectly assuming it was an epoch seconds time or something. Thanks.

colleytech

@wazim4u what happen when i connect same voucher to two devices is that
1, both devices connects, even after applying the patch and selecting first login.
2. logged in vouchers usually appear at status>captive portal> active users,,,
now nothing like that, even under service>captive portal, logged in users usually show the number of people logged into the cp,,,,
but now nothing like that,, which means, i cannot delete active vouchers,,,
i have setup this system for a friend and it works fine, coming to mine nw, not working

wazim4u

@colleytech Your friend is lucky if it works for him. I may test it with 2.4.4-p3 and let you know. I tried before with 2.4.4-p3 it was showing no active users & more issues so i switched to 2.5 ( that time there was no 2.4.5 )

once voucher is active second device cannot use it he will get error reuse of authentication not allowed "

colleytech

@wazim4u do u have the 2.5 dev??

wazim4u

@colleytech thats what i said, yes I’ve 2 Production systems of pfSense 2.5 dev

colleytech

@wazim4u i mean the iso for the 2.5 dev version

wazim4u

@colleytech download from given below link

https://www.pfsense.org/snapshots/

colleytech

@wazim4u thanks for the link

A Former User

@wazim4u

hi sir! you are using 2.5.0 and this patch (1V1D Patch.zip)? One voucher per device is really working?

thanks!

Iahmad

@Gertjan is there any chance pfsense management consider this function in official release,???

viktor_g

Please check https://redmine.pfsense.org/issues/9432#note-6

Gertjan

@viktor_g said in One Voucher Per Device:

Please check https://redmine.pfsense.org/issues/9432#note-6

@viktor_g
( I can see what you are doing )

coldmine

@wazim4u Can you tell me how did you manage to make the patch work with 2.5 ,i have tried everything but it simply doesn't work at all.
I get this in logs
Aug 2 21:08:59 logportalauth 343 Zone: pp - Voucher login good for 9950 min.: FefhaqG3kux, 44:59:e3:71:1c:49, 10.0.0.11
Aug 2 21:09:39 logportalauth 343 Zone: pp - Enteringh portal_allow(): , ,
Aug 2 21:09:39 logportalauth 343 Zone: pp - The SQL array (WHERE ip = '10.0.0.12' OR (username != 'unauthenticated' AND lower(username) = 'fefhaqg3kux')) : Array
Aug 2 21:09:39 logportalauth 343 (
Aug 2 21:09:39 logportalauth 343 )
Aug 2 21:09:39 logportalauth 343 : , ,
Aug 2 21:09:39 logportalauth 343 Zone: pp - Enteringh portal_allow(): , ,
Aug 2 21:09:39 logportalauth 343 Zone: pp - The SQL array (WHERE ip = '10.0.0.12' OR (username != 'unauthenticated' AND lower(username) = 'fefhaqg3kux')) : Array
Aug 2 21:09:39 logportalauth 343 (
Aug 2 21:09:39 logportalauth 343 )
Aug 2 21:09:39 logportalauth 343 : , ,
Aug 2 21:09:39 logportalauth 343 Zone: pp - Voucher login good for 9949 min.: FefhaqG3kux, d0:25:98:85:7e:50, 10.0.0.12

Gertjan

@coldmine said in One Voucher Per Device:

Aug 2 21:09:39 logportalauth 343 Zone: pp - The SQL array (WHERE ip = '10.0.0.12' OR (username != 'unauthenticated' AND lower(username) = 'fefhaqg3kux')) : Array

Where do these lines come from ?
You add them ? They look fine, though.
Btw : use print_r(...) to dump an array.

@coldmine said in One Voucher Per Device:

you manage to make the patch work with 2.5

The patch is included in 2.5.0. You should run the latest 2.5.0-dev to have it.
You are using what version version ?

@coldmine said in One Voucher Per Device:

Voucher login good for 9949 min.: FefhaqG3kux, d0:25:98:85:7e:50, 10.0.0.12

and

@coldmine said in One Voucher Per Device:

Voucher login good for 9950 min.: FefhaqG3kux, 44:59:e3:71:1c:49, 10.0.0.11

= typical voucher re use.

The patches states above was just a case study. I thing this issue isn't implemented yet - at least not in 2.4.5-p1. I'm not using 2.5.0....

wazim4u

@coldmine yes its working since 8 months now without any issue with 2.5-dev. since its working fine i didn't upgrade it

Aug 2 21:13:41	logportalauth	64788	Zone: dhabi - The SQL array (WHERE ip = '10.20.29.254' OR (username != 'unauthenticated' AND lower(username) = '1788234364')) : Array
Aug 2 21:13:41	logportalauth	64788	Zone: dhabi - Enteringh portal_allow(): , ,
Aug 2 21:13:12	logportalauth	278	Zone: dhabi - CONCURRENT VOUCHER LOGIN - NOT ALLOWED KEEPING OLD SESSION : 1788234364, 48:9d:d1:91:95:6b, 10.20.21.156
Aug 2 21:13:12	logportalauth	278	Zone: dhabi - Found NOT last: 1788234364, 48:9d:d1:91:95:6b, 10.20.21.156
Aug 2 21:13:12	logportalauth	278	Zone: dhabi - config['captiveportal'][dhabi]['noconcurrentlogins'] 2 exists = set: 1788234364, 48:9d:d1:91:95:6b, 10.20.21.156
Aug 2 21:13:12	logportalauth	278	Zone: dhabi - Voucher + ! unauthenticated + (cpentry == user): 1788234364, 48:9d:d1:91:95:6b, 10.20.21.156
Aug 2 21:13:12	logportalauth	278	Zone: dhabi - config['captiveportal'][dhabi]['noconcurrentlogins'] exists = set: 1788234364, 48:9d:d1:91:95:6b, 10.20.21.156
Aug 2 21:13:12	logportalauth	278	Zone: dhabi - Entering for each loop 1788234364 = 1788234364: 1788234364, 48:9d:d1:91:95:6b, 10.20.21.156

My pfsense 2.5 version is 2.5.0.a.20191015.0305
1000+ concurrent captive portal users.

Gertjan

I don't get it .....

Your using a 'dev' version that you don't update regularly ??

If you want to know what has been added, corrected or modified, there is only one source.
Knowing it's open source => https://github.com/pfsense/pfsense/pulls
and redmine of course => https://redmine.pfsense.org/projects/pfsense/issues?set_filter=1&tracker_id=1 - on the right side you can filter resolved issues, and outstanding issues.

If the Multiple voucher login question has been solved :
Plan A : Update.
Plan B: consult

Btw : Oh, lol : https://redmine.pfsense.org/issues/2146