Captive Portal authentication times outs



  • Hi,

    I have a captive portal running on 2.3.1. Overall it's working fine but the issue I have is that after a user (it is setup in a hotel environment with most often mobile devices) has to re-authenticate on the CP after their device is either in sleep mode or locked.

    a 2nd part to my question is, is there a way to keep the device authenticate across 2 AP's. As I mentioned it is setup in a hotel and when a guest moves between 2 AP's they have to re-authenticate on the CP.

    Thanks in advance for any help.



  • @legacysl:

    I have a captive portal running on 2.3.1. Overall it's working fine but the issue I have is that after a user (it is setup in a hotel environment with most often mobile devices) has to re-authenticate on the CP after their device is either in sleep mode or locked.

    Ones a session is created, and thus firewall rules are inserted so the device can go through, only TWO situations will remove the session:

    1. Idle time out. With no traffc what so ever, because the device is out of range, or in sleep mode, the connection (session) will be lost. Up to you to chose the right delay.
    2. hard time out : no matter what, when the time is up, the connection will be removed. And guess what : Up to you to chose the right delay ;)

    @legacysl:

    a 2nd part to my question is, is there a way to keep the device authenticate across 2 AP's. As I mentioned it is setup in a hotel and when a guest moves between 2 AP's they have to re-authenticate on the CP.

    Strange.
    I can connect to the captive portal using my "AP-1" nearby the reception (I'm also using pfSense in a hotel) and then go to the the second floor, switching to another AP-4 and, guess what, I'm still connected. Because my device will receive the same IP when the wifi connections is reestablished  - I'm still using the same MAC (my device), so session firewall rules are still present and valid for my device : my device is still connected to the net, no need to re authenticate.

    I'm using pfSense for many years now. Never saw what you just described.

    Question:
    When you connect with a device, can you check the IP it was given by pfSense on this device ?
    Now, check pfSense : it it the same IP ? The device's MAC is correct ?

    Detail your setup …



  • Thanks for the reply and advise.

    Will check on the assigned IP addresses as suggested.


Log in to reply