Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    When is the user asked again for voucher? Hi

    Scheduled Pinned Locked Moved Captive Portal
    9 Posts 2 Posters 634 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Snailkhan
      last edited by

      Hi
      If a user initially authenticates his voucher when is he asked again to enter it on that device?

      Say a windows machine is he asked again for code if he closes the bowser via which he authenticated?

      Will he be asked for voucher after a reboot.

      Will he be asked for a voucher if he clears all types of history of the browser via which hi authenticated? What happens if he clears the other browsers?

      What for android, Mac, iPhone, Linux oses?

      Regards

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        @Wroxc:

        Will he be asked for voucher after a reboot.
        Will he be asked for a voucher if he clears all types of history of the browser via which hi authenticated? What happens if he clears the other browsers?
        What for android, Mac, iPhone, Linux oses?

        Check it out yourself  ;)
        Use the manual https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting (the one that every portal admlin uses).
        See after : IPFW tables
        Use the commands :

        ipfw table myzone_auth_up list
        

        and

        ipfw table myzone_auth_down list
        

        Use a voucher - and use the two commands again.
        See that in both tables a line appeared that concerns your device.

        Now, reboot your device, flush the cash, throw it out the windows, and why not, re-install its OS.

        Use the two commands again … and see they are still present in the tables, and they will stay there until the time duration of the voucher is over.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • S
          Snailkhan
          last edited by

          @Gertjan:

          @Wroxc:

          Will he be asked for voucher after a reboot.
          Will he be asked for a voucher if he clears all types of history of the browser via which hi authenticated? What happens if he clears the other browsers?
          What for android, Mac, iPhone, Linux oses?

          Check it out yourself  ;)
          Use the manual https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting (the one that every portal admlin uses).
          See after : IPFW tables
          Use the commands :

          ipfw table myzone_auth_up list
          

          and

          ipfw table myzone_auth_down list
          

          Use a voucher - and use the two commands again.
          See that in both tables a line appeared that concerns your device.

          Now, reboot your device, flush the cash, throw it out the windows, and why not, re-install its OS.

          Use the two commands again … and see they are still present in the tables, and they will stay there until the time duration of the voucher is over.

          Thanks for the detailed reply.
          So If I have shared a week long voucher with guests I do not need to worry about it as long as they use same device for entire length of their stay even if the connect to other network and reboots in between.

          What makes pfsense know it? That this device had once authenticated and do not need to be reauthenticated?

          Mac address?  As this is the only thing that would stay same after a format and OS re installation.

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            @Wroxc:

            What makes pfsense know it? That this device had once authenticated and do not need to be reauthenticated?

            The answer is https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting  ;D
            After authetification, rules are added to the 2 tables. They stay there until the vouchers expires.

            @Wroxc:

            Mac address?  As this is the only thing that would stay same after a format and OS re installation.

            As said above : you should see the MAC and IP in the pair of rules - the must stay the same.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • S
              Snailkhan
              last edited by

              @Gertjan:

              @Wroxc:

              What makes pfsense know it? That this device had once authenticated and do not need to be reauthenticated?

              The answer is https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting  ;D
              After authetification, rules are added to the 2 tables. They stay there until the vouchers expires.

              @Wroxc:

              Mac address?  As this is the only thing that would stay same after a format and OS re installation.

              As said above : you should see the MAC and IP in the pair of rules - the must stay the same.

              @Gertjan:

              @Wroxc:

              What makes pfsense know it? That this device had once authenticated and do not need to be reauthenticated?

              The answer is https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting  ;D
              After authetification, rules are added to the 2 tables. They stay there until the vouchers expires.

              @Wroxc:

              Mac address?  As this is the only thing that would stay same after a format and OS re installation.

              As said above : you should see the MAC and IP in the pair of rules - the must stay the same.

              I entered below command in the guide diagnostic command prompt

              ipfw table myguest_auth_up list it returns error ipfw: failed to request table info :no such process

              1 Reply Last reply Reply Quote 0
              • S
                Snailkhan
                last edited by

                And how does  the dhcp comes into affect.
                I have a lot of rolls some are 15 hours some 1week  some 1month some even 4 months.

                How do I configure dhcp so that leases are used properly and dhcp isn't starved.

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan
                  last edited by

                  @Wroxc:

                  ipfw table myguest_auth_up list it returns error ipfw: failed to request table info :no such process

                  ipfw is the firewall used by the captive portal.
                  It a FreeBSD command =>
                  -r-xr-xr-x  1 root  wheel  170536 Mar 27 01:05 /sbin/ipfw
                  "mysquest" should be the captive portal zone name.
                  You know that one, because you choose it.

                  You can see the table name when you use

                  ipfw table all list
                  

                  first.

                  @Wroxc:

                  And how does  the dhcp comes into affect.
                  I have a lot of rolls some are 15 hours some 1week  some 1month some even 4 months.

                  The client will have the same MAC - but the IP might change. In that case he has to re login.

                  That's where

                  Concurrent user logins =>
                  Disable Concurrent user logins If enabled only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected.

                  comes in.
                  Earlier logging are disconnected, only the latest will exist.

                  @Wroxc:

                  How do I configure dhcp so that leases are used properly and dhcp isn't starved.

                  What about a big pool ?

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • S
                    Snailkhan
                    last edited by

                    @Gertjan:

                    @Wroxc:

                    ipfw table myguest_auth_up list it returns error ipfw: failed to request table info :no such process

                    ipfw is the firewall used by the captive portal.
                    It a FreeBSD command =>
                    -r-xr-xr-x  1 root  wheel  170536 Mar 27 01:05 /sbin/ipfw
                    "mysquest" should be the captive portal zone name.
                    You know that one, because you choose it.

                    You can see the table name when you use

                    ipfw table all list
                    

                    first.

                    @Wroxc:

                    And how does  the dhcp comes into affect.
                    I have a lot of rolls some are 15 hours some 1week  some 1month some even 4 months.

                    The client will have the same MAC - but the IP might change. In that case he has to re login.

                    That's where

                    Concurrent user logins =>
                    Disable Concurrent user logins If enabled only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected.

                    comes in.
                    Earlier logging are disconnected, only the latest will exist.

                    @Wroxc:

                    How do I configure dhcp so that leases are used properly and dhcp isn't starved.

                    What about a big pool ?

                    Big pool not possible at the moment.

                    Is there a cleanup process which releases all leases if they are not authenticated via voucher?

                    As those clients are what eats up majority of the dhcp pools ips.

                    1 Reply Last reply Reply Quote 0
                    • GertjanG
                      Gertjan
                      last edited by

                      Reduce DHCP lease time.

                      But keep in mind that the pool should be bigger as the potential number of devices requesting an IP.
                      If not, you'll be stressing your DHCP server and your users.

                      A Captive portal should run on it's own interface - so a 10.0/16 (65 K addresses) is two clicks away.

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.