When is the user asked again for voucher? Hi



  • Hi
    If a user initially authenticates his voucher when is he asked again to enter it on that device?

    Say a windows machine is he asked again for code if he closes the bowser via which he authenticated?

    Will he be asked for voucher after a reboot.

    Will he be asked for a voucher if he clears all types of history of the browser via which hi authenticated? What happens if he clears the other browsers?

    What for android, Mac, iPhone, Linux oses?

    Regards



  • @Wroxc:

    Will he be asked for voucher after a reboot.
    Will he be asked for a voucher if he clears all types of history of the browser via which hi authenticated? What happens if he clears the other browsers?
    What for android, Mac, iPhone, Linux oses?

    Check it out yourself  ;)
    Use the manual https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting (the one that every portal admlin uses).
    See after : IPFW tables
    Use the commands :

    ipfw table myzone_auth_up list
    

    and

    ipfw table myzone_auth_down list
    

    Use a voucher - and use the two commands again.
    See that in both tables a line appeared that concerns your device.

    Now, reboot your device, flush the cash, throw it out the windows, and why not, re-install its OS.

    Use the two commands again … and see they are still present in the tables, and they will stay there until the time duration of the voucher is over.



  • @Gertjan:

    @Wroxc:

    Will he be asked for voucher after a reboot.
    Will he be asked for a voucher if he clears all types of history of the browser via which hi authenticated? What happens if he clears the other browsers?
    What for android, Mac, iPhone, Linux oses?

    Check it out yourself  ;)
    Use the manual https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting (the one that every portal admlin uses).
    See after : IPFW tables
    Use the commands :

    ipfw table myzone_auth_up list
    

    and

    ipfw table myzone_auth_down list
    

    Use a voucher - and use the two commands again.
    See that in both tables a line appeared that concerns your device.

    Now, reboot your device, flush the cash, throw it out the windows, and why not, re-install its OS.

    Use the two commands again … and see they are still present in the tables, and they will stay there until the time duration of the voucher is over.

    Thanks for the detailed reply.
    So If I have shared a week long voucher with guests I do not need to worry about it as long as they use same device for entire length of their stay even if the connect to other network and reboots in between.

    What makes pfsense know it? That this device had once authenticated and do not need to be reauthenticated?

    Mac address?  As this is the only thing that would stay same after a format and OS re installation.



  • @Wroxc:

    What makes pfsense know it? That this device had once authenticated and do not need to be reauthenticated?

    The answer is https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting  ;D
    After authetification, rules are added to the 2 tables. They stay there until the vouchers expires.

    @Wroxc:

    Mac address?  As this is the only thing that would stay same after a format and OS re installation.

    As said above : you should see the MAC and IP in the pair of rules - the must stay the same.



  • @Gertjan:

    @Wroxc:

    What makes pfsense know it? That this device had once authenticated and do not need to be reauthenticated?

    The answer is https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting  ;D
    After authetification, rules are added to the 2 tables. They stay there until the vouchers expires.

    @Wroxc:

    Mac address?  As this is the only thing that would stay same after a format and OS re installation.

    As said above : you should see the MAC and IP in the pair of rules - the must stay the same.

    @Gertjan:

    @Wroxc:

    What makes pfsense know it? That this device had once authenticated and do not need to be reauthenticated?

    The answer is https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting  ;D
    After authetification, rules are added to the 2 tables. They stay there until the vouchers expires.

    @Wroxc:

    Mac address?  As this is the only thing that would stay same after a format and OS re installation.

    As said above : you should see the MAC and IP in the pair of rules - the must stay the same.

    I entered below command in the guide diagnostic command prompt

    ipfw table myguest_auth_up list it returns error ipfw: failed to request table info :no such process



  • And how does  the dhcp comes into affect.
    I have a lot of rolls some are 15 hours some 1week  some 1month some even 4 months.

    How do I configure dhcp so that leases are used properly and dhcp isn't starved.



  • @Wroxc:

    ipfw table myguest_auth_up list it returns error ipfw: failed to request table info :no such process

    ipfw is the firewall used by the captive portal.
    It a FreeBSD command =>
    -r-xr-xr-x  1 root  wheel  170536 Mar 27 01:05 /sbin/ipfw
    "mysquest" should be the captive portal zone name.
    You know that one, because you choose it.

    You can see the table name when you use

    ipfw table all list
    

    first.

    @Wroxc:

    And how does  the dhcp comes into affect.
    I have a lot of rolls some are 15 hours some 1week  some 1month some even 4 months.

    The client will have the same MAC - but the IP might change. In that case he has to re login.

    That's where

    Concurrent user logins =>
    Disable Concurrent user logins If enabled only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected.

    comes in.
    Earlier logging are disconnected, only the latest will exist.

    @Wroxc:

    How do I configure dhcp so that leases are used properly and dhcp isn't starved.

    What about a big pool ?



  • @Gertjan:

    @Wroxc:

    ipfw table myguest_auth_up list it returns error ipfw: failed to request table info :no such process

    ipfw is the firewall used by the captive portal.
    It a FreeBSD command =>
    -r-xr-xr-x  1 root  wheel  170536 Mar 27 01:05 /sbin/ipfw
    "mysquest" should be the captive portal zone name.
    You know that one, because you choose it.

    You can see the table name when you use

    ipfw table all list
    

    first.

    @Wroxc:

    And how does  the dhcp comes into affect.
    I have a lot of rolls some are 15 hours some 1week  some 1month some even 4 months.

    The client will have the same MAC - but the IP might change. In that case he has to re login.

    That's where

    Concurrent user logins =>
    Disable Concurrent user logins If enabled only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected.

    comes in.
    Earlier logging are disconnected, only the latest will exist.

    @Wroxc:

    How do I configure dhcp so that leases are used properly and dhcp isn't starved.

    What about a big pool ?

    Big pool not possible at the moment.

    Is there a cleanup process which releases all leases if they are not authenticated via voucher?

    As those clients are what eats up majority of the dhcp pools ips.



  • Reduce DHCP lease time.

    But keep in mind that the pool should be bigger as the potential number of devices requesting an IP.
    If not, you'll be stressing your DHCP server and your users.

    A Captive portal should run on it's own interface - so a 10.0/16 (65 K addresses) is two clicks away.