Captive Portal - Used Voucher could be reused



  • Hello Team,

    today i have a question regarding the Captive Portal and the Voucher function.

    We are using the CP with only Voucher Auth.

    Version: 2.4.3-RELEASE-p1.

    It's working fine BUT.

    Sometime's all Clients will be disconnected AND/OR after a reconnect they have to auth again....
    .... and thats not enough ... they can reuse there allready used Vouchercode and signin again.

    That could not be right!

    Could somebody help me?

    I also searched for the option for the Voucher storing period ... but i can't find this option on the WebGUI.

    Best Regards

    M4tzen



  • Hi,

    More info needed :
    What is the time duration of a voucher ?
    What is de soft time out on the Captive portal settings page ?
    What is the hard time out on the settings page ?

    Answering these 3 question will automatically give you the answer of your question ;)

    @m4tzen said in Captive Portal - Used Voucher could be reused:

    That could not be right!

    A voucher is not a one shot login pass, but a "valid for login for x time" (the voucher duration).
    Consider a 6 hour voucher : If the user gets disconnected because he was idle for, say 1 hour and the soft and/or hard time out is set to one hour, he will be able -no, better ; he has to re login to use the remains of his time left.
    Captive portal firewall rules will get removed after soft and or hard time is reached.
    This is all just fine and by design.



  • Hello Gertjan,

    1st thx for the fast reply.

    What is the time duration of a voucher ?
    -> In the tested case's 1 Day and 1 Year

    What is de soft time out on the Captive portal settings page ?
    -> If you mean the IDLE Timeout .... this is not set at the moment

    What is the hard time out on the settings page ?
    -> hard timeout is also not configured at the moment

    If it's needed to configure Idle & hard time out what recommendations do you have?!



  • @m4tzen said in Captive Portal - Used Voucher could be reused:

    If it's needed to configure Idle & hard time out what recommendations do you have?!

    The GUI answers already that question :
    0_1531141018612_e761c3c6-b0d0-4097-bcf7-7beaaa69cc0c-image.png

    It can be "done", I guess, no idle or hard time out, thus firewall rules are staying in place untill the reboot (power outage, upgrade, captive portal settings updated, etc etc )

    Vouchers for 1 day and 1 year ???? .... OK..... why non.
    Add another time out : several times a year, you upgrade pfSense. Consider that also as a time out (firewall rules will be reset - please don't tell me that that's why you don't upgrade ... system do go down anyway)



  • @gertjan

    It can be "done", I guess, no idle or hard time out, thus firewall rules are staying in place untill the reboot (power outage, upgrade, captive portal settings updated, etc etc )

    -> Does this mean ... after the "reboot" of the Router/Device, the enduser need to login again equal if the enduser device have an applied and enabled voucher code?

    Vouchers for 1 day and 1 year ???? .... OK..... why non.
    -> :) Yes ... special requirement from special person ;)

    Add another time out : several times a year, you upgrade pfSense. Consider that also as a time out (firewall rules will be reset - please don't tell me that that's why you don't upgrade ... system do go down anyway)
    -> we are new on this Software ... s we dont have any experience about how much update's are deployed in a year. BUT we will upgrade/update all the time to the latest version ...

    Some more question to the IDLE TimeOut ... Does it mean that the Enduser will only be disconnected and when the device is up&runninge(requesting packets) again then its autom. signed in to the Guest WIFI?(same for the Hard Timeout) Or is a complete resign in "process" needed(we typing in the voucher code etc.)?



  • @m4tzen said in Captive Portal - Used Voucher could be reused:

    -> Does this mean ... after the "reboot" of the Router/Device, the enduser need to login again equal if the enduser device have an applied and enabled voucher code?

    Yes.
    After the reboot of pfSense there are no logged in users - the ipfw firewall (rule) states are nor saved, users have to re login.
    I advice you to try it out - see for yourself.

    @m4tzen said in Captive Portal - Used Voucher could be reused:

    -> we are new on this Software ... s we dont have any experience about how much update's are deployed in a year. BUT we will upgrade/update all the time to the latest version ...

    A couple of times a year.

    @m4tzen said in Captive Portal - Used Voucher could be reused:

    Some more question to the IDLE TimeOut ...

    The captive portal was been designed to give temporary "non trusted clients" Internet access.
    Your typical railway station, hotel, camping, restaurant, ** or to some extend even your own house that you rent to strangers.
    The clients just come by, stay some time, do their thing (typically : updating their FB page) and then leave the premises for good.
    A idle timeout, and hard time out, is needed so the ipfw tables don't get cluttered up.
    Idle time out happens if the device left for the day (or was shut down for the day) : his owner should re login - and this is possible as long as the voucher remains valid.

    ** I forget : some are running pfSense Captive portal on aero-ports. Tens of thousands of captive portal connections all the time.
    These huge system will die in minutes if an idle time out isn't set.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy