Client who disconnected with a logout button regains Internet access when the voucher (or FreeRadius account) he used is entered in another device



  • Hello, everyone! It's my first time posting, although I've been lurking this forum for guidance and tips for years already.

    Here's my problem. I created a basic, custom logout page with the code below. So when a client successfully enters a voucher code or Freeradius account, he's directed to this page with a logout button that allows manual disconnection. The button basically works; the client is removed in the list of active users in the Status: Captive Portal page and the system logs also indicates a zone disconnect for the client. He also loses his Internet access.

    However, if the client uses a second device to enter the same voucher code/Freeradius account in the captive portal, the previous, disconnected device regains access along with the second device until this second device is disconnected.

    EDIT: I also occasionally get a Failed setsockopt error message that appears at the top of my logout page for some reason.

    <?php 
    require_once("captiveportal.inc");
    
    global $config, $cpzone, $cpzoneid;
    
    $cpzone = $_REQUEST['zone'];
    $cpcfg = $config['captiveportal'][$cpzone];
    $cpzoneid = $cpcfg['zoneid'];
    
    $clientip = $_SERVER['REMOTE_ADDR'];
    
    $cpuser = captiveportal_isip_logged($clientip);
    show_remaining_time($cpuser); 
    
    ?>
    
    <b>Click the button below to disconnect.</b><p />
    <form method="post">
        <input type="submit" name="logout_button" id="logout_button" value="Logout" /><br/>
    </form>
    
    <?php
    
    if(array_key_exists('logout_button',$_POST)){
        
       echo "You are now logged out and have been disconnected" . "<br>";
    
       captiveportal_disconnect_client($cpuser[5], 6);
    }
    
    ?>
    

    Does anyone have any idea why this happens and how to fix it? I suppose there's a problem with the code I'm using. TBH, I've just begun learning PHP. :)

    EDIT: I don't know if it matters, but I also already enabled Disable Concurrent user logins.



  • I think I just found my own solution for my own problem. This might be related to a known issue (https://redmine.pfsense.org/issues/8441) that's already fixed in the latest released version. I'm going to install the latest pfsense now.

    EDIT: Yep, client disconnection works properly with version 2.4.3_1. I spent hours looking for a fix, should've check version logs first. :P



  • @conanhughes said in Client who disconnected with a logout button regains Internet access when the voucher (or FreeRadius account) he used is entered in another device:

    EDIT: I don't know if it matters, but I also already enabled Disable Concurrent user logins.

    Be careful with this one.
    Read https://www.netgate.com/docs/pfsense/captiveportal/using-captive-portal-with-freeradius.html

    The most recent update actually restored somewhat the "expected behavior".

    When you use the Captive portal and really want to understand what happens, there is something is more then the GUI to look at : https://www.netgate.com/docs/pfsense/captiveportal/captive-portal-troubleshooting.html
    You'll be seeing the "ipfw" firewall rules that make the portal actaully working. Probably impressive the first time you see them, but, hey, what the heck, you're running a firewall, these rules are what makes it work.
    (and you would have detected that the GUI said that there is no user connected anymore - but the rules said otherwise, permitting you to find a "problem" in a split second)

    It's not your question, but still missing today is the "Use the first login, and do not accept any others logins, when using vouchers - thus enforcing the rule : "one voucher - one user - one device, the first device he'll be using - and not share the voucher,, even with himself (the user)".