One Voucher Per Device



  • dear all,

    my is i want one voucher for only and only for one device. even if i have checked disable concurrent login and enable pass-through mac.

    this problem arise in version 2.4.4, in previous versions pfsense CP was working fine.
    and when i unchecked disable concurrent login on voucher work on multiple devices at same device



  • 0_1540361651228_1.jpg

    @Gertjan @Derelict @jimp how can this happen one voucher on two devices at same time even if enable pass-through mac is checked..

    and when i checked disable concurent user login and enable pass-through mac then most recent login is active means one voucher work on multiple device in 2.4.4 and 2.4.5 snapshot also



  • @ishtiaqaj said in One Voucher Per Device:

    my is i want one voucher for only and only for one device.

    Right now, pfSense uses the last device active. Not the first.
    So, you need to "code and test" - the question was already asked in the past, so https://forum.netgate.com/topic/130046/disable-concurent-user-is-useless/6 for more info what you could do to change the default behavior.

    Btw :
    @ishtiaqaj said in One Voucher Per Device:

    and enable pass-through mac

    Using this option goes against what you are asking for - I advise you not to use "pass-through mac".


  • Netgate

    It's been a while since I used it but as I recall with single-use vouchers (disable concurrent logins) then if another device uses the voucher, it is the one that now has access.

    This allows people to move the voucher from device to device (like wired to wireless) without needing a voucher.

    If they give their voucher to someone else, well, I guess they shouldn't do that.

    Using pass-through MAC is a great way to grant really long-term vouchers (like weeks or months) because you don't have to worry about balancing DHCP with the captive portal timeout settings.

    If, when you enable both auto-added pass-through MAC and disable concurrent users the MAC table is cleared and replaced with the latest login, it is working as expected. You might be able to get the behavior you desire for your specific circumstance in your login page php.



  • @derelict said in One Voucher Per Device:

    If, when you enable both auto-added pass-through MAC and disable concurrent users the MAC table is cleared and replaced with the latest login, it is working as expected. You might be able to get the behavior you desire for your specific circumstance in your login page php.

    @Derelict how can i get the desire scenario on my login page. please help me i am not a skilled user.
    this feature was working in 2.4.3-1 and previous versions what have change in 2.4.4. please guide me how to do this in 2.4.4


  • Netgate

    I am not a programmer. Sorry. You would do best to explicitly and clearly state:

    1. What you are doing (steps to reproduce)
    2. What the expected result is
    3. What it happening instead

    That would be the starting point for a bug report.

    I suggest the steps to reproduce are from a new CP instance in its default configuration with the default login page. Keep it as simple as you can to demonstrate the specific issue you wish to report.



  • @Derelict i am sorry but i did't get from your post.
    please anybody else who can help me..

    @Derelict @Gertjan just like mobile recharge prepaid cards person uses and through nobody can use this card again... but according to pfsense new feature anybody can use the cards of others...just like my case i am providing internet in labor camp. the people can steal the cards other which cause severe problem for me.



  • @ishtiaqaj said in One Voucher Per Device:

    @Derelict i am sorry but i did't get from your post.
    please anybody else who can help me..

    @Derelict was asking for details : your setup, info about how you want it to work.

    @Derelict @Gertjan just like mobile recharge prepaid cards person uses and through nobody can use this card again... but according to pfsense new feature anybody can use the cards of others...just like my case i am providing internet in labor camp. the people can steal the cards other which cause severe problem for me.

    Like credit cards : if they are stolen then that means troubles for everybody. Your client should come back to you to get a new card, you should block the old card, etc.

    I suggest for you :
    Vouchers with a real short validity time, something like 5 minutes or even less.
    The "checked disable concurrent login" isn't needed, but could be activated.
    Use also the "Pass-through MAC Auto Entry" option. The MAC(device) will have an indefinitely access, up to you to delete it after X time.

    What you really need is probably what has been mentioned here https://forum.netgate.com/topic/130046/disable-concurent-user-is-useless
    First time login using vouchers that sticks with that device - the voucher can't be used for any other device any more.
    As said, this option doesn't exist at this moment.

    People shouldn't hand out their vouchers to other people, and this is enforced by the fact that "disable concurrent login" will disconnected their (first) device, like not giving away their credit card.



  • @Gertjan @Derelict .
    I am giving Internet Service in multuple labour camps.. my vouchers are for 30 days. as 4 to 5 persons live in one room so there are much chance they can see or stole room fellows cards.. and for me its not possible to delete mac of stolen voucher cause its time consuming and unprofessional approch..
    2.4.3-1 was working well.
    i regret why i update to 2.4.4
    i am just asking please provide help piece of code and how to di that would do the same.



  • @Gertjan @Derelict
    getting no help from forum many days passed.
    nobody wants to help??



  • @ishtiaqaj said in One Voucher Per Device:

    nobody wants to help??

    Because there is no answer that brings a solution for your case.
    5 people in a room that steal vouchers will steel also passwords, and if you stop this (can you ?) then they will share the same device.
    And then things will get worse : these 5 people could start thinking, and then they will find this device (15 $ at Amazone) that will connect to you wifi with one voucher (or one password/user) and knowing so your pfSense only sees the one IP/MAC of this device, so it seees just "one user". Or, this device will offer a locally generated, in the room, WiFi network that permit all 5 users to connect, and you can't see anything, so you can't do nothing, except throttling the bandwidth a max. ....



  • Dear @Gertjan you are right they can connect more devices but share the fix speed(1mbps) so they will get slow speed. slow speed nobody like definately they will take new voucher.



  • With FreeRadius you can also add a new limitation factor : quantity of data a day, week or month.
    When it's up, for the rest of the day, week or month the connection will be stopped.