One Voucher Per Device


  • LAYER 8 Netgate

    @wazim4u Hmm. That seems like it should log the voucher code that was attempted. Is it just on another line?



  • @Derelict I just copied one line to show as example given below more detailed log.

    Zone: Camp - The SQL array (WHERE ip = '10.20.25.153' OR (username != 'unauthenticated' AND lower(username) = '1688815233')) : Array
    Apr 24 09:03:16	logportalauth	22958	Zone: Camp - Enteringh portal_allow(): , ,
    Apr 24 09:02:59	logportalauth	40266	Zone: Camp - CONCURRENT VOUCHER LOGIN - NOT ALLOWED KEEPING OLD SESSION : 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
    Apr 24 09:02:59	logportalauth	40266	Zone: Camp - Found NOT last: 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
    Apr 24 09:02:59	logportalauth	40266	Zone: Camp - config['captiveportal'][Camp]['noconcurrentlogins'] 2 exists = set: 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
    Apr 24 09:02:59	logportalauth	40266	Zone: Camp - Voucher + ! unauthenticated + (cpentry == user): 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
    Apr 24 09:02:59	logportalauth	40266	Zone: Camp - config['captiveportal'][Camp]['noconcurrentlogins'] exists = set: 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
    Apr 24 09:02:59	logportalauth	40266	Zone: Camp - Entering for each loop 1688815233 = 1688815233: 1688815233, 94:14:7a:55:b5:0e, 10.20.25.154
    

  • LAYER 8 Netgate

    Ah I was looking at 1688815233 and incorrectly assuming it was an epoch seconds time or something. Thanks.



  • @wazim4u what happen when i connect same voucher to two devices is that
    1, both devices connects, even after applying the patch and selecting first login.
    2. logged in vouchers usually appear at status>captive portal> active users,,,
    now nothing like that, even under service>captive portal, logged in users usually show the number of people logged into the cp,,,,
    but now nothing like that,, which means, i cannot delete active vouchers,,,
    i have setup this system for a friend and it works fine, coming to mine nw, not working



  • @colleytech Your friend is lucky if it works for him. I may test it with 2.4.4-p3 and let you know. I tried before with 2.4.4-p3 it was showing no active users & more issues so i switched to 2.5 ( that time there was no 2.4.5 )

    once voucher is active second device cannot use it he will get error reuse of authentication not allowed "



  • @wazim4u do u have the 2.5 dev??



  • @colleytech thats what i said, yes I’ve 2 Production systems of pfSense 2.5 dev



  • @wazim4u i mean the iso for the 2.5 dev version



  • @colleytech download from given below link

    https://www.pfsense.org/snapshots/



  • @wazim4u thanks for the link



  • @wazim4u

    hi sir! you are using 2.5.0 and this patch (1V1D Patch.zip)? One voucher per device is really working?

    thanks!



  • @Gertjan is there any chance pfsense management consider this function in official release,???





  • @viktor_g said in One Voucher Per Device:

    Please check https://redmine.pfsense.org/issues/9432#note-6

    @viktor_g 👍
    ( I can see what you are doing ☺ )



  • @wazim4u Can you tell me how did you manage to make the patch work with 2.5 ,i have tried everything but it simply doesn't work at all.
    I get this in logs
    Aug 2 21:08:59 logportalauth 343 Zone: pp - Voucher login good for 9950 min.: FefhaqG3kux, 44:59:e3:71:1c:49, 10.0.0.11
    Aug 2 21:09:39 logportalauth 343 Zone: pp - Enteringh portal_allow(): , ,
    Aug 2 21:09:39 logportalauth 343 Zone: pp - The SQL array (WHERE ip = '10.0.0.12' OR (username != 'unauthenticated' AND lower(username) = 'fefhaqg3kux')) : Array
    Aug 2 21:09:39 logportalauth 343 (
    Aug 2 21:09:39 logportalauth 343 )
    Aug 2 21:09:39 logportalauth 343 : , ,
    Aug 2 21:09:39 logportalauth 343 Zone: pp - Enteringh portal_allow(): , ,
    Aug 2 21:09:39 logportalauth 343 Zone: pp - The SQL array (WHERE ip = '10.0.0.12' OR (username != 'unauthenticated' AND lower(username) = 'fefhaqg3kux')) : Array
    Aug 2 21:09:39 logportalauth 343 (
    Aug 2 21:09:39 logportalauth 343 )
    Aug 2 21:09:39 logportalauth 343 : , ,
    Aug 2 21:09:39 logportalauth 343 Zone: pp - Voucher login good for 9949 min.: FefhaqG3kux, d0:25:98:85:7e:50, 10.0.0.12



  • @coldmine said in One Voucher Per Device:

    Aug 2 21:09:39 logportalauth 343 Zone: pp - The SQL array (WHERE ip = '10.0.0.12' OR (username != 'unauthenticated' AND lower(username) = 'fefhaqg3kux')) : Array

    Where do these lines come from ?
    You add them ? They look fine, though.
    Btw : use print_r(...) to dump an array.

    @coldmine said in One Voucher Per Device:

    you manage to make the patch work with 2.5

    The patch is included in 2.5.0. You should run the latest 2.5.0-dev to have it.
    You are using what version version ?

    @coldmine said in One Voucher Per Device:

    Voucher login good for 9949 min.: FefhaqG3kux, d0:25:98:85:7e:50, 10.0.0.12

    and

    @coldmine said in One Voucher Per Device:

    Voucher login good for 9950 min.: FefhaqG3kux, 44:59:e3:71:1c:49, 10.0.0.11

    = typical voucher re use.

    The patches states above was just a case study. I thing this issue isn't implemented yet - at least not in 2.4.5-p1. I'm not using 2.5.0....



  • @coldmine yes its working since 8 months now without any issue with 2.5-dev. since its working fine i didn't upgrade it

    Aug 2 21:13:41	logportalauth	64788	Zone: dhabi - The SQL array (WHERE ip = '10.20.29.254' OR (username != 'unauthenticated' AND lower(username) = '1788234364')) : Array
    Aug 2 21:13:41	logportalauth	64788	Zone: dhabi - Enteringh portal_allow(): , ,
    Aug 2 21:13:12	logportalauth	278	Zone: dhabi - CONCURRENT VOUCHER LOGIN - NOT ALLOWED KEEPING OLD SESSION : 1788234364, 48:9d:d1:91:95:6b, 10.20.21.156
    Aug 2 21:13:12	logportalauth	278	Zone: dhabi - Found NOT last: 1788234364, 48:9d:d1:91:95:6b, 10.20.21.156
    Aug 2 21:13:12	logportalauth	278	Zone: dhabi - config['captiveportal'][dhabi]['noconcurrentlogins'] 2 exists = set: 1788234364, 48:9d:d1:91:95:6b, 10.20.21.156
    Aug 2 21:13:12	logportalauth	278	Zone: dhabi - Voucher + ! unauthenticated + (cpentry == user): 1788234364, 48:9d:d1:91:95:6b, 10.20.21.156
    Aug 2 21:13:12	logportalauth	278	Zone: dhabi - config['captiveportal'][dhabi]['noconcurrentlogins'] exists = set: 1788234364, 48:9d:d1:91:95:6b, 10.20.21.156
    Aug 2 21:13:12	logportalauth	278	Zone: dhabi - Entering for each loop 1788234364 = 1788234364: 1788234364, 48:9d:d1:91:95:6b, 10.20.21.156
    

    My pfsense 2.5 version is 2.5.0.a.20191015.0305
    1000+ concurrent captive portal users.



  • I don't get it .....

    Your using a 'dev' version that you don't update regularly ??

    If you want to know what has been added, corrected or modified, there is only one source.
    Knowing it's open source => https://github.com/pfsense/pfsense/pulls
    and redmine of course => https://redmine.pfsense.org/projects/pfsense/issues?set_filter=1&tracker_id=1 - on the right side you can filter resolved issues, and outstanding issues.

    If the Multiple voucher login question has been solved :
    Plan A : Update.
    Plan B: consult

    Btw : Oh, lol : https://redmine.pfsense.org/issues/2146



  • @Gertjan I have two systems both 2.5-dev version . second system is up to date always. I keep an eyes on all updates and bug fixes (redmine) everyday i am testing both system in different ways.

    second system i didn't apply any patch and people can reuse voucher on other device so they get disconnected from old

    Aug 3 13:00:03	logportalauth	38072	Zone: campco - CONCURRENT LOGIN - TERMINATING OLD SESSION: 9478394944, 7c:78:7e:4d:1c:43, 10.10.21.188
    

    Moving soon to FreeRADIUS base solution which has no issue with concurrent logins. I have already done initial testing in production environment.



  • This post is deleted!

Log in to reply