One Voucher Per Device
-
This is not the forum for feature and pull requests.
https://redmine.pfsense.org/
https://github.com/pfsense/pfsense/ -
Don't worry, won't publish any PHP stuff here.
Just want to be sure I'm writing something useful.When done and tested, I'll locate a feature request if one exists, and add my implementation as a pull request / review.
-
No problem posting it. It's just that it probably won't get looked at by the right people unless it is put in the right places.
-
@Gertjan which version is this ? i am using 2.4.4 i cant see that 3 options in my version...
-
I already went through the Forum => Redmine => Github phase twice, I guess.
@ajmaltms :
I'm using the same version as you. pfSense 2.4.4p2I just have edited the code on my own pfSense setup.
Does the image looks good to you ?
As @Derelict stated, there is a whole procedure to respect when one want to change the 'official' code.
As said, this will take some time. -
@Gertjan yes..thats what i want...first login..
-
Good !
I'll post back here when I have a Feature request.
Attached to the feature request I'll be posting a pull request. At that moment, with the System_Patches package you can then retrieve the proposed pull request into your own pfSense to test drive the new code.
Eventually, if the pull request gets granted - IF this happensbolded text, the feature will be build into al new pfSense version.
This will take time - as most attention goes to "2.5.0" these days. -
It is unclear how someone would just allow all concurrent logins there.
-
@Derelict said in One Voucher Per Device:
It is unclear how someone would just allow all concurrent logins there.
I agree.
"Disabled" isn't the correct description. -
-
@Gertjan that seems more clear.
-
@ajmaltms : could not 'chat' all this to you, there is a 1000 char limit - so here it is :
Ready for the first try ?
Before you start, throw out all connected users. People that were logged in using Vouchers, in your case, that aren’t expired yet will be able to reconnect afterwards.Make backup copies of the two files that will get modified.
I advise you to use the console access, option 8.
And/or SFTP access is also advisable – FileZilla does that just fine – Note : use SFTP, NOT to be confused with FTP.Make a backup copy of this file
cp /etc/inc/captiveportal.inc /etc/inc/captiveportal.inc.original
Another file to make a copy from :
cp /usr/local/www/services_captiveportal.php /usr/local/www/services_captiveportal.php.original
Thus, now you have spare copies of the 2 files that will be changed.
Here we go:
This is the new /etc/inc/captiveportal.inc file:
https://pastebin.com/V6uWHNz5
This is the new /usr/local/www/services_captiveportal.php file.
https://pastebin.com/QLhNhgAWWhen these two files are in place, visit the portal config page, check your “Concurrent user login” settings: check one option out of the 3. I guess it will be “First” for you ^^ (see image above).
If there are any troubles, just copy your backup files back in place, like this (copy – paste these 2 commands will do that ) :
cp /usr/local/www/services_captiveportal.php.original /usr/local/www/services_captiveportal.php cp /etc/inc/captiveportal.inc.original /etc/inc/captiveportal.inc
You’ll be seeing messages in your captive portal log file like:
.... CONCURRENT VOUCHER LOGIN - NOT ALLOWED - KEEPING OLD SESSION …
Which informs you that the same voucher was used a second time – the connection was refused.
I do not pretend that everything works perfect right now. This is just a first test.
I tested all 3 settings of “concurrent login” myself using Vouchers AND the classic Local manger user logins – both behave now as I want:
- Multiple sessions per username / voucher
- Last sessions per username / voucher
- First sessions per username / voucher
The last one is the one you want to test.
Take your time to test – read the log file – send it over to me if question (use pastebin.org – not here in the forum)
Good luck.
-
@Gertjan not showing the three types of concurrent logins..but not working..still voucher can use same time..
-
@ajmaltms said in One Voucher Per Device:
not showing the three types of concurrent logins..but not working
Not showing but not working ?
Check this file /usr/local/www/services_captiveportal.php (in your pfSense)- for example lines 709 up until line 711 - you should see :To assure you : the file I upload, is the file I'm using right now. "services_captiveportal.php" is part of the Captive portal settings GUI.
I tend to say : if you don't see anything change (only the "Concurrent user logins" item) you didn't copy the file.edit : same thing for the file /etc/inc/captiveportal.inc - check line 2323. You should see this comment :
/* Implicit 'first' : refuse the new login - 'username' is already logged in */
-
@Gertjan sorry..showing 3 types..but not working
-
Well, show a test case.
Use a voucher on a device.
Use the same voucher on another device.
Show the log.edit : run this
grep 'noconcurrentlogins' /conf/config.xml
What is the output ?
edit 2019-04-19 :
This is what I see when I set " Concurrent user logins" " to "First".
I have a voucher "TYUURMVP423SB" and use it on a device :Apr 19 10:20:56 logportalauth 52629 Zone: cpzone1 - Voucher login good for 5 min.: TYUURMVP423SB, b0:70:2d:44:fc:da, 192.168.2.217
Now I use the same voucher on another device :
Apr 19 10:23:10 logportalauth 63782 Zone: cpzone1 - CONCURRENT VOUCHER LOGIN - NOT ALLOWED KEEPING OLD SESSION : TYUURMVP423SB, b0:70:2d:44:fc:da, 192.168.2.217
and I see a message in red on my captive portal "error" login page :
-
@Gertjan which pfsense version u are using?
-
2.4.4-p2
-
@Gertjan am using 2.3.5 may be thats the issue
-
Sure.
pfSense portal code on 2.4.4-p2 is different.
There is no development for the 2.3.5 anymore - I don't have it.