pfsense 2.5.2 can't auto delete pass-through MAC after voucher expired
-
dear all,
i want voucher users to be added as pass-through macs and also want them removed after voucher expire automatically
in 2.4.4 its working but after upgrading to 2.5.2 its not working please anybody now how to fix this.
-
@maherg hello, did you find any solution?
-
@tianakex no bro
nobody is answering and i didn't get any solution.
-
@maherg did you try rolling back to 2.4.4?
-
@tianakex no i am still on 2.5.2 because i want to use wireguard vpn but now i am not using auto add pass-through MAC
-
@maherg just in case i found the solution, if you still need it
-
This post is deleted! -
@maherg I am in 2.6.0 but it should work for you
Edit /etc/inc/captiveportal.inc
find the captiveportal_prune_old_automac function and add the code below my descirption "/auto delete mac passthrougth at voucher expiration/"function captiveportal_prune_old_automac() { global $g, $config, $cpzone, $cpzoneid; if (is_array($config['captiveportal'][$cpzone]['passthrumac']) && isset($config['captiveportal'][$cpzone]['passthrumacadd'])) { $tmpvoucherdb = array(); $macrules = ""; $writecfg = false; foreach ($config['captiveportal'][$cpzone]['passthrumac'] as $eid => $emac) { if ($emac['logintype'] != "voucher") { continue; } if (isset($config['captiveportal'][$cpzone]['noconcurrentlogins'])) { if (isset($tmpvoucherdb[$emac['username']])) { $temac = $config['captiveportal'][$cpzone]['passthrumac'][$tmpvoucherdb[$emac['username']]]; $pipeno = captiveportal_get_dn_passthru_ruleno($temac['mac']); if ($pipeno) { captiveportal_free_dn_ruleno($pipeno); $macrules .= "table {$cpzone}_pipe_mac delete any,{$temac['mac']}\n"; $macrules .= "table {$cpzone}_pipe_mac delete {$temac['mac']},any\n"; $macrules .= "pipe delete {$pipeno}\n"; ++$pipeno; $macrules .= "pipe delete {$pipeno}\n"; } $writecfg = true; captiveportal_logportalauth($temac['username'], $temac['mac'], $temac['ip'], "DUPLICATE {$temac['username']} LOGIN - TERMINATING OLD SESSION"); unset($config['captiveportal'][$cpzone]['passthrumac'][$tmpvoucherdb[$emac['username']]]); } $tmpvoucherdb[$emac['username']] = $eid; } /*auto delete mac passthrougth at voucher expiration*/ if (voucher_auth($emac['username']) <= 0) { $pipeno = captiveportal_get_dn_passthru_ruleno($emac['mac']); if ($pipeno) { captiveportal_free_dn_ruleno($pipeno); $macrules .= "table {$cpzone}_pipe_mac delete any,{$emac['mac']}\n"; $macrules .= "table {$cpzone}_pipe_mac delete {$emac['mac']},any\n"; $macrules .= "pipe delete {$pipeno}\n"; ++$pipeno; $macrules .= "pipe delete {$pipeno}\n"; } $writecfg = true; captiveportal_logportalauth($emac['username'], $emac['mac'], $emac['ip'], "EXPIRED {$emac['username']} LOGIN - TERMINATING SESSION"); unset($config['captiveportal'][$cpzone]['passthrumac'][$eid]); } /*end auto delete mac passthrougth at voucher expiration*/ } unset($tmpvoucherdb); if (!empty($macrules)) { @file_put_contents("{$g['tmp_path']}/macentry.prunerules.tmp", $macrules); unset($macrules); mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.prunerules.tmp"); } if ($writecfg === true) { write_config("Prune session for auto-added macs"); } } }
-
- restart the CP service
- make sure Concurrent user logins is disabled
- just dont edit the autoadded mac address because the CP will considere that you added it manually and will not be a voucher associated mac anymore and will not be pruned at the expiration of the code voucher
-
@tianakex thank you very much i will try this
-
@tianakex Hi may I know if this patch also works on pfsense 2.6?