Used voucher db with strange content

refugeesonline

Hi!

I have a question: We are operating roughly 190 locations and use (mainly) APU devices on site (release 2.6.0). All locations use the same 2 voucher rolls (50.000 vouchers each). None of the location is using HA, voucher sync or so. The only "connection" between the sites is that all of them send remote logging messages to a syslog server. The vouchers can be bought in our online shop and are delivered by e-mail to our clients. [Before you comment "use RADIUS" - that is the plan, but the developers haven't finished the setup yet.]
Here's my question / observation: We see around 30 users per site per month. The stuff is online since 14 months. So in average, we would see 14 x 30 = 420 used vouchers in the DB in a particular site. However, now and then we see thousands of used vouchers in the DB and even worse, vouchers which are freshly bought and have never been used anywhere are marked "expired". All this happens without a clear scheme, it seems to happen randomly. Any ideas why (and how) this happens?

Gertjan

@refugeesonline

I'm not a voucher use myself, but I know that the accurate time is important when you use vouchers.
Double check that all your "190" remote sites have the right time.

Example : an APU device just restarted, and has troubles syncing the correct time. If it's own battery is bad, it will even start to tick at 0h00 @ 1970.
Users start to log in.
Voucher start date time is noted in a used-voucher-database.
The correct time gets synced.
Activate vouchers now indicate +50 years online and will get thrown of the list / marked as expired.

Again : this is me thinking out loud.

Used voucher db with strange content

What DB file ? What is this strange content ?

refugeesonline

@gertjan

Gertjan, good point. I will check this. It would explain the strange behavior. I thought all sites have an NTP sync, but I'll check again.

The db I am talking about is

/var/db/voucher_zone_xx_used_yy.db

(xx ist the zone number, yy the roll number).

refugeesonline

@gertjan

Gertjan, I checked the time settings. As expected, all appliances hook on the pfsense ntp-server and have the correct time.
So system time isn't the cause.

What bugs me: It is just happening now and then and not in all sites. As mentioned before, we sell around 100 vouchers per site per month and we have sites which show 26.000 used vouchers - although these sites are in operation for only 24 months. This is pretty annoying ...

Anyone having the same or similar problems? Or any idea?

Just as a remark: We are also operating "old" appliances with NanoBSD (PFsense 2.3.5_2) and NONE of these sites has ever had the same issue. It only seems to happen for the newer releases ...

Best regards,

Volker

Gertjan

@refugeesonline said in Used voucher db with strange content:

Anyone having the same or similar problems? Or any idea?

The thing is, if I recall the entire forum (and I can't / don't, although I'm posting here since a decade or so), you are the first I see posting about a voucher usage on a big scale.
And its not one set up, but multiple setups 190.

My advise is : start logging.
Not using the GUI, as the GUI probably offer 'close to none' possibilities here.
I would add lines lines like :
log_error("This is a log line in file abcd.php");

This line will get shown in the System main log like this :

change abcd for the file name you placed your log line.
You can / should add variables.

I don't have much experience with vouchers, I just played with them, by creating some 30 minutes vouchers and use them, and see how they time out of the preset time.
That is, I know, that if a voucher is used for the first time, and it's 'valid', the voucher code will get entered in the 'used voucher' database (probably the SQLITE3 PHP database file that is kept for every portal).

The captive portal uses a 'mini cron' process :

53161  -  Is       0:00.00 /usr/local/bin/minicron 60 /var/run/cp_prunedb_cpzone1.pid /etc/rc.prunecaptiveportal cpzone1

that runs every 60 seconds, the function captiveportal_prune_old() in /etc/inc/captiveportal.inc gets called. That's where the magic is happening.

The good news is : nothing magic is going on. See for yourself. Its plain vanilla PHP - PHP was removed from the rocket science list in 1999.

@refugeesonline said in Used voucher db with strange content:

26.000 used vouchers

Vouchers are created, and you can print them out.
They are not known to the captive portal authentication system at this moment. They are generated, and you print them.
If 26000 vouchers are shown as used, then they had to be typed in by some one one by one.

Vouchers are active the moment they get entered.
The voucher code identifies the duration of the "roll" it belongs.
The voucher stays valid while ("enter date/time" + "roll duration") < "current time".

Here is the test : https://github.com/pfsense/pfsense/blob/9490042fdaafa481bcf131f3805dcc9022d973f1/src/etc/inc/captiveportal.inc#L654

Sorry not being able to help you more.