• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Captive Portal enable MAC pass-through for only user login?

Scheduled Pinned Locked Moved General pfSense Questions
7 Posts 2 Posters 330 Views 2 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N Offline
    noctowld
    last edited by Sep 4, 2024, 7:23 AM

    Is there a way to config the portal to be like the (title) ? The only option I see is to enable/disable this feature without specifying the target between user account login and voucher login. I got portal running just fine with authentication and all, but now I need to add voucher for guests and I don't want the portal to remember MAC of guests's used voucher.

    G 1 Reply Last reply Sep 4, 2024, 7:29 AM Reply Quote 0
    • G Offline
      Gertjan @noctowld
      last edited by Sep 4, 2024, 7:29 AM

      @noctowld

      Do not check :

      bdfa5bf1-432b-46c9-ace3-d41f06c224e5-image.png

      and done ?!

      Captive Portal enable MAC pass-through for only user login?

      Not a user, more a device, and to be exact : the MAC of that device can be added manually to the MAC list : this device will now pass through the portal as if it isn't there.

      @noctowld said in Captive Portal enable MAC pass-through for only user login?:

      I don't want the portal to remember MAC of guests's used voucher.

      To function, the portal uses MAC's and IP addresses of every connected device.
      That how the portal firewall works.
      As soon as the voucher expires, the IP (an RFC1918 anyway) and the device MAC are discarded (not stored).

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      N 1 Reply Last reply Sep 4, 2024, 7:42 AM Reply Quote 0
      • N Offline
        noctowld @Gertjan
        last edited by noctowld Sep 4, 2024, 7:59 AM Sep 4, 2024, 7:42 AM

        @Gertjan "As soon as the voucher expires, the IP (an RFC1918 anyway) and the device MAC are discarded (not stored)."

        That isn't the case when I'm testing it on my VM (1 pfsense and 1 window), as soon as I input the voucher code, the portal saves the MAC address and still keep it after the voucher long expired. Even after a reboot of the window VM, it can still access the internet without being required to use voucher/ account.

        Edit: added screenshot - voucher expired, the MAC address doesn't get auto discarded

        cdd59257-ed64-4cc5-bd00-4121641c8e7a-image.png

        e492630e-9efc-4bea-922c-235476ae7f98-image.png

        G 1 Reply Last reply Sep 4, 2024, 9:36 AM Reply Quote 0
        • G Offline
          Gertjan @noctowld
          last edited by Sep 4, 2024, 9:36 AM

          @noctowld

          This

          4970ef98-87ed-4540-9aba-e1ccfb6be776-image.png

          "Auto-added" is what happens when this is checked :

          39c6cada-7232-4e91-9c51-8e40af899fe2-image.png

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          N 1 Reply Last reply Sep 4, 2024, 9:48 AM Reply Quote 0
          • N Offline
            noctowld @Gertjan
            last edited by noctowld Sep 4, 2024, 9:52 AM Sep 4, 2024, 9:48 AM

            @Gertjan

            I know, the real system has been running with it on all the time. What I want to do now is adding vouchers as a login option, but don't let the portal add voucher's MAC to auto pass, as voucher is going to be used for guests; while also let the portal add auto pass for device logging in by using accounts. In short I want: login with account (staff) -> save MAC for autopass; if using voucher instead (guest) -> don't save MAC. Currently I don't see any option for this.

            If I disable Pass-through MAC Auto Entry, the portal doesn't save any MAC address at all (both voucher and account login). If I enable it (which is currently enabled), the portal save both vouchers login and account login's MAC address.

            G 1 Reply Last reply Sep 4, 2024, 10:11 AM Reply Quote 0
            • G Offline
              Gertjan @noctowld
              last edited by Sep 4, 2024, 10:11 AM

              @noctowld said in Captive Portal enable MAC pass-through for only user login?:

              If I disable Pass-through MAC Auto Entry, the portal doesn't save any MAC address at all (both voucher and account login). If I enable it (which is currently enabled), the portal save both vouchers login and account login's MAC address.

              Exact, its an all or nothing option.
              Like "on" or "off" for every voucher login, but also "user + password" login.

              Btw : a captive portal is intended to be used by 'non trusted' user that you want to offer a Internet connection.
              I'm not sure what 'staffers' do in this portal network ....
              Normally ™® staffers belong on a trusted network.
              Others, like guest, kids and so on use the portal network.

              You probably don't have a boatload of staff, so why not enter their MAC (devices) into the portal, and be done with it. Ones in a while, you'll remove a MAC, and add another one, if needed.

              What you could do :
              Activate a portal network for staffers.
              Activate another portal network for the other users.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              N 1 Reply Last reply Sep 5, 2024, 1:00 AM Reply Quote 0
              • N Offline
                noctowld @Gertjan
                last edited by noctowld Sep 5, 2024, 1:15 AM Sep 5, 2024, 1:00 AM

                @Gertjan

                Thanks for replying.

                We have about 100 users/ staffs usually on my location, most use multiple devices, with other staffs that may come and go from another branch (about 500 total if counting all branchs). The portal was intended to use for WIFI and staff only, so we hooked our pfsense with a VPN connection to our AD (which is on another location) and use it as an authentication backend. But now higher-ups want to add voucher option for guests, previously we just made an account to use exclusively for guests instead.

                We do have VLANS for each departments, separately from the portal WIFI networks. Before using portal, the WIFI was more of a convenient thing (which it still kinda is), with no authentication required.

                1 Reply Last reply Reply Quote 0
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received