Voucher database synchronization



  • Does this feature in the CP already work?

    Does it sync from one pfSense to another?

    thnx for the help
    stefanero



  • Did you try before questioning it?



  • Hi,

    sry for replying so late, I have been away for a couple of days.

    Well I did test this but it feels kinda not working correctly.

    These were my test, maybe I did something wrong, not sure

    I have 2 pfsense, one in the DMZ and one in LAN.

    The LAN manages the vouchers,
    on the page -> status_captiveportal_test.php I did the test

    LAN shows:
    sjQKqhaQPY3 (1/16) good for 1440 Minutes
    Access granted for 1440 Minutes in total.

    DMZ shows:
    sjQKqhaQPY3 (1/16) good for 1440 Minutes
    Access granted for 1440 Minutes in total.

    so far so good, but when I actually use the voucher over the pfsense in the DMZ I can see in the log:

    DMZ
    System log -> Captive Portal
    logportalauth[32176]: Voucher login good for 1 min.: sjQKqhaQPY3, , ip_addr

    log also shows this:
    php: /index.php: CaptivePortalVoucherSync XMLRPC reload data success with http://LAN_IP_ADDR:8080:8080 (pfsense.exec_php).

    My portal runs on 8080 (not 80) , I disabled https for now. Strange is, it shows the port nr twice. Not sure if this is just a log bug tho, as it seams to work correctly, except for the 1min duration instead of 1440.

    any idear? The sync seams to work fine, but the time period seams odd to me. Also the user gets logged out after one minute, which is kinda to short of course :)

    both boxes run the same Version

    2.0-BETA5 (i386)
    built on Tue Feb 1 18:26:31 EST 2011

    Thnx a lot
    stefanero



  • Hi just upgraded both boxes to latest version since RC1 now released

    –-
    2.0-RC1 (i386)
    built on Mon Feb 28 18:12:00 EST 2011

    still

    logportalauth[58517]: Voucher login good for 1 min.: adjYYXFyUe73, , ip_addr

    alltho its a 1440 min voucher

    regards
    stefanero



  • should I make a bugreport at the bugtracker?

    since I got no featback I wonder if its a configuration issue or a bug :)



  • Hi,

    I think I found kinda relation between the duration of the voucher and the length of the ticket.

    Looks like only the 1st digit is actually "active" in the end.

    For example:

    I create 3 vouchers:

    200 min

    300 min

    400 min

    and on the test page(status_captiveportal_test.php) it shows :

    FqGkVaxLwZc (3/4) good for 400 Minutes
    

    when a voucher is actullay used it shows in the system logs -> captive portal

    Voucher login good for 4 min.: FqGkVaxLwZc,
    

    Same with 300 min, and then its valid 3 min duration, 200 min -> 2min duration…

    Maybe this helps a little
    Stefanero



  • Can you please test with latest snapshot and also post the system log on the problematic portal.



  • Hi erml,

    thank you for the reply,

    I am now running

    2.0-RC1 (i386)
    built on Mon Mar 7 12:03:17 EST 2011

    I created some new voucher, when I go to test page first:

    status_captiveportal_vouchers.php –> active_vouchers page

    Warning: file(/var/db/voucher_active_4.db): failed to open stream: No such file or directory in /usr/local/www/status_captiveportal_vouchers.php on line 61 Warning: Invalid argument supplied for foreach() in /usr/local/www/status_captiveportal_vouchers.php on line 62
    
    

    but the rest test itself is okey,

    PchcMGLVFct (4/3) good for 500 Minutes
    Access granted for 500 Minutes in total.

    on the pfsense system logs

    Last 50 system log entries
    Mar 8 16:09:56	php: : The command 'pfctl -K ' returned exit code '1', the output was 'pfctl: option requires an argument -- K usage: pfctl [-AdeghmNnOqRrvz] [-a anchor] [-D macro=value] [-F modifier] [-f file] [-i interface] [-K host | network] [-k host | network ] [-b host | network ] [-o [level]] [-p device] [-s modifier ] [-t table -T command [address ...]] [-x level]'
    Mar 8 16:09:56	php: : The command 'pfctl -k ' returned exit code '1', the output was 'pfctl: option requires an argument -- k usage: pfctl [-AdeghmNnOqRrvz] [-a anchor] [-D macro=value] [-F modifier] [-f file] [-i interface] [-K host | network] [-k host | network ] [-b host | network ] [-o [level]] [-p device] [-s modifier ] [-t table -T command [address ...]] [-x level]'
    Mar 8 16:09:56	php: : The command '/sbin/ipfw table 2 delete ' returned exit code '64', the output was 'ipfw: IP address required'
    Mar 8 16:09:56	php: : The command '/sbin/ipfw table 1 delete ' returned exit code '64', the output was 'ipfw: IP address required'
    Mar 8 16:09:46	php: /index.php: CaptivePortalVoucherSync XMLRPC reload data success with http://ip-addr:8080:8080 (pfsense.exec_php).
    Mar 8 16:09:46	php: /index.php: Captive Portal Voucher XMLRPC sync data http://ip-addr:8080:8080.
    
    Last 50 Portal Auth log entries
    Mar 8 16:09:56	logportalauth[52446]: TIMEOUT: , ,
    Mar 8 16:09:46	logportalauth[63795]: Voucher login good for 5 min.: PchcMGLVFct, , ip-addr-laptop
    

    btw, when I redo the test, with the current logged in voucher I get:

    	PchcMGLVFct (4/2) active and good for 1 Minutes
    	Access granted for 1 Minutes in total.
    

    hope to help
    stefanero



  • hmm

    I just tryed some more, and now the user is at least not logged out anymore after the 5min in this case.

    but i wonder if he ever will be logged out, since the voucher is not shown in the "active vouchers" page anymore.

    and, when I now use the voucher again in the test page it sais -> denied.

    stefanero



  • Well good morning,

    I tryed latestet snapsshot

    2.0-RC1 (i386) 
    built on Wed Mar 9 18:16:20 EST 2011 
    
    You are on the latest version.
    

    and deleted all my existing vouchers on the system in the LAN, then created a new roll and syncted it to the DMZ server.

    but still -> no go

    system logs on dmz box:

    Mar 10 08:11:22	php: /index.php: CaptivePortalVoucherSync XMLRPC reload data success with http://lan-server-ip:8080:8080 (pfsense.exec_php).
    Mar 10 08:11:22	php: /index.php: Captive Portal Voucher XMLRPC sync data http://lan-server-ip:8080:8080.
    

    captive logs on dmz box:

    Mar 10 08:13:05	logportalauth[36258]: TIMEOUT: qNday4Qihc63, , ip-addr
    Mar 10 08:11:22	logportalauth[60559]: Voucher login good for 1 min.: qNday4Qihc63, , ip-addr
    

    and its a 1440 min voucher  :-\ so again only the 1st digit is taken into account for voucher lifetime

    the tests on the test pages were showing informations just fine.

    Also in the Lan-pfsense I can see in the voucher status page:

    qNday4Qihc63	1	03/10/2011 08:11:22	1432 min	03/11/2011 08:11:22
    

    cu
    stefanero



  • Hi again,

    thought I tryed latest snapshot again.

    But problem still present.

    2.0-RC1 (i386) 
    built on Sun Mar 13 06:53:56 EDT 2011 
    
    
    
    Mar 14 09:36:31	logportalauth[61338]: Voucher login good for 1 min.: sJ74hkCMmQz, , 172.31.128.9
    
    

    cu
    stefanero



  • Hello,

    still not working btw, "mar 20th" snapshot



  • Can you show me a screenshot of how you have configured the sync voucher section on pfSense?



  • Hi erml,

    sure I can attached is a screenshot.

    The internal pfsense runs on a class 10 - priv network, we use a different user and run on port 8080 instead of the default.

    Like I already wrote in my previous posts, I think the syncronization is kinda working.

    Going to Status -> Captive Portal, I can see the rolls from the Lan - pfSense and also the test page with a voucher from lan works fine.

    Its only a matter when I actually use a voucher on a laptop.

    cu
    stefanero




  • Check tomorrow's snapshot.  I am about to commit a fix for this.



  • Thank you very much.

    I will let you know as soon as possible.

    cu
    stefanero



  • Can this be implemented to sync on a non pfsense machine? To send info an sync with another DB?



  • If you can talk the same xmlrpc than yes you can implement it somewhere else.



  • Good  morning,

    well sry to tell but still no difference to the situation before.

    Voucher	Roll	Activated at	Expires in	Expires at	
    adjYYXFyUe73	1	03/25/2011 08:34:21	0 min	03/25/2011 08:35:21
    

    It should have been a 1440 min voucher and not just 1 minute. The sync works as before, I can test the vouchers on the test page showing up fine with a duration of 1440 minutes,
    but when they get entered in the client, the duration is just the first digit of the duration of the voucher.

    so when a voucher runs 200 minutes, the duration is 2, when a voucher is valid 300  minutes the duration is 3… and so on.

    regards
    Stefanero



  • Now should be all functioning properly.
    Test with latest snapshots.



  • Hi ermal,

    this is looking good now, finally working :)

    thnx a lot to you and sullrich

    stefanero


Locked