Max concurrent users in Captive Portal

stephenb · Jan 17, 2007, 8:47 AM

I'm actually using monowall, but this might be a quicker way to find an answer.

we are using a captive portal for a small group. For the sake of keeping things easy, and having the illusion of security, we want to set up the captive portal with a single user account and have everyone log in as that user. Is there a max number of times the same user can log on?

I know this isn't the best, most secure solution, but it's the best we can do with what we have.

hoba · Jan 17, 2007, 9:54 AM

Just have a look at the webgui. It's even a configurable setting:

Maximum concurrent connections
per client IP address (0 = no limit)
This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in to the captive portal, but rather how many users can load the portal page or authenticate at the same time! Default is 4 connections per client IP address, with a total maximum of 16 connections.

and

Concurrent user logins Disable concurrent logins
If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected.

If you use an external radiusserver you'll have to check the settings of the radius server too.

stephenb · Jan 17, 2007, 7:06 PM

I saw that, but I wasn't sure if that pertained to a single IP address or a user account.

sullrich · Jan 17, 2007, 7:13 PM

Per IP.

stephenb · Jan 17, 2007, 9:10 PM

Ok, I'm still confused. Let me lay this out a bit better. We will have ~50 users connecting to the captive portal. Each user will have a unique ip. Some users will connect wirelessly, but the majority will connect via hard wire.

We want the facade of security, but without the confusion. Because neither the users or admin have the means to deal with it. And since the captive portal is on a firewalled VLAN, and every user is responsible for their own computer, it isn't a big deal. (this is a private multi-unit residence) So what we want to do, is require each user to authenticate at the captive portal page. (a feeble attempt at keeping out wireless pirates) But we can't use encryption because we don't control the end users' machine.

Since we aren't dealing with the most tech savvy of people, this has to be easy and quick. We don't want to have to add users each time somebody gets a new computer or moves in. So we thought that we create a single user account for the captive portal and every user uses that account to get past the window. Will this work if we have 50 people logged on as the same user?

We don't care about tracking and receipts, etc. Just that we know it works.

Thanks for all your help, I prefer the forum over monowall's mailing list.

sullrich · Jan 17, 2007, 9:14 PM

Right now I personally oversee a install with 5300 children all on wireless using a 2 month old snapshot of pfSense. It just works as it is supposed to.

hoba · Jan 17, 2007, 9:37 PM

I have a hotel with several accesspoints. They have a CP page and hand out the same credentials to all their guests. It's just to prevent non hotel guests from using their internetaccess. No issues.

stephenb · Jan 17, 2007, 10:37 PM

Excellent! That solves my issues. Thanks so much.

orliec · Mar 1, 2007, 8:11 PM

Question: Is there a limit to the number of clients that can get to and stay on the captive portal login webpage simultaneously? I tried a different CP in the past and the demo version was limited to 5 clients that can see the CP webpage – the rest had to wait until the 5 clients either connected/authenticated or closed their web browsers.

We're anticipating about 200+ clients who will simultaneously hit pfSense's CP webpage... so it's a concern.

sullrich · Mar 1, 2007, 8:31 PM

Shouldnt be a problem. I run a site with much more ppl.