Voucher Length



  • Hi there!  :)
    I have a pfsense firewall running at the hotel and we've been using the captive portal with voucher system for a short time', but we've got a lot of complaints from the guests about the length of the vouchers.

    we are wondering if anyone has any tip for shortening the length of the vouchers?
    is it possible, vouchers to 6 characters max?

    thanks!



  • This would be interesting for me, too.
    Perhaps it would be possible to shorten the characters. So just use numbers so it is easier for your guest to enter these voucher codes.

    But it would be great if there would be an option to enter a specific voucher length.



  • +1



  • +100



  • You can restrict the character set already only to numbers.
    But without some financial backing i do not think anyone will do the modifications.



  • Create a shorter private key and modify the roll/ticket/checksum bits accordingly.

    My vouchers are 6 characters long.



  • @sandern:

    Create a shorter private key and modify the roll/ticket/checksum bits accordingly.

    My vouchers are 6 characters long.

    Hi,

    Can you please elaborate more on this. How did you create a shorter Key? I was getting an error when i tried to create a 6-bit key. Any Help would be great.

    Thanks



  • Hi, the shortest key i was able to create with openssl was a 32bit key. With this, i was ables to create a 8-10 length Voucher key.



  • ah, so i must be doing something wrong in the voucher configuration. :)

    Which values did you use in number of roll, ticket and checksum?

    I am now trying out different values in the configuration. 8 - 10 characters is good in my opinion.

    Thanks Valshare



  • Hi again,

    I couldn't make the voucher length shorter than 20 characters. Rolls and Ticket bits seems to effect the number of voucher rolls and tickets which can be created under each roll or tickets.

    Kind Regards



  • Hi,

    here are my setting. You must delete the old tickets and create new ones.

    Regards, Valle




  • there is an error in the "# of Roll Bits". This must be 15 to leave room the place the magic initializer.



  • @valshare:

    Hi,

    here are my setting. You must delete the old tickets and create new ones.

    Regards, Valle

    Hi Valle,

    Thanks to you, i was able to generate 10 - 7 character long voucher  :)

    I was able to generate 7 character log vouchers with the default voucher configs from a fresh installation of pfsense 2.0. I had 20 character voucher's after i changed "character set" to 123456789.

    Many Thanks & Kind Regards



  • @sandern:

    Create a shorter private key and modify the roll/ticket/checksum bits accordingly.

    My vouchers are 6 characters long.

    explain how to do it, please!



  • Hi,

    First generate a key "openssl genrsa 30 > key.private"

    I'm not sure about the 30 but I tried a few times to get the smallest possible number, it was 29-30-31 or something. The lowest one it would accept.

    Then openssl rsa -pubout < key.private >key.public

    And use the following values in the configuration screen:

    Roll bits: #5 (This can be more but we didn't have to use many different rolls)
    Ticket bits: #16
    Checksum bits: #5

    With this values I had a roll with 1023 vouchers with a length of 5-6 characters.

    Sander



  • @sandern:

    Hi,

    First generate a key "openssl genrsa 30 > key.private"

    I'm not sure about the 30 but I tried a few times to get the smallest possible number, it was 29-30-31 or something. The lowest one it would accept.

    Then openssl rsa -pubout < key.private >key.public

    And use the following values in the configuration screen:

    Roll bits: #5 (This can be more but we didn't have to use many different rolls)
    Ticket bits: #16
    Checksum bits: #5

    With this values I had a roll with 1023 vouchers with a length of 5-6 characters.

    Sander

    Thanks!!!
    works only with 31… i got error with 30!

    "openssl genrsa 31 > key.private"

    The vouchers is now with  7 characters length!

    Work like a charm!!!
    THANKS!!! THANKS!!! THANKS!!!



  • @sandern:

    Hi,

    First generate a key "openssl genrsa 30 > key.private"

    I'm not sure about the 30 but I tried a few times to get the smallest possible number, it was 29-30-31 or something. The lowest one it would accept.

    Then openssl rsa -pubout < key.private >key.public

    And use the following values in the configuration screen:

    Roll bits: #5 (This can be more but we didn't have to use many different rolls)
    Ticket bits: #16
    Checksum bits: #5

    With this values I had a roll with 1023 vouchers with a length of 5-6 characters.

    Sander

    Sorry, can you explain better?
    because it still doesn't work. I need to generate a voucher with 6 characters.

    Thanks for help,
    Bruno



  • What parameters did you try? What was the outcome?

    How many characters do you have in your set of available characters for voucher codes?



  • @wallabybob:

    What parameters did you try? What was the outcome?

    How many characters do you have in your set of available characters for voucher codes?

    Hi Wallabybob
    That's my configuration:
    .
    I tried all combinations and stays longer than 10 characters. Can you help me, please ?

    Thanks,
    Bruno



  • @brunoguidone:

    Can you help me, please ?

    I have not read the voucher handling code so I'm guessing. After reading this thread a few times I SUSPECT Sandern left out a step in his instructions: I suspect that the contents of the key.private and key.public files should be pasted into the corresponding key boxes on the voucher configuration page. Did you do that?

    I suspect the default keys need to be replaced by shorter keys to produce a shorter length voucher code. Possibly a smaller magic number will also help.



  • @wallabybob:

    @brunoguidone:

    Can you help me, please ?

    I have not read the voucher handling code so I'm guessing. After reading this thread a few times I SUSPECT Sandern left out a step in his instructions: I suspect that the contents of the key.private and key.public files should be pasted into the corresponding key boxes on the voucher configuration page. Did you do that?

    I suspect the default keys need to be replaced by shorter keys to produce a shorter length voucher code. Possibly a smaller magic number will also help.

    Hi Wallabybob,
    thank you so much !!! Its Works!! was really missing copy content to the correct fields.

    Thanks,
    Bruno



  • Thanks for reporting back.



  • Hello!

    I have the same requirement as the topicstarter and I need to have vauchers with 6 sumbols.
    I tried to follow instructions described in all replies.

    run:

    openssl genrsa 30 > key.private
    openssl rsa -pubout < key.private >key.public

    Used the following values in the configuration screen:

    Roll bits: #5 (This can be more but we didn't have to use many different rolls)
    Ticket bits: #16
    Checksum bits: #5

    deleted and recreated vouchers. Didn't work. Still have vouchers with 11 characters lenght.

    As I suppose I will have to "the contents of the key.private and key.public files should be pasted into the corresponding key boxes on the voucher configuration page"

    I know where to instert the new private and public keys, however I have no idea how to extract new generated private and public keys.

    Can you please explain me how to do it step by step?

    Thanks in advance!



  • @rinx:

    As I suppose I will have to "the contents of the key.private and key.public files should be pasted into the corresponding key boxes on the voucher configuration page"

    I know where to instert the new private and public keys, however I have no idea how to extract new generated private and public keys.

    The pfSense shell commandopenssl genrsa 30 > key.privategenerates a new private key and writes it into file named key.private in the default path. The shell command```
    openssl rsa -pubout < key.private >key.public

    
    Copy and paste is recommended here so avoid making errors in manually copying the key to the voucher configuration page.


  • @wallabybob:

    @rinx:

    As I suppose I will have to "the contents of the key.private and key.public files should be pasted into the corresponding key boxes on the voucher configuration page"

    I know where to instert the new private and public keys, however I have no idea how to extract new generated private and public keys.

    The pfSense shell commandopenssl genrsa 30 > key.privategenerates a new private key and writes it into file named key.private in the default path. The shell command```
    openssl rsa -pubout < key.private >key.public

    
    Copy and paste is recommended here so avoid making errors in manually copying the key to the voucher configuration page.
    

    Thanks for clarification! That has worked and I have 5 characters vouchers now!
    Cheers!



  • I´m still unable to generate a lesser code.
    After trying "openssl genrsa 30" with the openSSL Tool and copy/paste it on Captive Portal page, my Database is destroyed while generating voucher codes.
    Following Error is displayed.
    "CFG bad content in cfg file /var/etc/voucher.cfg"

    Copy old rsa key back, database is still destroyed. So i have to restore my backup config.

    Can someone write me a step by step list?



  • @dirkche:

    Can someone write me a step by step list?

    You apparently generated a private key. What did you use for the public key?



  • Hi,

    i used this:

    Hi,

    First generate a key "openssl genrsa 30 > key.private"

    I'm not sure about the 30 but I tried a few times to get the smallest possible number, it was 29-30-31 or something. The lowest one it would accept.

    Then openssl rsa -pubout < key.private >key.public

    And use the following values in the configuration screen:

    Roll bits: #5 (This can be more but we didn't have to use many different rolls)
    Ticket bits: #16
    Checksum bits: #5

    With this values I had a roll with 1023 vouchers with a length of 5-6 characters.

    Here i used 31 instead of 30

    I copied the wrong with "openssl genrsa 30"….. i meaned "openssl genrsa 31"



  • I have not experimented with shortening the voucher length and don't have a system on which I am prepared to experiment.

    The public key depends on the private key. Both public and private keys are inputs to the voucher generation. If you attempt to generate vouchers with a "new" private key and an "old" public key you are likely to get "inconsistent" results because the two keys are not correctly related. In your post so far you have not mentioned generation of a new public key derived from your new private key nor have you mentioned providing such a key as input to the pfSense voucher generation page.

    What are you wanting to achieve by changing things: shorter (how many characters?) length voucher codes?



  • @wallabybob

    i found in an another topic a how to for generating public/private keys with openSSL (http://www.openssl.org/).
    I generated a private key and with it a public key and paste it on my captive portal page.

    Using  "openssl genrsa 30 > key.private" on command line of my pfsense, nothing happens!



  • @dirkche:

    Using  "openssl genrsa 30 > key.private" on command line of my pfsense, nothing happens!

    What are you expecting to happen?

    See my explanation of 26-Nov (or possibly 25-Nov, depending on your timezone).



  • @wallabybob:

    @dirkche:

    Using  "openssl genrsa 30 > key.private" on command line of my pfsense, nothing happens!

    What are you expecting to happen?

    See my explanation of 26-Nov (or possibly 25-Nov, depending on your timezone).

    i was expecting the keys to be output so i could paste them into my configuration? i am a little confused here after running both commands where do i find these keys?



  • @FiFaSteveO:

    i am a little confused here after running both commands where do i find these keys?

    I don't think I can put it any more clearly than I did in my reply in this topic of 26-Nov (or possibly 25-Nov, depending on your timezone). Did you read that?



  • Aaaaah i see

    reads the previously generated private key and writes a matching public key into the file key.public.  So use the shell command cat (or more) to display the contents of the appropriate key file, copy the contents of the key file into the paste buffer then paste it into the appropriate field in the voucher configuration page.

    Copy and paste is recommended here so avoid making errors in manually copying the key to the voucher configuration page.

    I missed this step :-/

    EDIT: I think the problem is, that my command shell will not properly work
    executing openssl genrsa 31 > key.private will just write this:
    $ openssl genrsa 31 > key.private

    2#EDIT:
    ok cat key.private shows a key but cat key.public not after 1min cat key.private also dont works.



  • Here's an exact copy of the commands run on my system, a VIA C3 800MHz CPU (hardly a speed demon):```

    [2.0.1-RELEASE][admin@pfsense.example.org]/root(32): time openssl genrsa 31 > key.private
    Generating RSA private key, 31 bit long modulus
    .+++++++++++++++++++++++++++
    .+++++++++++++++++++++++++++
    e is 65537 (0x10001)
    0.052u 0.015s 0:00.09 66.6% 552+628k 0+2io 0pf+0w
    [2.0.1-RELEASE][admin@pfsense.example.org]/root(33): time openssl rsa -pubout < key.private > key.public
    writing RSA key
    0.021u 0.021s 0:00.04 100.0% 552+570k 0+1io 0pf+0w
    [2.0.1-RELEASE][admin@pfsense.example.org]/root(34): cat key.private
    -----BEGIN RSA PRIVATE KEY-----
    MCwCAQACBQCDnyRNAgMBAAECBAF3ThkCAwDwawIDAIwnAgMAmOMCAkxrAgJ5fg==
    -----END RSA PRIVATE KEY-----
    [2.0.1-RELEASE][admin@pfsense.example.org]/root(36): cat key.public
    -----BEGIN PUBLIC KEY-----
    MCAwDQYJKoZIhvcNAQEBBQADDwAwDAIFAIOfJE0CAwEAAQ==
    -----END PUBLIC KEY-----
    [2.0.1-RELEASE][admin@pfsense.example.org]/root(37):

    
    By preceding the openssl commands by _time_ I get the shell to report the time the command takes to complete. Neither is particularly long. These commands were typed in an SSH session to the pfSense box.
    
    @dirkche:
    
    > ok cat key.private shows a key but cat key.public not after 1min cat key.private also dont works.
    
    Did you issue the command to generate the public key?


  • Hmm your connected with cmd to your pfsense?
    I used the Shell as you can see on screen. Maybe the problem is here!?!?!

    Quote from: dirkche on Today at 05:25:57 am
    ok cat key.private shows a key but cat key.public not after 1min cat key.private also dont works.
    Did you issue the command to generate the public key?

    Yes i used both codes
    openssl genrsa 31 > key.private
    openssl rsa -pubout < key.private > key.public

    But its strange that i works but one minute after not more



  • @dirkche:

    Hmm your connected with cmd to your pfsense?

    Are you accessing your pfSense from a Windows system? If so, you can use the WinSCP program (free download) to create a SSH session from Windows to Unix systems (including pfSense).



  • Thanks Wallabybob !!!!!!!!!!!!

    Ok again for all if someone needs still help :)

    Open SSH Connection with pfSense eg. with WINSCP:
    IP: Serverip
    Port: 22  (if u didnt changed it)
    User: root
    Pw: Your PW as on weblogin
    With SFTP Protocol

    then open terminal and fill in:
    openssl genrsa 31 > key31.private
    openssl rsa -pubout < key31.private > key31.public

    i used key31. because of generating a new file!!!!

    cat key31.private
    cat key31.public

    and copy and paste it on webgui into Services: Captive portal: Vouchers
    Characterset: i deleted all uppercase chars

    of Roll Bits                5

    of Ticket Bits         16

    of Checksum Bits 5

    and deleted all entries in "Voucher database synchronization".
    After SAVE it makes voucher lenghts of 6-7 chars !

    Thanks for HELP !!





  • While generating a shorter voucher character ease the user input, I think it compromises the security. I am using as-is and explains to my younger sister why she needs to enter this very long voucher code. Anyway, it's just my opinion.


Log in to reply