[Solved] Captive portal Use one voucher code for multiple users



  • Hello Forum,

    I've run into a problem here, it seems that the option "Disable concurrent logins" doesn't work for the voucher system.
    Is there a workaround for this or does anyone have a solution?

    SOLVED

    we fixed this by doing the following,

    1646,1649c1646,1652
    <                       /* This user was already logged in so we disconnect the old one */
    <                       captiveportal_disconnect($cpentry,$radiusservers,13);
    <                       captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"CONCURRENT LOGIN - TERMINATING OLD SESSION");
    <                       unset($cpdb[$sid]);
    –-

    if (isset($config['captiveportal']['noconcurrentlogins']))  {
                                  /* This user was already logged in so we disconnect the old one */
                                  captiveportal_disconnect($cpentry,$radiusservers,13);
                                  captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"CONCURRENT LOGIN - TERMINATING OLD SESSION");
                                  unset($cpdb[$sid]);
                          }



  • Thanks a million GeertJan!!  I spent an hour fighting with this yesterday and ended up setting option to auto-add their MAC for bypass as a temp workaround but will try your patch but guessing it should work. :)

    Is this fixed in a more recently nightly for future release? (I used 2.0.1 embedded)  Is kinda a nasty/bad bug or at least mega annoying.
    Bill



  • That kinda defeats the purposes of vouchers!

    That means that you will give a window of openess to different users with the same voucher!
    You would be better with just a scheduled rule for the matter on this.

    From CP point of view vouchers is a way of authenticating its not a way to grant a window in a certain timeslot.



  • What about allowing 2 or 3 concurrent logins per voucher, so that a guest can use two devices (e.g. his laptop and smartphone) concurrently?



  • The issue is that there is no mechanism for setting the number of allowed logins.
    What can happen is that all your guests will just use the same voucher!

    That is not at all something feasible.

    The better option would be give him 1 voucher for each device!
    Or even teach him how to activate 'tethering' or connection sharing which most today devices can do.

    Otherwise you are completely open and your 'security' is nothing.



  • Actually, we are using this for time window purposes.

    The portal is installed in front of building servicing meetingrooms. When a meetingroom is rented, the host receives a voucher. This voucher is valid for all attendee's during a pre-defined period.

    I don't see why this would not be added to the source. It will not break anything else. It only add's the feature if someone uses vouchers and checks the 'allow concurrent logins' feature. This feature does what is says when using username+password for authentication. So why not using it if vouchers are used for authentication?



  • Can you add a feature request in redmine.pfsense.org.
    I will add it to pfSense when i have time.



  • Thanks GeertJan  - that work around is just what I was looking for too…

    • I agree also there are some scenarios where this is useful.

    • Again we too have a conference room (or two) we rent out - especially handy in that scenario.

    • It did take me a minute to realise it was /etc/inc/captiveportal.inc that I needed to edit - I assume thats correct :-)  , but I think its now working...

    Looks like it is now in redmine too...
    http://redmine.pfsense.org/issues/2146

    Many Thanks
    Nick



  • Thanks GeertJan,

    i also aggree, that is a useful scenario, for hotels too
    most guest have multible devices, for eg. a laptop, an ipad, or a smartphone.
    i suggest an option: max concurrent connection per voucher/session/whatever: <number>so you can open a time window for a limited range of devices and doesn't loose all the security…</number>


Locked