Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive portal centralized voucher generation

    Scheduled Pinned Locked Moved Captive Portal
    20 Posts 4 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      ozlecz
      last edited by

      requirement;
      centralize voucher server for remote multiple sites

      scenario:
      =CentralOffice–-----multipleSites (wifi zones)
      =all the sites are with pfsense

      question:
      =is it possible to generate vouchers in the pfsense CentralOffice and be use at the multiple sites for authentication?

      thanks

      1 Reply Last reply Reply Quote 0
      • U
        unixaccent
        last edited by

        I would also want to know if it is possible to do it. Maybe a setup like: the vouchers are hosted in a secured php-mysql driven website.

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          Have you noted the "Voucher database synchronization" feature on vouchers tab?

          1 Reply Last reply Reply Quote 0
          • O
            ozlecz
            last edited by

            I now thought of something…i can call it WORKAROUND, but logically i think it will work;

            = will configure captive portal on all the wifizone pfsense and do a url redirect to the centralOffice pfsense with captive portal
            = configure only CentralOffice for voucher option....

            does it make sense?..please comment on this solution...havent done it live yet...still waiting for my alixApU

            CHALLENGE:
            =i could figure out a chanllenge on the redundancy of the CEntralOffice pfsense server.....I THINK THIS IS NOT POSSIBLE SINCE THE VOUCHER GENERATIONS RELY ON SOME SPECIFICS OF THAT SERVER!!!!!

            HELP

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              Let me say it again:

              Have you noted the "Voucher database synchronization" feature on vouchers tab?.

              WTH would you URL redirect to some central office? You just sync the vouchers.

              1 Reply Last reply Reply Quote 0
              • O
                ozlecz
                last edited by

                if theres a synch db feature then that should work..i will try that…..thanks a lot...

                1 Reply Last reply Reply Quote 0
                • U
                  unixaccent
                  last edited by

                  @doktornotor

                  Can you teach us how? You've already answered my question but a step by step procedure would really help. Thanks in advance!

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    Uhm… on every site, point it to the "central office" captive portal (IP, port), put in the admin credentials, done. Cannot see what step-by-step instructions this needs?  ???

                    1 Reply Last reply Reply Quote 0
                    • O
                      ozlecz
                      last edited by

                      hi, where in the central office the captive portal port and username/password defined..thx

                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned
                        last edited by

                        Huh? Obviously, on the central office box (interface IP, webgui port, admin user).

                        1 Reply Last reply Reply Quote 0
                        • O
                          ozlecz
                          last edited by

                          coz ive tried in the centraloffice to configure
                          IP= its own ip
                          port=443
                          username=user
                          password=pass

                          and when i save it it says fails to synch etc

                          1 Reply Last reply Reply Quote 0
                          • D
                            doktornotor Banned
                            last edited by

                            Sigh. You do NOT configure sync on the master Captive Portal. Maybe, you should read the fine docs before asking… or, at minimum, read the description in the GUI:

                            NOTE: this should be setup on the slave nodes and not the primary node!

                            https://doc.pfsense.org/index.php/Category:Captive_Portal

                            1 Reply Last reply Reply Quote 0
                            • O
                              ozlecz
                              last edited by

                              i know you are going to define ip/port/user/pass in the remote..

                              but how is the centraloffice going to listen/authenticate if the port user/pass is not defined locally

                              1 Reply Last reply Reply Quote 0
                              • D
                                doktornotor Banned
                                last edited by

                                Uh. For the last time - you point it to the WAN IP/WebGUI port of the central office box and use the admin credentials of the central office box. All of these are already defined, very obviously. Now, if you still do not understand, I'd strongly suggest reading at least the wiki docs.

                                1 Reply Last reply Reply Quote 0
                                • O
                                  ozlecz
                                  last edited by

                                  got the below logs

                                  Mar 25 03:04:01 php[34627]: /services_captiveportal_vouchers.php: voucher XMLRPC sync data http://192.168.11.254:80.
                                  Mar 25 03:04:01 php[34627]: /services_captiveportal_vouchers.php: The Captive Portal voucher database has been synchronized with http://192.168.11.254:80 (pfsense.exec_php).
                                  Mar 25 03:04:02 logportalauth[34627]: Writing voucher db from sync data…

                                  sayy writing db....but never will say successful in doing so....

                                  hence when u test vouchers it will fail (5LjX6i6Gbk53 invalid: TYPO Invalid magic <5LjX6i6Gbk53> !!)

                                  and logs will show

                                  logportalauth[34627]: 5LjX6i6Gbk53 invalid: TYPO Invalid magic <5LjX6i6Gbk53> !!

                                  1 Reply Last reply Reply Quote 0
                                  • O
                                    ozlecz
                                    last edited by

                                    thanks guys…...had it worked;

                                    = got to make the same zone throughout

                                    @unixaccent
                                    1. make sure all portal page are up
                                    2. on the remote db sync put the ff
                                        ip=ip of the centralO webconf
                                        port=weconfig port (80=default)
                                        user=admin(default)
                                        pass=pfsense (unless youve changed)
                                    3. save ...now you should be seeing the voucher rolls...

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      doktornotor Banned
                                      last edited by

                                      As a side note: I'd strongly suggest making use of HTTPS. Sending admin passwords in the clear sounds like Bad Idea (TM).

                                      Finally, I really would love to hear from developers what kind of privs needs to be assigned to a user to be usable for this sync, instead of full admin. Afraid I'll have to file a bug because I've tried 3 times and noone ever responded.

                                      1 Reply Last reply Reply Quote 0
                                      • O
                                        ozlecz
                                        last edited by

                                        once everything works fine, then security will come into picture..

                                        still finding a way how to fallback to another centralOffce server once the main one fails…

                                        1 Reply Last reply Reply Quote 0
                                        • D
                                          doktornotor Banned
                                          last edited by

                                          @ozlecz:

                                          still finding a way how to fallback to another centralOffce server once the main one fails…

                                          There's no another "centralOffce", unless you use CARP/failover. Frankly, has nothing to do with this topic.

                                          1 Reply Last reply Reply Quote 0
                                          • F
                                            focalguy
                                            last edited by

                                            @ozlecz:

                                            thanks guys…...had it worked;

                                            = got to make the same zone throughout

                                            I have to admit I was shaking my head a little through this thread but it gave me the clue I needed. I don't see anywhere in the docs (perhaps I missed it) that the zone name must be the same at the locations syncing with the master. The sync reported success but none of the vouchers worked. I had a different name and since there is no way to rename in the GUI I had to edit the XML config file by hand to change the zone name. After I did that it worked, so thank you ozlecz! :)

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.