Captive portal centralized voucher generation



  • requirement;
    centralize voucher server for remote multiple sites

    scenario:
    =CentralOffice–-----multipleSites (wifi zones)
    =all the sites are with pfsense

    question:
    =is it possible to generate vouchers in the pfsense CentralOffice and be use at the multiple sites for authentication?

    thanks



  • I would also want to know if it is possible to do it. Maybe a setup like: the vouchers are hosted in a secured php-mysql driven website.


  • Banned

    Have you noted the "Voucher database synchronization" feature on vouchers tab?



  • I now thought of something…i can call it WORKAROUND, but logically i think it will work;

    = will configure captive portal on all the wifizone pfsense and do a url redirect to the centralOffice pfsense with captive portal
    = configure only CentralOffice for voucher option....

    does it make sense?..please comment on this solution...havent done it live yet...still waiting for my alixApU

    CHALLENGE:
    =i could figure out a chanllenge on the redundancy of the CEntralOffice pfsense server.....I THINK THIS IS NOT POSSIBLE SINCE THE VOUCHER GENERATIONS RELY ON SOME SPECIFICS OF THAT SERVER!!!!!

    HELP


  • Banned

    Let me say it again:

    Have you noted the "Voucher database synchronization" feature on vouchers tab?.

    WTH would you URL redirect to some central office? You just sync the vouchers.



  • if theres a synch db feature then that should work..i will try that…..thanks a lot...



  • @doktornotor

    Can you teach us how? You've already answered my question but a step by step procedure would really help. Thanks in advance!


  • Banned

    Uhm… on every site, point it to the "central office" captive portal (IP, port), put in the admin credentials, done. Cannot see what step-by-step instructions this needs?  ???



  • hi, where in the central office the captive portal port and username/password defined..thx


  • Banned

    Huh? Obviously, on the central office box (interface IP, webgui port, admin user).



  • coz ive tried in the centraloffice to configure
    IP= its own ip
    port=443
    username=user
    password=pass

    and when i save it it says fails to synch etc


  • Banned

    Sigh. You do NOT configure sync on the master Captive Portal. Maybe, you should read the fine docs before asking… or, at minimum, read the description in the GUI:

    NOTE: this should be setup on the slave nodes and not the primary node!

    https://doc.pfsense.org/index.php/Category:Captive_Portal



  • i know you are going to define ip/port/user/pass in the remote..

    but how is the centraloffice going to listen/authenticate if the port user/pass is not defined locally


  • Banned

    Uh. For the last time - you point it to the WAN IP/WebGUI port of the central office box and use the admin credentials of the central office box. All of these are already defined, very obviously. Now, if you still do not understand, I'd strongly suggest reading at least the wiki docs.



  • got the below logs

    Mar 25 03:04:01 php[34627]: /services_captiveportal_vouchers.php: voucher XMLRPC sync data http://192.168.11.254:80.
    Mar 25 03:04:01 php[34627]: /services_captiveportal_vouchers.php: The Captive Portal voucher database has been synchronized with http://192.168.11.254:80 (pfsense.exec_php).
    Mar 25 03:04:02 logportalauth[34627]: Writing voucher db from sync data…

    sayy writing db....but never will say successful in doing so....

    hence when u test vouchers it will fail (5LjX6i6Gbk53 invalid: TYPO Invalid magic <5LjX6i6Gbk53> !!)

    and logs will show

    logportalauth[34627]: 5LjX6i6Gbk53 invalid: TYPO Invalid magic <5LjX6i6Gbk53> !!



  • thanks guys…...had it worked;

    = got to make the same zone throughout

    @unixaccent
    1. make sure all portal page are up
    2. on the remote db sync put the ff
        ip=ip of the centralO webconf
        port=weconfig port (80=default)
        user=admin(default)
        pass=pfsense (unless youve changed)
    3. save ...now you should be seeing the voucher rolls...


  • Banned

    As a side note: I'd strongly suggest making use of HTTPS. Sending admin passwords in the clear sounds like Bad Idea (TM).

    Finally, I really would love to hear from developers what kind of privs needs to be assigned to a user to be usable for this sync, instead of full admin. Afraid I'll have to file a bug because I've tried 3 times and noone ever responded.



  • once everything works fine, then security will come into picture..

    still finding a way how to fallback to another centralOffce server once the main one fails…


  • Banned

    @ozlecz:

    still finding a way how to fallback to another centralOffce server once the main one fails…

    There's no another "centralOffce", unless you use CARP/failover. Frankly, has nothing to do with this topic.



  • @ozlecz:

    thanks guys…...had it worked;

    = got to make the same zone throughout

    I have to admit I was shaking my head a little through this thread but it gave me the clue I needed. I don't see anywhere in the docs (perhaps I missed it) that the zone name must be the same at the locations syncing with the master. The sync reported success but none of the vouchers worked. I had a different name and since there is no way to rename in the GUI I had to edit the XML config file by hand to change the zone name. After I did that it worked, so thank you ozlecz! :)


Log in to reply