Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Annual Vouchers?

    Scheduled Pinned Locked Moved Captive Portal
    6 Posts 4 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      waya01
      last edited by

      Hi,

      I'm looking at installing pfsense for the captive portal side of our wireless.  Students have come up with the idea to raise money for the school to charge students £5 per year for wireless access.

      We use NPS RADIUS to authenticate users at the moment using 802.1X.  All working well, but if I create a group to add users into that have paid for access then they could log in as many devices as they like.  I have looked at using a combination of user authentication and certificates, but the enrolment of the certificates becomes a hassle.

      So I'm now looking at user authentication with a captive portal and voucher code access.  I want to set the validity of the voucher to 1 year.  The user types that voucher code in and that device has access for the year.  So a couple of questions…

      1. Can the vouchers 'Minutes per ticket' option be set to 525600?
      2. Does the voucher code then get tied to the devices MAC Address so they can just join the Wifi as often as they like until the 'Minutes per ticket' runs out?

      Thanks

      Andy

      1 Reply Last reply Reply Quote 0
      • W
        WilsonL
        last edited by

        Create, generate and activate Rolls with Vouchers that allow access through the captive portal for the configured time. Once a voucher is activated, its clock is started and runs uninterrupted until it expires. During that time, the voucher can be re-used from the same or a different computer. If the voucher is used again from another computer, the previous session is stopped.

        The answer is yes. Just turn off idle timeout and hard timeout.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          I don't think that'll work because that ties the IP to the MAC address.  The DHCP lease will probably change throughout the year.

          Set this:

          Disable Concurrent Logins
          Enable Passthrough MAC
          Enable Passthrough MAC with username
          Vouchers

          If they change MACs they'll need a new voucher or someone will have to go in and kill the old MAC pass-through entry, which should allow them to use the same voucher on a new MAC address.

          Just generate voucher rolls good through the end date, whatever that is.  Doesn't matter how long as far as I know.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • B
            bmginn
            last edited by

            @Derelict:

            I don't think that'll work because that ties the IP to the MAC address.  The DHCP lease will probably change throughout the year.

            Set this:

            Disable Concurrent Logins
            Enable Passthrough MAC
            Enable Passthrough MAC with username
            Vouchers

            If they change MACs they'll need a new voucher or someone will have to go in and kill the old MAC pass-through entry, which should allow them to use the same voucher on a new MAC address.

            Just generate voucher rolls good through the end date, whatever that is.  Doesn't matter how long as far as I know.

            This would make sense, but it seems that when you use passthroughs in the manner, they don't display anywhere. I've searched and can't find them. Passthroughs with logins display just fine though.

            Any ideas?

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              They display in Services > Captive Portal, Edit, MACs

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • B
                bmginn
                last edited by

                @Derelict:

                They display in Services > Captive Portal, Edit, MACs

                That's where I was looking. I cleared out most of my config and it started working properly. Specifically there was a problem with my freeradius config that I had changed manually. Even though I wasn't actively using freeradius at the time, that seems to be what caused the problem.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.