Annual Vouchers?



  • Hi,

    I'm looking at installing pfsense for the captive portal side of our wireless.  Students have come up with the idea to raise money for the school to charge students £5 per year for wireless access.

    We use NPS RADIUS to authenticate users at the moment using 802.1X.  All working well, but if I create a group to add users into that have paid for access then they could log in as many devices as they like.  I have looked at using a combination of user authentication and certificates, but the enrolment of the certificates becomes a hassle.

    So I'm now looking at user authentication with a captive portal and voucher code access.  I want to set the validity of the voucher to 1 year.  The user types that voucher code in and that device has access for the year.  So a couple of questions…

    1. Can the vouchers 'Minutes per ticket' option be set to 525600?
    2. Does the voucher code then get tied to the devices MAC Address so they can just join the Wifi as often as they like until the 'Minutes per ticket' runs out?

    Thanks

    Andy



  • Create, generate and activate Rolls with Vouchers that allow access through the captive portal for the configured time. Once a voucher is activated, its clock is started and runs uninterrupted until it expires. During that time, the voucher can be re-used from the same or a different computer. If the voucher is used again from another computer, the previous session is stopped.

    The answer is yes. Just turn off idle timeout and hard timeout.


  • Netgate

    I don't think that'll work because that ties the IP to the MAC address.  The DHCP lease will probably change throughout the year.

    Set this:

    Disable Concurrent Logins
    Enable Passthrough MAC
    Enable Passthrough MAC with username
    Vouchers

    If they change MACs they'll need a new voucher or someone will have to go in and kill the old MAC pass-through entry, which should allow them to use the same voucher on a new MAC address.

    Just generate voucher rolls good through the end date, whatever that is.  Doesn't matter how long as far as I know.



  • @Derelict:

    I don't think that'll work because that ties the IP to the MAC address.  The DHCP lease will probably change throughout the year.

    Set this:

    Disable Concurrent Logins
    Enable Passthrough MAC
    Enable Passthrough MAC with username
    Vouchers

    If they change MACs they'll need a new voucher or someone will have to go in and kill the old MAC pass-through entry, which should allow them to use the same voucher on a new MAC address.

    Just generate voucher rolls good through the end date, whatever that is.  Doesn't matter how long as far as I know.

    This would make sense, but it seems that when you use passthroughs in the manner, they don't display anywhere. I've searched and can't find them. Passthroughs with logins display just fine though.

    Any ideas?


  • Netgate

    They display in Services > Captive Portal, Edit, MACs



  • @Derelict:

    They display in Services > Captive Portal, Edit, MACs

    That's where I was looking. I cleared out most of my config and it started working properly. Specifically there was a problem with my freeradius config that I had changed manually. Even though I wasn't actively using freeradius at the time, that seems to be what caused the problem.