PfSense 2.2.1 - Captive portal bug?



  • ** MASSIVE OVERHAUL OF THIS TOPIC AS MY MAIN QUESTION WAS ANSWERED **
    (old subject: pfSense 2.2.1 - Limit devices per voucher and other questions)

    Hi all,

    just registered to post my questions, as I haven't been able to find a working solution.

    I have just setup a fresh installation of pfSense 2.2.1, to provide our drivers with a working internet connection.
    I have setup the captive portal (created some rudimentary custom pages for testing) and configured some vouchers to test, and it all seems to work: Immediate redirect to login page, and after entering the voucher code immediate redirect to the Original requested page.

    However I have some very annoying issues:

    • I have the feeling there are some bugs with the captive portal? See below

    • There seems to be a bit loading time inbetween, which takes up to 30 seconds before a page is loaded (only when loading the login page and after logging in the requested page, after that it all works OK)

    • Is it possible to limit bandwith on a schedule? I would like to limit the bandwith during office hours.

    • Also I don't see what configuration I need to do to limit a voucher to 1 device only, without being able to use the same voucher on a different device? In every scenario I tested this I'm Always able to connect the second device using the same voucher.

    Solutions so far:
    I got question 4 covered by enabling

    • "Disable concurrent logins"

    • "Enable Pass-through MAC automatic additions" and

    • "Enable Pass-through MAC automatic addition with username"

    Captive Portal bugs?

    I made some screenshots for this to be clears.
    Please note that the presented login pages are rudimentary HTML pages, which will be recreated with logo's and such when everything is working as it should

    The first login page for entering the voucher (looks OK to me :) ):

    The page when the voucher is invalid (See the wrong error message?):

    The page when the voucher is already in use (Note that it now somehow puts a second login form here? With the wrong error message?):

    The source code of above page…:

    Thanks in advance for your time and effort answering my question(s) :)



  • @XanderVR:

    (Note that it now somehow puts a second login form here? With the wrong error message?):

    Look again at the code you showed.
    You output two html forms - so it shows two forums.



  • @Gertjan:

    @XanderVR:

    (Note that it now somehow puts a second login form here? With the wrong error message?):

    Look again at the code you showed.
    You output two html forms - so it shows two forums.

    no, the output is generated by pfSense.
    When I reset it to the Original pages, it has the same issue: it generates 2 HTML pages on 1 page…

    As you can see the original form (index.php) shows fine
    Also the "error" form shows fine if a wrong voucher is entered (however the error message is incorrect?)

    But if I enter a voucher that is already being used, then the system shows the eror page twice, with different error codes...


  • Banned

    Sigh. Reset the CP page to default. Then upload a non-broken custom one. Kindly review the code a couple of time before uploading it. Sure like hell pfSense does not generate the same page twice just because it feels like doing it.



  • heh… seems I am able to break 12 lines of HTML code?
    prffftttt....

    
    <title>Bring Trucking Internet Cafe - Login</title>
    
    <form method="post" action="$PORTAL_ACTION$">
    
    	Voucher:  
    
     </form>
    
    

    OK, I have removed this CP, and recreated it, without custom pages, yet the issue remains!

    The initial login page:

    The page with incorrect voucher code:

    The page when the voucher code is in already in use:


  • Banned

    Where does the issue remain? I can see no double voucher inputs.



  • @doktornotor:

    Where does the issue remain? I can see no double voucher inputs.

    sigh…

    ok scrolled down the last screenshot a bit... (working with virtual machines, couldnt get it all in 1 screenshot)


  • Netgate



  • @Derelict:

    https://redmine.pfsense.org/issues/3124

    I can confirm this was the solution to the double forms.
    However, the other issues still stand: the wrong error message: Invalid credentials specified.



  • With the patch proposed above, this:
    @XanderVR:

    However, the other issues still stand: the wrong error message: Invalid credentials specified.

    (which is the second instance of error-login-page)
    shouldn't show up any more ….

    I deducted this from reading the code.



  • @Gertjan:

    With the patch proposed above, this:
    @XanderVR:

    However, the other issues still stand: the wrong error message: Invalid credentials specified.

    (which is the second instance of error-login-page)
    shouldn't show up any more ….

    I deducted this from reading the code.

    Unfortunately this is not the case.
    I changed the lines as was specified in the bug report.
    This solved the case of the second form showing up.

    When I now enter a voucher code that has been used by someone esle, AND is currently active, I get the message that the voucher is already activated by someone else.
    When I enter an invalid voucher code, I get the error message: "Invalid credentials specified" and not "Invalid voucher"
    When I enter a voucher code that has already expired, I get the error message: "Invalid credentials specified", and not "Voucher expired"

    So where does it go wrong?
    This is just a plain install of pfSense 2.2.1
    No plugins/addons/etc, the only change is the one mentioned in the bugreport.



  • @XanderVR:

    So where does it go wrong?

    Guess what ?

    Its a bug ….
    I'll put a patch up.


  • Netgate

    So what?

    Captive portal needs a complete rewrite.  Looks like it'll be in python.

    Until then, it's working generally correctly.  I'm sure patches making the messages saner would be graciously accepted.



  • It's a simple one.

    Use the "System Patches" package to to apply it (or do it by hand):
    https://github.com/Gertjanpfsense/pfsense/commit/4828d672b1fbb06e45c272b329aafcfa9b9a8e20.patch

    https://github.com/Gertjanpfsense/pfsense/commit/4828d672b1fbb06e45c272b329aafcfa9b9a8e20

    The trouble was: $config['voucher'][$cpzone]['msgexpired'] (and $config['voucher'][$cpzone]['msgnoaccess']) do not exist - the default error message $errormsg ( = "Invalid credentials specified."; ) is always shown.

    I applied the parch on my own copy of pfSense. Looking good so far.
    Expired vouchers are signaled as should be.
    The more general error 'msgnoaccess' also.



  • That made sense :)

    Just changed the code and indeed it works now :)
    Thank you very much



  • I did some research about side-effect. Found none.

    Pull request against 'master' posted : https://github.com/pfsense/pfsense/pull/1587

    (twisting my fingers for that my SLA agreement is still valid, etc)

    edit: Pull accepted. Thanks XanderVR for bringing this up  :)



  • @Gertjan:

    I did some research about side-effect. Found none.

    Pull request against 'master' posted : https://github.com/pfsense/pfsense/pull/1587

    (twisting my fingers for that my SLA agreement is still valid, etc)

    edit: Pull accepted. Thanks XanderVR for bringing this up  :)

    It seems these prefixes are present in 2.3.2, but I'm still experiencing the same issue as OP; the double login boxes with double errors. Any ideas?



  • @bmginn and  @th112211 compare your pfSense version with the one mentioned in subject of this thread.

    I advise you to open a new thread and detail what you found out.

    Btw : I'm not using vouchers.