Professional Documents
Culture Documents
latest
Need professional assistance? We offer several levels of support to meet your needs. Sign Up
Now.
General Information
Releases
Product Manuals
Hardware
Interfaces
802.11 Wireless
Cellular Wireless
Firewall
Traffic Shaper
Certificate Management
User Management
Services
o Complex Services
Captive Portal
Captive Portal
Captive Portal Status
Authenticating Captive Portal Users with Vouchers
Captive Portal Authentication Logs
Authenticating Captive Portal Users with FreeRADIUS
Configuring a Pre-authentication Redirect for Captive Portal Users
Troubleshooting Captive Portal
DHCP
DNS
Server Load Balancing
o Simple Services
DHCP
DNS
Captive Portal
o Captive Portal
o Captive Portal Status
o Authenticating Captive Portal Users with Vouchers
Setting Up Vouchers
Voucher Status/Management
Portal Page
Troubleshooting
o Captive Portal Authentication Logs
o Authenticating Captive Portal Users with FreeRADIUS
o Configuring a Pre-authentication Redirect for Captive Portal Users
o Troubleshooting Captive Portal
Server Load Balancing
High Availability
System Monitoring
Virtualization
VPN
Troubleshooting
Packages
Cache / Proxy
IDS / IPS
Development
REFERENCES
References
Netgate Documentation
Docs »
pfSense »
Services »
Captive Portal »
Users enter their voucher code in the portal page and are granted access for as long as the
voucher is valid. Voucher time does not stop counting down if a user logs out; the voucher is
only valid from the start of the session for the duration of the voucher length. Some
companies have integrated the exported voucher lists into their point of sale applications to
print a voucher on customer receipts.
To use vouchers, a custom portal page must be used that submits the voucher
as auth_voucher.
Setting Up Vouchers
The voucher system creates and verifies vouchers based on public/private key and
configuration settings.
RSA Keys
Before the program can be used, a public/private RSA key pair must be generated. A set is
generated automatically the first time the page is visited that is 32-bits in length, but a new
pair may be manually generated if desired. The maximum key length supported is 64 Bits.
Using shorter keys will make the generated vouchers shorter but eventually less secure.
Voucher Fields
The following fields control how the vouchers themselves are generated. Leaving these
values at their defaults is recommended but they may be adjusted as needed. The total of all
these fields must be less than the RSA key size. For example, the default values are 16, 10,
and 5. The sum of these is 31, which is one less than 32.
Number of Roll Bits: Number of Bits used to store the Roll Id. Set this larger if many
rolls will be active at the same time. Can be from 1-31.
Number of Ticket Bits: Number of Bits used to store the Ticket Id. Set this larger if
each roll will have a large number of vouchers. Can be from 1-16.
Output Example
The following list contains sample voucher codes generated by pfSense:
6UVeTS6II68
kGZ38iBgyx4
gWUhfyvWo43
kiViNq31p7b
jLzSQuZMPJa
The generated vouchers will be different due to the generated RSA key pair, even if the same
config file is used.
Voucher Status/Management
Active vouchers, roll statistics, testing, and expiration of vouchers may all be performed on
the Captive Portal Statuspage for the zone.
Testing
To test the vouchers, go to Status > Captive Portal, select the zone, and visit the Test
Vouchers tab. See Captive Portal Status.
Portal Page
The portal page must include the following field to accept the voucher code:
Troubleshooting
The session timeout must be enabled in order to allow the voucher session to
expire and deactivate.
Next Previous
Documentation Feedback
For assistance in solving software problems, please post your question on the Netgate Forum.
If you see anything that's wrong or missing with the documentation, please suggest an edit by
using the feedback button in the upper right corner so it can be improved.