OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: Enrica_r on May 04, 2018, 06:13:45 pm

Title: Captive portal more options with radius reply
Post by: Enrica_r on May 04, 2018, 06:13:45 pm

Until today we use Pfense in production environment but we follow OPNsense development for months already. We would prefer to change to OPNsense if all functionality is there or better.

We manage a furnished apartment house like a hotel with more than 100 guests which want to have internet access plus internal networks for office and technic devices. One of most important component is captive portal with three redundant radius servers (ha). On radius servers we have different price profiles (time and bandwidth).

I tested OPNsense CP and compared it with the version of Pfsense. There are postive and negative conclusions:
+ The template for CP page is perfect.
+ Usage of AJAX between CP page and server (no pop-up for logout)
+ A mix of auth servers and no limits of radius servers.

- Allowed MAC addresses managed in one select field what is OK for some addresses but not for more than 100 --> there should be a separate page with name/description.
- User based bandwidth settings using radius reply attributes vendor WISPr-Bandwidth-Max-Up or WISPr-Bandwidth-Max-Down
- User based session timeout and/or idle timeout using radius reply attributes Session-Timeout and Idle-Timeout
- Option radius MAC athentification: Before opening CP page send clients MAC id as user + radius shared secret to radius and try to authentificate. If not ok then redirect to CP page for user/pw login.
- Session overview has no last activity column. This helps to see how many users are really active.

Further I prefer to have an overview page (not in Pfsense also) similar to traffic graph which shows active sessions with current bandwidth IN/OUT and total IN/OUT.

The missing bandwidth control via radius attributes is a show stopper for us.

I can understand that developer's priority isn't on CP. That's why I tried to understand how your CP code is working. But it's not easy to reverse enginieer and backend with IPFW is complex also, therefore without help the effort is enormiously. I'm willing to write some code in php but  I need some help. Is there somebody who could document what the CP process is? Thanks.

Title: Re: Captive portal more options with radius reply
Post by: Enrica_r on July 12, 2018, 03:54:16 pm

no reply?

Nobody who has the knowledge?

Title: Re: Captive portal more options with radius reply
Post by: mimugmail on July 12, 2018, 05:23:26 pm

I'm adding sqlite to freeradius right now. When this is finished theres a chance for getting user based profiles in, but no promise ...