Messages

Now my idea now is to use captive portal + an openLDAP server for authentication. My thinking is I can control the users as needed via a script/program at the LDAP server.

Does anyone see a problem with this? Can I still get logged in time etc?

Ahh slowly I am beginning to understand how captive portal works..

So the system generates the vouchers ahead of time. I can't really control this by adding my own I guess.

So I may have been over thinking this..

I wonder if I can simply use the captive portal via the api (or configctl) to create a ticket/voucher for a given user programmatically.

That way I can have my user DB with time allowed stored on a separate computer with different logic.

The only issue is extracting the time used/remaining.

I guess what I am after is managing users and access remotely via a website that's not the Opnsense gui. Captive portal / Guest network Hotel scenario seems ideal but how do I control the users via a backend process instead of through the gui? configctl?

The scenario - user registers via my website and requests a certain amount of time. website passes credentials to a server that then ties in with the captive portal. When the user connects to my network via wifi (or hardwired) a portal login pops up. Using their user/password they get access. System keeps track of their usage and when time limits up they get logged out and their credentials no longer work until they request more time.. the key here is the website (or more likely an intermediate RESTful server) handles the configuration/setup so I don't have to deal with each user and manually configure/update each time.

Does this make sense?

My first thought was using a separate FreeRadius server with a SQL backend - can add/remove/read records directly but not sure how that ties in with the captive portal.

Another thought was some sort of ssh hook into opnsense via configctl - managing users/vouchers as needed.

Wanted to followup - I ended installing acme.sh on an internal server instead and was able to get everything running as expected. Even used a wildcard!

https://github.com/Neilpang/acme.sh/tree/master/dnsapi

So am getting into the letsencrypt/acme.sh thing.. My provider is GoDaddy and I am using dns01 - "dns_gd". I am on OpnSense 18.1.8 and acme.sh v2.7.9

Seems straightforward but cannot add any certificates using staging (have not tried production) - from the logs I keep getting txt record errors but the txt records actually appear in GD.. and I can query them. Note there seems to be 2 challenge records - I do not know if this is normal or not.

Not sure how to go about troubleshooting this properly. Any advice would be appreciated.

Thx!

E.

Code Select Expand


...........
...........
[Sun May 20 10:38:45 EDT 2018] _post_url='https://api.godaddy.com/v1/domains/xxxxxxx.com/re
cords/TXT/_acme-challenge'
[Sun May 20 10:38:45 EDT 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/h
ome/http.header  -g '
[Sun May 20 10:38:46 EDT 2018] _ret='0'
[Sun May 20 10:38:46 EDT 2018] Add txt record error.
[Sun May 20 10:38:46 EDT 2018]
[Sun May 20 10:38:46 EDT 2018] Error add txt for domain:_acme-challenge.xxxxxxx.com
[Sun May 20 10:38:46 EDT 2018] pid
...........
...........