[SOLVED] Captive Portal not working

[AdSchellevis]

can you try to run this:

Code Select Expand

curl -o /usr/local/opnsense/service/templates/OPNsense/IPFW/ipfw.conf https://raw.githubusercontent.com/opnsense/core/master/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf

and apply your captive portal settings again (or reboot)?

[lukepower]

Sir, it is working now!  :)
What did you do to get it working?

Btw, is there any way to change the complexity of the vouchers? Like, avoid special chars in the username?

[franco]

We are still planing to make voucher length and character set customisable, but don't have a specific ETA.

[lukepower]

Ok!
But now tell me, what was wrong? Did I set something odd?

[AdSchellevis]

No, your setup was fine, it was a bug in the ruleset in combination with the pppoe interface.

For the vouchers, I want to add some simple checkboxes to "degrade" password strength and maybe a customizable length. I rather don't want to add a complete "selectable character map", I don't think that would increase user experience.

[lukepower]

Hi Ad,

I think that the solution with the checkbox would be more than fine. I would use the captive portal for hotel guests, and a too complicated username (for the password it's not as bad I guess) could lead to complaints  ;D

Anyway, OPNsense is truly great and I am very happy that I went installing it right away once it came out, instead of using pfSense. I used to use Endian firewall, but that stuff was simply not working anymore for my needs...

[AdSchellevis]

Hi Lukas,

Thanks for your feedback, always great to hear people like our project :)

I've added an issue in github for the voucher feature, I couldn't find one in the tracker and this should be easy to fix. (there have been more questions about it in the past)
https://github.com/opnsense/core/issues/886

Regards,

Ad

[jstrebel]

Ad,
the days we created the Voucher system for monowall we where confronted with two user complaints.
a) using smartphones users (mostly coming from other countries) had to switch often the the layout by pressing "option or alt keys to switch between the keyboard layouts. Some users had even difficulty to find certain characters on their device:
b) some people preferred to enter just numbers or other just small letters
c) depending on the Font (used by a external Voucher printing program) users entered wrong characters (O/0; i/L I/L) 

I have to say, I have not testet your newest feature "reduced character set" I will do it soon.
Thank you for the great work you and your team are doing. jakob

[AdSchellevis]

Hi Jakob,

I think the latest option (included yesterday) should solve most of the issues, but if it doesn't, I have no problem with decreasing the used character set a bit further to make this a better fix or maybe convert this option into two states (simple , only lower-case).

Regards,

Ad

[jstrebel]

Ad, thank you for the positive response.
What do you think about a following grouping.
a) UPPER CASE
b) lower case
c) numbers 273485

[AdSchellevis]

Hi Jakob,

I'm not sure about only numbers, chances are quite big to generate the same username twice, which may decrease generation performance a lot.
Only upper or lower case shouldn't be a problem, but I would provide the following options then:

0) default (secure like it was)
1) less secure (update from yesterday, lower+upper case and numbers, without known hard to read chars)
2) less secure, only upper case
3) less secure, only lower case

Which would (in my opinion) solve the mobile issue you mentioned.

Regards,

Ad

[fabian]

maybe this way:

passwords and usernames can contain
[ ] uppercase letters
[ ] lowercase letters
[ ] digits
[ ] special characters


By default, all of them are checked

[AdSchellevis]

I rather keep the options simpler here and limit the "weak password" option to one selectbox at max.
In my opinion it's easier to understand and read for most users and simply not worth the extra complexity.