Captive Portal voucher sessions expire every day

[stankewitz]

Hi,

we have installed two DEC2770 in HA last week replacing Sophos XG Firewalls. There are two VLAN interfaces that require a captive portal with voucher authentication. That functionality was also ported to OPNsense.

We have reports that users need to re-authenticate every morning despite having idle timeout and hard timeout set to 0. Vouchers are valid and don't expire.

I have noticed that some MAC addresses have multiple sessions listed but with different IPs (dynamic leases, lease time 8h, Kea DHCP). There is one session for each day (per MAC) regarding "connected since".

Does OPNsense not check the MAC address regarding pre-existing authenticated session? It looks like it rather checks the IP. I can't immagine this to be true since it would render captive portal with DHCP kind of useless and grant any client pre-authenticated access that happens to get a still valid session IP.

Is that normal behaviour or am I missing something?