[ previous ] [ next ] [ threads ]
 From:  Marcel Wiget <mwiget at mac dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Voucher support in captive portal
 Date:  Mon, 26 Mar 2007 11:15:24 +0200
time to contribute back to the excellent m0n0wall and its community ...

Some time ago we were looking for a simple hotspot solution and found
m0n0wall. We didn't want to use a centralized RADIUS server but rather
have m0n0wall (WRAP platform) do the authentication based on vouchers
that are printed beforehand and handed out to customers.

So I added voucher handling support to m0n0wall. Test images for  
generic pc
and WRAP , based on the latest beta, 1.3b2, can be found at the
following URL:


Patch has also been committed to the freebsd6 beta branch.

Quick Howto:

To enable, create and manage voucher support via captive portal,  
there is
a new Tab under Services->Captive Portal: Voucher.

Enable captive portal first, upload a landing page that contains an  
input field 'auth_voucher'. An example can be found on the the URL  
Then enable Voucher support on the Voucher tab. Initially you can  
leave all
fields with its defaults. Every new install will create unique  
Now add at least one "Roll" by clicking '+' on the Vouchers page, right
to 'Voucher rolls': Specify a Roll Number, e.g. 0, how many vouchers  
roll shall contain, and how long each voucher allows network access.
Then generate the new vouchers by clicking on the paper logo right to  
the newly
added roll. This will generate a CSV file and download via your browser.

Each of these generated vouchers can now be used by users for the  
amount of minutes for that roll. Note that as soon as a voucher has been
activated, its timer will run down to zero and then block access, no  
if the session is idle or got disconnected due to logout or session  

To test the vouchers in the m0n0wall GUI, click on Status->Captive  
Portal. New
tabs, dedicated to voucher handling, show up when voucher support is  
Click on status->captive portal-> Test Vouchers and enter one or more  
of the
newly generated vouchers from the downloaded CSV file and click submit.
A message will be shown with the validation and duration of each given

One can add multiple rolls, e.g. to have vouchers with different time  
It is also possible, to enter multiple vouchers, separated by space,  
to gain
the sum of time credit of all entered vouchers.

There is more to it, read the comments to each config parameter on  
the voucher

Note on the very short public/private RSA keys: I know, those can be  
easy and in no time, if one of the keys is known. The idea here was  
to make
it a little bit harder than simply adding a shared password into the  
config file. Unfortunately I'm no expert on encryption but I assume  
with such
short encrypted vouchers, there is no security difference between the  
RSA keys and a symmetric encryption. Anyhow, all that encryption/ 
stuff is done in a newly added binary C program voucher.c, that is  
compiled and
added into the m0n0wall image, and can be modified to increase the  
and security.

I'm sure there are bugs and issues with this new code, and I'll try  
my best
to work them out. Any feedback is welcome.

Best regards,