time to contribute back to the excellent m0n0wall and its community ...
Some time ago we were looking for a simple hotspot solution and found
m0n0wall. We didn't want to use a centralized RADIUS server but rather
have m0n0wall (WRAP platform) do the authentication based on vouchers
that are printed beforehand and handed out to customers.
So I added voucher handling support to m0n0wall. Test images for
and WRAP , based on the latest beta, 1.3b2, can be found at the
Patch has also been committed to the freebsd6 beta branch.
To enable, create and manage voucher support via captive portal,
a new Tab under Services->Captive Portal: Voucher.
Enable captive portal first, upload a landing page that contains an
input field 'auth_voucher'. An example can be found on the the URL
Then enable Voucher support on the Voucher tab. Initially you can
fields with its defaults. Every new install will create unique
Now add at least one "Roll" by clicking '+' on the Vouchers page, right
to 'Voucher rolls': Specify a Roll Number, e.g. 0, how many vouchers
roll shall contain, and how long each voucher allows network access.
Then generate the new vouchers by clicking on the paper logo right to
added roll. This will generate a CSV file and download via your browser.
Each of these generated vouchers can now be used by users for the
amount of minutes for that roll. Note that as soon as a voucher has been
activated, its timer will run down to zero and then block access, no
if the session is idle or got disconnected due to logout or session
To test the vouchers in the m0n0wall GUI, click on Status->Captive
tabs, dedicated to voucher handling, show up when voucher support is
Click on status->captive portal-> Test Vouchers and enter one or more
newly generated vouchers from the downloaded CSV file and click submit.
A message will be shown with the validation and duration of each given
One can add multiple rolls, e.g. to have vouchers with different time
It is also possible, to enter multiple vouchers, separated by space,
the sum of time credit of all entered vouchers.
There is more to it, read the comments to each config parameter on
Note on the very short public/private RSA keys: I know, those can be
easy and in no time, if one of the keys is known. The idea here was
it a little bit harder than simply adding a shared password into the
config file. Unfortunately I'm no expert on encryption but I assume
short encrypted vouchers, there is no security difference between the
RSA keys and a symmetric encryption. Anyhow, all that encryption/
stuff is done in a newly added binary C program voucher.c, that is
added into the m0n0wall image, and can be modified to increase the
I'm sure there are bugs and issues with this new code, and I'll try
to work them out. Any feedback is welcome.