Home
Software
Blog
Click and Join to start your own business with minimal costs here

Solution: M0n0wall Captive Portal Logout URL e.g. http://192.168.1.1/logout

Article by: Charles M.
Last Modified: 2024-01-24 15:04:50




Solved: M0n0wall Captive Portal Logout

Monowall Captive portal logout

First of all, this howto is not detailed and assumes one nows how to work with PHP (Learn PHP in 17 Hours), Mysql and linux. If not, you can still read through to get the general idea. I will be working on the finer details later - so please keep on checking.

Second, see Freeradius mysql MAC authentication using m0n0wall as NAS for initial configuration before proceeding.

The Issue

M0n0wall is a FreeBSD firewall created by Manuel Kasper with many features. Of interest to us it the captive portal feature. If you would like to see full feature list and stuff that M0n0wall can do for you, you can visit https://m0n0.ch/wall/features.php.

Basically, I run a billing system for my clients. I use an old PC (pentium II) which runs the M0n0wall NAS. I run a seperate Radius server installed with Fedorah 12, Mysql 5.1 and Freeradius 2.0.

Having worked with M0n0wall for a while now, I find it excellent for my Captive Portal requirements, except one thing! The logout process. When a user logs in, the captive portal produces a pop-up logout window so that when the user wants to logout, he/she will click a button on the pop window. The problem is, if a user has a pop-up blocker software installed or he/she accidentally closes the logout pop-up window, he may never be able to logout and his credit will slowly ran out until he reaches the configured idle-timoute period. I needed a solution for that and posted a feature request here, but its not one of the priorities there ;)

This is my personal solution that I use. It may not be the best and infact some of the methods are really crude but the bottom line is it works well for me

Solution: Logout URL - my way!

I did a little bit of study on the source html code of the logout popup window and noticed that, if I could recreate it when I use opens a special logout url then that would be it!

<FORM METHOD="POST" ACTION="https://10.10.10.50:8000/" NAME="LogoutForm">
<INPUT NAME="logout_id" TYPE="hidden" VALUE="3a3829ac3dfe4e8d">
<INPUT NAME="logout" TYPE="submit" VALUE="Logout" style="font-size: 14pt"> <font color='white'<b> <---- Deconnexion!!!</b></font>
</FORM>

I searched for the "logout_id" value "3a3829ac3dfe4e8d" in the accouting table -radacct- of Mysql database  nd found out that its the "acctsessionid" column. Also found out that, its the newest column for that user!  The IP, 10.10.10.50 is the LAN ip of Monowall . So whats needed is only to alter the acctsessionid in red above for any user who wants to be logged out and display the logout form !
The problem that followed was to  identify which user was requesting logout, then search for his acctsessionid and constitute a logout form for him/her to click to logout.

M0n0wall Logout Implimentation example

In this example, the radius server that  has apache webserver configured has an IP address 192.168.1.1 and the M0n0wall LAN ip is 10.10.10.50.

  • User wishing to logout opens https://192.168.1.1/logout
  • A 'login' screen appears and the user logs in with his username and password . NB: this is NOT the captive portal login screen by M0n0wall. (this is the only way to know the client to be logged out)
'Login' infor to collect user credentials
  • User is validated and the newest actsessionid is queried from the database. I use the query:

"SELECT radacctid, AcctStartTime,  acctsessionid FROM `radacct` WHERE  nasporttype IS NOT NULL and username = '". mysql_real_escape_string($myuser) ."' ORDER BY `radacct`.`RadAcctId` DESC LIMIT 0 , 1";
  •  With the returned value I consititute a logout form replacing the acctsessionid whe the resulting value from the above query.

Now the user needs to click logout and is logged out!
You can also use the window to report to the user his/her balance.

Online Store Idea

Share this Article As I was doing this, I realised I could sell small things like CDs, my funny video clips, GSM air time, among other revenue generating items on the logout form. A User logging out, is able to see items that I am selling and on click, he is asked to confirm if he or she would like to purchase the item. Once confirmed, item is charged on his balance . My currency is in minutes. If you bill your clients per Megabyte, then your currency will in in Megabytes.

By adding a record of the expense in Minutes (seconds actually) or Megabytes in  radacct table in Mysql, you can reduce user's online time. M0n0wall has a nice Captive portal feature for reauthenticating every minute. Using this feature, a user can be kicked if he/she purchases an item while online and runs out of balance.  In the example below, as user called 'louis' purchased an item code-named 'BIG_BABY' - actually a short funny clip that my sister did, at the cost of  1,500 seconds of his online time!

Monowal Logout store 'checkout'

Hope this helps someone. I will try to add more details later.

Click and Join to start your own business with minimal costs here.










Related Links:




Subscribe to our RSS FEED

Home | Privacy | Contact | Disclaimer | Windows
Copyright @ 2021 | | |