Solution: M0n0wall Captive Portal Logout URL e.g. http://192.168.1.1/logout
Article by: Charles M.
Last Modified: 2024-01-24 15:04:50
Solved: M0n0wall Captive Portal Logout
First of all, this howto is not detailed and assumes one nows how to work with PHP (Learn PHP in 17 Hours), Mysql and linux. If not, you can still read through to get the general idea. I will be working on the finer details later - so please keep on checking.
Second, see Freeradius mysql MAC authentication using m0n0wall as NAS for initial configuration before proceeding.
The Issue
M0n0wall is a FreeBSD firewall created by Manuel Kasper with many features. Of interest to us it the captive portal feature. If you would like to see full feature list and stuff that M0n0wall can do for you, you can visit https://m0n0.ch/wall/features.php.
Basically, I run a billing system for my clients. I use an old PC (pentium II) which runs the M0n0wall NAS. I run a seperate Radius server installed with Fedorah 12, Mysql 5.1 and Freeradius 2.0.
Having worked with M0n0wall for a while now, I find it excellent for my Captive Portal requirements, except one thing! The logout process. When a user logs in, the captive portal produces a pop-up logout window so that when the user wants to logout, he/she will click a button on the pop window. The problem is, if a user has a pop-up blocker software installed or he/she accidentally closes the logout pop-up window, he may never be able to logout and his credit will slowly ran out until he reaches the configured idle-timoute period. I needed a solution for that and posted a feature request here, but its not one of the priorities there ;)
This is my personal solution that I use. It may not be the best and infact some of the methods are really crude but the bottom line is it works well for me
Solution: Logout URL - my way!
I did a little bit of study on the source html code of the logout popup window and noticed that, if I could recreate it when I use opens a special logout url then that would be it!
- <FORM METHOD="POST" ACTION="https://10.10.10.50:8000/" NAME="LogoutForm">
- <INPUT NAME="logout_id" TYPE="hidden" VALUE="3a3829ac3dfe4e8d">
- <INPUT NAME="logout" TYPE="submit" VALUE="Logout" style="font-size: 14pt"> <font color='white'<b> <---- Deconnexion!!!</b></font>
- </FORM>
I searched for the "logout_id" value "3a3829ac3dfe4e8d"
in the accouting table -radacct- of Mysql database nd found
out that its the "acctsessionid" column. Also found out that, its the newest column for that user!
The IP, 10.10.10.50 is the LAN ip of Monowall . So whats needed is only to alter the acctsessionid in red above for any user who
wants to be logged out and display the logout form !
The problem that followed was to identify which user was
requesting logout, then search for his acctsessionid and constitute a logout form for him/her to click to
logout.
M0n0wall Logout Implimentation example
In this example, the radius server that has apache webserver configured has an IP address 192.168.1.1 and the M0n0wall LAN ip is
10.10.10.50.
- User wishing to logout opens https://192.168.1.1/logout
- A 'login' screen appears and the user logs in with his username and password . NB: this is NOT the captive portal login screen by M0n0wall. (this is the only way to know the client to be logged out)
- User is validated and the newest actsessionid is queried from the database. I use the query:
- "SELECT radacctid, AcctStartTime, acctsessionid FROM `radacct` WHERE nasporttype IS NOT NULL and username = '". mysql_real_escape_string($myuser) ."' ORDER BY `radacct`.`RadAcctId` DESC LIMIT 0 , 1";
- With the returned value I consititute a logout form replacing the acctsessionid whe the resulting value from the above query.
Now the user needs to click logout and is logged out!
You can also use the window to report to the user his/her balance.
Online Store Idea
Share this Article
As I was doing this, I realised I could sell small things like CDs, my
funny video clips, GSM air time, among other revenue generating items
on the logout
form. A User logging out, is able to see items that I am selling and on
click, he is asked to confirm if he or she would like to purchase the
item. Once confirmed, item is charged on his balance . My currency
is in
minutes. If you bill your clients per Megabyte, then your currency
will
in in Megabytes.
By adding a record of the expense in Minutes (seconds actually) or
Megabytes in
radacct
table in Mysql, you can reduce user's online time.
M0n0wall has a nice Captive portal feature for reauthenticating every
minute. Using this feature, a user can be kicked if he/she purchases
an item while online and runs out of balance.
In the example below, as user called 'louis' purchased an
item code-named 'BIG_BABY' - actually a short funny clip that my sister
did, at the cost of 1,500 seconds of his online time!
Hope this helps someone. I will try to add more details later.
Click and Join to start your own business with minimal costs here.