Captive Portal Sessions - Technical Data Storage - GDPR compliance

[K-razy]

Important notices

Our forum is located at https://forum.opnsense.org , please consider joining discussions there in stead of using GitHub for these matters.

Before you ask a new question, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Hi,
Hope you are fine.

OPNsense has such a good captive portal we wanted to use, to provide public Internet access to our guests.
To be GDPR compliant, we supposed to keep for 1 year technical information such as client IP addresss, mac adress, etc...

In the WEB UI, https://OPNsenseIPaddress/ui/captiveportal/session we have the perfect data we would like to keep.

After few analysis we found that these data are kept only during the session in a sqlite database.
But once the session is deleted, all the data is gone.

Is there any way to keep the data ? or give us a choice to store them in a file or in a remote database (like mysql) ?

Thanks in advance for your lights regarding this request :)

Best Regards

[Monviech]

You could check: "System: Settings: Logging"

And set a remote syslog target for the Application "portalauth (captive portal)"

See if that contains the data you need.

[K-razy]

@Monviech Thanks for your answer,

We already tried and it's like the local file : there is no enough data to keep
The database sqlite way more useful

[Monviech]

Maybe the simplest way would be to periodically create an sqlite backup file and then rsync it someplace else. This could be done with sqlite3, rsync and cron.

[Sibul2k]

The suggested solution with a rolling regular backup won't work, as you would need a backup every minute or so and a process to merge the changes in previous databases to an daily one. Kinda complicated.

For an workaround: You may change the database to an radius and log those logs.

But: Depending on regular state/country laws, you do not have to log this at all or way shorter than one year, like a month. If you already verified with your local regulations, please just ignore this. But generally speaking, this is false in most cases.

[K-razy]

@Monviech Thanks again for your reply :)

The thing I was wondering : how often should I sync the sqlite file ?
It should be very often like every 30 seconds and then transfer and immediately update in the other database

We tried to look the behaviour with two kind of sessions :

• The first one, was a long session so the data are available enough to periodically backup the file (like every 5 minutes)
• The second one, was a short session : the data was also available in the same base, but once the session has been disconnected, all data is deleted.

So in this case, if the periodicity of the backup is not long enough, we won't even be aware about this second session.
And we are in France so the GDPR is mandatory for us saying that if we like to provide a public Wi-Fi we must collect and store for a year these technical data :( ...

@Sibul2k Thanks for your answer too :)
We already tried Radius logging and Accounting, but some fields are missing like :

• Calling-Station-Id (which represent client MAC address)
• OPNsense is unfortunately not using Gigawords to collect the amount of data used by a visitor (Acct-Input-Octets and Acct-Output-Octets are limited to 4Go. These fields reset to zero automatically when the value hit more than 4 Gb )

The sqlite database has exactly all the data we need, unfortunately, all data is deleted without historical purpose.

Thanks again for your time in this case.

Best Regards