(Note: The following was written before NoCatAuth existed)
See also a list of PortalSoftware

Captive portals allow you to leverage a common browser as a secure authentication device. They also have the potential to allow you to do everything securely via SSL and IPSec and setup per user quality of service rules, and still maintain an open network. If you are curious about why you might want to install a captive portal please see WhyCaptivePortal. You can also see the beginning of our software requirements process at CaptivePortalDefinition.

Captive portals are becoming a popular way for SMS/BSN vendors to provide user authentication and IP flow management (basically traffic shaping and bandwidth control) without a required client application. They work by forcing un-authenticated users to a web page, once you have "captured them" this way by allowing the web page to interact with the router/firewall you can completely control their access.

As far as I am aware no OpenSource software has ever been developed to do this and plan to write this software as part of ThePlan.



Usage Flow:

Comments and Thoughts

-- DennyHalim

Why bother with this? Because I want to avoid the tragedy of the commons. If we just open up our networks sooner or later people will start to abuse it because they didn't work to set it up and they don't know the people that did. I want this to be an open network by choice rather then because we don't have the ability to control it. The time will come when we're going to be forced to control it or the network will die from abuse.

Why do something like this instead of PPPOE, IPSec or Authenticated DHCP?

-- AdamShand

Are you planning on using Radius?

I haven't messed with NoCatAuth, but the authors of WiCap are describing their system as being like NoCat except easier to configure. It supports OpenBSD, and from looking at it quickly, it appears it might be the only OS it supports. That's fine with me. I love OpenBSD.

http://www.geekspeed.net/wicap/ <- i think this is dead link try this: http://www.shmoo.com/~bmc/software/wicap/announce.html



bruno, if you check this.. a better place to ask this question would be to the General Mailing list. See http://lists.personaltelco.net/



m0n0wall works great! Radius and everything. But it does not work as a wireless access point. It also requires the whole network to be on NAT.


CaptivePortal (last edited 2008-06-24 18:18:02 by JasonMcArthur)