• CaptivePortal

(Note: The following was written before NoCatAuth existed)BR Captive portals allow you to leverage a common browser as a secure authentication device. They also have the potential to allow you to do everything securely via SSL and IPSec and setup per user quality of service rules, and still maintain an open network. If you are curious about why you might want to install a captive portal please see WhyCaptivePortal. You can also see the beginning of our software requirements process at CaptivePortalDefinition.

Captive portals are becoming a popular way for SMS/BSN vendors to provide user authentication and IP flow management (basically traffic shaping and bandwidth control) without a required client application. They work by forcing un-authenticated users to a web page, once you have "captured them" this way by allowing the web page to interact with the router/firewall you can completely control their access.

As far as I am aware no OpenSource software has ever been developed to do this and plan to write this software as part of ThePlan.

Status:

• I'm in the preliminary stages of writing code and seeing how I want it to work. Currently I'm using perl and though I'd love to use this an an excuse to learn python, it would slow me way down right now.

Assumptions:

• Each WirelessCommunity will have a *nix box as a router (and hopefully eventually as a replacement for traditional AccessPoints).

• I reference Linux cause that's what I know, not because it's better/worse then your 1337 OS.

• All software will be released under the [http://www.fsf.org/copyleft/gpl.html GNU General Public License].

Usage Flow:

• A new user gets physical connectivity to the wireless network (eg. they plug in their wireless card within range of one of our antennas).
• They issue a DHCP request and are assigned an IP address (all un-authenticated IP's are firewalled so they can only talk on the local segment).

• As soon as they open their browser they will be forced a local web page (the CaptivePortal). Here they will be given the chance to log in as a community user, sign up for a new account or request guest access.

• The portal authenticates them against some form of user database (ldap, radius etc).
• Based on a successful authentication the portal then does the following things:
  • Updates the user database saying that they have authenticated and are good for X amount of time.
  • Grants their IP access through the firewall.

  • Sets QoS routing rules so that [http://www.pureteenz.com/hentai/ hentai] they get provisioned a certain amou