Since we first started talking about using the browser as an authentication tool in December 2000 OpenSource implementations have started to appear. Here is a list of all the software I know of that implements either a CaptivePortal or an ActivePortal solution.
LiveCD
ZoneCD Gateway http://www.publicip.net/ with NoCat installed - DennyHalim
lessnetworks with NoCat installed - DennyHalim
talweg Demo LiveCD
Open Source
- It's a http/https captive portal. It uses http redirections to enforce transmissions using a secured https channel. Using of IP/MAC address to maintain sessions are not necessary, the authentication is more secure.
- Written in perl, supports Linux/iptables and OpenBSD/pfctl. GPLed. Supports authenticating modes against an auth service with a wide variety of backends, including a MySQL database, PAM, RADIUS, LDAP, and more. Also features a non-authenticating "open mode" that merely requires a user to accept an AUP before they can log in. This project is more or less seeking a new maintainer.
Written in C, currently under heavy development. Intended to be the successor to NoCatAuth, the gateway process and all its data files fit within 200-250k, making it ideal for embedded environments.
- Captive portal that works inline at Layer 2 in your network. Supports vlans and trunk interfaces. Uses arp to detect if users are still connected. Written in perl, and easy to add new features. Developed at the University of Wisconsin - Madison.
- GPLed, written in C, runs on FreeBSD. Uses Ajax (or Java applet) to keep the connection open. When the authenticated user closes the browser or OS, the network for the terminal is closed immediately. Ftp, pop3, pop3s, RADIUS, LDAP or PAM for an authentication back-end. Developed in Saga University (Japan).
Still in early beta but it will provide an entire network application framework rather then just a CaptivePortal solution.
Written in Perl and runs under OpenBSD. I believe this is what NovaWireless will be deploying.
Written in 'C' and PHP, runs under OpenBSD. There is a fork written in Python and PHP. A more betterer implementation of WiCap.
- Wireless heartbeat implementation (presently most usable on an OpenBSD gateway)
LanRoamer (Linux 2.4.x)
Based on the Linux 2.4 kernel and GPL'd. (Name changed to LanRoamer by Jim Thompson)
- A GPL'd captive portal implementation using VPN technology. Has Linux and Windows clients.
Netlogon by Kent Engström at Linköpings University
- Not much known, a basic captive portal solution.
Authentication Gateway HOWTO by Nathan Zorn
Uses a PAM module to insert an iptables rule. Very simple and effective. (Added by LimAko).
StockholmOpen by the Royal Institute of Technology in Stockholm, Sweden
This system is also operator neutral, allowing different users to connect through the access network to different upstream providers. Implementation in C, uses PAM, Linux/FreeBSD. BSD License. (Added by MartinHedenfalk).
OpenSplash by Aleksandr Melentiev from San Francisco Wireless
- Inspired by the simplicity of wicap, intended to run on FreeBSD by utilizing Perl and ipfw. Doesn't provide much functionality, other than a simple AUP agreement. Development version includes abstract authentication system.
ChilliSpot by Mondru AB
ChilliSpot is an open source captive portal or wireless LAN access point controller written in C which supports web based login (external web server required) as well as Wireless Protected Access (WPA), sports a builtin DHCP server and a RADIUS client/proxy server to handle authentication, authorization and accounting (AAA) via an external Radius server. Currently runs on Linux (RedHat, Fedora, Debian binaries and Gentoo ebuild available) but should compile also on FreeBSD, OpenBSD, Solaris, Apple OS X. Previously known as hotspotd, which was available only as binary. Fifth GPL release (0.94): 2004-06-22. (Added by Ovidiu)
M0n0wall by Manuel Kasper
- Embedded Firewall based on FreeBSD that can run from embedded devices as well as PC's. The Captive Portal software included with it allows for button/AUP pass through, as well as authentication using Radius.
- Firewall based on FreeBSD6 that can run from embedded devices as well as PC's. The Captive Portal software included with it allows for button/AUP pass through, as well as authentication using Radius.
The WiFiDog project was started by Île sans fil and is currently in production. Existing captive were either almost impossible to embede or only designed to display disclaimers with no access control at all (No Cat Splash and others). WiFiDog is designed to have optional centralized access control, full bandwidth accounting, node heartbeating and local content specific to each hotspot. It does not rely on a javascript window, so it works with any platform with a web browser, including PDAs and cellphones. It is developed in C to make it easy to include in embedded systems (It has been designed for the LinkSys WRT54G, but runs on any recent linux platform). A typical install only takes 30kb on i386, and a fully functionnal install could be made in under 10 kb if necessary.
- User Shell for Authenticating Gateways on OpenBSD. Authpf(8) is a user shell for authenticating gateways. User logs in using SSH.
- IP-level captive portal with built-in packet filtering and accounting features, Linux based.
Commercial
Forces a splash page (welcome, advertisement, coupon, password, registration, or terms & conditions statement) the first time someone tries to surf the Internet on your network.
- Tracks clients by IP (not MAC) so any client OS, regardless of local VPN/firewall software, is flawlessly supported.
- For paid wifi, free-spots, or any public network.
- Runs on Windows 2K/XP/2003/Vista/2008, can be installed as a service.
- Includes content filtering; bad/adult sites, advertisement blocking/replacement.
- Includes time of day restriction; no surfing after hours, during bedtime, etc.
- Ability to block everything and allow only a few sites, or resolve everything to one site.
- Very customizable; redirects to your own HTML/ASP/PHP welcome, blocked, restricted, pages served by IIS or Apache.
HotSpotEngine is a wireless/hotspot billing and all-in-one hotspot management solutions
- Run you own server
Captive Portal Functionality & Customizable Hotspot login
- a Linux Based OS and the required softwares included (Installable ISO)
- No revenue sharing or monthly fees.
- Prepaid,postpaid billing combine with expiration time (active period/grace period)
- Voucher generation and The ability to refill voucher
- Time limit/Data limit
- Print out prepaid tickets
- Account Sign-up via Paypal Integration
UseMyNet is a commercial captive portal for OpenWRT.
- Self-contained - Everying runs on router flash.
- No revenue sharing or monthly fees.
- Landing page editor
- Ticket generation
- Adjustable durations and bandwidth rates.
- Pre-printed Tickets.
WiFi Captive Portal WiFi Gator captive portal for HotSpots, You own the software.
- Create unlimited hotspot landing pages
Unlimited PayPal accounts and can assign them to hotspot landing pages
- Heartbeat script phones home with information from each hotspot
- Print out prepaid tickets with each hotspots logo(pdf format).
- Each hotspot has an image uploader and wysiwyg web based editor to comletey brand each landing page.
- Individually set time plans and prices for each hotspot
- Everything is fully brand-able.
- Walled gardens, and pre approved websites such as airports weather and bus routs
- Our custom firmware is free to install into all routers and has the option to create self healing mesh networks.
- Best of all, there is no revenue sharing, you own the radius server and charge your own prices.
- You are up and running in 15 minutes.
U can get the Linux-version via email at beta@linspot.com It is a free and easy software to sell your Wireless Internet Access.
TOMIZONE.com - Free commercial Hotspot Solution
- Embedded in selected D-Link, Netgear, Belkin and Linksys Wi-Fi Routers natively
- Dual SSID D-Link product (DIR-300) native port
- Multi-currency real time AAA
Included PayPal billing and cash distribution
- Online voucher creation and distribution
- No contract or on-going fees
- Limit speed of connection for all users
- Hour, Day, Week passes
AmazingPorts provide a simple to install, Captive Portal solution for free and commercial use - just download, burn CD and install.
- New and upgraded Administration interface + contact customer service if you need any special functions
Support for Admin, VoucherMaker, Support Agent roles in the admin interaface
- Integrated support for POP, IMAP and HTTP based authentication of users
- Built in customisable, language sensitive landing portal
- Manages external landing pages as well as portal bases ) - your choice.
Included PayPal Credit card payment
- Online voucher creation and distribution, multiple and single voucher in multiple languages
- Dynamic "secret" length for vouchers with relatively short valiadity.
- XML Api for simple integration.
- No contract or on-going fees in the free version
- Full QoS management down to individual levels
HotSpotSystem.com - Commercial or Free HotSpot solution
HotSpot PRO - for creating paid HotSpots
HotSpot FREE - for creating a FREE HotSpot with authentication
- Limit accesses with access codes
- Limit bandwidth/data traffic
- 3 different subscription models depending on the number of authentications per month
myWIFIzone Captive Portal Services
- Windows 2k,XP supports free spot or hotspot, Mthly. fee (free while in Beta test)
- On-line tools for customizing captive portal, adding users, etc.
Patronsoft FirstSpot
MikroTik Hotspot RouterOS -- www.mikrotik.com
Aradial Radius server and Radius Billing software solutions
Aptilo's system for hotspot management
- Billing integrated with Credit card brokers, hotel systems, mobile phone systems, etc
- Visitor Access functionality.
- Full plug'n'play support.
Cisco http://www.cisco.com
Interlink Networks RADIUS Server Software High Performance RADIUS Software
Nokia http://www.nokia.com
- Mobilestar used P020s for the initial deployment of over 600 Starbucks. When Voice Stream bought the remnants of the bankruptcy, all 600+ Starbucks were retrofitted because Nokia's solution did not properly safeguard username and password combinations with an https page. P022 corrected this major bug among a few other things.
- P020 Public Access Zone Controller (discontinued) is an integrated network appliance with a RADIUS client and DHCP server.
- P022 Access Controller (discontinued) Nokia P022 Access Controller--Your IP Gateway to the Internet. The Nokia P022 Access Controller is a gateway between the Wireless LAN network and the Internet. The P022 authenticates the user, monitors network usage in real-time, collects charging information and acts as a router. The Nokia P022 Access Controller can be connected to the Nokia Authentication Server for integration into a mobile operators network or to a RADIUS server for integration into other customer, care and billing systems.
- P030 Mobility Services Manager (discontinued) offers the RADIUS server and billing functions.
Nomadix http://www.nomadix.com
T-Mobile HotSpot http://www.t-mobile.com/hotspot (Starbucks Borders FedEx Kinkos Red Roof Hyatt American Delta United USAir...)
Starbucks has a CaptivePortal solution of some sort. Anyone know the details?
- Yeah, its Cisco's Service Selection Gateway -- Jim Thompson
- In UK, running in cooperation with Aptilo's Service Management Platform for added functionality.
MS Choice (site requires IE5) Microsoft's testbed for the Starbucks Deal.
- "To prevent such unauthorized access and hacking, OIT developed its own authentication program requiring wireless users to log in through a web browser before access to the Internet is granted. If a user's connection is inactive for a certain amount of time, the authentication system closes the user's access, deterring potential hackers from taking advantage of the connection."
- Not quite true. The Starbucks deal was Mobilestar, and there was precious little Microsoft content in the deal (or company). --Jim Thompson
- "... enables mobile professionals to access mission-critical data on the corporate LAN from all major handheld devices, with optimized performance and true end-to-end security from application to application. In addition, Columbitech's solution offers a secure always-on experience. Columbitech Wireless VPN will also support wireless network roaming."
- Mostly a mobile IP / VPN solution.
NASA's Wireless Firewall Gateway
- A solution using Openbsd, PHP, IPFilter and Apache. There is no source available that I know of.
- Another solution using Linux, perl IPF, and Apache. No source available --Jim Thompson
Hack using FreeBSD, perl, ipfw and mini_httpd. No source available -- MattPeterson
- Gateway software running OpenBSD, Perl, C, and Apache.
- Auth server running PostgreSQL, etc..
System can be licensed, but code not available. --KenSimpson
IPzone Linux,Apache No source available -- Suresh Rasaretnam
The ipzone division of BirdStep has merged with Aptilo Networks.
ControlAP Win*,*nix,MacOS, Zaurus,PocketPC - JAVA VM needed - No source available, web-based administration - free 30 days trial.
Air Marshal Authentication Gateway Commercial Linux-based captive portal for HotSpots, Fixed Wireless and Wired Networks.
RADIUS: Auth, Acct, Disconnect, PreAuth (MAC), WISPr, Ascend Filters, Failover
- Supports thousands of concurrent sessions
- SSL and browser based CHAP protects credentials and private customer data
- Supports Static Routing, NAT and transparent L2 bridging
- Guest / Anon Access /w daily usage limits
- Local accts: UL/DL rate shaping, expiration, time and data usage limits
- Network TCP/UDP listeners authenticate servers, Nintendo DS, etc
- Walled gardens, commercial interruptions, customizable client HTML UI
- Session data mirroring/intercept to remote collector
- FREE for up to 5 concurrent logon sessions
U can get the Linux-version via email at beta@linspot.com It is a free and easy software to sell your Wireless Internet Access.
Sputnik Managed Wi-Fi Networks "Everything you need to deploy and manage a profitable Wi-Fi network."
- Plug 'n Play provisioning
- User authentication and tracking
- Manage 1 or 1,000 access points remotely
Modules for accepting PayPal payments
- Modules for accepting credit card payments (Note: Requires a hosted billing account with Aria Systems.)
- Modules for "Pre-Paid Cards"
Give customers monthly & renewing subscription options
- Supports RADIUS accounting
Buy the Sputnik Control Center and run it on your own server or subscribe to SputnikNet and have them host it for you.
Firmware images for the Linksys WRT54G(S) freely downloadable. (When combined with a subscription to SputnikNet you'll be up and running in no time!)
Free Secure WiFi Client LucidLink WiFi Security.
WILIBOX Embedded Linux Platform Commercial Linux-based software platform targeting WISPs. Demo download available.
- Supports common access point and router hardware platforms
- 802.11 stack supports multiple virtual APs (multiple BSSIDs) and multiple client mode STA (station) connections concurrently
- Hotspot features: WEB login redirection (captive portal), UAT, SMTP redirection, RADIUS and others
- RCMS - Remote Configuration Management System, firmware management and status reporting
WisperMesh Pro and WUMPS - Wisper User Management and Provisioning System
Hosted or standalone HotZone management system for WiFi MESH networks
- Pre-paid cards can customized and printed to pre-cut business card sheets
- Premium-SMS, Paypal and Credit Card payments.
- Central management for nodes settings and firmware, user accounting and status reports
- Support for multiple BSSID's and VLAN's with independent QoS for Internet, VoWLAN and multicast streaming media
- Hosted hotspot management portal. Free for free hotspots.
Chillispot compatible (implies compatibility with opensource firmware like DD-WRT, OpenWrt, or any linux platform)
- No need for PC, only a linux compatible wifi router needed.
- Advanced pre-paid cards
- Wysiwyg cards customization and printing
- Wysiwyg welcome page customization
- Paypal online billing soon.
Community
FON is a private company that is trying to add a "public portal" solution to every wifi accesspoint in the world. Hence currently they are secure (or barely wep secure) or forgotten to be secured by the owner. Most countries have laws that "could" get you 2 years of prison if you access an unsecure network. FON makes sure it's allowed. And by sharing YOUR wifi you are allowed to access other FONeros hotspots as well for free! Isp's like NEUF (France), BT (England), ZON (Portugal), Comstar (Russia) have allready fonetized their adsl/cable modems. The devices use Coovachilli/Chillispot opensource sollutions. The cheapest solution was upto recently 12 euro's including shipment and tax! Currently they are working on a USB version with active developer movement to make it more successfull than an NSLU and offer even more services so people keep their hotspot running 24/24h and take more care over it! Allready more than 400.000 people have an active fonspot worldwide, are you IN?