Captive Portal

Hey all,

I've been tasked to look at and provide a Captive Portal (WiFi Hotspot) in our school for any students and staff who wish to surf the (filtered) internet on their own equipment such as iPhones etc...

It's not my idea but I've been asked to look into it.

I'm at a bit of a loss how to do this, we currently have a similar system provided by ISA 2006, but this only really works for a small cyber-cafe (which it was originally designed for) - but the idea of the WiFi Hotspot is to replace this ISA 2006 solution.

I've already done some digging around and have found commercial ISA 200x add-ins that will turn ISA into a captive portal... the problem is I've also been told we have NO budget for this, so everything has to be free. Physical hardware isn't an issue as we have a well established wireless network, we also have a spare PC or 3 to throw at this solution as well as network capacity.

Has anyone done anything similar to this before?

I've stayed in hotels where you get a login webpage, you enter in your credentials and you can surf. This (unless I'm mistaken) is a captive portal - and this is what they want.

Anyone know of anything I can look up or look at for ideas?

I mean sure - I could use IIS 7 with ISA but how would I make the clients all point to the webpage - particularly when these clients could be phones, PDA's... or anything else?

Any ideas would be gratefully received :)

Peace.

Az

Chillispot (see ChilliSpot - Open Source Wireless LAN Access Point Controller. Spice up your HotSpot with Chilli ) is what immediately springs to mind for this. It can also be used as an addon for Smoothwall Express and IPCop.

Quote:

---

Originally Posted by azrael78

Hey all,

I've been tasked to look at and provide a Captive Portal (WiFi Hotspot) in our school for any students and staff who wish to surf the (filtered) internet on their own equipment such as iPhones etc...

It's not my idea but I've been asked to look into it.

I'm at a bit of a loss how to do this, we currently have a similar system provided by ISA 2006, but this only really works for a small cyber-cafe (which it was originally designed for) - but the idea of the WiFi Hotspot is to replace this ISA 2006 solution.

I've already done some digging around and have found commercial ISA 200x add-ins that will turn ISA into a captive portal... the problem is I've also been told we have NO budget for this, so everything has to be free. Physical hardware isn't an issue as we have a well established wireless network, we also have a spare PC or 3 to throw at this solution as well as network capacity.

Has anyone done anything similar to this before?

I've stayed in hotels where you get a login webpage, you enter in your credentials and you can surf. This (unless I'm mistaken) is a captive portal - and this is what they want.

Anyone know of anything I can look up or look at for ideas?

I mean sure - I could use IIS 7 with ISA but how would I make the clients all point to the webpage - particularly when these clients could be phones, PDA's... or anything else?

Any ideas would be gratefully received :)

Peace.

Az

---

Hiya,

One thing spring to mind (which you may have looked at already) is the Captivate Portal add-in for isa.

Collective Software | Captivate

Its around $308 per server so maybe around £250 or so but its not that costly + you get support on it as well.


Ash.

After doing some initial digging around, I came across a few issues.

The WiFi hotspot has to go through our site proxy servers in order to get out, there is no direct link out to the internet.

So whatever software I look at must support going through a proxy for internet traffic (but not authentication etc).

Unfortunately, Captivate for ISA is not an option as management will not pay for it.
So it looks more and more like a Linux-based solution will be required.

Anyone have any other ideas? I will continue to look around and have given PfSense a go but it's transparent proxy function seems broken and therefore, requires me to put the IP of the PfSense gateway into each client... which defeats the purpose.

Peace.

Az

Quote:

---

Originally Posted by azrael78

The WiFi hotspot has to go through our site proxy servers in order to get out, there is no direct link out to the internet.

So whatever software I look at must support going through a proxy for internet traffic (but not authentication etc).

---

Hence my suggestion (which I didn't explain properly)... you set up a transparent proxy on the connection that the hotspot is connected to. This transparent proxy is then configured to forward all requests to an upstream proxy (your ISA box for instance).

By using the ChilliSpot addon for Smoothwall Express or IPCop, you could be up and running in no time and you end up not needing to go hacking around at the CLI :D

Ah I see.

I'm not familiar with Smoothwall or IPCop, are these relatively simple to setup?
The ChilliSpot add-on - is this an add-on specifically for Smoothwall/IPCop or is this something I'd have to download/install manually?

I'm looking at ZeroShell but it's driving me crazy.
Does Smoothwall and ChilliSpot have the capability to use RADIUS to authenticate?

Thanks.

Az

Also consider PacketFence.

PacketFence: Home

Although you need to check if you APs support the features it needs (bottom of both pages).

PacketFence: Technical Introduction
PacketFence: Supported Switches and APs

Quote:

---

Originally Posted by Ric_

Hence my suggestion (which I didn't explain properly)... you set up a transparent proxy on the connection that the hotspot is connected to. This transparent proxy is then configured to forward all requests to an upstream proxy (your ISA box for instance).

By using the ChilliSpot addon for Smoothwall Express or IPCop, you could be up and running in no time and you end up not needing to go hacking around at the CLI :D

---

Ric, I've tried IPCop and the latest version of it doesn't seem to work with CopSpot which I assume is what you suggested.

I'm not sure how to go about running Chillispot on IPCop.

I've also looked at Smoothwall Express 2 but similarly I can't get it to work quite right.

I'm wondering if I'm barking up the wrong tree with this one or whether there are ways of doing this properly.

Any additional thoughts or ideas anyone - is anyone else actually doing this?

Thanks,

Az