+ Post New Thread
Results 1 to 14 of 14
Wireless Networks Thread, effortless guest wifi in Technical; One of our SMT goes to mcdonalds and gets on free wireless without having to mess around with wpads or ...
  1. #1
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,524
    Thank Post
    106
    Thanked 88 Times in 74 Posts
    Blog Entries
    46
    Rep Power
    40

    effortless guest wifi

    One of our SMT goes to mcdonalds and gets on free wireless without having to mess around with wpads or proxy urls and wants to know why we can't have such an effortless system here.

    Obviously McD have some kind of transparent proxying going on.

    Currently our setup is wpad/pac.

    We tried transparent proxy before wpad but ssl didn't work and getting round that seemed to involve dodgy Man-in-the-middle decrypting packets.

    So I'm wondering what commercial solutions exist for transparent proxies?

  2. #2

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,498
    Thank Post
    1,488
    Thanked 1,049 Times in 918 Posts
    Rep Power
    301
    We used a Smoothwall UTM that did that just fine with Ruckus managed wireless. We had a guest portal to hold things secure from the students so that was a passkey but that was all we had once through that it just worked and was fine.

  3. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,757
    Thank Post
    825
    Thanked 1,662 Times in 1,447 Posts
    Blog Entries
    11
    Rep Power
    441
    What switches and proxy server do you have? You could look at Cisco WCCP.

  4. #4
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,524
    Thank Post
    106
    Thanked 88 Times in 74 Posts
    Blog Entries
    46
    Rep Power
    40
    Quote Originally Posted by FN-GM View Post
    What switches and proxy server do you have? You could look at Cisco WCCP.
    3com switches with a debian proxy.

  5. #5
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,524
    Thank Post
    106
    Thanked 88 Times in 74 Posts
    Blog Entries
    46
    Rep Power
    40
    I gave up on smoothwall express. It didn't work and I had no idea why and no idea how to find out.

    I went back to our self built wpad proxy and figured out how to make transparency work, ssl too.

    although seems there's a problem with app store...

  6. #6


    Join Date
    Oct 2006
    Posts
    3,409
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    148
    Try endian firewall. It's a turnkey dans guardian based firewall/proxy.

  7. #7

    Join Date
    Apr 2010
    Posts
    2,009
    Thank Post
    81
    Thanked 184 Times in 153 Posts
    Rep Power
    68
    turn off all the school security and bingo SMT have what they need. Probably not such a good idea working on student data from McD's.

  8. #8

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    We did it in Smoothwall, we now do it with Lightspeed

  9. #9

    Join Date
    May 2010
    Posts
    989
    Thank Post
    98
    Thanked 74 Times in 60 Posts
    Rep Power
    45
    We do it here too, 2 vlans, one is guest - goes to a smoothwall with transparent authentication, the guest ssid is just open, basic filtering on the smoothwall - not ideal but it works.

  10. #10

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    Quote Originally Posted by RTFM View Post
    We did it in Smoothwall, we now do it with Lightspeed
    I have just thought, no we don't. We do it with Ruckus. Not sure where my brain was when i posted the above. Ruckus deals with our guest pass generation and login page for users. Lightspeed just deals with the filtering on the SSID / VLAN.

    Heads a shed.

  11. #11
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,419
    Thank Post
    507
    Thanked 282 Times in 258 Posts
    Rep Power
    81
    All you need is pfsense, its also got Proxying like Dansguardian and squid and it has captive portal. Have used it in cafe's and the likes myself! Piece of cake to configure and easy to manage as it looks just like a normal router interface.
    Last edited by cpjitservices; 15th May 2013 at 09:12 AM.

  12. #12
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,774
    Thank Post
    212
    Thanked 263 Times in 213 Posts
    Rep Power
    67
    I was thinking of setting up an un-routable Vlan and sticking a domestic adsl broadband router onto it. That way I'm not using my 6000 BB connection so people can view youtube videos. I could still use opendns if filtering was an issue.

  13. #13

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,935
    Thank Post
    109
    Thanked 471 Times in 324 Posts
    Blog Entries
    2
    Rep Power
    266

  14. Thanks to jinnantonnixx from:

    chazzy2501 (15th May 2013)

  15. #14
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    789
    Thank Post
    79
    Thanked 129 Times in 112 Posts
    Blog Entries
    8
    Rep Power
    31
    Quote Originally Posted by browolf View Post
    I gave up on smoothwall express. It didn't work and I had no idea why and no idea how to find out.

    I went back to our self built wpad proxy and figured out how to make transparency work, ssl too.

    although seems there's a problem with app store...
    Do you use an upstream cache peer for filtering? I was building a Squid proxy for this very purpose and found out there is a bug in Squid that when using SSL bumping with a cache peer it will actually send SSL traffic to the cache peer unencrypted. After reading that I gave up on the project as it was a deal breaker. I don't know if it has been fixed yet.

SHARE:
+ Post New Thread

Similar Threads

  1. Setting up a VLAN for a Guest WiFi profile
    By Frank99 in forum Wired Networks
    Replies: 6
    Last Post: 2nd April 2013, 01:46 PM
  2. guest wifi vlans etc
    By chazzy2501 in forum Internet Related/Filtering/Firewall
    Replies: 3
    Last Post: 16th May 2012, 03:01 PM
  3. Replies: 13
    Last Post: 6th February 2012, 10:46 AM
  4. Separate guest wifi
    By djones in forum Wireless Networks
    Replies: 18
    Last Post: 28th October 2010, 10:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •