+ Post New Thread
Results 1 to 14 of 14
Wireless Networks Thread, effortless guest wifi in Technical; One of our SMT goes to mcdonalds and gets on free wireless without having to mess around with wpads or ...
  1. #1
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,525
    Thank Post
    106
    Thanked 89 Times in 75 Posts
    Blog Entries
    46
    Rep Power
    40

    effortless guest wifi

    One of our SMT goes to mcdonalds and gets on free wireless without having to mess around with wpads or proxy urls and wants to know why we can't have such an effortless system here.

    Obviously McD have some kind of transparent proxying going on.

    Currently our setup is wpad/pac.

    We tried transparent proxy before wpad but ssl didn't work and getting round that seemed to involve dodgy Man-in-the-middle decrypting packets.

    So I'm wondering what commercial solutions exist for transparent proxies?

  2. #2

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,619
    Thank Post
    1,499
    Thanked 1,053 Times in 922 Posts
    Rep Power
    304
    We used a Smoothwall UTM that did that just fine with Ruckus managed wireless. We had a guest portal to hold things secure from the students so that was a passkey but that was all we had once through that it just worked and was fine.

  3. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,028
    Thank Post
    887
    Thanked 1,723 Times in 1,488 Posts
    Blog Entries
    12
    Rep Power
    453
    What switches and proxy server do you have? You could look at Cisco WCCP.

  4. #4
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,525
    Thank Post
    106
    Thanked 89 Times in 75 Posts
    Blog Entries
    46
    Rep Power
    40
    Quote Originally Posted by FN-GM View Post
    What switches and proxy server do you have? You could look at Cisco WCCP.
    3com switches with a debian proxy.

  5. #5
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,525
    Thank Post
    106
    Thanked 89 Times in 75 Posts
    Blog Entries
    46
    Rep Power
    40
    I gave up on smoothwall express. It didn't work and I had no idea why and no idea how to find out.

    I went back to our self built wpad proxy and figured out how to make transparency work, ssl too.

    although seems there's a problem with app store...

  6. #6


    Join Date
    Oct 2006
    Posts
    3,412
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    149
    Try endian firewall. It's a turnkey dans guardian based firewall/proxy.

  7. #7

    Join Date
    Apr 2010
    Posts
    2,047
    Thank Post
    83
    Thanked 188 Times in 155 Posts
    Rep Power
    84
    turn off all the school security and bingo SMT have what they need. Probably not such a good idea working on student data from McD's.

  8. #8

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    We did it in Smoothwall, we now do it with Lightspeed

  9. #9

    Join Date
    May 2010
    Posts
    1,049
    Thank Post
    106
    Thanked 87 Times in 64 Posts
    Rep Power
    49
    We do it here too, 2 vlans, one is guest - goes to a smoothwall with transparent authentication, the guest ssid is just open, basic filtering on the smoothwall - not ideal but it works.

  10. #10

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    Quote Originally Posted by RTFM View Post
    We did it in Smoothwall, we now do it with Lightspeed
    I have just thought, no we don't. We do it with Ruckus. Not sure where my brain was when i posted the above. Ruckus deals with our guest pass generation and login page for users. Lightspeed just deals with the filtering on the SSID / VLAN.

    Heads a shed.

  11. #11
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,490
    Thank Post
    517
    Thanked 290 Times in 266 Posts
    Rep Power
    82
    All you need is pfsense, its also got Proxying like Dansguardian and squid and it has captive portal. Have used it in cafe's and the likes myself! Piece of cake to configure and easy to manage as it looks just like a normal router interface.
    Last edited by cpjitservices; 15th May 2013 at 09:12 AM.

  12. #12
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,791
    Thank Post
    214
    Thanked 263 Times in 213 Posts
    Rep Power
    67
    I was thinking of setting up an un-routable Vlan and sticking a domestic adsl broadband router onto it. That way I'm not using my £6000 BB connection so people can view youtube videos. I could still use opendns if filtering was an issue.

  13. #13

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,983
    Thank Post
    113
    Thanked 503 Times in 339 Posts
    Blog Entries
    2
    Rep Power
    285

  14. Thanks to jinnantonnixx from:

    chazzy2501 (15th May 2013)

  15. #14
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    806
    Thank Post
    83
    Thanked 132 Times in 115 Posts
    Blog Entries
    8
    Rep Power
    32
    Quote Originally Posted by browolf View Post
    I gave up on smoothwall express. It didn't work and I had no idea why and no idea how to find out.

    I went back to our self built wpad proxy and figured out how to make transparency work, ssl too.

    although seems there's a problem with app store...
    Do you use an upstream cache peer for filtering? I was building a Squid proxy for this very purpose and found out there is a bug in Squid that when using SSL bumping with a cache peer it will actually send SSL traffic to the cache peer unencrypted. After reading that I gave up on the project as it was a deal breaker. I don't know if it has been fixed yet.

SHARE:
+ Post New Thread

Similar Threads

  1. Setting up a VLAN for a Guest WiFi profile
    By Frank99 in forum Wired Networks
    Replies: 6
    Last Post: 2nd April 2013, 01:46 PM
  2. guest wifi vlans etc
    By chazzy2501 in forum Internet Related/Filtering/Firewall
    Replies: 3
    Last Post: 16th May 2012, 03:01 PM
  3. Replies: 13
    Last Post: 6th February 2012, 10:46 AM
  4. Separate guest wifi
    By djones in forum Wireless Networks
    Replies: 18
    Last Post: 28th October 2010, 10:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •