Re: Software for WLAN Hotspot
-----BEGIN PGP SIGNED MESSAGE-----
Kay-Michael Voit schrieb:
| Well, I'll consider Kourosh's suggestions at first.
| But, actually, I've some ideas how I could solve the problem for me and
| probably for some other, too.
| Mainly, my idea is limited through my programming skill, but it should
| work though...
| Just tell me how you think about my considerations...
| If we work with iptables, we have to authenticate the client in some
| way. Though I think it is possible to extend iptables, this would exceed
| my abilitys a lot.
| So, I would use existing possibilitys, of which mac address filtering is
| the safest for my purpose.
| Now there are two possibilities:
| 1. Writing a web-based interface, for example with PHP, to log in.
| Then a C/C++ based daemon adds some iptablesrules, which allow the
| client to go online.
| +: platform independent
| -: one has to enter his MAC address, for I don't know any possibility to
| determine ones ip through PHP (and I don't think this is possible?)
NOP the Webserver knows the IP Address of the client so you can get it
via envirement variables.
But first you need something to give out IP Addresses to WLAN Clients
(DHCP?) So you have to be publicly open for that ports.
| 2. Daemon as above, but with clientsoftware which sends password and
| MAC-address to server. (because they are one-time, they can be
| transmitted plaintext)
Well you get the mac address via a dhcp request so basicly all you have
to do is export the lease information from dhcp (we put a matching txt
record in DNS as we put all handeled out ip addresses in dns and use
that txt recorod th keep state infos there)
We have 3 access scopes in our WLANs local, site local and global.
Oh we use x509 certificates for authetintification and encrypt all
trafic via freeswan.
Shouldn't be to hard to build a simmilar functionallity with some lines
of script code on top of any debian/linux.
I can't give out the code we use as it is the property of one of our
customers but if I can halp you or any one else with some hints about
what to do, drop me a line.
| +: See above
| -: Clientsoftware...
| The daemon uses an SQL database to store information about the time left
| for users.
we put that information in the txt record in dns as we allrady have a
very robust dns infrastructure running and it's easy to put all
informations we need in a encrypted string *g*
| The program can even be extended that way, that users can log out and
| use the leftover later. (Then one should consider ebncrypted passwords)
| What do you think about this concept? Problems? Complete rubish? A good
It's far to complicated, you should keep all the logic on your side and
don't polute the clients with unneaded code.
Use established systems like DHCP and DNS to do the work.
It looks like you don't need encryption in your network.
| This would be the way, I, as a non professional, would solve it after
| one day consideration....
| Stefan Neufeind wrote:
|> Hey Kay,
|> thought about such a solution with open-source also already - as well
|> as searched and asked. But wasn't able to find a good and working
|> solution. Well it seems you need to hook up the proxy somehow with
|> variable rules that know if a certain user is currently logged on or
|> not, that auto-logoff the user after a certain inactivity etc.
|> But combined with that please keep in mind that you also need some way
|> to also allow pop3 etc. So you basically need to hook up firewall
|> rules (netfilter) in my eyes. This might be really brilliant solution
|> if you manage to get it running - but I suppose stable netfilter-
|> drivers are hard to write and don't exist in open-source-world yet.
|> So if you might think of opening a project or maybe find something I'd
|> be happy if you would let me know.
|> On 15 Aug 2003 at 17:35, Kay-Michael Voit wrote:
|>> I'm considering to build up a public wlan hotspot. I need time-limited
|>> authentification, mainly for identity logging purposes, not for
|>> billing. I thougt about buying tickets (perhaps around 1 EUR/h) with
|>> time-limited username and password on it.
|>> Where should I put in the authentification? At the proxy? Which
|>> software should I use? afaik I have to open the wlan, do I? How do
|>> commercial solutions work?
|>> I need only very basic answer, only something to search for. I don't
|>> really know what to begin with....
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----