Applications For Hotspots

[JJDinsay]

Anybody know what kind of application they use to control access to the WiFi hotspots in Au Bon Pain and Star bucks? You pretty much rip open this envelope, use the ID and password inside and it last for like an hour.

thanks,

[ASIC]

I was thinking of writing my own, but there are already several. Google it

[phazey]

Use the Meshbox ISO, www.locustworld.com

./P

[PlanetMan]

Use the Meshbox ISO, www.locustworld.com

./P

Or Mono. Or NoCat. Or Pebble. There are many more.

To provide a secure HotSpot (meaning no unauthorized access) requires 2 components. One is an Access Point which can be manipulated in some way to deny unauthorized use, and second is a way to authenticate potential users.

If more detailed access control is required, such as per-minute or pay-per-use billing, or if more than a single HotSpot will be provided, both the AP and the authentication component need to be so enabled.

The web sites listed provide reams of discussion and input on different approaches. Impossible to adequately summarize such a broad topic in a single post or diatribe. I'm usually available to chat about it. Get a beer down my neck and I'll just babble on and on.

Cheers

[mouse]

Dear SAMWIFI, Can you tell me how I can limit access speeed over a wireless network using Linksys equipment?

[Guest IT Manager]

In what scenario Mouse? As in commercial or home? Do you mean limit speed or access?

[mouse]

In what scenario Mouse? As in commercial or home? Do you mean limit speed or access?

I have a fast connection but want to slow the other home computer that is linked to me by WiFi down to about 64kbps. I know how to establish, disconnect, filter, and re-establish a wireless connection but do not have the possibility through my hard or software to slow the other computer down.

[monty]

Don't know about the speed distribution,

for access control (under windows, for the linux illiterate!) Wingate works pretty well. You have control over almost anything(time online, data traffic etc.). Can create accounts, for example prepaid one month, prepaid 100mb, unlimited,....

Unfortunately Deerfield(the creator) doesn't sell nor supports this program anymore...they even took their knowledge base off-line

Since you can't buy it anymore I suppose it's allright to use the Panthip version

Not so easy to set up correctly but once it's going it runs very smooth.

Has a good proxy and DNS cache built in as well

[PlanetMan]

Dear SAMWIFI,  Can you tell me how I can limit access speeed over a wireless network using Linksys equipment?

Hi Mouse,

Monty mentions Wingate, but I'm unaware of it. SiamWiFi use iptables in a Linux distribution. It works well, we can throttle bandwidth on a per-class basis, wherein each user is assigned a class of service (based on their user name) which specifies the connection speed, among other things.

It's non-trivial to set up, but we have a linux guru who pulls rabbits out of hats and bodily orafices

We chose linux because it is widely support, robust (required fopr a commercial application) and secure (ditto.)

Some Linksys access points uses linux under the hood, and there are hacks published on the Internet that walk through the procedure. Again, non-trivial, but anyone who speaks linux should be able to follow the bouncing ball. Google returns abour 20,00 links. One of 'em must be right

Cheers

[JJDinsay]

Mr. Siam WiFi. Which Linux distribution r U using? I thought IPTables was strictly a firewall can it be used to authenticate users as well - for ex. when a user launches IE and it tries to access the Internet, does it direct them 1st to a page where they have to authenticate a user id? Kinda like NoCautAuth but the problem with NoCat is that it uses a pop up window to to keep the user connected - it won't work with pop up blockers.

thanks

[Zendesigner]

you can use a firewall to do your authenticating. then you don't need an application to talk to the wireless accespoints. When you log on your traffic is directed to your firewall because it's the gateway. On port 80 you build a page displaying a Logon box to open ports from your wireless network to the internet or to the internal network.

If you connect your firewall to a radius server for authenticating you have logging, user authentication, accounting ect all in one go.

I would suggest to all wireless networks to put them external to a firewall anyway.

I used this setup for authenticating Citrix acces to internal citrix servers.

No logon in firewall , no port 1494 going open for citrix.

you can have a look here http://access.hgc.be

user just needs to logon twice, also pretty secure because ports only open for your incoming ip address. It's no vpn but citrix protocol is encapsulated anyway.

Users can logon every where in the world and be back in the office with all their applications and data, even print locally if they want.

Every Ceo that had this was suprised how easy it is...They really like that they could work from home anywhere, anytime.

[PlanetMan]

Mr. Siam WiFi.  Which Linux distribution r U using?  I thought IPTables was strictly a firewall can it be used to authenticate users as well - for ex. when a user launches IE and it tries to access the Internet, does it direct them 1st to a page where they have to authenticate a user id?  Kinda like NoCautAuth but the problem with NoCat is that it uses a pop up window to to keep the user connected - it won't work with pop up blockers.

thanks

JJ,

Short answer is "NoCatAuth". See NoCat for the whole story. This is what we use.

Overview of how NoCat works:

1) Request from unauthenticated user comes to the gateway.

2) NoCat (on access point running Linux) checks to see is there a path through the firewall (iptables) for the IP + MAC of the request.

3) if path through firewall exists, request is forward. If not, request is redirected to the authentication server (NoCatAuth running on a remote server) to get user's credentials.

4) depending on result of authentication NoCatAuth assigns class of service to user, sends iptables rule to gateway for this user, redirects to initial request.

Our gateway/access point is a generic x86 single board computer from Soekris Engineering (USA, but similar boxen are widely available. For example, the Via mini-ITX can be bought in Thailand from Thai-Way. (thai-way.) Linux is current version of Pebble, which is debian distro.

You are correct, NoCat "out of the box" requires popups, although this can be finessed.

Cheers