Captive Portal

Captive Portal Application is intended for the hotspot organization— public (or guest) Wi-Fi zone which requires users authorization.

Captive Portal is the authorization page that forcibly redirects users who connect to the public network before they access the Internet. 

How Captive Portal works

The principle of operation of all such systems is the interception of the HTTP/HTTPS-session of a user, who connected to public network, and redirect him to external web-server for authorization. Then the user can be authorized via SMS or callback to his cell phone number. After authorization is complete, the user gets access to the Internet.

Captive Portal accesses the RADIUS server (which resides on the Captive Portal service provider's side), which is used for resource allocation (Provisioning), - connection time limit (session timeout), speed, traffic volume, and resource consumption control (Accounting).

Captive portals uses Universal Access Method (UAM) - universal access control method using AAA (Authentication, Authorization, Accounting) and RADIUS.

This service is provided by 3-rd party companies, and Keenetic is considered as the Captive Portal's client to work with their service.

The implementation of Captive Portal in a Keenetic device is based on the open-source service Coova-Chilli. Most likely hotspot will successfully work with suppliers of this service by default.

For user's convenience most popular Captive portal providers profiles were added. Those companies conducted tests from their side too and confirm the correct work with their implementation of Captive portal. To configure it, simply select a profile from the drop-down list and specify the required connection parameters from the personal account on the service provider's website.

Currently, the Captive Portal implemented in Keenetic do support the following providers: http://worldspot.net,

All the above-mentioned providers are cloud services. Authorization takes place remotely on the servers of these companies. Besides them there are so-called out-of-box solution providers that offer software for installation on customer's servers. In this case customer gets full control over the entire authorization system.

At the same time, you can configure the profile manually if the provider gave you credentials for the connection. The profile for manual configuration is presented in the 'Note' section in the bottom of this article.

To use Captive Portal, first you need to install the appropriate system component.


Then the Captive Portal feature will be available on the 'Guest network' page in 'Captive portal' section.


Example of Captive Portal configuration

Let's take a Hotspotsystem cloud operator as an example.

First we need to enable 'Captive portal' on 'Guest network' page and choose the 'HotspotSystem' profile in 'Profile' field.

You must fill 'Radius NAS ID' by yourself after you passed authorization on Captive portal provider's website.

To review full profile settings, click on 'Show profile'.

If some settings need to be changed, click on 'Edit profile'.

NOTE: Important! All profiles were integrated after successful tests. Do not edit the preset profile unless necessary.

Log in to the hotspotsystem website.

After you pass authorization and signed in, you have to add new hotspot location based on your business-model. Hotspotsystem offers two types of business models: PRO and FREE.
PRO version assume commercial access when user have to pay for Internet service by credit card or by buying voucher.
In this example we choose FREE one when user have to accept the terms of use or see a banner before he get Internet access:

Then you have to enter detailed information about your hotspot location: 

After you complete hotspot registration, you will see it in main menu of the hotspotsystem website. To see the list of your hotspots, go to 'Manage - Locations':


After you complete hotspot configuration, service will start on your guest Wi-Fi (it's the 'Guest network' by default). The guest network in this case can be either with a password (WPA-PSK) or without a password.

Keenetic allows you to separate guest network (Captive portal) and main network. Those users who connect to guest network need to pass authorization to access the Internet. And those users or network devices that connect to the main network will have access to the network without authorization. It could be system administrators or cameras. Each LAN port could be independently configured for one of the networks. 

If you want to extend your wireless network coverage area, include Captive portal, you may connect additional router to your main router in 'Access point' mode.

Example of Captive portal connection

After connecting the mobile device to the public (guest) network, when you first time access any website on the Internet, you will be redirected to a special authorization page. 


Choose the type of access your which you configured before when you added the hotspot.   

TIP: TIP: Manual configuration of Captive Portal.

It is possible to configure the Captive Portal service provider profile manually if the provider provides connection data.


The profile for manual configuration is presented below.



Have more questions? Submit a request



Please sign in to leave a comment.