Captive portal

Captive portal service gives the ability to organize a public (or guest) Wi-Fi zone with user authorization.

A captive portal is the authorization page that forcibly redirects users who connect to the public network before accessing the Internet. 

How a captive portal works

The operation principle of all such systems is the interception of the HTTP/HTTPS session of a user, who connects to a public network and redirect him to an external web server for authorization. Then the user can be authorized via SMS or callback to his cell phone number. After authorization is complete, the user gets access to the Internet.

Captive portal accesses a RADIUS server (which resides on the Captive Portal service provider's side), which is used for resource allocation (Provisioning) — connection time limit (session timeout), speed, traffic volume, and resource consumption control (Accounting).

Captive portals use Universal Access Method (UAM) - a universal access control method with AAA (Authentication, Authorization, Accounting) and RADIUS.

This service is provided by 3-rd party companies, and a Keenetic router is considered as the Captive Portal's client to work with their service.

The implementation of a captive portal in a Keenetic device is based on the open-source service Coova-Chilli. Most likely, a hotspot will successfully work with a captive portal service provider that supports Coova-Chilli.

For user's convenience, most popular captive portal providers profiles were added. Those companies conducted tests from their side too and confirm the correct work with their implementation of the captive portal. To configure it, select a profile from the drop-down list and specify the required connection parameters from the personal account on the service provider's website.

Currently, the captive portal implemented in Keenetic routers supports around 20 providers, including http://worldspot.nethttp://www.hotspotsystem.com, https://www.ironwifi.com.

All the above-mentioned providers are cloud services. Authorization takes place remotely on the servers of these companies. Besides them, there are so-called out-of-box solution providers that offer software for installation on customers' servers. In this case, a customer gets full control over the entire authorization system.

At the same time, you can configure a profile manually if the provider gave you credentials for the connection. The profile for manual configuration is described in the 'Tip' section at the bottom of this article.

To use a captive portal, first, you need to install the right system component.

captive-comp-eng.png

The Captive portal service will be available on the 'Guest network' page in 'Captive portal' section.

captive02-2.png

NOTE: Important! The Captive portal component can only be run on a Keenetic device in Router Mode.

Example of Captive Portal configuration

Let's take a Hotspotsystem cloud operator as an example.

First, we need to enable 'Captive portal' on the 'Guest network' page and choose the 'HotspotSystem' profile in the 'Profile' field.

You must fill 'Radius NAS ID' by yourself after you passed authorization on captive portal provider's website.

To review full profile settings, click on 'Show profile'.

If some settings need to be changed, click on 'Edit profile'.

NOTE: Important! All profiles were integrated after successful tests. Do not edit the preset profile unless necessary.

Log in to the hotspotsystem website.

After you pass authorization and sign in, you have to add a new hotspot location based on your business model. Hotspotsystem offers two types of business models: PRO and FREE.
PRO version assumes commercial access when users have to pay for Internet service by credit card or buy a voucher.
In this example, we choose FREE one where a user has to accept the terms of use or see a banner before he gets Internet access:

Then you have to enter detailed information about your hotspot location: 

After you complete the hotspot registration, you will see it in main menu of the hotspotsystem website. To see the list of your hotspots, go to 'Manage - Locations':

mceclip6.png

After you complete hotspot configuration, the service will start working on your guest Wi-Fi (it's the 'Guest network' by default). The guest network, in this case, can be either with or without a password (WPA-PSK).

Your Keenetic router allows you to separate guest network (Captive portal) and main network. Those users who connect to the guest network need to pass authorization to access the Internet. And those users or network devices that connect to the main network will have access to the Internet without authorization. It could be system administrators or cameras. Each LAN port could be independently configured for one of the networks. 

If you want to extend your wireless network coverage area, including the one with the captive portal, you may connect additional Keenetic devices in Access Point/Extender mode to your Main Router.

Example of a connection to a captive portal

After connecting a mobile device to the public (guest) network, when you first time access any website on the Internet, you will be redirected to a special authorization page. 

 

Choose the type of access which you previously set on the router, when you added the hotspot.   

TIP: TIP: Manual configuration of Captive portal.

It is possible to configure the captive portal service provider profile manually if the provider supplies the connection data.

captive05-2.png

The profile for manual configuration is presented below.

captive06-2.png

 

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.