Captive Portals
lanceball
I've just opened up a new coworking space in Asheville (htp://
locomotivity.com). Right now I've got a decent wifi setup with both
an encrypted and unencrypted network. No splash screen or anything
like that - you just connect and you are good to go.
I'm curious about other coworking spaces and whether you are using a
captive portal so users have to log in. There are a few reasons why I
think this is an ideal setup. Mainly I want to monitor bandwidth usage
and lower P2P priority etc; and eventually plug it into some coworking
software (e.g. my not-yet-even-alpha http://github.com/lance/planomatic)
so that I can easily track things like 10-pass cards.
I've seen the page of recommendations on the wiki -
http://coworking.pbwiki.com/WirelessNetworkRecommendations - and
there's a lot of good info. But I'm curious if any of you space owners
doing something like this already? If so, what's your setup?
Thanks
Lance Ball
http://locomotivity.com
Eric Marden
whiteboard. Though recently we've been discussing getting a bigger
antenna and focusing the signal at one of the bars downstairs so we
can continue coworking during happy hour ;)
- Eric Marden
CoLab Orlando
37 N. Orange Ave, 6th Floor
Downtown Orlando
http://colaborlando.com
Rogelio
> I'm curious about other coworking spaces and whether you are using a
> captive portal so users have to log in. There are a few reasons why I
> think this is an ideal setup. Mainly I want to monitor bandwidth usage
> and lower P2P priority etc; and eventually plug it into some coworking
> software (e.g. my not-yet-even-alpha http://github.com/lance/planomatic)
> so that I can easily track things like 10-pass cards.
One easy way to do much of this (Captive Portal, lower P2P priority,
etc) is to just use pfSense. If you load something like dd-wrt on a
Linksys, then you can have SSIDs with different VLANs, and that will
allow you to prioritize accordingly on your router/firewall out.
I'm curious how you do the 10 pass thing. Perhaps there is something on
SourceForge already that's similar.
> I've seen the page of recommendations on the wiki -
> http://coworking.pbwiki.com/WirelessNetworkRecommendations - and
> there's a lot of good info. But I'm curious if any of you space owners
> doing something like this already? If so, what's your setup?
That URL mentions pfSense, which is the "best" firewall you can get for
the money (assuming you have a piece of hardware lying around that you
can use). pfSense also has an ntop plugin, which will allow you to see
how much of the network is being used for garbage, like torrents, P2P,
Kazaa, etc.
Will Norris
powered by WifiDog[0]. Previously, the space was just using WPA2 with
the password written up on the whiteboard. Since Citizen Space allows
for free drop-ins, that's worked fairly well. The main problem with
it is that it didn't allow for tracking the amount of usage (for
statistical, not billing, purposes). There was also a desire to have
drop-ins agree to a basic Terms of Service for liability reasons.
(The TOS[1] is a very simplified, plain-english version of IndyHall's,
with some inspiration from 37 signals, and with the confidentiality
clause reversed entirely.)
So now, the wireless network[2] is powered by two standard Linksys
routers running OpenWRT[3] and the WifiDog gateway. Instead of using
the standard WifiDog authentication server (which was a bit overkill
for what we needed), I wrote a WordPress plugin that implements the
WifiDog authentication protocol[4]. "Authentication" consists of
agreeing to the TOS, and typing in the shared wifi password, which is
still written up on the whiteboard. You can see the login page
here[5]. Right now the plugin is rather crudely written, and doesn't
capture any of the interesting data WifiDog makes available. We've
actually been having some problem with Wifidog lately, so we've had to
turn it off, but I am planning to dig into that over the next couple
of weeks. I'm fairly certain it's because we're running OpenWRT
Kamikaze instead of the more tested White Russian version.
Other plans for the WordPress plugin include expanding the
"authentication" so that users can actually login with a WordPress
account if they have one, or fill out a simple form which asks for
their name and reason why their using the space (regular drop-in, a
specific event, etc). The idea is to gather a little more data about
who is using the space, but without making it a huge barrier. Wifidog
also provides data to build graphs of how much bandwidth each
individual machine is using, though I don't have immediate plans to
build that into the WordPress plugin. As far as I know, WifiDog does
*not* give you any data about specific protocols being used, so you
can't identify BitTorrent, etc. You'd need something like pfSense for
that. There is talk of a future version of WifiDog having the ability
to throttle bandwidth for specific users. If it ever becomes a
problem, we might using something like that to give paying residents
preferential bandwidth over free drop-ins.
The code for the WordPress plugin is currently up on github[6], and
will eventually be moved to the WordPress plugin directory[7] once I
get all of the CS specific stuff out of it. Even if the plugin itself
isn't useful to you, it should at least demonstrate how easy it is to
implement a custom WifiDog authentication server for any platform you
want.
[0]: http://wifidog.org/
[1]: http://citizenspace.us/policy/terms/
[2]: http://citizenspace.pbwiki.com/Network (mostly up to date)
[3]: http://openwrt.org/
[4]: http://dev.wifidog.org/wiki/doc/developer/WiFiDogProtocol_V1
[5]: http://citizenspace.us/wordpress/wifidog/login
[6]: http://github.com/willnorris/cs-wifidog/
[7]: http://wordpress.org/extend/plugins/wifidog/
Dave Troy
choices available, and didn't like the idea of having to couple
network management with the more basic task of usage tracking.
What we settled on instead is a simple system that examines the
network for DHCP leases and ARP entries and records the comings and
goings of our community members.
On first use, members are asked to map their hardware MAC address to
their email address. This is then visualized with a Gravatar on our
network status page.
Our network is open and doesn't put any barriers to people walking in,
sitting down, and getting work done. Whenever they show up with their
devices, we know they were there and can bill accordingly.
This also has the side effect of creating a live display of who is in
the space (complete with Gravatars). You can see ours at
http://hive.beehivebaltimore.org (though no one is there right now).
I've written this app as a Rails application which you are free to
fork and modify. Ultimately we will run our billing through here but I
haven't had time to do that yet.
It's called Honeycomb and it's here:
http://github.com/davetroy/honeycomb/tree/master
We assume that the ISC DHCP server is installed on the box where the
app is running, but it would honestly run just as well relying simply
on nmap and arp.
Ping me if you have questions. I'd love to see this developed
further. In my opinion this approach is more in line with the spirit
of coworking -- respect, simplicity, ease of use -- than having to
require a bunch of passwords, port 80 authentications, etc. YMMV.
Dave
> [4]:http://dev.wifidog.org/wiki/doc/developer/WiFiDogProtocol_V1
> [5]:http://citizenspace.us/wordpress/wifidog/login
> [6]:http://github.com/willnorris/cs-wifidog/
> [7]:http://wordpress.org/extend/plugins/wifidog/
>
> On Apr 1, 2009, at 8:31 AM, lanceball wrote:
>
>
>
>
>
> > Hi all
>
> > I've just opened up a new coworking space in Asheville (htp://
> > locomotivity.com). Right now I've got a decent wifi setup with both
> > an encrypted and unencrypted network. No splash screen or anything
> > like that - you just connect and you are good to go.
>
> > I'm curious about other coworking spaces and whether you are using a
> > captive portal so users have to log in. There are a few reasons why I
> > think this is an ideal setup. Mainly I want to monitor bandwidth usage
> > and lower P2P priority etc; and eventually plug it into some coworking
>
> > I've seen the page of recommendations on the wiki -
lanceball
what you've done at Beehive Baltimore, Dave. I can't wait to poke
around in that Rails code and see what you've got going on.
Best,
Lance
On Apr 4, 2:26 pm, Dave Troy <davet...@gmail.com> wrote:
> We looked at doing a captive portal, but I wasn't thrilled with the
> choices available, and didn't like the idea of having to couple
> network management with the more basic task of usage tracking.
>
> What we settled on instead is a simple system that examines the
> network for DHCP leases and ARP entries and records the comings and
> goings of our community members.
>
> On first use, members are asked to map their hardware MAC address to
> their email address. This is then visualized with a Gravatar on our
> network status page.
>
> Our network is open and doesn't put any barriers to people walking in,
> sitting down, and getting work done. Whenever they show up with their
> devices, we know they were there and can bill accordingly.
>
> This also has the side effect of creating a live display of who is in
chris
home grown and opensource tools being used and all are very good but
they all seem to require quite a bit of work to configure. here is
the solution we are looking to roll out. First any wireless AP's will
do in this scenario but I recommend using hardware that supports both
2.4GHz and 5GHz so that slower cards don't bring down the speed of
everyone else or consider using different spectrum for say the B
protocol... just a thought there.
So here is what we are planning to roll out.
SputNik 720 which is about 230 from sputnik.com and this is used as
the gateway allowing captive portal, transactions for usage etc.
Then for the AP we are going with 2 open-mesh radios which are very
inexpensive and are also easy to conceal.
If you are interested in more details on exact hardware let me know
and if you have a space that you are currently setup to do coworking
and want it to be more reliable let me know and maybe I can help.
Chris Johnson
http://www.untangledsolutions.com Our coworking client is
blankspaces.com
On Apr 1, 10:31 am, lanceball <lanceb...@gmail.com> wrote:
> Hi all
>
> I've just opened up a new coworking space in Asheville (htp://
> locomotivity.com). Right now I've got a decent wifi setup with both
> an encrypted and unencrypted network. No splash screen or anything
> like that - you just connect and you are good to go.
>
> I'm curious about other coworking spaces and whether you are using a
> and lower P2P priority etc; and eventually plug it into some coworking
>