On 6/6/05, till <klimpong at gmail dot com> wrote:
> >
> > How are your locations connected? Do you have a fixed (VPN) link between
> > them?
> 
> Not at all or not yet. Both have Internet access. That's all.
> 

You'd have to have some sort of tunnel back to this central machine
that'd handle captive portal, since the internet traffic has to pass
through the m0n0wall.


> I've been searching around about this issue and I have found a post by
> someone on wifigeek.net , who had a different approach to the whole
> captive portal/authorization theme.
> 
> Check the post here:
> http://www.wifigeek.net/ftopict-145.html
> 
> Basically, this exclusivly relies on DNS and all you need to
> distribute is a DNS server which then gets the user to a website
> (online) where they sign in and then they are "ready to surf". I was
> wondering if m0n0wall could be used to accomplish the same thing.
> 

Only if you route the traffic through it.  

Honestly, at ~$200 USD per box for a WRAP board, I'd deploy two of the
things and be done with it.  Maintaining a tunnel from the sites back
to one location just to share one box for authentication is making
things far more complex than they need to be.  You'll end up spending
way more time managing that complex setup than you would a straight
forward configuration with two boxes running captive portal, and get
more reliable results out of the latter as well.  While it sounds like
a good idea to use one box for both, the technical difficulties of
getting all the traffic routed through the right places make it
impractical.

It would be interesting to see the source for that guy's DNS-based
service though.  That'd be easy enough to make work, for someone that
wanted to hack around in dnsmasq (m0n0wall's DNS caching component) to
add functionality like that.

-Chris