[ previous ] [ next ] [ threads ]
 From:  "Lee Sharp" <leesharp at hal dash pc dot org>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Hotspot/radius using m0n0 captive portal: does this setup seem sensible?
 Date:  Tue, 28 Mar 2006 11:45:38 -0600
From: "Tim Vaughan" <talltim at gmail dot com>

> I've been asked to help install a large wireless network at a
> community education project I volunteer at.  My current plan is to use
> m0n0wall with a switch connected to the DMZ interface.  Coming off the
> switch will be several WRT54Gs with the network cable plugged into one
> of the LAN ports, making them all transparent bridges.  The plan is
> that anyone can choose the strongest wireless connection and will then
> authenticate via the captive portal on the m0n0wall with its own
> RADIUS server.
> Is this a sensible setup?  It seems to me to be the simplest way of
> covering a large area with a wireless network and still permitting
> authentication and user management.
> Any better ideas would be gratefully received!

First, WRT54G is a lot of different things.  Will you be using stock 
firmware?  If so, it will work fine.  If not, do not use the seavsoft 
firmware!  It will not work with captive portal.  dd-wrt firmwares work 
fine.  I use tofu.

Second, it may seem obvious, but you will need to turn off the WAN port, and 
only use the lan ports.  If you NAT and route through it, only the first 
person will log in, and everyone after them is free.

Now the new custom firmwares can do a lot, including captive portal against 
radius.  However, then to not give all of the support options of m0n0wall. 
I love being able to VPN into the network and fix stuff.  The logs in 
m0n0wall are very good for troubleshooting.  This is why I have about 25 in 
production with APs behind them.