From owner-freebsd-net@freebsd.org Sun Jan 7 18:04:32 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 963FDE78BB8 for ; Sun, 7 Jan 2018 18:04:32 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) Received: from relay2.tomsk.ru (mail.sibptus.tomsk.ru [212.73.124.5]) by mx1.freebsd.org (Postfix) with ESMTP id 0CA9170D8C for ; Sun, 7 Jan 2018 18:04:30 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) X-Virus-Scanned: by clamd daemon 0.98.5_1 for FreeBSD at relay2.tomsk.ru Received: from [212.73.125.240] (HELO admin.sibptus.transneft.ru) by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.16) with ESMTPS id 39907671; Sun, 07 Jan 2018 23:59:40 +0600 Received: from admin.sibptus.transneft.ru (sudakov@localhost [127.0.0.1]) by admin.sibptus.transneft.ru (8.15.2/8.15.2) with ESMTP id w07I4QMT046863; Mon, 8 Jan 2018 01:04:28 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) Received: (from sudakov@localhost) by admin.sibptus.transneft.ru (8.15.2/8.15.2/Submit) id w07I4M14046862; Mon, 8 Jan 2018 01:04:22 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) X-Authentication-Warning: admin.sibptus.transneft.ru: sudakov set sender to vas@mpeks.tomsk.su using -f Date: Mon, 8 Jan 2018 01:04:22 +0700 From: Victor Sudakov To: Freddie Cash Cc: freebsd-net Subject: Re: Fwd: Re: Quasi-enterprise WiFi network Message-ID: <20180107180422.GA46756@admin.sibptus.transneft.ru> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: AO "Svyaztransneft", SibPTUS X-PGP-Key: http://www.dreamwidth.org/pubkey?user=victor_sudakov X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jan 2018 18:04:32 -0000 Freddie Cash wrote: > > > > I'm trying to setup a quasi-enterprise WiFi network for mobile > > devices. This will be a solution for a public library with the only > > requirement that guest users should get personal credentials for WiFi > > access from a librarian (not a shared PSK for everyone). > > You don't *need* RADIUS for this, although it may make some things easier > in some setups. > > All you need is a separate vlan for the "guest" wireless clients to connect > to, at the default gateway for that vlan to the FreeBSD machine, and use > firewall rules to redirect all "new" devices to a local Apache setup (new > meaning you don't know the MAC address). > > In Apache, you use mod_rewrite rules to change the requested URL to a local > webpage where you display your rules and whatnot, along with the login What you are suggesting is essentially a hand-made captive portal. I would be grateful for your mod_rewrite rules, but this will be a last resort. AFAIK there are implementations of a captive portal in M0n0wall and pfSense. I've also seen howtos like https://www.unixmen.com/freebsd-10-1-x64-wifi-captive-portal/ But if I can, I'd try a pure WiFi solution first, of course if it exists. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859