Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
https://wiki.ipfire.org/configuration/network/captive
Tartalomjegyzék
Initial Setup......................................................................................................................................2
Terms & Conditions....................................................................................................................2
Coupons......................................................................................................................................2
Exporting Coupons as PDF....................................................................................................3
Branding...........................................................................................................................................3
Examples.....................................................................................................................................4
Access Control.................................................................................................................................4
Revoking Access for a single client............................................................................................4
Using the BLUE zone for your Captive Portal................................................................................4
IPFire as a Wireless Access Point...............................................................................................5
3rd party Wireless Access Point..................................................................................................5
FAQ.............................................................................................................................................5
Can the Captive Portal be combined with the web proxy/URL filter?...................................5
Are there any legal obstacles?................................................................................................5
Security Considerations..............................................................................................................5
With the help of our Captive Portal all new or temporary network clients have no access to your
network but it is easy for you to manage the access to your network. If you regulate the access to
your guests' wifi with the captive portal you can renounce the encryption under certain
circumstances.
Initial Setup
There are two different ways to give a client access to the system. it is possible to change the
authorization method during operation without loosing access of the already authorized clients.
The Captive Portal can be activated for the green and blue zones.
Coupons
If you choose coupons as your way of authorisation you are able to generate one or more coupons
with a lifetime from one hour to multiple months and unlimited, too. Every coupon can only used
once and coupons with different lifetimes can be created at once.
This is recommended to be used in a hotel or similar scenario with a smaller number of known
users.
Branding
To customise the Captive Portal to your corporate design and make it recognised by your users, you
can set the highlight colour to your brand colour and upload a background image which can also
contain a logo.
You should also enter your company name so users know that they are connecting to the correct
network.
Examples
Access Control
Revoking Access for a single client
You can just remove the client from the list of authorized clients. Internet access is stopped
immediately.
Any clients that have been expired will automatically be purged once a day.
FAQ
Can the Captive Portal be combined with the web proxy/URL filter?
Yes. Just configure the URL filter as usual and consider sending the proxy configuration via DHCP
to each client.
Security Considerations
Giving access to untrusted people can be dangerous. Please make sure that you do not configure any
firewall rules that allow access to parts of the network where those people should not have access.
They will however have full access to the network zone the captive portal is being operated in and
they will also have access to other clients on the network. This is because traffic from one client to
another one is not passing through the firewall.
The Captive Portal gives limited DNS access before the client has been authorized to use the
network. That is to allow network connections to come up and to let the web browser open a
website which will then be redirected to the Captive Portal's authentication page. We have a
bandwidth limiter in place that will throttle the number of DNS queries that can pass so that DNS
cannot be used to tunnel any other network traffic1).