Captive portal radius server



  • Hi i was wondering if someone can help me please.

    I would like to configure a "captive portal radius server" . i'll explain what i am trying to achieve.

    I have multiple Draytek router's each with a Guest wifi all located in differnet locations around the country. The routers have an option to enter a "captive portal server IP". The idea is that when a user connects to the Guest WiFi they will have a splash screen which will ask then to login via "Google mail" or "facebook", (This splash screen is configured on the Draytek Router). Then once the user enters their google login or facebook login their device MAC address is to be passed over to the "captive portal radius server" and kept. This is so if that same user was to connect to another Draytek router and connect to its guest WiFi they will not need to login using google or facebook as the server will recognise that device by its MAC address.

    I am a Network specialist and have no experience in configuring linux servers.

    can anyone tell me of "Zero shell" server can allow me to do this or pfsense. I would prefer a GUI based server once installation is complete.

    Thanks in advance.



  • Hi,

    pfSense has an complete, integrated captive portal service. The needed authentication can be a simple "Click here", Voucher, or user/password. The latter can be backed by the Freeradius server package which is available.

    pfSense is not a server (software), and isn't related to "linux" at all.

    You will be needing some software that you could install on these "Draytek router" (dono what that is, what you can do with it) that can identify valid Google and Facebook acounts. You won't find that on this forum (but, it can be done of course).
    After that, you'll be needing some VPN tunnel to a centralized pfSense router "on the net". Each tunnel end up on a Captive portal interface instance. I guest his can be done.

    Btw : trying to score people's Facebook or Google account ID's has become a very, very non-popular thing to do. Find yourself a good programmer and a good lawyer, you'll be needing both.



  • @gertjan
    Hi thanks for your reply. the Draytek router allows for google and facebook auth using google API and facebook API. the idea is that on the Draytek i simply enter a captive radius server address, then that server hold the guest wifi users google or facebook login so that they dont need to re enter it if they move to anothe rlocation with another Draytek. im sure this would be legal. is it ? i have attached screenshots of the Draytek WEB GUI.0_1532098007256_a54f2b37-f05b-4bd8-ab8b-9988a96c5e6a-image.png
    0_1532098051099_ac32e5dc-3c3f-47a4-8f10-98e8c3282975-image.png
    0_1532098100446_3cfc4289-22dd-4e6f-80ee-f1519c549cb4-image.png



  • @gertjan

    The radius server would not capture their facebook or google login only the MAC address of their wireless device. but im not sure if pfsense will do that.



  • Well, you might be closer to a solution as you think.
    These Draytek router have Radius support, so, setup a centralized database - the one that among other captures the MAC - and your have what you want.
    If the Draytel will consult this data base before login (on another portal device), that I don't know.