Public WIFI

  • I have been looking for some software (not neccessarily free) that will give me some control over my public wifi access in my pub.

    Currently I just have an open network.

    I would like users to connect to wy wireless access with no WEP or WPA key, and when they open their browser be presented with a welcome page and a 'continue' button.

    I would like to include some time limits and bandwidth limits if possible.

    My router currently deals with DHCP, but I would like to move this to the new software/server as I believe this may be a quicker way of doing it - The router can take a few minutes when the pub is busy.

    I am not sure if this software is the right thing to be looking at (although google did bring me here).

    Would this software achieve any of my aims?

    What sort of computer should I look at running this on?  What platform is it meant to run on?

    Any advice would be great!


  • You're talking about the Captive Portal feature then.

    Information on choosing hardware can be found here and in the hardware forum.

    It is itself a platform, you don't install it as a package.

  • Thanks.

    Is there load balancing options in this platform?

    I have downloaded the CD Live version and tried to evaluate it, but I do not have a machine with two LAN ports at the moment, only a single LAN port and wireless.  I assume I cannot install it on this?  It failed to find ANY network ports when I tried.

    How quickly would this platform dish out IP addresses?

    Also, a little off topic, but how would people with mobile phones accessing the WIFI deal with a captive portal page?  I assume I can either have a captive portal page that blocks all traffic until you click 'ok' or 'accept', or I could simply have a captive portal page which has the disclaimers etc but no button to click, all traffic being already allowed?

    Thanks for any pointers!

    1. Yes, there's support for multiple-WANs and you can chose to load balance - do please read the easy to find feature list

    2. Yes - one wired and one wireless interface (that are supported) is sufficient.  You may want to read the sticky posts in the wireless forum and the information on hardware compatibility.  Since you've said nothing about your hardware nobody can comment.

    3. It runs DHCP - IP addresses are allocated upon request

    4. That depends on the mobile phone browser in question

  • I don't actually have any hardware at the moment - I was just wanting to evaluate on an XP machine using the live disk.  I was hoping to be able to run it on my laptop which has wireless and LAN, but have realised my CD-ROM drive has failed, or will not read anyway.

    I also tried to run it on my desktop, but this only has one LAN port, so I do not think I can install it to evaluate?  I tried and failed anyway?

    My main worry is the speed of the DHCP - I am hoping it will be quicker than the router?

    The captive page - can this be just a passive page displayed on first connection, allowing you to browse off at your wish, or does it have to be one that you click a button on?

    Sorry - I will go and have a read around, but your advice is appreciated.

  • DHCP - how quick/slow is your router at DHCP leases and how do you know it's the router and not the client?  My experience is that DHCP works at the normal speed - a couple of seconds at most.  How fast it works for you will depend on the hardware you're using and how busy your network is.

    Captive Portal - I would assume click through having never seen it.

    As for testing it - why not grab a copy of VirtualBox or a free trial of VMWare Workstation and test it in there?  You can at least then see what the screens all look like and play around.

  • @Lectrician:

    I also tried to run it on my desktop, but this only has one LAN port, so I do not think I can install it to evaluate?  I tried and failed anyway?

    What about grabbing a second LAN card from ….. anywhere !
    They are just a couple of $ - easy to install (Windows will recognize it but you won't need it) and pfSense will install, boot and be operational in a snap.

  • Thanks.

    The router installed is a Draytek Vigor 2820, and the DHCP lease can take over a minute at times when there is a half dozen or more people on, or several people trying to connect at once.  I thought this may speed things up.

    I would like to have a personalised page as default, but I am not sure if want to block any ports until someone clicks a button on that page as I think this may annoy the large number of folk who connect with their Iphones, and other WIFI enabled phones/pads/palms etc?

    The load balancing I mentioned was not so much about the bandwidth of the DSL lines (I actually have two piggy backed with the draytek router), it is more to do with allocation of bandwidth to clients?  Is this controllable?

    As I said earlier, I will find time to read through the site, but your input is valued, thanks.

    I have managed to borrow a second LAN card so will give the live CD system a go.

    I am not 100% techie - When using the live CD system, how are the variable settings saved?  Simply into the RAM?  I assume when installed onto the local disk that these variable settings are saved to disk?  Sorry if that is a really stupid question!

    1. It should be faster than a minute, but if you buy the cheapest hardware you can you'll get the lowest performance.

    2. The whole point of Captive Portal is to require some form of interaction before people can access the Internet.  Either you want that, and the issues that may come with it, or you don't…  ISTR you can whitelist MAC addresses, but I'd still question why you want to use Captive Portal at that point.

    3. That's not load balancing but Traffic Shaping

    Live CD - settings aren't saved anywhere, but you can save them to floppy.  With a full install settings are saved to disk.

  • The captive portal is more wanted as a 'welcome to our WiFi' type of thing.

    The Draytek Vigor was recommended as a decent router to use - and wasn't cheap >:(

    I will look into traffic shaping and see if the captive portal can do a simple "welcome" type message.


  • I'm not a fan of the idea of using the pfSense box with a wireless adapter.  I'd recommend you use 2 wired NICs, hang the AP off the LAN side (in a LAN port, not the "uplink" port/s), disable the DCHP, and set the APs gateway as the pfSense box.  It would simplify your monitoring a great deal when it gets sets up.  It'll also give you some better performance by not cutting the dedicated AP out of the picture.  Before anyone flames, when I say "performance" I'm mostly concerned about range and signal strength.

    And don't worry about the install, it is extremely easy.  Especially if this is all you're doing.  You'll spend more time making the captive portal page look like you want than setting up the captive portal, traffic shaping, DHCP, configuring the NICs, and setting up the router.

  • @Lectrician,

    I am using pfSense on two boxes, Atom dual core Jetway ITX motherboards just FYI, for public wifi access using DHCP and the Captive Portal. The reason for two is different physical areas or a large resort.

    I can assure you that DHCP is very fast. I have a welcome screen with a disclaimer and users must enter a password, which changes frequently. I have one set of users, guest, and they all share the same password. In the HTML of the disclaimer, I have hidden the user 'guest' and that is sent as the user.

    You can have many different named users or just one user shared among hundreds of users with one password.

    I dumped two Intelinet GuestGate Captive Portals for pfSense and I am very happy that I went this route. Read the guides and docs and read the info on the forums on Captive Portal and DHCP. It simply works and has worked very well.


  • Thanks for the input guys.

    @Capnsteve - I only wanted to use a computer with the LAN and WIRELESS card to evaluate, not for the install.  I will be getting a new PC for this if I go ahead.

    @Johnjces - Do you know if I could have a welcome page without any authentication at all?

  • Looking at the Captive Portal configuration screen there is a tick box for "No Authentication".

  • OK guys, I have demo'ed the software on my PC now with two LAN cards.

    It is all fairly straight forward which is great.

    It is very slow at opening initial web pages, but I assume this is because it is running as a LIVE CD version?

    I setup a captive portal, and can have a simple 'click to continue' button.

    Do all ports get blocked before pressing the 'click to continue', ie pop3 etc?

    I cannot find away to use the captive portal to simply display a page without the button - I could add javascript to auto-submit the form, but there is likely to be issues with clients not having javascript, especially if using mobiles with WIFI.  Anyone know of a way to simply re-direct to a default home page when first opening the browser?

    Thanks for the support.

  • The easiest way to do what you describe is to set a redirect URL in the captive portal.  Then you can set the username and password type to "hidden" in the html so that they don't display.  Then make your "welcome" page with the "Submit" or "Continue" button or whatever you want to name it.  Its not exactly what you describe, but should give a solid user experience all the same.

    And for blocking, you'll pretty much have anything WAN side blocked off prior to hitting the "submit" button.  But, this is probably a good idea to have so you can put some Terms of Use up to cover your own butt.

  • Thanks.

    That is exactly how I set it up in the end.

Log in to reply