There are a few different solutions running around out there if you have some need to run a wireless hotspot. Seeing how this is the free stuff blog, I’ll skip right over the commercial offerings, but know of course there are tons of those out there. We are responsible for providing wireless access for an entire multi-tenant office building. The goal was to have authenticated, but free, wireless internet for tenants and guests and whatnot.
We had been using the ZoneCD hotspot for quite a while. It ran on a virtual machine using a bootCD and a virtual floppy with config files, pretty small footprint, and it was a fairly stable solution. There were a couple of show stoppers with that solution that have cropped up recently. First is that it’s based on NoCatAuth which uses an annoying pop-up window to keep the user authorized against the hotspot and caused no shortage of support requests to get the stupid thing working right on strange laptops running 7 pop-up blockers.
ZoneCD was also configured to use a community authentication and configuration service, which is kind of neat and one less thing for us to worry about. The problem is that at least the free version (publicIP.net as opposed to publicIP.com, which is the paid service) is pretty much abandonware. The e-mail verification system stopped working some time ago, and now it appears the SSL certificate for the login page has expired as of Feb 2009.
Thus begun the search for a suitable replacement access point. There are a few different hotspot packages out there that offer different functionality. I looked at way more solutions than I can possibly recall and tested two different solutions, 2hotspot by Antamedia and CoovaAP.
2HotSpot is a Windows based solution which uses ICS (internet connection sharing) on a dual-homed windows XP or 2003 box. The software supports both free and paid access to your hotspot. If you require a paid hotspot, you’ll have to go through Antamedia’s payment services (paying them a cut of every transaction) or pay a fee if you wish to bring your own merchant services.
As we were rolling out free services, we didn’t require a hotspot that could handle payment options and the added overhead that went with having a deidicated Windows server to manage the hotspot. There were also a few other reasons that kept me looking around, but to be honest, I can’t remember what they were at the moment. Which brings us to:
CoovaAP is a custom firmware that runs directly on certain Linksys and other wirless routers. CoovaAP is based on a couple of different open source projects: OpenWRT for the actual router OS and Coova-Chilli to handle the hotspot duties. Coova-Chilli is the apparent successor to ChilliSpot which is a popular but no abandoned open source hotspot.
The first thing to address when going with a bult in hotspot is to make sure the router has sufficient storage and hackability to actually handle running third party software. Older incarnations of the Linksys WRT54G (revision 4 and earlier) work well for this purpose. However, Linksys downgraded the WRT line several years ago, and anything newer than revision 4 lacks the horsepower (and memory) to pull this off. Fortunately Linksys figured out they could sell the old router for more money so they rolled out the special “Linux” edition, the WRT54GL which has the same specs as the older versions of the hardware. Even the more expensive incarnation of the router can be had for under 50 bucks if you find it on sale somewhere.
The Good:
With the hardware acquired, setting up the software is painfully easy. You basically run the firmware upgrade from the Coova.org site on the router, log in, and start configuring. The firmware offers a number of different hotspot options, you can use the built in coova-chilli implementation like we did, or you can use your own ChilliSpot or WiFiDog servers. Heck you can even use FaceBook or Drupal as your authentication mechanisim.
If you go with the built-in hotspot, you have a number of options for handling user accounts. You can do a basic TOS agreememnt page with no authentication, you can allow only pre-configured users to authenticate, or you can setup a self-service registration page. Similarly, there are a few different options for where your user accounts can actually come from. The simplest option is to use a built-in flat user file, this is where self-registered users wind up. You can also use Coova’s own RADIUS/AAA service, your own Radius server (handy if you have Active Directory, but with a couple of gotchas), or even OpenID.
There are also options in the system to customize the login pages, setp a “walled garden” of allowed sites without authenticating. You can do a number of advanced features like a super-annoying top frame in all browser windows and traffic shaping when the appropriate additional components are added.
The bad:
There’s only a couple of things that really put me off about this solution. The first one is fairly minor, but it goes against completely basic security design. When you click on the link within the admin interface to view the local user database, it shows you a complete list of users with passwords in plain text. Also on the security front, there is an option to use SSL for the captive login, but it only appears to support a self-signed certificate, which means client browsers are going to freak out and throw a certificate security warning. Most providers will probably want to run simple HTTP to cut down on the panic.
The last issue I have with this thing is probably the one that really bugs me the most about a lot of open-source, and particularly Linux-based projects. Out of the box, pass-through doesn’t work for PPTP (read Windows) VPNs. After spending literally the better part of a day Googling on the subject, I gave up in utter frustration ranting about software devloped by hippies. There were two forum posts on the subject, one which was very helpful, but offered no information on how to accomplish the steps required to make this work. The other post was a quote of the first post asking if anyone could provide more info on how to follow the steps… of course there were no replies.
So… if you know the answer to this question by all means let me know, you will restore my faith in open source.
Despite its few shortcomings, CoovaAP is about as simple as it gets when it comes to setting up a wireless hotspot. I also didn’t mention that you also get to add a few advanced features to that little Linksys router thanks to the built-in functionality of OpenWRT. If you need a simple AP, and the villagers won’t hunt you down because they can’t make a PPTP VPN connection, this may be a great solution for you.
Recommendation: Buy (See what I did there, funny).
Nice information its usefulness and significance is overwhelming the way you covered all the basic necessary information is really impressive good work.
ReplyDelete