Answer the question
In order to leave comments, you need to log in
Public Wi-Fi, how to restrict access for “outsiders” and authorization of “own” users?
Good day!
There is a building, wi-fi is distributed throughout the building without a password for tenants. Recently I started receiving emails from the ISP complaining about spam from our external Wi-Fi IP. And it seems that, according to the law, we now cannot provide "anonymous" access to the Internet to everyone. Based on this, it is necessary to somehow restrict access (next to the building there are some other offices and parking lots, I walked around the perimeter with a tablet, there is a signal almost everywhere). How to make some kind of authorization, at minimal cost and as simply as possible, without constant participation in this process, because the object is far away (100+ km) and it is often not possible to go there, and from me, the network manager, like a swimmer from an ax, is forced to do this as add. load to the main work indirectly connected with networks.
Now the details:
The distribution of the Internet happens like this, the link from the provider goes to the proxy with IpFire on board, there is Squid in transparent mode and DHCP, from the computer with ipfire there is a link not a switch, but from it to access points MikroTik RBSXTG2HnD I
put all this for about 1.5 years back and there were no problems with hardware or access, everything works without problems.
What do we have from the data on tenants:
And we all have.
Organization name or full name entrepreneur, TIN, mobile numbers for communication, all this is stored in 1C, but the solution should not be in any way connected with 1c, from there you can only upload tenant data that can be used for authorization.
I would be grateful for suggestions on how to resolve this issue, preferably with good instructions.
Peace for everyone!!!
PS
The MAC binding option is not suitable, since everyone has a bunch of tablets, computers, smartphones.
The tenants themselves are ~~150, sometimes new ones appear.
PS2 It is possible to pay for your help/consultation
Answer the question
In order to leave comments, you need to log in
Sometimes people lose track. Do you need instructions with pictures? Or maybe make it into a video? RADIUS server is in your teeth. Find out for yourself next
Contact me on Skype. We will raise your radius, then the boom will throw the answer here =)
They did everything.
ipfire has everything you need: Apache, PHP, SQLite (to store user data).
In short: you need to configure iptables to redirect traffic to the captive portal ( configuration example ).
Separately, it is worth mentioning the redirect to the captive portal.
RFC 6585 has a special section on Issues Raised by Captive Portals . It is important to note that it is not enough to use the 511 response code , but also disable keep-alive.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question