OpenBSD Journal

wicap - a captive portal that doesn't suck

Contributed by jose on from the wireless-portals dept.

Mike Ray writes : " Not exactly new, but unmentioned here

http://www.geekspeed.net/wicap/ "

I had a look at this, and it's pretty neat. Basically you can create WiFi gateways and portals using a very simple system. Perfect for coffee shops, university systems, or any urban system. And you can do this on a budget. Thanks, Mike.

(Comments are closed)


Comments
  1. By Anonymous Coward () on

    wicap - a captive portal that doesn't suck

    Copyright 2002 Brian Caswell . A license will be included later.


    Well, it's gone more than a year, gleaned from the .tar.gz file. Stil no license.

    Comments
    1. By Anonymous Coward () on

      knowing cazz it will probably be BSD licensed. You might want to send him a reminder.

      contact him at: bmc_AT_snort_DOT_org

    2. By Anonymous Coward () on

      authpf ?

      Comments
      1. By RainBrain () thrashbsdass@antisocial.com on mailto:thrashbsdass@antisocial.com

        I may be missing the point here, but wicap seems to have been designed to do what it does with a minimum of fuss to the user.

        Although authpf is an excellent tool for securing wireless access points, you'd still have to get the user (who could be anyone from Dennis Ritchie to your recipe-searching-but-technically-clueless mother; while I'm on it, technically savvy support staff might not be on site to help users with their questions, either) to install and correctly configure an SSH client. Not the hardest thing in the world, but, well, if you've never worked a help desk...

        Both systems have their advantages; I think that a slightly modified wicap that has a legal notice that does some CYA for the access provider would be a good alternate default for the system.

        Comments
        1. By RainBrain () thrashbsdass@antisocial.com on mailto:thrashbsdass@antisocial.com

          Umm...ignore that last paragraph. God only knows what I was thinking while typing it.

  2. By earx () on

    you just need an AP that is more powerfull
    ( a powerfull prism card with hostap on a notebook ) the same ssid and ur captiv portal (a webpage clone of the commercial one), all the constumer come to your AP and you take the login and password with a little php script.

    Yes it sucks !

    Comments
    1. By Anonymous Coward () on

      uh, its called SSL key verification.

      This problem was solved a long time ago.

      Comments
      1. By earx () on

        if you are the captive portal and the client is connecting for the first time, SSL doesn't help you,
        even if the client is the connecting for the first
        all morons will clik "continue".

        Comments
        1. By Anonymous Coward () on

          I think you need to get a clue or learn how to make words into useful sentences.

          I'm not sure how SSL doesn't help people who are "connecting for the first".

          Which "continue" are you referring to? One that says something along the lines of, "Establishing SSL connection, click continue to proceed."? Or the one that bitches about your certificate being self-signed?

          all morons will clik "submit"

    2. By Anonymous Coward () on

      "ur captive portal"

  3. By Brian Caswell () bmc@shmoo.com on http://www.shmoo.com

    I started writing wicap when I thought I might be able to start a business building wireless hotspot computers.

    The code works, but its not 100% feature complete. I never got around to porting it to anything but pf. Other than that, it works rather well. :)

    I here by officially change the license to BSD style licensing with the advertising clause. I'll try and put out a release soon.

  4. By Gimlet () on

    I just set up something similar at my university, using a nearly-default install of OpenBSD 3.3. You'll need to enable dhcpd and httpd, and to set named to return a bogus IP address of itself. Our authentication method uses a Perl module, so I had to disable httpd's chroot jail.

    When a user fires up their browser, they're forced to sign in with their SSO, which gets authenticated against our (shudder) Active Directory, so they can grab our Cisco VPN client. Then they can wing in on an IPSec connection and have net access.

    Not exactly the same, but hey, at least it's secured. And it's practically a base install. Whee.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]