Top Level Functionality

Hotspot Key-Futures

For OpenWRT

1.1. Configuration of WIFI-Routers for

1.1.1. Use with OpenWRT / DDWRT or similar software - using OpenWRT; there are more reasons but major is HW support, openwrt runs better on different configurations & less resources are needed - liksys 54gs v1-4 would be perfect choice, or ASUS 500g v2 which we using now for testing 1.1.2. User-Authentification - we have serverall posibilitties how to authentificate the user - Radius - postgresql, mysql, plain text 1.1.3. Bandwidth-Limiting on the WAN-Side of the Router - we can do it on server side or we leave this responsibility for router itself - qos on router or server possible 1.1.4. VPN-Tunnel to Proxy-System - currently we are using openvpn 1.1.5. "Bullet-Proof" shielding of local network of WiFi-Hosting LAN - firewall is installed on router and server - we use 2048 encryption for openvpn - with radius also TLS is ussed

1.2. Setup of Access-Control Server

1.2.1. Setup of Radius (Management) - very easy user handling - web guid - user can be stored in mysql, postgresql or plain text with radius 1.2.2. Logging - logs are stored on server - possible to use radius accounting which is doing good job for loggin and limiting connections 1.2.3. Integration of "known users" - higly depends on used database - possible imports from other systems

1.3. Setup of Proxy-Server

1.3.1. Establishing VPN-Tunnels with WIFI-Routers - each router has his openvpn tunnel configuration - static key can be used or certificates - possible to setup client-to-client relations (routers will "see" each other) - more routers can used duplicate certificate connection if required 1.3.2. Display of "lock-up" Info-Page(s) for NOT registered users - every user need to login first - all users see welcome page, info how to register - multilanguage – translation can be added - easy custom styling 1.3.3. Blacklists for Services and Hosts (import and own list) - reqired content can be blocked based on hostname or ip - different categories can be configured for each router - default setting is to block all knowing harmfull ip's