Top Level Functionality
Hotspot Key-Futures
For OpenWRT
1.1. Configuration of WIFI-Routers for
1.1.1. Use with OpenWRT / DDWRT or similar software
- using OpenWRT; there are more reasons but major is HW support,
openwrt runs better on different configurations & less resources
are needed
- liksys 54gs v1-4 would be perfect choice, or ASUS 500g v2 which we using now for testing
1.1.2. User-Authentification
- we have serverall posibilitties how to authentificate the user
- Radius
- postgresql, mysql, plain text
1.1.3. Bandwidth-Limiting on the WAN-Side of the Router
- we can do it on server side or we leave this responsibility for router itself
- qos on router or server possible
1.1.4. VPN-Tunnel to Proxy-System
- currently we are using openvpn
1.1.5. "Bullet-Proof" shielding of local network of WiFi-Hosting LAN
- firewall is installed on router and server
- we use 2048 encryption for openvpn
- with radius also TLS is ussed
1.2. Setup of Access-Control Server
1.2.1. Setup of Radius (Management)
- very easy user handling
- web guid
- user can be stored in mysql, postgresql or plain text with radius
1.2.2. Logging
- logs are stored on server
- possible to use radius accounting which is doing good job for
loggin and limiting connections
1.2.3. Integration of "known users"
- higly depends on used database
- possible imports from other systems
1.3. Setup of Proxy-Server
1.3.1. Establishing VPN-Tunnels with WIFI-Routers
- each router has his openvpn tunnel configuration
- static key can be used or certificates
- possible to setup client-to-client relations (routers will "see" each other)
- more routers can used duplicate certificate connection if required
1.3.2. Display of "lock-up" Info-Page(s) for NOT registered users
- every user need to login first
- all users see welcome page, info how to register
- multilanguage – translation can be added
- easy custom styling
1.3.3. Blacklists for Services and Hosts (import and own list)
- reqired content can be blocked based on hostname or ip
- different categories can be configured for each router
- default setting is to block all knowing harmfull ip's