Captive Portal

Hi all,

I'm a monowall user, and I would like to know if the following is possible.

Could I have hotspot and VPN (PPTP Server) on same interface (WIFI Interface) ??
I would like to show a splash page to the visitors and if they need internet they have to stablish a PPTP Tunnel.
How could this be done??

Best regards to all.

Hi all,

I'm a monowall user, and I would like to know if the following is possible.

Could I have hotspot and VPN (PPTP Server) on same interface (WIFI Interface) ??
I would like to show a splash page to the visitors and if they need internet they have to stablish a PPTP Tunnel.
How could this be done??

Best regards to all.

Technically, yes, though you'll have to fiddle with the firewall and Captive Portal rules to make it work just like you mentioned.

Basically, get the PPTP up, test it, etc. Then get Captive Portal setup, but I guess since it doesn't matter for Internet access, don't bother with a username/password field. Set Captive Portal to allow anyone access just to your WAN for PPTP only (yes, that won't make any sense at first), then that is all you will need to make it work.

Basically, captive portal will allow access to PPTP on the WAN, but when they PPTP in, they will redirect through PPTP (make sure you have a firewall rule to allow PPTP outside access) and it will kind of a be a silly double rebound from CP to WAN to PPTP to WAN, but it will all be internal to m0n0wall, so you shouldn't suffer speed wise.

Thanks for your reply.

Basically what rules should I have to make this possible? I have 3 interfaces: 1 (WAN 192.168.0.x), 2 (Hotspot 10.0.x.x), 3 (Internal Network 192.168.2.x).
Where should I put firewall rules to make this to work? Anyone have done this before?

I want to implement this solution, because I need to show to casual users that they can have internet if they stablish a PPTP tunnel, because using only hotspot the web pages visited by customers travel in plain text by the air.

Best regards.

Thanks for your reply.

Basically what rules should I have to make this possible? I have 3 interfaces: 1 (WAN 192.168.0.x), 2 (Hotspot 10.0.x.x), 3 (Internal Network 192.168.2.x).
Where should I put firewall rules to make this to work? Anyone have done this before?

I want to implement this solution, because I need to show to casual users that they can have internet if they stablish a PPTP tunnel, because using only hotspot the web pages visited by customers travel in plain text by the air.

Best regards.

If encryption is what you are worried about (someone sniffing usernames/passwords over the radio) it might be easier to get a SSL certificate for the Captive Portal then having them do a PPTP session (since a lot of non-tech users probably don't know what it is or how to set one up).

Dear knightmb,

I know that it might be easier to get a SSL certificate for the Captive Portal, but I still would have hackers sniffing my wireless network, right?
Because I want to give the easiest way to connect to the wireless network, they simply turn on computer and they get connected to a captive portal with SSL showing information about the service.

At this point, the user fills the username and password and the system authenticate the user, but later, all the web pages visited, and all information travels in plain text by the air. right?

Having a dual solution, like a captive portal for show information to users, for example:
Captive portal show information and a link to download a "Client Manager PPTP Client", so the user have to download the PPTP client to stablish a connection to internet, so the information would travel by the air encrypted by PPTP, not the best encryption but at least it's better, I think.

Let me know if I'm correct and this solution it's better, or there's another solution, to hide information to sniffers. I have a WRT54G connected to Monowall.

Best Regards.