Today I have successfully tested out a new captive portal solution.
As many of you know, a while back we started experimenting with a new captive portal called Wifidog. It looked sexier than the tried and true NoCatAuth that we ran on our NuCabs (recycled PC routers), but we found that users didn't like Wifidog, it was confusing, it misbehaved, and we found that isn't being actively or responsively maintained. Furthermore, it suffers from a single point of failure, in that (in my experience) if the authorization server (an off-site machine) becomes unreachable, all client authentication across the whole wifidog infrastructure grinds to a halt. In short, I have grown to loathe Wifidog. Wifidog was an experiment, and that experiment succeeded in demonstrating that it sucks. In view of that suckage, we have been examining alternatives. One of those is the AlixCab project, the effort to replace all of our aging NuCab infrastructure with newer, faster, smaller, better Alix boards. We raised money and have purchased the first 10 of those and plan to go ahead with the remaining purchase of 20 more in the next few weeks. However, we will not have enough Alixes to put in everywhere we have nodes. This led to me wondering whether or not NoCatAuth would fit onto one of our Netgear WGT634U devices. They have 8 meg of flash and 32 meg of RAM. It turns out not only does it, but there is enough headroom left over for OpenVPN and OLSRd, two additional pieces of software that provide network tunneling between nodes. My first try at deploying this at a node failed about a week ago, when I found a bug in the Perl that the cross-compiling toolchain generated for the mipsel CPU. The bug caused the captive portal to fail after a few authorizations. After some investigative hacking, I found the problem and the solution and now have a working Perl and so far (knock on wood), the new image is working out at our test site. This image is slightly under 5 megabytes and includes the basic Openwrt kernel and userspace, plus: nocatauth, perl, openvpn, olsrd, snmpd iproute2, ntpclient, rsync, tcpdump. On a WGT, this leaves a little over 2 megabytes left in the jffs2 filesystem for changes. My plan is to begin replacing the rest of the Wifidog nodes with WgtCabs (WGT634Us with this image, tailored to the node). Some of these nodes have WGTs already. Those that don't will be loaned WgtCabs on an indefinite basis (so long as they remain PTP nodes, the usual basis). Not withstanding this success, the WgtCab image is stretching the hardware pretty close to its capacity and there are reasons to prefer the AlixCab, and so the AlixCab project is going ahead as well. We'll be field testing an x86 image consisting of much of the same software in the near future. Another avenue for improvement would be to replace the NoCatAuth (perl-based) captive portal with NoCatSplash (C-based). Troy Jaqua and Jason McArthur have both successfully used NoCatSplash on small devices, however there are compiling and integration issues on OpenWrt that haven't been worked out completely yet. NoCatSplash has the potential to significantly reduce the memory footprint. I guess I am just a little amazed and giddy that this NoCatAuth thing is working on a WGT at all. Questions/comments? -- Russell Senior, Secretary [email protected] --~--~---------~--~----~------------~-------~--~----~ The Personal Telco Project - http://www.personaltelco.net/ Donate to PTP: http://www.personaltelco.net/donate Archives: http://news.gmane.org/gmane.network.wireless.portland.general/ Etiquette: http://www.personaltelco.net/index.cgi/MailingListEtiquette List information: http://lists.personaltelco.net To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] -~----------~----~----~----~------~----~------~--~---
