2
0
mirror of https://github.com/opnsense/docs synced 2024-11-05 06:00:36 +00:00
opensense-docs/source/manual/captiveportal.rst

112 lines
3.4 KiB
ReStructuredText
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

=========================
Captive portal & GuestNET
=========================
A **Captive Portal** allows you to force authentication, or redirection to a click
through page for network access. This is commonly used on hotspot networks,
but is also widely used in corporate networks for an additional layer of security
on wireless or Internet access.
.. image:: images/hotspot_login.png
:scale: 100%
--------------------
Typical Applications
--------------------
* Guest Network
* Hotel & Camping Wifi Access
* Bring Your Own Device (BOYD)
-------------------
Template Management
-------------------
OPNsenses unique template manager makes setting up your own login page an easy
task. At the same time it offers additional functionalities, such as:
* URL redirection
* Option for your own Pop-up
* Custom Splash page
.. image:: images/captiveportal_template_folder.png
:scale: 100%
---------------
Zone Management
---------------
Different zones can be setup on each interface or multiple interfaces can share
one zone setup. Each Zone can use a different Captive Portal Template or share it
with another zone.
--------------
Authentication
--------------
Secure authentication via HTTPS or splash-only portal with URL redirection to a
given page Different sources can be used to authenticate a user in a zone:
* LDAP [Microsoft Active Directory]
* Radius
* Local user manager
* Vouchers / Tickets
* No authentication (Splash Screen Only)
* Multiple (a combination of above)
---------------
Voucher Manager
---------------
OPNsense's Captive Portal has an easy voucher creation system that exports the
vouchers to a csv file for use with you favorite application. The export allows
you to print vouchers by merging them with your word or open office template and
create a good looking handout with your logo and company style.
-----------------------
Timeouts & Welcome Back
-----------------------
Connection can be terminated after the user has been idle for a certain amount
of time (idle timeout) and/or force a disconnect when a number of minutes
have passed even if the user is still active (hard timeout). In case a user
reconnect within the idle timeout and/or hard timeout no login is required and
the user can resume its active session.
--------------------
Bandwidth Management
--------------------
The Build-in traffic shaper can be utilized to:
* Share bandwidth evenly
* Give priority to protocols port numbers and/or ip addresses
See also: :doc:`/manual/shaping`
-------------
Portal bypass
-------------
MAC and IP addresses can be white listed to bypass
the portal.
-------------------
Real Time Reporting
-------------------
Basic Real Time Reporting is Integrated
* Live top IP bandwidth usage (Traffic Graph)
* Active Sessions
* Time left on Vouchers
----------------------------
Category based Web Filtering
----------------------------
By combining the Captive Portal with the caching proxy it is possible to utilize
category web filtering and block certain content for the users and by enabling the
cache reduce bandwidth and improve response times. See also: :doc:`/manual/proxy`
--------------------
Platform Integration
--------------------
Through the integrated REST API the captive portal application can be integrated
with other services. See: :doc:`/development/how-tos/api`
--------------------
Configure the Portal
--------------------
To setup a hotspot controller for business or hotel usage see:
:doc:`how-tos/guestnet`