Recently I’ve got a lot of questions about how exactly EasyHotspot works ? What happens behind the system ? and how FreeRadius, Captive Portal etc works and talks to each other ?
In this post I will try to answer that question in a simple way.
In order to make a hotspot billing system, we need this following stuff :
Web server + Server side script engine
Web server and server side script (cgi/php) is used for user authentication and database management. In this case we can use Apache and PHP, or if you want, you can use Ruby on Rails. In EasyHotspot nano, we’re using Ruby on Rails for our web front end. It gives us more power and flexibility to adapt and the develop the system.
As you may already know, the database will store all of your users / settings infomation. In this case we can use MySQL.
AAA stands for “authentication, authorization and accounting”. This guy will handle the authentication + authorization. It can also be used to log requests.
In this case, we will use FreeRadius + MySQL duo. FreeRadius will act as the AAA server and MySQL will be the database for FreeRadius. FreeRadius will store all of the accounting information to MySQL, and it will check for the authentication and authorization information from MySQL.
A Captive portal is like a gateway, it will connect users to the internet. But before it allows users to access the internet, it will first ask the AAA server if its ok to forward the request (to let the users access the internet) ?
The Captive portal is also responsible to perform the authorization/authentication activity. But don’t get me wrong, captive portal only ask and accept what the AAA server says. We can use Chillispot CoovaChilli as a captive portal.
Real life example
ok, heres the “real life” example on how the system works :
Assume Mr. Van Persie is our WiFi customer.
- Mr. Van Persie connects to your wireless network with a laptop.
- He open his browser and then tries browse to the internet.
- Before he can connect to the internet, the Captive Portal checks if Mr. Van Persie’s laptop is authenticated.
- Since his laptop is unauthenticated, the Captive Portal then redirects him to the Login Page.
- Now he must enter the username and password to authenticate himself.
- The Username/Password can be found on the FreeRadius database table.
- After he has entered the login info (username/password), the Captive Portal will create an authentication request to FreeRadius.
- FreeRadius then checks if the request is valid by checking the login information, which is stored in MySQL Database.
- If the information is correct (found it the MySQL table), FreeRadius will continue to the next step, otherwise FreeRadius will simply “reject” the request.
- The next step is checking whether this account is still valid., again if it has expired then FreeRadius will send a reject signal to the Captive Portal.
- If it’s valid, FreeRadius then checks the “attributes” for this account, such as connection speed, valid time, bandwidth limit, idle time out etc!
- If everything going fine, FreeRadius then says “OK this user is valid and this is his attributes” to the Captive Portal.
- After sending the access accept signal, FreeRadius then records the usage to the database!
- Captive Portal then allows Mr. Van Persie to connect to the internet WITH all the authentication attributes from FreeRadius.
- The Captive Portal will remember the attributes for him, if for example one of the attributes is time limit, the captive portal will remember the time limit for the user to access the internet.
- Once Mr. Van Persie has accessed the internet according to the given time limit, the Captive Portal will automatically disconnect him, then when he tries to browse the internet again the Captive Portal will request a Username and Password again to allow him to access the internet.
That’s a simple explanation on how a Hotspot Billing System works., i hope you found it useful
Cant wait to build your own hotspot ? check this out :