Skip to content

ParadropLabs/captive-portal

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
chute
chute
 
 
.pylintrc
.pylintrc
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
config.yaml
config.yaml
 
 
paradrop.yaml
paradrop.yaml
 
 
test.sh
test.sh
 
 

Repository files navigation

Captive Portal Chute

This is a chute (an app for the Paradrop platform) designed to launch a virtual WiFi access point on a Paradrop router. The WiFi network is open by default and redirects users to a configurable login page.

Learn more about Paradrop or launch this chute on your Paradrop router at paradrop.org!

Environment Variables

  • CP_AUTH_URL: URL to check in a MAC address is authenticated.
  • CP_LOGIN_URL: URL to redirect users to login.
  • CP_LANDING_URL: URL to redirect users after they are logged in.
  • CP_LOCATION: Location associated with the chute instance.
  • CP_EXPIRATION: Expiration time (seconds) for client sessions.
  • CP_ALLOW_DOMAIN: Special destination domain(s) to allow unrestricted. This should be a space separated list of domains, e.g. "example.com example.org".

The following variables pertain to RADIUS authentication and accounting.

  • CP_RADIUS_SERVER: RADIUS server address.
  • CP_RADIUS_SECRET: RADIUS server secret.
  • CP_RADIUS_USERNAME: Username for RADIUS authentication.
  • CP_RADIUS_PASSWORD: Password for RADIUS authentication.
  • CP_RADIUS_NAS_ID: NAS Identifier for RADIUS.

If CP_RADIUS_SERVER is defined, RADIUS support will be enabled, and all of these variables are expected to be set appropriately.

Current limitations:

  • The code expects authentication and accounting to use the same server address and secret at the default ports, 1812 and 1813.
  • All user sessions will be attributed to the same username and password. They can be distinguished by Calling-Station-Id (determined by MAC address) and Acct-Session-Id (determined by a counter that resets to zero at startup).

Login Flow

  1. Client device connects to the WiFi network.
  2. Most devices test connectivity by issuing an HTTP GET request, e.g. to captive.apple.com or connectivitycheck.gstatic.com/generate_204.
  3. The captive portal (CP) chute catches this HTTP request and responds with a 302 Found that redirects the user to the CP, e.g. http://192.168.128.2.
  4. The client issues a GET request to the CP.
  5. The CP issues a POST to the configured CP_LOGIN_URL with the client's MAC address and CP_LOCATION. The result is a login page with embedded client information.
  6. The CP returns this login page to the client in response to its GET request.
  7. The client displays the login page with additional assets (images, JS, CSS). These are passed through unmodified by the CP based on the Referer header.
  8. The user enters the requested information and clicks Submit, which issues a POST to the CP.
  9. The CP forwards the POST to CP_LOGIN_URL and returns the response to the client.

About

No description or website provided.

Topics

paradrop chute

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages