OpenWiFi
2.1.0
2.1.0
  • OpenWiFi Release 2.1
  • Ordering OpenWiFi APs
  • Getting Started
    • Cloud Discovery
      • Discovery without Cloud
    • Release 2.0 SDK
      • Deploy using Docker Compose
      • Deploy using Helm
    • Access Points
      • Local Device Settings
  • Provisioning
    • Data Model Introduction
    • Creating a Configuration
  • User Interface
    • Devices
      • Commands
      • Statistics
      • Command History
    • Firmware
  • API
    • OpenAPI Definitions
  • Monitoring
    • ELK Integration
  • Configuration Examples
    • Basic Device Provisioning
      • Bridge Mode SSID
      • NAT Gateway Mode SSID
      • Multi-VLAN SSID
    • ExpressWiFi
    • WDS
    • Mesh
    • Roaming RRM and SON
    • Captive Portal
      • External Captive Portal
    • Multi-PSK (MDU Shared Key)
    • Dynamic Air-Time Policy
    • VxLAN
    • L2TP
    • GRE
    • RADIUS Authenticated SSID
      • Dynamic VLANs with RADIUS
    • Passpoint®
      • Configuration Introduction
      • Advertising Services
      • Passpoint® Configuration
    • Switching
      • Port Speed
    • Metrics
    • P4
    • Services
Powered by GitBook
On this page
  • NAT Mode
  • Bridge Mode
  1. Configuration Examples
  2. Captive Portal

External Captive Portal

OpenWiFi 2.1

When an external access controller, such as a captive portal appliance or a Universal Access Method (UAM) redirector is required to handle subscriber login, OpenWiFi optionally supports builds that include use of CoovaChili. This would be found in build profile chilli-redirect.yml.

To configure a CoovaChilli service, OpenWiFi supports the "third-party" schema definition.

Through the use of third-party, many configurations are possible, for external captive portal, third-party will process a services lookup of "chilli-redirect" applied to an interface.

Within "third-party" will be the necessary CoovaChilli configuration parameters.

"third-party": {
                "chilli-redirect": {
                        "uamport": 3990,
                        "radiusauthport": 1812,
                        "radiusacctport": 1813,
                        "radiusserver1": "radiusServerIP",
                        "radiusserver2": "radiusServerIP",
                        "radiusnasid": "nasID",
                        "uamallowed": "allowed.example.com,10.0.0.1,192.168.10.1",
                        "uamdomain": "exampleUAMdomain.com,otherExampleUAMdomain.com",
                        "defidletimeout": 900,
                        "definteriminterval": 600,
                        "acctupdate": 1,
                        "uamserver": "https://portal.example.com/portal/default/index.php?n=NAME&c=3&l=181",
                        "radiussecret": "radiusSecret",
                        "nasmac": "00:01:02:03:04:AA"
                }
        }

NAT Mode

Associate to an interface:

{
			"name": "LAN",
			"role": "downstream",
			"services": [ "ssh", "chilli-redirect" ],
			"ethernet": [
				{
					"select-ports": [
						"LAN*"
					]
				}
			],
			"ipv4": {
				"addressing": "static",
				"subnet": "192.168.1.1/24",
				"dhcp": {
					"lease-first": 10,
					"lease-count": 100,
					"lease-time": "6h"
				}
			},
			"ssids": [
				{
					"name": "Hotspot SSID Name",
					"wifi-bands": [
						"2G", "5G"
					],
					"bss-mode": "ap"
				}
			]
		}

Bridge Mode

In the above example, captive portal redirection occurs via a NAT interface on LAN side or "downstream" role.

When a direct to WAN presentation, or bridge mode operation is desired, associate the service to the "upstream" interface.

Associate to an interface:

"interfaces": [
		{
			"name": "WAN",
			"role": "upstream",
			"services": [ "chilli-redirect" ],
			"ethernet": [
				{
					"select-ports": [
						"WAN*"
					]
				}
			],
			"ipv4": {
				"addressing": "dynamic"
			},
			"ssids": [
				{
					"name": "Hotspot SSID Name",
					"wifi-bands": [
						"2G", "5G"
					],
					"bss-mode": "ap"
				}
			]
		},

PreviousCaptive PortalNextMulti-PSK (MDU Shared Key)

Last updated 3 years ago