centralized coova

Geoffroy ARNOUD geo.arnoud at gmail.com
Wed Jan 9 15:12:22 UTC 2008 

Hi Lemy,

Actually, each of my hotspot has a DHCP server. And I have in my AAA server
the list of the subnets. when a user connects, I retrieve the connection
place using the Framed-IP-Address (which I use to find the subnet and then
the exact location).

Actually, we want a centralised architecture: each hotspot sets up a tunnel
to the central site, and IP connectivity is ensured for users, up to the
centralized access gateway - that can be coova.

> What do you mean with "External transparent web proxy for unauthenticatd
> users"?

What we also would like is the possibility for coova to redirect at TCP/IP
level unauthorised traffic, and not only sending a 302 redirect to the
device.

Actually, what I want to do is (I'm not strong at ASCCI-art ;)):

Hotspot-1-----+     AAA
              |      |
   ...        +----Coova------(NAT)------INTERNET
              |      |
Hotspot-N-----+      +-Squid Proxy
                     |
                                       +-Login portal
                     |
                     +-DNS

Correct me if I'm wrong. For a standard Coova deployement, when a user opens
a browser and requests www.google.com:
- He gets a HTTP-302 that redirects its browser to Coova login page (either
on coova or on the back-end).
- Once on the login page, the user enter login and password, and they are
posted to Coova
- Coova sends RADIUS requests to the AAA
- AAA Accepts the connection
- Coova opens the connection

What I would like to do is:
- User requests www.google.com
- Coova redirects (changes dest IP and TCP port) to Squid
- Squid, with a redirector chooses :
   + to server the page (free web site)
   + to send a 302 redirect to the user
- The workflow described above goes on.

I wonder if this is possible with IP tables rules?

Furthermore, I would like to do prepaid (volume and/or time based). ie:
- User connects
- AAA allocates 10 Mb and 1 hour
- Allocated volume is elapsed
- Coova requests more volume to the AAA - wihtout disconnecting the user
- AAA provides 10Mb
- Session geos on

Would it be difficult to implement?

Thanks

Geoff.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20080109/589762e3/attachment.htm>

More information about the Chilli mailing list