+ Reply to Thread
Results 1 to 8 of 8
  1. #1

    Default Hotspotzz + Hotspot + PPOE ?

    Hi,

    I have decided that working with Hotspotzz fits with my business model for a few reasons (I will let you know how it works out).

    So I have contacted them and worked out a bilateral roaming agreement, and so now I am in the process of deciding exactly what I need to do technically to implement the system.

    Primarily I am wondering if I can use normal hotspot authentication off an external radius server (freeradius linux) and activate the hotspotzz feature on the wrap APs at the same time. This would be most convenient, as then I would not be relying on hotspotzz for my local user hotspot authentication, and I could have local users that I did not add to the hotspotzz network. Also if for some reason the hotspotzz servers were unavailable my local users could still login.

    I am also planning on running fixed based customers with PPPOE authenticating from FreeRadius from some of the same APs that are offering hotspot logins and hotspotzz logins. Is there anything I should be aware of in this configuration?

    It seems like I saw a post somewhere here saying the hotspotzz was not available at the same time as some other configuration options, but I can't find it now and it might be dated information anyway so I thought I would double check.

    Hotspotzz+Hostpot+PPPOE on a wrap2? Go or no go?
    --Michael McKinsey
    FlashByte Digital
    http://www.flashbyte.us

  2. #2
    Join Date
    Oct 2002
    Location
    Nanaimo, BC
    Posts
    12,224
    Rep Power
    10

    Default

    Both servers need to control port 80, so you can use one or the other but not both.
    ..a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are,in short, a perfect match..

    Try the latest 4.4.5.7-7842 release. It fixes the 11N card reset issue.
    http://www.star-os.com/ http://www.star-os.com/store

  3. #3

    Default

    If I turn complete authentication control on my AP over to hotspotzz then I have to trust their authentication for all of my users. I am not really sure this is the best option, but I guess it is a possibility.

    Is it possible to add into the hotspotzz system a way to authenticate against a second radius server as well? I notice there is a backup server in the configuration for hotspotzz, any chance I can make that a server of my own?

    So since port 80 is the issue I imagine PPOE will still work? I could just require PPOE authentication for any user not in the hotspotzz system. That is not really what I wanted, but I guess it is a possibility I could live with it.

    If PPOE and hotspotzz will not work on the same AP then we are pretty much dead in the water as I do not want my regular customers having to log in every time they hit a website and we provide VOIP the phone boxes cannot log in a web based interface at all. This would require that I only enable hotspotzz where I do not have any regular customers, and would cut down on the coverage I could give hotspotzz dramatically.

    I am looking at the hotspotzz configuration and I do not see any of the edit page options that are present in the hotspot system, does it use the same page files from the hotspot system or is it not possible to edit the hotspotzz pages? Is there any way to see the hotspotzz pages without actually hooking up to the hotspotzz servers first?

    Do you have any thoughts on the issue? Am I being paranoid thinking I should have some local control over my authentication? I guess the primary concern would be that my changes would not be immediate when I add a user or remove one, or what my options would be if something failed in their authentication system. I am working on automated setup scripting and I am a little concerned that they might not be taking changes in real time and I really have no experience with how reliable their login services will be.

    I would like to open up every one of my APs for hotspotzz user access and not having some way to allow local users to auth and still give hotspotzz access for traveling users doesn't make much sense.

    Does anyone actually currently use "Hotspotzz" on staros equipment in a WISP scenario?

    Sorry for these rather basic questions, but I am not able to find very much of anything regarding anyones experience with the StarOS/Hotspotzz system or any documentation (the word hotspotzz does not appear in the user manual and all of the posts in these forums are theoretical discussions).

    I would be happy to write a good piece of documentation for this process if I can manage to get it all working to ease the pain of the process for the next to try.

    Thanks for taking the time to respond.
    --Michael McKinsey
    FlashByte Digital
    http://www.flashbyte.us

  4. #4
    Join Date
    Oct 2002
    Location
    Nanaimo, BC
    Posts
    12,224
    Rep Power
    10

    Default

    When we ported the Hotspotzz code for them we used their system quite a bit. It is nice and the beauty is really that you do not have to concern yourself with the details of radius authentication and that all important accounting and financial backend.

    You do lose control but if you want that control you gain the responsibility for the system. Unless they demand long term, tightly worded contracts I would say to give a whirl and see what it is like. You can always turn it off and take charge if you do not like the way things work.
    ..a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are,in short, a perfect match..

    Try the latest 4.4.5.7-7842 release. It fixes the 11N card reset issue.
    http://www.star-os.com/ http://www.star-os.com/store

  5. #5

    Default Is PPPOE and Hotspotzz Possible on the same interface?

    Actually they have a bilateral roaming agreement option that does not offer any of the billing/backend tools, the trade off for this is no money changes hands and we still do our own billing signup and run our own radius server which they also authenticate against. We offer their users access to our network and they offer our users access to theirs, no money changes hands.

    Regardless for anyone using either option there are a couple of very important issues that seem to be undocumented:

    1) Can we allow PPPOE sessions to authenticate through the same AP that is allowing Hotspotzz customers to authenticate?

    2) Can we edit the interface pages the same way we can with the standard hotspot?

    If this is not possible then I have to make major ajustments in my thinking regarding hotspotzz as bilateral roaming made lots of sense, but having to exclude my own customers from my own APs doesn't.
    --Michael McKinsey
    FlashByte Digital
    http://www.flashbyte.us

  6. #6

    Default

    I am going to spend some time with the tech people over at Hotspotzz and see if we can figure out how to get this worked out.

    I am not sure that the "hotspotzz ecoinbox" functionality that is in StarOS is actually needed for the bilateral agreement that does not use their backend software, possibly we can just authenticate against a radius server on their side and use the regular "hotspot" service configurations.

    I am still not 100% sure how we are going to get this working, but I will be happy to write a section for the manual/wiki/whatever on this once we get it working.
    --Michael McKinsey
    FlashByte Digital
    http://www.flashbyte.us

  7. #7
    Join Date
    Feb 2006
    Posts
    95
    Rep Power
    0

    Default

    Quote Originally Posted by mmc1800
    I am going to spend some time with the tech people over at Hotspotzz and see if we can figure out how to get this worked out.

    I am not sure that the "hotspotzz ecoinbox" functionality that is in StarOS is actually needed for the bilateral agreement that does not use their backend software, possibly we can just authenticate against a radius server on their side and use the regular "hotspot" service configurations.

    I am still not 100% sure how we are going to get this working, but I will be happy to write a section for the manual/wiki/whatever on this once we get it working.
    Did anything come of this? I'm looking to do basically the same thing except I have about 3 Star-OS APs (one with dual radios) that I need to deal with. So far AFAIK I could probably get it to work setting all the APs in bridge mode, and backhauling them altogether on one ethernet network (using SDSL bridges but I'm sure wireless bridging would work fine as well). Then, having two dual-ethernet Star-OS boxes that bridge between the "insecure public wireless ethernet" and our regular Internet/ethernet network.

    The HotSpot StarOS box would handle Hotspotzz (my customers and Hotspotzz') and the PPPoE staros box would handle assigning public IPs to customers who login over PPPoE, authenticated directly to my radius server where I can then assign bandwidth values etc.

    A cleaner solution would be for a way to the APs to talk to each other to cache each other's authenticated user MAC addresses (in case a user roams to another AP-- we have some spots where customers may see two APs of near equal signal strength) as well as being able to specify a different radius server for PPoE and/or PPTP connections. However, with PPPoE and public IP addresses and Star-OS you might need to route a subnet to each AP. Unless Star-OS can arp-bridge each individual IP so you can share the subnet between different APs--- all of this complication is why I'm taking the above solution and having the APs bridge to an ethernet network and having one (well, probably two) StarOS boxes act as gatekeepers.

    -Mark

  8. #8

    Default

    I ended up running into a more basic problem that overshadowed this particular issue for us so I have not gone much further with it.

    When you activate the hotspot feature in StarOS the system will only recognizes static routes for the default route out on the hotspot interface. Since I needed dynamic routing of the default gateway (OSPF) on these boxes, including being able to dynamically route out through the hotspot interface itself if the backhaul was to fail. I had to abandon StarOS for this particular use.

    Wherever we have public hotspot APs and dynamic routing we have decided to use Mikrotik boxes instead. I tried very hard to find a way to make this functionality work with StarOS but it is just not there. With Mikrotik it is a non issue it just works as expected.

    I originally considered doing a more complicated multi-machine approach similar to what you are considering, but it defeated my purpose (I was looking for a single, low cost, dual radio, pole mounted, solar powerable box to handle all of these functions).

    We did something very similar to what you are talking about for one customer location where we had a large ethernet network across a large resort property and we used simple Senao APs on a VLAN across smart switches spread around the property (all with wired trunks), then we put a single StarOS install on a PC acting as the firewall and doing all the hotspot, DHCP, etc. for all the clients connecting to the network (StarOS had no wireless interfaces). This lets people roam across the APs while staying on the same ethernet segment for all services, but this did not include any PPOE but I would assume it would work fine as well (but my assumptions have been wrong before).

    I would be a little wary of using this kind of setup for a long distance permanent customer setup because you do not handle authentication at the APs themselves, so people could freely get on the network and interfere/explore with your customers that are all behind the same firewall handling the authentication method. This was fine for our deployment in this case because these APs only serviced roaming transient connections. Of course this may be perfectly fine depending on your security requirements.

    I do not like bridging over wireless links we have had bad luck with that. We route everything wherever possible, including from one interface to another on the same StarOS box. You should make sure to verify that StarOS will bridge the protocols across it's own interfaces you are interested in serving, we have had some problems with this kind of thing.

    Good luck with your deployment, drop me an email if you want to discuss this any more off the boards.

    Michael McKinsey
    mmc@flashbyte.us
    --Michael McKinsey
    FlashByte Digital
    http://www.flashbyte.us

Similar Threads

  1. Hotspotzz Great New Feature, but Bug in Radius
    By sploit in forum StarOS™
    Replies: 7
    Last Post: 09-10-2003, 12:55 PM
  2. HotSpotzz wants your Network
    By lonnie in forum HotSpotzz
    Replies: 2
    Last Post: 04-23-2003, 12:04 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts