GitBook: [#3] No subject

configuration-examples/device-feature-configuration-examples/captive-portal/README.md

@@ -0,0 +1,56 @@
+---
+description: TIP OpenWiFi 2.0
+---
+
+# Captive Portal
+
+OpenWiFi supports multiple models for Captive Portal. A built-in captive portal is described below. With multiple overlay tunnel services such as GRE and L2TP in addition to VLAN features, OpenWiFi is also easily deployed with any number of Captive Portal appliance solutions in either in-band or out-of-band style deployments.
+
+## Local Captive Portal
+
+Creating a local captive portal involves associating the "captive" service with an interface. In the example below, "captive" is enabled on a downstream role interface. Any associated SSID on LAN side of this Access Point will be subject to configuration of the local captive portal. This would also apply to LAN interfaces if also associated with "captive".
+
+```
+        {
+            "name": "captive",
+            "role": "downstream",
+            "captive": {
+                "max-clients": 32,
+                "gateway-name": "Lobby Wi-Fi Welcome",
+                "upload-rate": 10,
+                "download-rate": 20,
+                "upload-quota": 300,
+                "download-quota": 300
+            },
+            "ipv4": {
+                "addressing": "static",
+                "subnet": "192.168.2.1/24",
+                "dhcp": {
+                    "lease-first": 10,
+                    "lease-count": 100,
+                    "lease-time": "6h"
+                }
+            },
+            "ssids": [
+                {
+                    "name": "Office Lobby Wi-Fi",
+                    "wifi-bands": [
+                        "5G",
+                        "2G"
+                    ],
+                    "bss-mode": "ap",
+                    "encryption": {
+                        "proto": "none",
+                        "ieee80211w": "optional"
+                    },
+                    "roaming": {
+                        "message-exchange": "ds",
+                        "generate-psk": true
+                    }
+                }
+            ]
+        }
+    ],
+```
+
+Local captive portal will redirect to a default landing page and display the name as configured in "gateway-name". Per associated user bandwidth and usage quota limits and total association limits may all be defined.

configuration-examples/device-feature-configuration-examples/captive-portal/external-captive-portal.md

@@ -0,0 +1,107 @@
+---
+description: TIP OpenWiFi 2.0
+---
+
+# External Captive Portal
+
+When an external access controller, such as a captive portal appliance or a Universal Access Method (UAM) redirector is required to handle subscriber login, OpenWiFi optionally supports builds that include use of CoovaChili. This would be found in build profile chilli-redirect.yml.
+
+To configure a CoovaChilli service, OpenWiFi supports the `"third-party"` schema definition.
+
+Through the use of third-party, many configurations are possible, for external captive portal, third-party will process a services lookup of `"chilli-redirect"` applied to an interface.
+
+Within `"third-party"` will be the necessary CoovaChilli configuration parameters.
+
+```
+"third-party": {
+                "chilli-redirect": {
+                        "uamport": 3990,
+                        "radiusauthport": 1812,
+                        "radiusacctport": 1813,
+                        "radiusserver1": "radiusServerIP",
+                        "radiusserver2": "radiusServerIP",
+                        "radiusnasid": "nasID",
+                        "uamallowed": "allowed.example.com,10.0.0.1,192.168.10.1",
+                        "uamdomain": "exampleUAMdomain.com,otherExampleUAMdomain.com",
+                        "defidletimeout": 900,
+                        "definteriminterval": 600,
+                        "acctupdate": 1,
+                        "uamserver": "https://portal.example.com/portal/default/index.php?n=NAME&c=3&l=181",
+                        "radiussecret": "radiusSecret",
+                        "nasmac": "00:01:02:03:04:AA"
+                }
+        }
+```
+
+## NAT Mode
+
+Associate to an interface:
+
+```
+{
+            "name": "LAN",
+            "role": "downstream",
+            "services": [ "ssh", "chilli-redirect" ],
+            "ethernet": [
+                {
+                    "select-ports": [
+                        "LAN*"
+                    ]
+                }
+            ],
+            "ipv4": {
+                "addressing": "static",
+                "subnet": "192.168.1.1/24",
+                "dhcp": {
+                    "lease-first": 10,
+                    "lease-count": 100,
+                    "lease-time": "6h"
+                }
+            },
+            "ssids": [
+                {
+                    "name": "Hotspot SSID Name",
+                    "wifi-bands": [
+                        "2G", "5G"
+                    ],
+                    "bss-mode": "ap"
+                }
+            ]
+        }
+```
+
+## Bridge Mode
+
+In the above example, captive portal redirection occurs via a NAT interface on LAN side or `"downstream"` role.
+
+When a direct to WAN presentation, or bridge mode operation is desired, associate the service to the `"upstream"` interface.
+
+Associate to an interface:
+
+```
+"interfaces": [
+        {
+            "name": "WAN",
+            "role": "upstream",
+            "services": [ "chilli-redirect" ],
+            "ethernet": [
+                {
+                    "select-ports": [
+                        "WAN*"
+                    ]
+                }
+            ],
+            "ipv4": {
+                "addressing": "dynamic"
+            },
+            "ssids": [
+                {
+                    "name": "Hotspot SSID Name",
+                    "wifi-bands": [
+                        "2G", "5G"
+                    ],
+                    "bss-mode": "ap"
+                }
+            ]
+        },
+```