[Cerowrt-devel] Suggestions/advice for captive portal on gw00/gw10?

leetminiwheat LeetMiniWheat at gmail.com
Wed Apr 8 16:40:10 EDT 2015

Sorry again, I found connlimit in iptables-mod-conntrack-extra. I'll
investigate further about a simple portal and not make it too intrusive,
just more of a warning that they're not on their (faster) home WiFi.

On Wed, Apr 8, 2015 at 4:25 PM, leetminiwheat <LeetMiniWheat at gmail.com>

> Sorry to open a can of worms, I see where you're coming from and I totally
> understand your POV. My main reasoning here is peoples mobile devices auto
> connect to my WiFi whenever it sees an open network and they don't even
> know it, when they have their own home WiFi they can use. A simple splash
> page would at least let them be more aware of it.
> Security-wise, I'd like to implement a connlimit on gw00 and gw10 so
> people can't flood my network with connections even if it's bandwidth
> limited, but still trying to figure out how to build the module.
> So, nothing special I need to be aware of in Cero's firewall rules in
> regards to captive portals?
> Thanks, and I thank you and all the contributors for all the work to make
> the internet better.
> On Wed, Apr 8, 2015 at 4:02 PM, Dave Taht <dave.taht at gmail.com> wrote:
>> On Wed, Apr 8, 2015 at 11:01 AM, leetminiwheat <LeetMiniWheat at gmail.com>
>> wrote:
>> > Sorry if this is an inappropriate place to ask this, but does anyone
>> have
>> > suggestions for a captive portal to use? And is there anything specific
>> I
>> > need to be aware of when implementing a captive portal package from
>> OpenWRT?
>> > I know Cero does firewall rules and zones a bit differently and
>> admittedly I
>> > still don't fully understand it all. I just need a simple splash page
>> that
>> > has an agree to terms type thing.
>> This is one of the few places where I have let my politics interfere
>> with the science or the perceived needs of cerowrt´s userbase.
>> There is ZERO sign that the captive portal feature has saved anyone a
>> lawsuit. It has all been a useless shuck to make wifi even less usable
>> than it already is, and create a new entry point to the wholesale
>> corruption of the public´s airspace by commercial entities like
>> xfiniti, etc and further encroachments planned by the LTE providers
>> into the 5Ghz spectrum.
>> Captive portals creates a barrier to what bob frankston calls ambient
>> connectivity[1], and for my whole life, that is what I have worked for
>> as a goal - expecting, by now, for that to happen, and for internet on
>> the move - to be essentially free, to all, with no metering, and no
>> barriers to accepting a phone or videocall or file transfer from
>> anywhere from any device on my person, anywhere there was a signal.
>> I will have no part of captive portals for cerowrt. There is at least
>> one captive portal in openwrt. Use that.
>> I am also bugged by the total insecurity built into WPA that has also
>> led to this decline in ambient connectivity over the last 10 years.
>> Anyone can capture a key exchange, or force one, to gain full access
>> to that nodes wifi traffic - and people NOT co-operating on channel
>> access and locking off their individual sessions with useless crypto
>> keys, instead of something that works, while delusionally thinking
>> they were "secure" - are helping *ruin* wifi for everyone.
>> e2d encryption is far, far saner than basic WPA2. [2]. People are
>> under the delusion that this form of crypto helps, it doesnt, all it
>> is doing is messing up the air with management frames and blocking
>> ambient connectivity.
>> Wifi is a commons. No amount of locking it down can prevent the waves
>> from escaping or interfering. All people - even the corporations
>> trying to repurpose it for their purposes - need to understand that. I
>> worked REALLY HARD in 1998-2004 to convince multiple VCs to not use up
>> this precious spectrum with another metricom - and thus, in part due
>> to that effort, we ALL have wifi, it is uncontrolled, and nearly
>> unregulated, and the world is a vastly freer better place for that.
>> And it is going to hell, because no-one understands it or cares about
>> it, enough. I have loved being freed from wires for 17 years now,
>> haven´t you? Isn´t wifi worth saving?
>> So, please, dont use captive portals. In a system with a decent and
>> secure guest network implementation, as cerowrt has, please share your
>> access with open APs or a simple shared certificate. Please
>> co-ordinate with your neighbors on channel selection - and radio
>> placement - or pool your resources to get one big fast internet
>> connect to share, fairly - now that the fq_codel technology is widely
>> available to make that transparent. Build meshy networks. Take back
>> the internet w e once had....
>> Lastly - there are only 24 hours left on this kickstarter - we CAN
>> start to take back the edge of the internet - if we can only find
>> another 12k of funding.
>> https://www.kickstarter.com/projects/onetswitch/onetswitch-open-source-hardware-for-networking
>> The same FPGA is also useful for SDR applications, but it is the pcie
>> interface and switch design - and reducing the cost from 7000 to 700
>> bucks - that is the important part of getting this board completed -
>> so that more of htb + fq_codel can move into hardware that anyone can
>> build and use.
>> There is a get one give one program that I asked meshsr to put in.
>> There are people on these lists with money, and there are those with
>> time, and it would be great if more of those people could line up with
>> each other. I put in all I could spare (8500 dollars).  I have one of
>> their high end boards, already. It´s great.
>> >
>> > Also, does anyone have a connlimit module for the 3.10-50-1 kernel? I'd
>> like
>> > to limit max connections per IP on guest wireless. Or can someone point
>> me
>> > in the right direction to build one? OpenWRT's build instructions are
>> hard
>> > to follow and/or really outdated.
>> CeroWrt is effectively dead so long as it remains unfunded. What
>> little time, funding, and energy I can spare I am pouring into
>> make-wifi-fast and openwrt chaos calmer.
>> [1] http://frankston.com/public/?n=IAC.UAC
>> [2] Take an aircap, then take it apart via wireshark:
>> https://wiki.wireshark.org/HowToDecrypt802.11
>> >
>> > Thanks
>> >
>> > P.S. Solid uptime on 3.10.50-1, and my SQM bugs fixed with latest
>> > sqm-scripts. (using ones from late march 2015) on default scripts,
>> egress
>> > wasn't getting throttled sometimes and many duplicate interfaces on SQM
>> > restarts. Also, dnscrypt-proxy packages from
>> > https://github.com/black-roland/exOpenWrt working great.
>> >
>> > _______________________________________________
>> > Cerowrt-devel mailing list
>> > Cerowrt-devel at lists.bufferbloat.net
>> > https://lists.bufferbloat.net/listinfo/cerowrt-devel
>> >
>> --
>> Dave Täht
>> We CAN make better hardware, ourselves, beat bufferbloat, and take
>> back control of the edge of the internet! If we work together, on
>> making it:
>> https://www.kickstarter.com/projects/onetswitch/onetswitch-open-source-hardware-for-networking
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20150408/28b4d46e/attachment-0002.html>

More information about the Cerowrt-devel mailing list