A "captive portal" style network authorization system.

Copyright 2009 The University of Wisconsin Board of Regents
written by: Dale W. Carder
email: "dwcarder on a server called"
Network Services Group of the Division of Information Technology at the University of Wisconsin at Madison

Current Features:

Future things it would not be hard to modify this platform to do:

Download, Documents, and Stuff

captivator-1.01.tar.gz is released!

Feel free to try it out, let me know how things go for you. Please email me if you have any questions/comments, etc. We are currently running 1.01 on our production fleet of 14 captivator firewalls serving thousands of unique wireless users. As always, bug fixes, contributed code, etc are accepted. All bugs written by me.

Changes from version 1.0 to 1.01 include a sysv style init script, better database schema, radius accounting, and web page templates. 1.01 also includes hooks to include a more granular approach to authentication and authorization.
Changes from version 0.99rc3 to 1.0 include setting syslog facility name, and including a basic admin cgi script to query sql data as part of the distribution.
Changes from version 0.99rc2 include, runs in perl taint mode and does better input validation.
Changes from 0.99rc1 include distribution cleanup, better config file and init system. No change in main logic.
Changes from 0.98 include two bugfixes: detecting users who are logged in twice, and the addition of expiring all users off the system.

Installation instructions for captivator
Browse the release
More Documentation
Even More Documentation
Download captivator-1.01.tar.gz

System overview diagram
Origional design document
Example of setting up Linux trunking and bridging
Example of setting up Linux layer 2 firewaling.
Example of setting up Linux firewall rules for Captivator-gw management and redirection.
Example of setting up Apache for Captivator-gw.
My design requirements for our campus-wide wireless service.

Mailing List

Subscription to the captivator mailing list requires approval by the list moderators, but anyone interested is welcome to join. Posting to the list is only open to list members, but the archives are public. These measures are simply to help prevent spam.

List Archives


Various freely available previous work contributed to this design, such as NoCatAuth and PacketFence. This project did not stem from NIH (not invented here) syndrom but rather was developed because of the need for features (like multicast, ipv6, vlans, distributed environment with centralized headend) that other packages and vendor solutions didn't have or charged obscene amounts for. Inspiration for this project is "wirelessd/Dchain" by Paul Oliphant, et. al. from the Computer Aided Engineering (CAE) Center at the University of Wisconsin at Madison.

Why Captivator-gw

Captivator-gw was origionally written to meet some immediate needs of the University of Wisconsin at Madison. We recognized the need for a "captive portal" solution to be part of our campus-wide 802.11g rollout, as well as for public access data jacks such as those found in classrooms, conference rooms, and libraries.

We looked at vendor solutions. They were not innovative, didn't support features we needed, had shoddy implementations (this is 2005 folks, we're not going to run DVMRP, nor do we allow our packets to flow through anything without SNMP) , needed work for integration into our systems though their strange API's, and they all cost way too much for what you get (espeicially for stupid head-end boxes which is just yet another thing the NOC has to deal with).

We were looking at deploying this service on about 180 networks (each one is a vlan), basicly one per building. Based on geographical and fiber plant constraints we would need to deploy at 13 sites. Take the vendor pricing, multiply by 13, and see for yourself if the vendor solutions are worth it for you. We were happy to save taxpayers the money.

We needed a layer-2 solution so we can continue to support complex protocols like multicast without dealing with routing on linux. We wanted some decent reporting tools that we can develop and integrate into our systems. We wanted a system that can support ipv6 in the near future, as well as whatever else we'll cook up (see the futures list). Thus, Captivator-gw was born.

$Id: index.html,v 1.10 2005/10/19 17:20:16 dwcarder Exp dwcarder $