View previous topic :: View next topic |
Author |
Message |
Blide
Joined: 24 Feb 2004 Posts: 14 Location: Texas
|
Posted: Tue Feb 24, 2004 4:37 pm Post subject: Free Access - Wireless Hotspot Q&A |
|
|
I want to offer free wireless access to several different locations and was wondering how to do this with FirstSpot?
Q: How does the access point know to look towards the server for authentication?
Q: I would like to just have and agreement page instead of a username password to login?
Q: Can I have multiple people sign on with the same username at one location? _________________ Thanks for the help.. |
|
Back to top |
|
|
Blide
Joined: 24 Feb 2004 Posts: 14 Location: Texas
|
Posted: Tue Feb 24, 2004 5:15 pm Post subject: |
|
|
Q: Is this the correct configuration to use the software from a remote site?
(client) -> (Access Point)->(VPN/Firewall/Router- End Point)->(VPN-Cental Point)-> (First Spot Server) _________________ Thanks for the help.. |
|
Back to top |
|
|
kevin Forum facilitator
Joined: 26 Sep 2003 Posts: 442
|
Posted: Wed Feb 25, 2004 2:25 am Post subject: |
|
|
Q: How does the access point know to look towards the server for authentication?
>> connect your access point(s) to the same network segment as the PRIVATE (or visitor-network) interface of FirstSpot. And have your clients' default gateway pointing to FirstSpot private nic will do (this is handled automatically if you use FirstSpot's built-in DHCP server)
Q: I would like to just have and agreement page instead of a username password to login?
>> Turn on "anonymous mode" support in FirstSpot, under Authentication tab in the Configuration Manager. Users will be presented with an acknowledgement page (customizable) and required to click on a button to go to the Internet.
Q: Can I have multiple people sign on with the same username at one location?
>> No, multiple logon for the same username is not supported.
~ Patronsoft Limited ~ |
|
Back to top |
|
|
kevin Forum facilitator
Joined: 26 Sep 2003 Posts: 442
|
Posted: Wed Feb 25, 2004 2:28 am Post subject: |
|
|
Q: Is this the correct configuration to use the software from a remote site?
(client) -> (Access Point)->(VPN/Firewall/Router- End Point)->(VPN-Cental Point)-> (First Spot Server)
>> You mean having FirstSpot located at a different site than your hotspot premises?
Having a VPN tunnel between the 2 sites is ok in this case. You need to turn on "ip-based session handling", which is a feature in Advanced Edition.
~ Patronsoft Limited ~ |
|
Back to top |
|
|
Blide
Joined: 24 Feb 2004 Posts: 14 Location: Texas
|
Posted: Wed Feb 25, 2004 3:35 pm Post subject: |
|
|
Q:Does First Spot support web site redirection after the the client login? _________________ Thanks for the help.. |
|
Back to top |
|
|
kevin Forum facilitator
Joined: 26 Sep 2003 Posts: 442
|
Posted: Wed Feb 25, 2004 3:49 pm Post subject: |
|
|
1) FirstSpot will redirect a user to the original URL he/she typed before seeing the login page.
2) Or you can make it to route to your pre-defined web page after login; by changing the "ok_url" value in the login_form.php file (under the FirstSpot\Authserv directory). Its default value is "redirect.php"; which makes case 1) possible.
~ Patronsoft Limited ~ |
|
Back to top |
|
|
Blide
Joined: 24 Feb 2004 Posts: 14 Location: Texas
|
Posted: Wed Feb 25, 2004 7:25 pm Post subject: |
|
|
Karl,
Thanks for all of your help!
Just a couple of more questions though...
Q: I have setup a test bed and have a Windows 2000 server running firstspot and everything looks great, but I can't seem to access corp sites through vpn clients. Does FirstSpot support VPN Passthrough? _________________ Thanks for the help.. |
|
Back to top |
|
|
Blide
Joined: 24 Feb 2004 Posts: 14 Location: Texas
|
Posted: Wed Feb 25, 2004 8:14 pm Post subject: |
|
|
FYI...
I tried the setup a couple of different ways -
1. PC -> Firstspot (w/DHCP) -> WAN
2. PC -> router (w/DHCP) -> Firstspot -> WAN _________________ Thanks for the help.. |
|
Back to top |
|
|
kevin Forum facilitator
Joined: 26 Sep 2003 Posts: 442
|
Posted: Thu Feb 26, 2004 2:30 am Post subject: |
|
|
Hello Blide,
For VPN passthrough, the usual steps would be:-
1) with the vpn client disabled, open a web browser to type a (whatever) URL, authenticate with FirstSpot
2) activate your vpn client, FirstSpot should then allow such traffic to pass through
3) access your remote VPN resources
Also, your scenario 1):
PC -> Firstspot (w/DHCP) -> WAN
should work fine. As FirstSpot is a router itself. You usually do not need to place a router in front of FirstSpot unless you want to maintain multiple network segments in the visitor-side (or what we call PRIVATE) network.
~ Patronsoft Limited ~ |
|
Back to top |
|
|
Blide
Joined: 24 Feb 2004 Posts: 14 Location: Texas
|
Posted: Thu Feb 26, 2004 4:28 am Post subject: |
|
|
I have tested again and no go.... The vpn I'm using is from Sonicwall (Global VPN Client) and when the tunnel activates (the tunnel does connect to the firewall)it tires to get a DHCP address from the firewall. For some reason it won't allow the DHCP request to pass through the FirstSpot box. I tested the VPN client on the same WAN connection without the FirstSpot box and it works fine. I have another firewall that uses a different vpn client (Symantec - Raptor) and I will test it tomorrow. (Does any kind of forwarding need to be activated in Windows?)
I appreciate the help and if this keeps up you guys are make me spend a thousand bucks :)
Thanks for your time.... _________________ Thanks for the help.. |
|
Back to top |
|
|
kevin Forum facilitator
Joined: 26 Sep 2003 Posts: 442
|
Posted: Thu Feb 26, 2004 8:53 am Post subject: |
|
|
Is your VPN client/server using tunnel mode or transparent mode?
FirstSpot should work well with tunnel mode.
~ Patronsoft Limited ~ |
|
Back to top |
|
|
Blide
Joined: 24 Feb 2004 Posts: 14 Location: Texas
|
Posted: Thu Feb 26, 2004 8:17 pm Post subject: |
|
|
I tried the Symantec Client today and it uses tunneling and I'm still unable to pass traffic. I was able to connect the tunnels but the firstspot doesn't pass the traffic. I did a tracert when the tunnel is disconnected and everything works fine but when the tunnel is active a tracert comes back with nothing but timeouts. How does the PC pass traffic back and forth? NAT? Has Patron Soft tested VPN passthrough?
Bill _________________ Thanks for the help.. |
|
Back to top |
|
|
Blide
Joined: 24 Feb 2004 Posts: 14 Location: Texas
|
Posted: Thu Feb 26, 2004 8:38 pm Post subject: |
|
|
Im running FirstSpot on a Windows 2000 Advanced server platform - (with no other programs installed) is this compatiable? _________________ Thanks for the help.. |
|
Back to top |
|
|
Blide
Joined: 24 Feb 2004 Posts: 14 Location: Texas
|
Posted: Fri Feb 27, 2004 9:28 pm Post subject: |
|
|
Here is IPCONFIG and Route Print before vpn:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\xm42028a>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : DELL344
Primary Dns Suffix . . . . . . . : memcsw.memc.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : memcsw.memc.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : firstspot.com
Description . . . . . . . . . . . : Broadcom 570x Gigabit Integrated Con
troller
Physical Address. . . . . . . . . : 00-0D-56-6D-66-F7
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.20.7.45
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.20.7.1
DHCP Server . . . . . . . . . . . : 10.20.7.1
DNS Servers . . . . . . . . . . . : 10.20.7.1
Lease Obtained. . . . . . . . . . : Friday, February 27, 2004 3:24:52 PM
Lease Expires . . . . . . . . . . : Sunday, February 29, 2004 3:24:52 PM
Ethernet adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/Wireless LAN 2100 3A Mi
ni PCI Adapter
Physical Address. . . . . . . . . : 00-04-23-99-FE-CE
C:\Documents and Settings\xm42028a>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 56 6d 66 f7 ...... Broadcom 570x Gigabit Integrated Controller - Pa
cket Scheduler Miniport
0x10004 ...00 04 23 99 fe ce ...... Intel(R) PRO/Wireless LAN 2100 3A Mini PCI A
dapter - Packet Scheduler Miniport
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.20.7.1 10.20.7.45 20
10.20.7.0 255.255.255.0 10.20.7.45 10.20.7.45 20
10.20.7.45 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.20.7.45 10.20.7.45 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.20.7.45 10.20.7.45 20
255.255.255.255 255.255.255.255 10.20.7.45 10.20.7.45 1
255.255.255.255 255.255.255.255 10.20.7.45 10004 1
Default Gateway: 10.20.7.1
===========================================================================
Persistent Routes:
None
C:\Documents and Settings\xm42028a>ping 167.170.98.10
Pinging 167.170.98.10 with 32 bytes of data:
Reply from 167.170.98.10: bytes=32 time=38ms TTL=118
Reply from 167.170.98.10: bytes=32 time=53ms TTL=118
Reply from 167.170.98.10: bytes=32 time=62ms TTL=118
Reply from 167.170.98.10: bytes=32 time=57ms TTL=118
Ping statistics for 167.170.98.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 38ms, Maximum = 62ms, Average = 52ms _________________ Thanks for the help.. |
|
Back to top |
|
|
Blide
Joined: 24 Feb 2004 Posts: 14 Location: Texas
|
Posted: Fri Feb 27, 2004 9:32 pm Post subject: |
|
|
and here is IPCONFIG and ROUTE PRINT after VPN is enabled:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\xm42028a>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : DELL344
Primary Dns Suffix . . . . . . . : memcsw.memc.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : memcsw.memc.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : firstspot.com
Description . . . . . . . . . . . : Broadcom 570x Gigabit Integrated Con
troller
Physical Address. . . . . . . . . : 00-0D-56-6D-66-F7
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.20.7.45
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.20.7.1
DHCP Server . . . . . . . . . . . : 10.20.7.1
DNS Servers . . . . . . . . . . . : 167.170.97.10
167.170.240.25
Primary WINS Server . . . . . . . : 167.170.243.220
Secondary WINS Server . . . . . . : 167.170.244.200
Lease Obtained. . . . . . . . . . : Friday, February 27, 2004 3:24:52 PM
Lease Expires . . . . . . . . . . : Sunday, February 29, 2004 3:24:52 PM
Ethernet adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/Wireless LAN 2100 3A Mi
ni PCI Adapter
Physical Address. . . . . . . . . : 00-04-23-99-FE-CE
C:\Documents and Settings\xm42028a>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 56 6d 66 f7 ...... Broadcom 570x Gigabit Integrated Controller - Pa
cket Scheduler Miniport
0x10004 ...00 04 23 99 fe ce ...... Intel(R) PRO/Wireless LAN 2100 3A Mini PCI A
dapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.20.7.1 10.20.7.45 20
10.20.7.0 255.255.255.0 10.20.7.45 10.20.7.45 20
10.20.7.45 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.20.7.45 10.20.7.45 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
167.170.0.0 255.255.0.0 10.20.7.1 10.20.7.45 1
167.170.60.0 255.255.255.0 10.20.7.1 10.20.7.45 1
167.170.103.0 255.255.255.0 10.20.7.1 10.20.7.45 1
224.0.0.0 240.0.0.0 10.20.7.45 10.20.7.45 20
255.255.255.255 255.255.255.255 10.20.7.45 10.20.7.45 1
255.255.255.255 255.255.255.255 10.20.7.45 10004 1
Default Gateway: 10.20.7.1
===========================================================================
Persistent Routes:
None
C:\Documents and Settings\xm42028a>ping 167.170.98.10
Pinging 167.170.98.10 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 167.170.98.10:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), _________________ Thanks for the help.. |
|
Back to top |
|
|
|