User Tools

Site Tools


cap_port

Captive portal.

A “Captive Portal” module is located in “Users and statistics” menu. This module is provide an ability of users authorization in ICS CUBE for access to Internet.

Moreover it is unite the settings and functionality of two servers: SMS-authorization server and web-authorization server.

Firewall is intercepted and redirected to Captive Portal module all TCP requests to ports 80 and 443 from the all unknown users. There is an authorization window is displayed in browser for non-authorized user.

Important to note that not any browsers allow to display Captive Portal authorization window in automatic mode. In this case User should go to: <IP_ICS>:81/portal/.

There are five tab in this module: “Captive Portal”, “Settings”, “Active session”, “Banned phone numbers” and “Log”.

Note 1. For convenience, instead of calling <IP_ICS>: 81 / portal / on ICS CUBE, it is possible to create a virtual host with redirection. Thus, the User will access the locally created domain name, but fall on <IP_ICS>: 81 / portal /.

Note 2. Redirect to Captive Portal from DMZ networks will not work.

On the “Captive Portal” tab is displayed: status of the server authorization (running/ disabled / not configured), “Disable” button and event log for the current date.

Settings.

There is an ability to choose a Captive Portal working mode in “Settings” tab: 1) only as a web-authorization server (“Login / password authorization” checkbox); 2) only as a SMS-authorization server (“SMS authorization” checkbox); 3) collaboration as two servers.

For correct redirection to the authorization page, when the User accesses https-resources, it is necessary to set the corresponding final certificate in the “Certificate” field, as well as use a transparent proxy.

Each authorized User in the Captive Portal is saved as a session based on the MAC-address of the User. Authentication by MAC-address is used instead of authentication by IP-address, in order to avoid cases with the substitution of the IP-address or cases when the IP-address of an unexpired session is issued to another User via DHCP.

Each session has a lifetime, after which the User automatically logs out. The Captive Portal also checks the ARP cache of the operating system every 1 minute. If the MAC-address of the authorized User is not in the cache, then the Captive Portal considers that the User is inactive and automatically log him out. If an another IP-address was assigned to the MAC-address, the Captive Portal service updates the session IP-address, and the session does not close.

Login / password authorization.

If the “Login / password authorization” flag is set, then this means that the web-authorization server is enabled and running in the “Captive Portal” module. When the User first contactes any resource, he will be asked to enter the username and password assigned to his account in the ICS CUBE.

SMS authorization.

If the “SMS authorization” flag is set, then Users will be authorized via SMS.

The “Assign addresses to the specified user” field is mandatory and requires the selection of one of the Users created in the ICS CUBE.

For each new session of this User dynamic IP-addresses will be issued.

The “SMS code expiration time” field allows you to set the validity time of the code in seconds from 60 to 999999. If the code has expired and the code has not been entered, the User must again request the code by clicking the corresponding button in the web-authorization form. By default, this field is set to 180 seconds.

The “Interval between retrying sending SMS” field allows you to set the time for blocking the “Send SMS again” button (see below) for the User during SMS authorization. The value specified in this field should not exceed the duration of the code sent by SMS.

The “Maximum number of SMS retry attempts for a single number” field allows you to specify the number of attempts to resend SMS messages that the User can make for one phone number. At the same time, the time between attempts will be calculated by the formula: attempt number * “Interval between retrying sending SMS”.

If the User has exhausted the specified number of attempts to send SMS messages, then he will be able to change the phone number for sending SMS. When changing the phone number, the number of attempts will be reset.

The “SMS Text” field - contains the text of the message sent to the User during authorization. This message must contain a template - {code}. Instead of this template, the SMS server will insert a four-digit number.

The “SMPP Settings” block. SMPP (Short Message Peer-to-Peer) is the protocol used by ICS CUBE for sending SMS messages, which is the universal and most widely used protocol for sending SMS messages between SMSC (Short Message Service Centers) and SMS application systems.

Most services that provide the ability to send SMS messages support the SMPP protocol when transmitting short messages. To configure the connection, you must fill in the required fields: “Server SMPP”, “Port”, “Login / system_id” and “Password”.

The values ​​of the additional connection parameters “source-addr-ton”, “source-addr-npi”, “dest-addr-ton”, “dest-addr-npi” should be in the documentation for the connected SMPP server. In most cases, they are:

source-addr-ton5source-addr-npi1
dest-addr-ton1dest-addr-npi1

To check the correctness of the entered settings, it is possible to use the test send function. To do this, click “Send test SMS” button. A new dialog window will open in which you need to enter the phone number and message text.

The “Phone number” field is mandatory, the entered numbers must have the following format - <country code or exit to the zone / long-distance numbering> <ten-digit phone number in the operator network>.

All entered numbers must contain only numbers (at least eleven), without brackets and hyphens (for example, +79991112233 or 85554447799).

The “SMS Text” field is optional and allows you to enter and send any text. If the message was sent successfully, the corresponding message will be displayed, otherwise a sending error with its code will be displayed.

Important: Sending a test SMS message will be made using the saved settings and with the “Captive Portal” service turned on.

In case of users SMS authorization in the browser will be open a window which displayed: installed logo; a field where you need to enter phone number, in the format indicated above; and the “Get access code” button. When entering the number in the specified format and clicking on the button “Get access code”, SMS message with code will be sent to user. The received code must be entered in the field “Enter code from SMS”.

After entering the correct code a dynamic IP will be assigned for User, the User will be authorized in ICS CUBE and got access to the Internet. If the User was unable to enter the code in the allotted time, then he can request the code again by clicking on the “Send SMS again” button or change the phone number by clicking on the “Change number” button.

On this tab it is possible to change the welcome logo for SMS authorization and authorization by login / password. To do this, click “Change logo” button. A new dialog window will open and displayed: the current logo (by default, this is the ICS CUBE logo); button “Upload .png”, to download a new logo in png format (the recommended size of the downloaded logo is 316 * 118 pixels); the button “Set defaults” allows you to return the ICS CUBE logo; a “Close” button is closes the current dialog window.

Active sessions.

The “Active sessions” tab displays the current sessions of Users authorized through the Captive Portal with the dynamic IP-addresses assigned to them in ICS CUBE.

Banned phone numbers.

The “Banned phone numbers” tab displays the phone numbers which have exhausted all attempts to enter the code. The ban for these numbers is set for the lifetime of the session. The ban can be forcibly removed by the ICS CUBE User, who has administrative rights.

Log.

The “Log” tab displays a summary of all system messages of the corresponding servers with the date and time. The log is divided into pages, using the “forward” and “back” buttons it is possible to go from page to page, or enter the number of the desired page.

Log entries are highlighted in color depending on the type of message. Normal system messages are marked in white, system status messages (on / off, user connection) are green, warnings are yellow, errors are red.

In the upper right corner of the log is a search bar. And the ability to select the period for displaying the event log. By default, the log displays events for the current date. If necessary, you can save the log data to a file by clicking the “Export” button or delete the log data for a certain period by clicking the “Delete logs” button.

cap_port.txt · Last modified: 2020/03/17 16:14 by zog