WiFi Hotspot & Captive Portal
OpenWISP is widely used as an open source software solution for WiFi Hotspot Management in Public Wi-Fi settings.
In this tutorial, we’ll explain some technical details of the most common WiFi Hotspot deployments and how to test the most important functionalities of this use case on the OpenWISP Demo System.
Firmware Requirements for Hotspot Authentication
The OpenWrt firmware image provided for the OpenWISP Demo System includes a captive portal package called Coova-Chilli, which supports the RADIUS protocol, a standard protocol used for AAA (Accounting, Authorization and Authentication). This means it’s a way of authenticating, authorizing, and rate-limiting network usage supported by a lot of networking hardware and software.
Enable Captive Portal Template
If you flashed the OpenWrt based firmware and registered your device as explained in the OpenWISP Demo Page, proceed to assign the captive portal template to your device:
Go to the device list.
Open the device details.
Click on the configuration tab.
Select the “Captive Portal Demo” template.
Make sure the OpenVPN management tunnel is working or otherwise the captive portal software will not be able to talk to the demo FreeRADIUS server instance.
Shortly after the configuration is applied successfully, the Public WiFi SSID will be broadcasted by the access point.
Accessing the Public WiFI Hotspot
Connect your laptop or phone to the SSID “OpenWISP Public WiFi Demo”. If everything is working correctly, your operating system should open a browser window showing the captive page as shown in the screenshot above.
At this point, try to sign in using the same credentials
you used to access the demo system (
Trying to surf the internet without authenticating will not work.
Once you’ve logged in, you’ll see a status page as shown in the following screenshot:
This page communicates that the user can now use the internet provided by the hotspot, it also provides the following features:
It shows a list of the user’s sessions, including the start time, stop time, duration, traffic consumed (download and upload), and the MAC address of the device that accessed the WiFi service.
It allows to change the account password and phone number (if SMS verification is enabled, which is not the case for the demo system).
It allows to close the session and log out (more on why this is useful below).
On some mobile operating systems, the mini-browser automatically closes when switching windows (e.g., opening the real browser to surf the internet), which can be problematic if the user needs to use one of the features of the status page listed above.
To alleviate this issue, OpenWISP will send an email to the user with a magic link with temporal validity that allows to access the status page of WiFi Login Pages without entering the credentials again, as shown in the image above.
For more technical information and implementation details about the magic link feature, consult the openwisp-users documentation (which briefly provides more information about the underlying open source library used to implement this feature).
If you’re using the demo account, the email will be sent to the email address of the demo account. Therefore, if you want to try this feature, you’ll have to sign up for your own account or use the social login feature (scroll below to find out more information).
Most WiFi hotspot services have limitations in place that do not allow users to browse indefinitely.
Some services only allow surfing for a limited amount of time per day, while others limit the amount of data you can consume. Some services use a combination of both methods (when either the daily time or data limit is reached, the session is closed).
Therefore, users who plan to use the service again later on the same day, should log out to avoid consuming their daily time and/or data.
The default session limits in the OpenWISP RADIUS configuration are 300 MB of daily traffic or 3 hours of daily surfing.
To find out more technical information about this topic please read: OpenWISP RADIUS - Enforcing session limits.
Automatic Captive Portal Login
The WiFi Login Pages application allows those users who have logged in previously and who use a browser which supports cookies (not all mini-browsers that are used for captive portal logins do), to automatically log in without entering their credentials again.
The video below demonstrates this feature:
To sign up for the WiFi hotspot demo, select the free plan and enter dummy data (this data is deleted every day). However, it is recommended that you enter a real email address so that you can test features that require receiving emails, such as email confirmation, password reset, and the “WiFi session started” notification.
The sign up process uses the OpenWISP RADIUS REST API under the hood.
Paid WiFi Hotspot Subscription Plans
Testing the WiFi hotspot paid subscription plans is easy, the demo system is configured to use the Paypal Sandbox, a test version of Paypal with unlimited fake money, which allows to test the feature at any time without incurring any costs.
Follow these steps to try the paid WiFi subscription feature:
Sign up for one of the non-free plans.
Enter your real email address and dummy personal information.
Click “Proceed with the payment.”
Enter the following paypal credentials:
tester123and click on “start session”.
Choose to pay with Paypal balance and click “Continue to Review Order.”
After following the steps above you will be logged in to the WiFi service and redirected to the status page, from then on you can surf the web.
You should also receive a test invoice via email as in the screenshots below.