--- Version 6
+++ Version 7
@@ -1,16 +1,89 @@
-### Index ###
-! Ready for Beta users.
-!! If you have a WRT and want to run it as a hotspot
-!! and know a little about iptables ( or want to )
-!! then install the package and give it a try
-!! leave any questions or feedback at the bottom of this page
-! Hotspot
This is a package for Melbourne Wireless Nodes to implement a simple '''light-weight''' captive portal. The majority of existing captive portal applications are more comercially oriented and often require the setup of a radius server.
Latest released version is v0.8.1. Released 14/08/2006.
+### Index ###
+
+! Typical Setup
+
+ -----------
+ | DHCP |
+ | Client |
+ | (Laptop)|
+ | |
+ -----------
+ |
+ |-WiFi - 'melbournewireless.org.au' Adhoc SSID (Behind NAT)
+ |-10.10.x.x
+ |
+ ------------
+ | Melb |
+ | Wireless |
+ | Node |
+ | running |
+ | MWHotspot|
+ ------------
+ |
+ |-Node Owner's wired LAN (Behind NAT)
+ |-192.168.x.x
+ |
+ ------------
+ | Node |
+ | Owner's |
+ | Internet |
+ | NAT |
+ | Router |
+ ------------
+ |
+ |-Broadband ISP connection
+ |-To Node Owner's Premesis
+ |
+ \/\/\/\/\/\/
+ / \
+ \ Internet /
+ / \
+ \ /
+ /\/\/\/\/\/\
+ |
+ |-Authentication between Hotspot node and wireless.org.au server
+ |
+ -----------
+ | WoA |
+ | Server |
+ | running |
+ | MW User |
+ | Database|
+ -----------
+
+! Dan's Suggested Development Roadmap
+!! After version 0.8.1...
+!!! Solve double-NAT issue
+* Most Hotspot routers will not be directly connectedto the Internet - they will be on a LAN behind a NAT router. To complete authentication, the WoA server must communicate with the Hotspot router. If the Hotspot router is behind NAT, the WoA server can't reach it. The Node Owner must set up port-forwarding on their Internet Router to allow the the WoA server access. This requirement is undesirable as it detracts from the "plug-and-playability" of the Hotspot router. To make a MW Node as easy as possible to install, it is important be able to "drop-in" the Hotspot onto any Internet-connected LAN without any configuration. We could do this two ways:
+** Implement an unencrypted IP tunnel between Hotspot node and WoA Server. CIPE or OpenVPN seem good options but the Linux kernels on the node and WoA server will need support compiled in.
+** Set up the Hotspot so it initiates all connections with the WoA server - after the username and password have been sent by the DHCP Client, the Hotspot contacts the WoA server with the Client's MAC address and asks if it has been authenticated.
+
+!!! Simple Config option
+* When used with the Melbourne Wireless Firmware - at the download stage and also inside the firmware itself, there should be a simple Yes/No question: "Do you want to share your Internet Access with Melbourne Wireless members?".
+** If YES:
+*** OLSR Dynamic Gateway plugin is activated
+*** If Internet is really available:
+**** Hotspot prompts DHCP clients with username/password
+*** If Internet not actually available:
+**** Hotspot displays Internet Not Available page
+** If NO:
+*** OLSR Dynamic Gateway plugin is deactivated
+*** Hotspot displays Internet Not Available page
+*** Node owner can still manually add entries to the Access Control List to allow specified DHCP Clients access to the Internet
+* Obviously we would need to include one or two pre-packaged configurations and answering Yes or No activates the appropriate config
+* At all times (if Internet is available or not), a Guest Access option should be available - this allows a DHCP client to browse the Melbourne Wireless network. The Hotspot should only enforce this upon local DHCP clients. Routed traffic from other nodes with a 10.10.x.x destination should be allowed to pass without any splash page being displayed to them - this stops people being multi-splashed on multihop paths.
+
+! Ready for Beta users.
+If you have a WRT and want to run it as a hotspot and know a little about iptables ( or want to ) then install the package and give it a try leave any questions or feedback at the bottom of this page
+
+! Hotspot
+
This implementation is based on a few simple concepts:
-* Use of MW website sign-on to authenticate users, so you doo need to have a route to the Intenet.
+* Use of MW website sign-on to authenticate users, so you do need to have a route to the Intenet.
* Interception of incoming http requests from connected but not-signed-on users
* Modification of web server to return a 301 (redirect) instead of a 404 (Not Found) messages to "capture" a user trying to access a web page that they cannot get to because of the Node firewall.
[