Hi Team ,
We want to implement Captive Portal solution on an Android SetTopBox based on AMLOGIC's S902x2 running android 9 AOSP.
The requirement is as follows :
Our customer is planning to deploy STB at major hotels, customer checking in should be able to connect to STB's hotspot, authenticate himself through a captive portal page and enjoy internet .
The hotel will use its existing radius server infrastructure to authenticate and manage client devices.
We can assume that STB is tethered via ethernet in the hotel room and a hotspot is already up and running , clients are able to connect to this . Only challenge remaining is implementation of captive portal .
What kind of solutions/frameworks can we use at the client side to communicate to hotel radius server ??
We have explored coovachilli but it doesn't have an android port and doesn't seem to be actively managed . We are not aware of challenges in porting coovachilli on android client, but doesn't seem straight forward, please suggest
Can we use other frameworks such as openwrt instead of coovachilli ?? Do we need support from wifi chipset for this ?
because openwrt/linux kernel probably doesn't have the support required to run the STB hardware.
why would you run coovachilli on the client in the 1st place.
We want a captive portal and a metered connection . Clients will see captive portal page on first time connect and again when he consumes all bandwidth allotted to him . We somehow zeroed in on coovachilli as it provides communication with hotel Radius server , captive portal and a metered connection . Is there any way to achieve this on Android without coovachilli ?? if so, please suggest the alternate ,
Yeah, so al wireless devices (tablet, phone,laptop etc) are connected to a hotspot (SoftAP) enabled by the STB at bootup . By default, STB is powered on and on boot, it throws a hotspot and so some kind of captive portal server needs to be run on STB .
ok, but again, why does the portal have to be on the STB, in the 1st place ?
based on your scenario, the captive portal would have to be installed on all STBs,
instead of one central point, which all traffic goes through, like a router.
unless you meter internal, non-internet traffic, too ?
OK understood, thanks, Captive portal is only needed to be centralized , may be it should be located at radius server ?? Please advise
I think following steps should be ok ??
Laptop1 connects to STB1 hotspot very first time , should be redirected to captive portal
Radius server cache's Laptop1 credentials, fix a timeout, say 30 mins
IP address is obtained after successful first time connection , Laptop1 can enjoy internet
After 30 mins, somehow de-authenticate Laptop1, Laptop1 will loose IP address, show captive portal again
I need to understand how from Android, we can redirect to captive portal and authenticate the clients, what kind of software should be deployed, do you have some inputs on this ??
I'm not familiar with the details of radius, but I'd rather centralize the whole internet access thing on the router/firewall, and only call radius for the authentication.
You need 3) (the IP) to be able to do 1)
2) is probably done by the router/fw, radius is only called for access verification
The traffic gets cut off at/by the router/fw, if the client have a LAN IP address or not,
even after internet is cut off, isn't usually of importance.
And the captive portal could provide additional services, not requiring internet access.
Like hotels room service menu, TV channel list, opening hours for pool, SPA treatment booking page, etc..
You don't need anything on any client device (including Android), authentication is done via browser/popup on the client, the STB is just a transport. As soon as a client obtains an IP,
it'll try to connect to internet, when it fails, and it discovers the captive portal, it'll tell the user
to authenticate.
Understood, thanks, do you know if coovachilli can be supported on AOSP ?? what does it take to run this ??. do we need any support from android kernel or if anything is there off the shelf ??
Just read the code of coova-chilli. Then you will recognize, how tightly it is integrated into close-to-kernel functionality. I.e. iptables functionalities. And you will be able to deicde yourself, whether you can use it on Android. BTW, radius is NOT only used for authentication in coova-chilli, but for rate limiting, connection-time management, download/upload limits etc. Anyway, all of this is not openwrt specific, so you might better check on Andoid forums etc. Being intensive coova user, I am not aware of any port to Android, though.
Take a look to this OpenWrt 22.03-rc6 "Build" for TV-boxes (rk322x) - #16 by Wyk72
And of course ARMBian.
Of course is a good idea if you use the STB only for captive portal, i.e: two stb, one as wifi controller, and one as STB to play videos and so on.
But if you want to use the STB as STB with Android, it must be a real hard thing and hard to implement, I thing it's not worth the endeavor. It's better one device for captive portal, and another one as STB.