Captive portal solution on Android set-top box

Hi Team ,
We want to implement Captive Portal solution on an Android SetTopBox based on AMLOGIC's S902x2 running android 9 AOSP.
The requirement is as follows :

Our customer is planning to deploy STB at major hotels, customer checking in should be able to connect to STB's hotspot, authenticate himself through a captive portal page and enjoy internet .

The hotel will use its existing radius server infrastructure to authenticate and manage client devices.
We can assume that STB is tethered via ethernet in the hotel room and a hotspot is already up and running , clients are able to connect to this . Only challenge remaining is implementation of captive portal .

What kind of solutions/frameworks can we use at the client side to communicate to hotel radius server ??

We have explored coovachilli but it doesn't have an android port and doesn't seem to be actively managed . We are not aware of challenges in porting coovachilli on android client, but doesn't seem straight forward, please suggest

Can we use other frameworks such as openwrt instead of coovachilli ?? Do we need support from wifi chipset for this ?

is the plan to run openwrt on the STB ?
it's probably a bad idea ....

ok thanks , why do you feel so ?? Also, can i use coovachilli on STB ?? if not , any other alternatives ?

because openwrt/linux kernel probably doesn't have the support required to run the STB hardware.
why would you run coovachilli on the client in the 1st place.

We want a captive portal and a metered connection . Clients will see captive portal page on first time connect and again when he consumes all bandwidth allotted to him . We somehow zeroed in on coovachilli as it provides communication with hotel Radius server , captive portal and a metered connection . Is there any way to achieve this on Android without coovachilli ?? if so, please suggest the alternate ,

that's fine, but if the surf is done using wireless devices (tablet, phone, laptop, etc),
how does the STB come into the picture ?

"all" devices/OSes will show the captive portal screen if they connect to a network, if there's one set up.

the actual captive portal isn't the issue here, imho, and it's not a piece of software that needs to be installed on the client.

Yeah, so al wireless devices (tablet, phone,laptop etc) are connected to a hotspot (SoftAP) enabled by the STB at bootup . By default, STB is powered on and on boot, it throws a hotspot and so some kind of captive portal server needs to be run on STB .

ok, but again, why does the portal have to be on the STB, in the 1st place ?

based on your scenario, the captive portal would have to be installed on all STBs,
instead of one central point, which all traffic goes through, like a router.

unless you meter internal, non-internet traffic, too ?

OK understood, thanks, Captive portal is only needed to be centralized , may be it should be located at radius server ?? Please advise

I think following steps should be ok ??

  1. Laptop1 connects to STB1 hotspot very first time , should be redirected to captive portal
  2. Radius server cache's Laptop1 credentials, fix a timeout, say 30 mins
  3. IP address is obtained after successful first time connection , Laptop1 can enjoy internet
  4. After 30 mins, somehow de-authenticate Laptop1, Laptop1 will loose IP address, show captive portal again

I need to understand how from Android, we can redirect to captive portal and authenticate the clients, what kind of software should be deployed, do you have some inputs on this ??

I'm not familiar with the details of radius, but I'd rather centralize the whole internet access thing on the router/firewall, and only call radius for the authentication.

You need 3) (the IP) to be able to do 1)
2) is probably done by the router/fw, radius is only called for access verification

The traffic gets cut off at/by the router/fw, if the client have a LAN IP address or not,
even after internet is cut off, isn't usually of importance.

And the captive portal could provide additional services, not requiring internet access.
Like hotels room service menu, TV channel list, opening hours for pool, SPA treatment booking page, etc..

You don't need anything on any client device (including Android), authentication is done via browser/popup on the client, the STB is just a transport. As soon as a client obtains an IP,
it'll try to connect to internet, when it fails, and it discovers the captive portal, it'll tell the user
to authenticate.

1 Like

OpenWrt isn't a captive portal framework, it's a full device firmware project. It is NOT the same category as coovachilli. It is a router OS.

You can install captive portal applications on OpenWrt https://openwrt.org/docs/guide-user/services/captive-portal/start

But this is probably not what you want, I think you don't want to replace the Android 9 AOSP firmware of your device.

Understood, thanks, do you know if coovachilli can be supported on AOSP ?? what does it take to run this ??. do we need any support from android kernel or if anything is there off the shelf ??

are you actually reading the answers you're getting ?

hmm , I think there is a confusion , that reply was actually to user [bobafetthotmail] ...

you're missing the point ....

this is an openwrt forum, for openwrt related questions.
if you have questions regarding CoovaChilli on openwrt, feel free to ask them here.

if you have questions regarding CoovaChilli ask them at Coova.
if you have questions about AOSP, ask them at AOSP.

1 Like

Just read the code of coova-chilli. Then you will recognize, how tightly it is integrated into close-to-kernel functionality. I.e. iptables functionalities. And you will be able to deicde yourself, whether you can use it on Android. BTW, radius is NOT only used for authentication in coova-chilli, but for rate limiting, connection-time management, download/upload limits etc. Anyway, all of this is not openwrt specific, so you might better check on Andoid forums etc. Being intensive coova user, I am not aware of any port to Android, though.