* steve ulrich <sulrich at botwerks.org> [040920 00:19]:
> cd based router w/hostap or something similar off of a laptop or 
> appropriately equipped pc and use a web based gui to configure all of 
> the interesting elements (available b/w, pointer to captive portal 
> content, AUP, etc.).  support would be provided by the TCWUG group.

A soekris net4511, cardbus prism 2.5 card, 128mb cf (you can't buy em
smaller!  they are $30 or less as is!) and m0n0wall is already fairly
close.  You could easily modify m0n0wall to do more, too.  I've not used
the captive portal features, but the rest of it seems pretty solid.
Even has altq support!  My guess is that the easiest way to us it is
just radius back to a central server (over ipsec tunnel if necessary).
It also does radius accounting so we can catch account sharing abuse.
(ie: if we see it more than two times, start wondering -- especially if
its in tons of locations, we need individuals to sign up minimally so we
know who was on if there are abuse issues)

I would recommend having the locations check the ID of the user and
enter their first/last/middle initial and if we dont have that user
blocked create an account on the spot and let them get a password.

I think a unified AUP would also be needed across locations.

 the website is:

I'm not sure exactly how the captive firewall works, but its all in php
-- so its fairly easy to modify and do what would be needed.  It looks
like minimally you can upload a login page to the device with custom
content. Couple this with an images server someplace and some links to
'free' information on that server too about how to join and stuff it
could be very useful.

We could run the auth server and require people to verify who they are
in some way so that if we have an abuser we can kick them out for
(hopefully) good.

I think this could all be had for about :

Soekris: $201 (4511, case, 1.25A power supply)
Fleeman anderson & bird: Two 5.5 dBi R-TNC antennas, two MMCX->RP-TNC
pigtails : $68.90+ shipping
Newegg: SMC2532W-B, 128mb compact flash, $80.50 + shipping (knowing
newegg nearly free)

So, about $350 (plus shipping) for the hardware to have a turn-key
system -- I think we could easily find volunteers (including myself) to
put together the boxes.

The 4511 has 2 ethernet ports, so more ap's or a wired segment could be
strung off of it as well.  Or, the $125.40 for the wireless portion (the
SMC card and the antennas are argubaly miles ahead of a cheapo access
point however) could be dropped if they are already on-site access
points -- bringing it to $224.60.

Plus, with the 4511 it will work for a damn long time and not require
anything horribly special in the way of cooling, power, or space. (ie:
not outside, but not needing cooling or fans!)

If you know of anyone offhand looking to pilot this and can front the
$350 we could get the ball rolling quickly.  I'm pretty sure one of us
(including myself) could get a radius server for the project setup

