Components of the Opengate System

Client Machine

User terminal.

Gateway Machine

Controls network usage. A CGI program (main component of Opengate) opengatesrv.cgi authenticates user and controls the IPFW firewall. Web server to control the CGI programs is needed.

Authentication Server

Hold user information and reply to the authentication request.

Log Server

Receive date, time, userid, and ip-address for usage via syslog.

Requirements for Client Machine

Necessity

Web browser can run on the client. Ajax is desired.

Condition to open network

Provide correct userID and password to the authentication page.
Provide HTTP Cookie sent at authentication.

Condition to close network

When Ajax is enabled and the usage duration is not entered:
- Close Web browser or OS
- Fail periodic live check
Other cases
- A fixed time length passes.
- No packet passed from/to the client for a long time
- ARP command returns a different MAC address
- The user clicks the termination link in accept response page.

Applied network

TCP/IP communication, Wired/wireless LAN.
No address translation (NAT) between gateway and client.

Applied machines

Mobile PC/desktop PC, Service terminal installed by the organization/Notebook PC carried in by users.

Requirements for Gateway Machine

OS

FreeBSD newer than 4.0

hardware

PC that can run FreeBSD, Two NICs (either 802.3 and/or 802.11)

required software

Apache, ipfw, SQLite

recommended software

natd, DHCP, SSL, perl, BIND

Requirements for Authentication Server

Protocols

POP3, POP3-SSL, FTP, FTP-SSL, RADIUS, LDAP, LDAP-SSL or PAM

Configuration

The serverID and its configuration are set in opengatesrv.conf.

Choosing Servers

In case of entering [user] only, authentication request is sent to the default server. In case of entering [user@serv], request is sent to the server set in extraID [serv]. Thus an independent authentication server for each department can be set. Secondary server can also be set, which is used should the primary server malfunction.

Merits of Opengate

Wide compatibility

It only requires web browser for the client. It's compatible with clients having various OSes and connection forms.

Easy management

It can use existing authentication servers. Only the gateway system should be maintained. No installation or user guidance is required.

Easy interface

It has a web user-friendly interface. The network is opened by providing userid and password to the - automatically displayed - authentication page. The network is closed when terminating the web browser.

Quick response

It opens and closes the network with very short time delay after user action.

Wide applicability

It does not depend in specific software and hardware. It can easily be inserted in the existing network infrastructure. It can control both IPv4 and IPv6.

High flexibility

The network control depends on ipfw rules. Simple perl script is used to add rules.

Low cost

It can be used under GPL. It uses no specific hardware or software. The gateway machine is a simple PC running FreeBSD.