Components of the Opengate System
Client Machine |
User terminal. |
Gateway Machine |
Controls network usage. A CGI program (main component of Opengate) opengatesrv.cgi authenticates user and controls the IPFW firewall. Web server to control the CGI programs is needed. |
Authentication Server |
Hold user information and reply to the authentication request. |
Log Server |
Receive date, time, userid, and ip-address for usage via syslog. |
Requirements for Client Machine
Necessity |
Web browser can run on the client. Ajax is desired. |
Condition to open network |
Provide correct userID and password to the
authentication page. |
Condition to close network |
When Ajax is enabled and the usage duration is not
entered: |
Applied network |
TCP/IP communication, Wired/wireless LAN. |
Applied machines |
Mobile PC/desktop PC, Service terminal installed by the organization/Notebook PC carried in by users. |
Requirements for Gateway Machine
OS |
FreeBSD newer than 4.0 |
hardware |
PC that can run FreeBSD, Two NICs (either 802.3 and/or 802.11) |
required software |
Apache, ipfw, SQLite |
recommended software |
natd, DHCP, SSL, perl, BIND |
Requirements for Authentication Server
Protocols |
POP3, POP3-SSL, FTP, FTP-SSL, RADIUS, LDAP, LDAP-SSL or PAM |
Configuration |
The serverID and its configuration are set in opengatesrv.conf. |
Choosing Servers |
In case of entering [user] only, authentication request is sent to the default server. In case of entering [user@serv], request is sent to the server set in extraID [serv]. Thus an independent authentication server for each department can be set. Secondary server can also be set, which is used should the primary server malfunction. |
Merits of Opengate
Wide compatibility |
It only requires web browser for the client. It's compatible with clients having various OSes and connection forms. |
Easy management |
It can use existing authentication servers. Only the gateway system should be maintained. No installation or user guidance is required. |
Easy interface |
It has a web user-friendly interface. The network is opened by providing userid and password to the - automatically displayed - authentication page. The network is closed when terminating the web browser. |
Quick response |
It opens and closes the network with very short time delay after user action. |
Wide applicability |
It does not depend in specific software and hardware. It can easily be inserted in the existing network infrastructure. It can control both IPv4 and IPv6. |
High flexibility |
The network control depends on ipfw rules. Simple perl script is used to add rules. |
Low cost |
It can be used under GPL. It uses no specific hardware or software. The gateway machine is a simple PC running FreeBSD. |