Opengate Home Page
JAPANESE PAGE

Outline

Redirect Page Auth Request
Page
Accept Page Usage Start Page
(Popped Up)

What's New

Download

Following link has download files.

Download Files

The code "****" in "opengate****.tar.gz" indicates the version.
Please download either the latest stable version or the newest version.
The archives "opengate1.1.*.tar.gz" support IPv4 only. Versions "opengate1.3.*" support the IPv4/IPv6 dual stack system.
Versions "opengate1.4.*" include watching with HTTP Keep-Alive. In Version opengate1.5.* JavaApplet is removed, and ipfw-TAG/SQLite/Cookie-auth/etc is added.

Development and Management

Development and management is done by the owner of this page.

Development Staff

Project page in sourceforge.net has Git repository until Ver.1.0.0.


Background

To support educational and research activities, a lot of "public terminals", "network sockets" and "wireless LANs" were implemented throughout the campus. Considering the many incidents such as computer cracking or copyright infringement that were occurring on the network, authentication and usage log methods before network access is granted, quickly became a necessity. Seeing it can prove quite difficult to maintain such systems in terminals for public use, network sockets, and wireless LANs, Opengate was developed to address these issues.

Purpose

Authenticate users and record usage logs in a public network environment..

Usage

When a user tries to access any given site, the authentication request page is returned. The user enters user a ID and password. Network access is granted to the client terminal when the accept pages are displayed. Network access is denied when closing the browser.

usage flow

Function and Requirements

The Opengate system functions as a gateway between terminals and the network. The system filters packets passing through the Opengate gateway.
hardware structure

Only a Web browser is required for the terminal. For the gateway, a Web server and firewall software are required. At present, Opengate is being developed on a FreeBSD system, using ipfw as the firewall software. Opengate can communicate with many authentication methods, such as FTP, POP3, POP3S, FTPS, RADIUS, LDAP, and PAM. Opengate is loaded as CGI, sends an Ajax script to the terminal, and watches the existence of the terminal. 

software structure

Workings of Opengate

  1. By default, the gateway firewall is closed.

  2. A user tries to access some web site through the gateway.
  3. The gateway steals the packet and sends back the authentication page.
  4. The server process - loaded as CGI - accepts the user information. The process authenticates the user and opens the firewall for the requesting terminal.
  5. The process sends an Ajax script to the terminal and sets up a TCP connection to watch the existence of the terminal (~ Comet).
  6. If above watching fails, the process closes the firewall after a set time, a MAC address change or if no packets are exchanged in a set time frame.
  7. Periodically, the process performs message exchanges with the terminal.
  8. The process closes the firewall when the TCP connection is closed.
  9. Server process records usage log when opening and closing the firewall.

Features & Merits

  1. Simple User Interface: Opengate uses the clients web browser for GUI interaction.

  2. Broad Applicability: Opengate works independent of client OS's such as Windows, Windows Ce, Mac OS, Linux, etc. Opengate is compatible with various connection technologies such as wireless LANs, network outlets, and open service terminals.

  3. Real Time: Because Opengate employs an Ajax script for checking terminal status, user disconnection can be detected in real time without extra software.

  4. Low Maintenance Costs: Opengate authenticates users by using your existing FTP, POP,RADIUS,LDAP servers. Opengate requires no setup procedure for the client terminals.

Publications

Misc

Recent Q&A Q&A Changes References Chart of WorkFlow Document of WorkFlow Install Memo  Error Check List Example of User Help Merits and Specifications Administration Memo

Another Opengate

OpengateM - a MAC address based network user authentication system


If you have any questions or advice regarding this page, please send a message to the following address:
Faculty of Science and Engineering, Saga University.
Yoshiaki Watanabe
watanaby(at)is.saga-u.ac.jp