Opengate Home Page

Caution: Project main page is moved to http://opengate.osdn.jp. This page may not follow the main page.

Outline

• This page is prepared for development and distribution of the Open Source Software "Opengate".
• Opengate is a (captive portal type) user authentication gateway system for networks in public areas. 
• Opengate can be applied to wireless LANs and wired LANs. It can be applied to public terminals and privately-owned terminals.
• Opengate can close the network immediately at the usage termination.
• Opengate can be distributed under GPL (Gnu General Public License).
• Opengate uses Web browsers as the user interface. No specific software is needed in terminals.
• We are also developing a complementary authentication system OpengateM OpengateM to support devices needing continuous online mode or being troublesome in input (Opengate is a Web authentication system and OpengateM is a MAC authentication system).
• The initial web request from a terminal is forwarded to the authentication page. If the authentication is accepted, the network is opened and can be accessed freely form the terminal.
• Opengate uses Ajax script or the Java Applet after authentication, to control TCP connections. Therfore, network access can be closed without delay when the client exits the browser or OS.
• In deficient terminals, the user can use the network until the time limit indicated by the user in authentication page. But for security, the network is closed at the detection of no-packet duration or MAC address change.
• In cooperation with the firewall, Opengate can control the packets of all protocols in both IPv4/IPv6. Mail, FTP or other protocols can be used after authenticating through the web browser. 
• Opengate is developed and implemented by the Saga University Japan to control the universities campus-wide open network.

Redirect Page	Auth Request Page	Accept Page	Usage Start Page (Popped Up)

What's New

• Ver.1.5.35 is released.
• Modified comments.
• The construction procedure and the system image using VirtualBox are released.
  
• Ver.1.5.34 is released.
• Fixed CLang warning messages.
• Modified ipfw rules.
• Moved documents to Web.
  
• Ver.1.5.33 is released.
• Added checking of null language string.
• Changed strncpy/strncat to strlcpy/strlcat.
• Ver.1.5.32 is released.
• Fixed error to ignore duration in ExtraSet.
• Ver.1.5.31 is released.
• Modified code for authentication recheck when ExtraSet exists.
• SourceForge Page is modified.
• Changed SF project from classic one to new one. Changed code repository from CVS to Git.
• Ver.1.5.30 is released.
• Added code to remove cookie at deny [Contributed by M. Tagawa].
• Ver.1.5.29 is released.
• Added patterns for ExtraSet in conf file.
• Ver.1.5.28 is released.
• Modified code for aquiring shibboleth data.
• Ver.1.5.27 is released.
• Modified to deny plural ipfw rules for one ip address. Added ipfw rule in syslog message. Added udp sending to opengatemd(need to set udp port in conf file). Added dummy html for network connectivity check of iOS.
• Ver.1.5.26 is released.
• Added sqlite3_busy_timeout to reduce lock error.
• Ver.1.5.25 is released.
• Fixed small bugs in processing termination button and movement to other language page [Contributed by M. Tagawa].
• Ver.1.5.24 is released.
• Modified string at address conversion error in opengatefwd.
• Ver.1.5.23 is released.
• Fixed error at loading httpkeep page on ie9.
• Ver.1.5.22 is released.
• Modified a variable name to avoid misunderstanding.
• Ver.1.5.21 is released.
• Added message to avoid popup blocking in httpkeep page.

Download

Download Files

We link the construction procedure and the system image using VirtualBox below.
Please use it for inspection and the system construction.

Trial of Opengate/OpengateM on VirtualBox

Development and Management

The Main Project Page is http://en.osdn.jp/projects/opengate/. It includes Git repository.

Background

To support educational and research activities, a lot of "public terminals", "network sockets" and "wireless LANs" were implemented throughout the campus. Considering the many incidents such as computer cracking or copyright infringement that were occurring on the network, authentication and usage log methods before network access is granted, quickly became a necessity. Seeing it can prove quite difficult to maintain such systems in terminals for public use, network sockets, and wireless LANs, Opengate was developed to address these issues.

Purpose

Usage

When a user tries to access any given site, the authentication request page is returned. The user enters user a ID and password. Network access is granted to the client terminal when the accept pages are displayed. Network access is denied when closing the browser.

Function and Requirements

Only a Web browser is required for the terminal. For the gateway, a Web server and firewall software are required. At present, Opengate is being developed on a FreeBSD system, using ipfw as the firewall software. Opengate can communicate with many authentication methods, such as FTP, POP3, POP3S, FTPS, RADIUS, LDAP, PAM, Shibboleth, HttpBasic. Opengate is loaded as CGI, sends an Ajax script to the terminal, and watches the existence of the terminal. 

Flow

1. By default, the gateway firewall is closed.

2. A user tries to access some web site through the gateway.
3. The gateway steals the packet and sends back the authentication page.
4. The server process - loaded as CGI - accepts the user information. The process authenticates the user and opens the firewall for the requesting terminal.
5. The process sends an Ajax script to the terminal and sets up a TCP connection to watch the existence of the terminal (~ Comet).
6. If above watching fails, the process closes the firewall after a set time, a MAC address change or if no packets are exchanged in a set time frame.
7. Periodically, the process performs message exchanges with the terminal.
8. The process closes the firewall when the TCP connection is closed.
9. Server process records usage log when opening and closing the firewall.

Features

1. Simple User Interface: Opengate uses the clients web browser for GUI interaction.

2. Broad Applicability: Opengate works independent of client OS's such as Windows, Windows Ce, Mac OS, Linux, etc. Opengate is compatible with various connection technologies such as wireless LANs, network outlets, and open service terminals.

3. Real Time: Because Opengate employs an Ajax script for checking terminal status, user disconnection can be detected in real time without extra software.

4. Low Maintenance Costs: Opengate authenticates users by using your existing FTP, POP,RADIUS,LDAP servers. Opengate requires no setup procedure for the client terminals.

Publications

• "Opengate": A Gateway System Which Can Authenticate And Record Users (In Japanese), K. Watanabe, H. Eto, S. Tadaki, and Y. Watanabe, IPSJ SIG Notes IN99-95, TM99-61,OFS99-48, 43-48(2000) . PDF
• Introduction to Opengate: a network authentication system (In Japanese), Y. Watanabe, Annual report of Computer and Network Center, Saga University, No.1, pp.29-32(2001)PDF
• A User Authentication Gateway System With Simple User Interface, Low Administration Cost And Wide Applicability (In Japanese), Y. Watanabe, K. Watanabe, H. Eto, and S. Tadaki, IPSJ Journal, Vol.42, No.12, pp.2802-2809(2001)PDF (Notice)
• An Authentication System for Public and Mobile Terminals and Its Operation with Diskless Boot Mechanism (In Japanese), S. Tadaki, H. Eto, K. Watanabe, Y. Watanabe, Journal for Academic Computing and Networking, No. 5, pp.15-20 (2001)PDF
• Usage of educational LAN (In Japanese), K. Watanabe, Annual report of Computer and Network Center, Saga University, No.2, pp.67-70(2002)PDF
• Usage of wireless campus LAN (In Japanese), K. Watanabe, Annual report of Computer and Network Center, Saga University, No.2, pp.71-76(2002)PDF
• Toward new information infrastructure for education - Campus wide open network based on an authentication system(In Japanese), H. Eto, S. Tadaki, K. Watanabe, Y. Watanabe, Journal for Academic Computing and Networking, No.6, pp.13-20(2002)PDF
• Management of a network including mobile terminals - Practice of Opengate in Saga University(In Japanese), S. Tadaki, H. Eto, K. Watanabe, Y. Watanabe, IPSJ Symposium Series , Vol.2004 No.3, pp.85-90 (2004) PDF.
• Implementation of IPv6 Functions for Opengate(In Japanese), K. Eguchi, K. Watanabe, IPSJ SIG Notes 004-DSM-36, pp. 7-12(2005.3)PDF
• Implementation and operation of large scale network for users' mobile computers by Opengate (In Japanese), S. Tadaki, H. Eto, K. Watanabe, Y. Watanabe, IPSJ Journal, Vol.46, No.4, pp.922-929(2005.4)PDF (Notice).
• Development of network authentication system using Java Servlet(In Japanese), T. Nomura, S. Tobo, Y. Watanabe, K. Watanabe, H. Eto, S. Tadaki, Journal for Academic Computing and Networking, No.9, pp.85-89(2005.9)PDF
• Development of Opengate client by Java(In Japanese), K. Manabe, K. Eguchi, K. Watanabe, Journal for Academic Computing and Networking, No.9, pp.91-94(2005.9)PDF.
• Opengate and the LAN for terminals in Saga University (In Japanese), Y. Watanabe, H. Eto, M.. Otani, K. Watanabe, S. Tadaki, jus Symposium, Tottori University of Environmental Studies, 9.22(2005)PDF (Trans. to English)
• Implementation of IPv6 functions for a network user authentication system Opengate, Makoto Otani, Katsuhiko Eguchi,Hirofumi Eto,Kenzi Watanabe, Shin-ichi Tadaki,Yoshiaki Watanabe, ACM SIGUCCS Fall 2005,Monterey,California,pp.283-286(2005.Nov.6-9)(In English). PDF
• Development of a network user authentication system for IPv4/IPv6 dual stack network (In Japanese), Makoto Otani, Katsuhiko Eguchi and Kenzi Watanabe, IPSJ Journal, Vol.47,No.4,pp.1146-1156(2006)PDF (Notice)
• Improvement of the network user authentication system Opengate for IPv4/IPv6 network (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, IPSJ SIG Notes 2006-DSM-43, pp.19-24(2006.9)PDF
• Improvement and operation of the network user authentication system Opengate (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, Journal for Academic Computing and Networking, No.10, pp.97-102(2006.9)PDF
• Detection of client usage termination by using HTTP keep-alive (In Japanese), Yoshiaki Watanabe, Kiyoshi Mase, JCEEE Kyushu 2006, Miyazaki Univ., 2006.9.28, 09-1A-09(2006.9)PDF
• Development of the new Opengate capable of detecting usage termination by HTTP Keep-Alive (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, IPSJ SIG Notes 2007-DSM-44, pp.65-70 (2007.3.9).PDF
• Development and Operation of a Network Authentication System with Detecting Usage Termination by Watching HTTP Connection (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, Journal for Academic Computing and Networking, No.11,pp.87-91,(2007.9.14).PDF
• Installation and Operation of New Opengate with Detecting Usage Termination by Watching HTTP Connection (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, IPSJ SIG Notes 2007-DSM-47,pp.31-36,(2007.9.21).PDF
• Installation to the Authentication Network of UPKI Initiative Server Certificate (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, Journal for Academic Computing and Networking, No.12,pp.103-107,(2008.9.12).PDF
• Usage of the Name Resolution in Opengate (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, IPSJ SIG Notes 2008-IOT-3,p.55-p.60,(2008.9.19).PDF
• Single Sign-on with Opengate (In Japanese), Hirofumi Eto, Makoto Otani, Kenzi Watanabe, Shin-ichi Tadaki, IPSJ SIG Notes 2009-IOT-4,p.259-p.264/IEICE Technical Report SITE2008-88,IA2008-111, pp.259-264,(2009.3.6).PDF
• Development and Smooth Installation of a Network Authentication System with Detecting Usage Termination by Watching HTTP Connection (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, IPSJ Journal, Vol.50, No.3, pp.1032-1042(2009.3)PDF (Notice)
• Forced Display of Portal Site with Single Sign-On (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, IPSJ SIG Notes 2009-IOT-5,pp.1-6,(2009.5.28).PDF
• Construction of the network based on a campus portal (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, Journal for Academic Computing and Networking, No.13, pp.135-139(2009.9)PDF
• Construction of the virtual network based on the portal site (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, Internet and Operation Technology Symposium(IOTS2009) (2009.12.10)PDF
• Development of the Network User Authentication System Supporting Single Sign-On (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, IPSJ Journal, Vol.51,No.3,pp.1031-1039(2010.3)PDF (Notice)).
• Operation of SSO-Opengate Using virtual machine (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, IPSJ SIG Notes 2010-IOT-5 (2010.5.13).PDF
• Opengate on Cloud, Kenzi Watanabe, Makoto Otani, Shin-ichi Tadaki and Yoshiaki Watanabe, The 26th IEEE International Conference on Advanced Information Networking and Applications (AINA-2012), Fukuoka Institute of Technology (FIT), Fukuoka, Japan (2012.03.28) PDF
• Development of  Opengate capable of detecting usage termination by WebSocket (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, IPSJ SIG Notes 2013-IOT-21, pp.1-5 (2013.05.10).PDF

Another System : OpengateM

OpengateM is a MAC address based network user authentication system. Refer OpengateM Homepage OpengateM Homepage