Endian banner

Hotspot Settings

When entering the Hotspot page, click on the grey Enable hotspot switch swoff to start the Hotspot and show the first configuration options, which are described in the remainder of this page: The role of the hotspot and the external authentication server, if needed.

Since the additional options available settings depend on the selected Role, they are described in the next three sections.

1. Master/Standalone hotspot or Standalone hotspot

When the hotspot is used as a Master hotspot all the configuration data (like e.g., user database, portal configuration, setting, logs), including those of the satellites, are stored on it; also the management tasks are performed on this hotspot.

Note

This role can only be Standalone hotspot for the Endian Hotspot Appliance 150, While the 500 and 1500 versions can also act as Master hotspot.

For the Master role, one setting is available and also the available VPN accounts are shown that can be assigned to the satellites.

Hotspot password

This is the Master Hotspot’s password, only needed by satellite systems to connect to the master hotspot. If this field is left blank, a new random password will be generated.

Hotspot satellites

The list of available OpenVPN tunnels to be used by remote satellite system to connect to the Master. This list is empty if no satellites are needed in the setup or if no OpenVPN accounts have been created; otherwise, one or more systems can be selected from this list.

Use External Authentication

When the role of the Hotspot is Master / Standalone hotspot, it can rely on an external resource -either a RADIUS or a LDAP server- only for the purpose of user authentication, while keeping accounting, logging, user database, and all other settings locally. In other words, the user data are retrieved from the external server, without the need to create a new account.

To allow the Hotspot to connect to the remote server and retrieve the accounting data, there is one option available:

Use External Authentication

By ticking this checkbox, new options will appear to allow the configuration of the two supported authentication methods modalities are shown.

Server Type

This drop-down menu allows to choose one of the two supported servers, either LDAP or RADIUS and changes the configuration options displayed accordingly.

For the LDAP server, the following configuration options are available (see the example on the right for more details):

LDAP server type

The drop-down menu allows to choose one of the supported LDAP server types: Generic, Active Directory, or Novell eDirectory.

LDAP server

The IP address or hostname of the LDAP server, in LDAP format.

Hint

The port specification, if needed, can be written after the URL, like e.g., ldap://192.168.0.20:389/. The standard port, 389, can safely be omitted.

Bind DN settings

This settings define the Distinguished Name of the LDAP server, i.e., the top level node of the LDAP’s tree structure.

Bind DN username

The username to be used for querying the DN. It is necessary to retrieve and authenticate the credentials of the Hotspot’s users.

Bind DN password

The password for the user specified in the previous option. A click on the checkbox on the right shows or hides the characters.

User search filter

The string used to query the remote LDAP server.

LDAP backup server

The IP address or hostname of the LDAP fallback server, in LDAP format, to be used when the primary server is not reachable.

Default rate

Choose from the drop-down menu the rate associated to users that authenticate through this method.

For the RADIUS server, the following configuration options are available:

RADIUS server

The IP address or URL of the RADIUS server.

Port of RADIUS server

The port on which the RADIUS server is listening.

Identifier

An additional identifier.

Shared secret

The password to be used.

RADIUS backup server

The IP address or URL of the fallback RADIUS server, used when the primary server is not reachable.

Default rate

Choose from the drop-down menu the rate associated to users that authenticate through this method.

2. Satellite hotspot

A satellite hotspot does not store any configuration, but relies on the Master to verify user data, ticket availability, and all the settings. When selecting this option, the IP address and the password of the Master hotspot must be specified, along with the VPN tunnel name. In detail, these are the available options:

Master hotspot IP address

Specify in this field the IP address of the master hotspot, which is usually the first IP address available in the special OpenVPN subnet (see The zones) defined in the OpenVPN server settings (under Menubar ‣ VPN ‣ OpenVPN server ‣ Server configuration) of the Master hotspot.

Master hotspot password

The Master hotspot password. This is typically auto-generated on the Master. Click on the Show checkbox to show the password.

Hotspot VPN tunnel

From this drop-down menu, select the OpenVPN tunnel used to reach the Master hotspot.

See also

The setup of a master/satellite Hotspot is described in this article <https://help.endian.com/hc/en-us/articles/115012672027>.

3. External RADIUS server

In this configuration, the hotspot relies on an external RADIUS server, like FreeRadius for its activities: It connects and ask for authentication to the RADIUS server, which stores all the data about accounting, settings, ticketing and connections. Several information about the RADIUS server are required for its correct functioning: the IP address, password, and ports, the IP address of the fallback server. Additionally, the external portal can be used.

RADIUS Server IP address

The IP address of the external RADIUS Server.

RADIUS Server password

The password for the RADIUS Server. Click on the Show checkbox to reveal the password.

Fallback RADIUS Server IP address

The IP address of the fallback external RADIUS Server.

RADIUS Server AUTH port

The RADIUS Server AUTH (Authentication) port number.

RADIUS Server ACCT port

The RADIUS Server ACCT (Accounting) port number.

RADIUS Server COA port

The RADIUS Server COA (Change of Authorisation) port number.

Hint

The default values for the RADIUS port are: 1812 (AUTH), 1813 (ACCT), and 3799 (COA).

Use external Portal

When this option is chosen, an external portal can be configured as the login interface that the users see when they want to connect through the hotspot. The external portal must be compatible and communicate with chilli. The following options should be configured to activate the external portal.

External Portal URL

The location on which the portal is located.

NAS ID

The Network Access Server IDentifier of the RADIUS server that identifies the portal.

UAM Secret

The UAM shared secret from the external RADIUS server. While it is possible to not define a value for this option, it is suggested to define it, since it improves security.

Allowed Sites / Access

A list of websites accessible even without registering to the hotspot.

Hint

write on each line a domain name (e.g., endian.com) or an IP Address (e.g., 10.123.124.125). On both domain name and IP address it is also possible to prepend the protocol to be used (e.g., tcp:www.endian.com, udp:10.123.124.125) and append the port to be used for the connection (e.g., 10.123.124.125:10443), or both (e.g., tcp:10.123.124.125:10443).

Enable AnyIP

Allows clients without an active DHCP client to connect to the hotspot.

Note

The setup of a RADIUS server is not discussed here since it is outside the scope and duties of Endian, who does not provide assistance in this task.

Table Of Contents

Previous topic

The Hotspot Menu

Next topic

Administration Interface

Documentation archive

Version 5.0
Version 3.2
Version 3.0
Version 2.5
Version 2.4
Version 2.3
Version 2.2
Version 2.1

Other products

Endian UTM 5.1
Endian 4i Edge 5.1