Dual stack hotspot/captive portal
jima at beer.tclug.org
Wed Feb 23 19:20:54 CET 2011
On 02/23/2011 11:39 AM, Ben Jencks wrote:
> Does anyone have experience setting up dual stack captive portal systems, e.g. for wireless hotspots? The difficulty is in tying the user's identity (as they log into the portal) to *all* of their IP addresses. With v4 it's easy, they only have one address and it's the one they use to log into the captive portal. With dual stack they have at least two: v4 and v6, plus possibly v6 privacy addresses that change over time.
> The only option seems to be identifying users by MAC address post-login, but that's still imperfect. With v4 you can use the DHCP lease table to tie MACs to IPs, but with v6 the best I can think of is monitoring the neighbor table. Has anyone come up with any better solutions?
I can't say I've done it or encountered any packaged solutions, but if
I were working on this, I'd take a serious look at shoehorning a bridge
(even a single-device bridge) into the mix and doing MAC-based
permissions via ebtables. (Under Linux, anyway; I'm not sure what
approach I'd take under any other OS.)
Not the most helpful, I realize, but it might be someplace to start.
More information about the ipv6-ops