Différentes stratégies

On peut partager une connexion Internet sur le Réseau de différentes façons:

Point d'accès ouvert, avec ou sans portail captif;
Fournir un accès par vpn aux voisins que vous connaissez. Comme ça, le traffic est encrypté et authentifié.

Trouver un fournisseurs légal

Fournisseurs permettant la revente:

EI Catalyst (offrent aussi de l'internet redondant) - (à confirmer?)

Fournisseurs qui n'interdisent pas: (à vos risques!)

Electronic Box

Fournisseurs interdisant la revente:

ColbaNet
TekSavvy
Primus
Bell et Vidéotron interdisent également non seulement le partage de votre connexion mais aussi l'hébergement de serveurs

Configure an access point

This requires adding a new node to the network that is part of the mesh. So you will probably need to follow:

flashing
a wired connexion to the mesh - not ad-hoc, as you want the wifi to be "managed"
mesh software: batman or preferably babel so you get the mesh routes
ip configuration

Some known working access point which you can base your configuration on:

?plastik - batman, babel
leon - batman

Configure a splash page (optional)

This consists of setting up a Captive Portal on the access point so that people know that they are on relais libre. This serves two purposes: 1) it protects you legally and 2) it makes the user know how he gets internet access.

The idea is that whenever a user visits a webpage on your access point, they get redirected on a page where they can agree to a terms of service (for example) or just read up on the project. Then when the click through they are redirected to their original destination.

Some portals also double as a firewall or can limit bandwidth usage.

Software evaluation

There are a lot of options for captive portal software and unfortunately it's unclear which one is the best. After a quick evaluation in 2012 by anarcat, we are suggesting the following tools:

NoDogSplash - inspired by NoCatSplash but based on WifiDog's code.
- Last release: 2010
- OpenWRT only, packaged in official OpenWRT repos
- OpenWRT howto
- ROBIN howto
- howto dans ce wiki
Authpuppy - complex authentication gateway, replacement for Wifidog
- Last release: 2011
- OpenWRT only
Coova - main derivative of Chillispot
- Last release: 2012
- Seems to be a solid replacement for chilispot, but also relies on RADIUS, which makes everything much more complicated
- Debian, OpenWRT, and others: Redhat, Febora, Mandrake, Gentoo, FreeBSD (out of date port) and OpenBSD
Pepperspot - other derivative of Chillispot
- Last release: 2011.
- Radius, IPv6 support
DHCP-splash - Freifunk's software
- Last release: ?
- OpenWRT-only, packaged in official OpenWRT repos
PfSense - full firewall solution that features a captive portal, based on M0n0wall
- Last release: 2011
- FreeBSD-based
Anarcat's pf hack - a crude hack I quickly wrote but then stopped using because it was unreliable
- No release.
- FreeBSD or (probably) OpenBSD support
Captive::Portal - perl captive portal module
- Last release: 2012
- GPL, written in perl, runs as a CGI

Nodogsplash

root@OpenWrt:~# opkg install nodogsplash

Fichier de configuration dans /etc/nodogsplash/nodogsplash.conf:

GatewayInterface wlan0

FirewallRuleSet authenticated-users {
  FirewallRule block to 192.168.0.0/16
  FirewallRule block to 10.0.0.0/8

  # Serveur de fichiers
  FirewallRule allow tcp port 80 to 172.16.42.2

  # respectivement: DNS, http, https, ssh
  FirewallRule allow tcp port 53
  FirewallRule allow udp port 53
  FirewallRule allow tcp port 80
  FirewallRule allow tcp port 443
  FirewallRule allow tcp port 22
}

FirewallRuleSet preauthenticated-users 
{
  # DNS
  FirewallRule allow tcp port 53
  FirewallRule allow udp port 53

  # Splash page
  FirewallRule allow tcp port 80 to 172.16.42.1
}

GatewayName ReseauLibre
# redirect the user here after logging in
#RedirectURL http://splash.reseaulibre.ca/
# this may break, use with care
#TrafficControl yes
#UploadLimit 128

On peut modifier le html de la splash page dans /etc/nodogsplash/htdocs/.