Projects / jkaptive

jkaptive

Jkaptive is a simple captive portal without RADIUS (and thus without total security, but at the same time without too much hassle). The reason behind this is because a lot of site administrators don't need tight security; their site is just a café that offers free Internet access on an unsecured WLAN access point connected to the Internet, and they need a ticketing system to make it cumbersome for average people to use this offering without actually buying a single coffee. Jkaptive itself just presents the login page and checks the token. The blocking of unticketed traffic is done through Linux' netfilter. As no proxy server is involved, jkaptive has no performance penalty, nor does it create problems with non-HTTP traffic. Once the token is accepted, jkaptive is out of the way of any network packets completely. For presenting the login page, jkaptive has a built-in Web server, so no additional Web server application is needed.

Tags	Firewall Webserver Wireless
Licenses	GPLv2
Operating Systems	Linux
Implementation	Tcl

Download

Release tags

All releases

Recent releases

1.10

02 Jan 2013 23:14

Release Notes: Rate limiting rules have been added for jkaptive HTTP server. The socket in the HTTP father process is now closed in any case after worker exit, resolving a file descriptor exhaustion problem.

15 Aug 2012 21:23

Release Notes: Support for ipsets (See http://ipset.netfilter.org/) has been added. Some small bugs in the custom SuSEfirewall2 script have been fixed.

12 Aug 2012 23:04

Release Notes: A resource leak related to file descriptors in the built-in httpd has been found and fixed.

11 Aug 2012 09:02

Release Notes: A bug with filtering traffic from inside only in SuSEfirewall2 and the README was fixed. Service installation advice was provided in the README. Netfilter rules were fixed to match a single bit instead of a value. Typos in the README were corrected. A caveat about an openSUSE DHCP client glitch was added to the README.

06 Aug 2012 21:04

Release Notes: Clarifications on how to set up DNS with jkaptive, and an update to the SuSEfirewall custom script. Encoding of served textual content has been fixed. /etc/jkaptive.conf is not world-readable anymore. A countermeasure against brute-forcing has been added. Concurrency has been added to the built-in httpd to protect against starvation attacks. Various fixes in the built-in httpd. Token generator time calculation has been fixed.