REPUBLIQUE DU CAMEROUN PEACE – WORK - FATHERLAND

Paix – Travail - Patrie *******

******* MINISTER OF HIGHER EDUCATION

MINISTRE DE L’ENSEIGNEMENT *******

SUPERIEUR UNIVERSITY OF BAMENDA
******* *******
UNIVERSITE DE BAMENDA THE UNIVERSITY INSISTITUTE OF THE
TROPICS
*******
********

GRANDES ECOLES DE TROPIQUES

REPUBLIC OF CAMEROON

2
ANANG GLAMICK CHE
 DECLARATION

I Mr ANANG GLAMICK Che hereby declared that I am the sole author of this work. I authorise
others THE UNIVERSITY INSTITUTE OF ON THE TROPICS to lend this work to others
institutions or individuals for the purpose of scholarly research.
I understand the nature of plagiarism and I am aware of institute’s policy on this.
I certify that this internship report was original done by me during my university studies expect for
the Paragraph, Sentences, Titles, Sub-titles or Relative References (see references or bibliography on
this work).

Date……………………………….

Mr ANANG GLAMICK Che

Signature…………………………………

3
ANANG GLAMICK CHE
 CERTIFICATION

I hereby certify that this work entitled “DESIGN AND IMPLEMENTATION OF A CAPTIVE
PORTAL SYSTEM USING PFSENSE” is written and presented by ANANG GLAMICK CHE.

This report is to be submitted to the department of Computer Engineering, this is to meet the
requirements and regulations governing the award of BACHELOR OF TECHNOLOGY
(BTECH) at IUGET (UNIVERSITY INSTITUTE OF THE TROPICS) DOUALA.

Under the supervision of:

THE COORDINATOR
Mr TSAKOU KOUMETIO Billy Cedrique
Signature………………………….

Date….……………………

ACADEMIC SUPERVISOR
Mr EPO Jean Daniel

Signature………………………….

Date….……………………

DEDICATION

4
ANANG GLAMICK CHE
 TO THE ANANG FAMILY

5
ANANG GLAMICK CHE
 ACKNOWLEDGEMENTS

The work we have done could not have been completed without the immense support of a
number of people. For this reason, we would like to thank them and show them our deepest
gratitude.

In particular, we would like to thank:

❖ Dr NGUEPI JOSEPH, proprietor of the University Institute of the Tropics (IUGET)

for creating a conductive school frame in which we have study these years.
❖ My Academic supervisor Mr EPO JEAN DANIEL, for his timely advice,
encouraging guidance and kindly supervision in the competition of my report.
❖ all the lecturers of IUGET who made me understand the science in this field of
studies, which has made me to be curious in this domain of sciences. And always
giving advice on how to attain our academic objectives.

❖ A big hand goes to my parents KEMMOGNE FEZE Jules Samuel and MAGOUM
TCHINDA Edith, who made me saw that I had supporters and they kept on giving in
what they have to see me succeed.
❖ A special thanks to MEGOUO TATEUKAM Ariane Divine, for her encouragement

❖ In addition, a big hand goes to my classmate’s promotion, for their familiar climate
that their created and maintain during the academy school.

❖ Above all, I would like to thank the Almighty for allowing me to attain the success of
my internship and the unfailing strength he gave me until date.

2
ANANG GLAMICK CHE
 TABLE OF CONTENT

DECLARATION ............................................................................................................ 2
CERTIFICATION ......................................................................................................... 3
DEDICATION ............................................................................................................... 4
ACKNOWLEDGEMENTS ........................................................................................... 2
TABLE OF CONTENT .................................................................................................. 3
LIST OF TABLES .......................................................................................................... 5
LIST OF FIGURES ........................................................................................................ 6
LIST OF ABBREVIATIONS......................................................................................... 7
ABSTRACT.................................................................................................................... 8
RESUME ........................................................................................................................ 9
CHAPTER ONE: DESIGN AND IMPLEMENTATION OF A CAPTIVE PORTAL
SYSTEM USING PFSENSE ........................................................................................ 10 1
GENERAL INTRODUCTION ................................................................................. 10
1.1 INTRODUCTION TO THE STUDY ..................................................................... 10
1.2 BACKGROUND OF THE STUDY ........................................................................ 10
1.3 PROBLEM STATEMENT ..................................................................................... 11
1.4 OBJECTIVES OF THE STUDY ............................................................................ 12
1.4.1 GENERAL OBJECTIVES .................................................................................. 12
1.4.2 SPECIFIC OBJECTIVES ................................................................................... 12
1.5 SIGNIFICANCE AND JUSTIFICATION OF THE STUDY ................................ 12
1.6 SCOPE OF STUDY ................................................................................................ 13
CHAPTER TWO: LITERATURE REVIEW ............................................................. 14
2.1 INTRODUCTION .................................................................................................. 14
2.2.3 FIREWALL ......................................................................................................... 15
2.3 CONCEPTS ON THE CAPTIVE PORTAL .......................................................... 16
2.3.1 DEFINITION ...................................................................................................... 16
2.3.2 GENERAL OPERATION OF A CAPTIVE PORTAL....................................... 16
2.3.3 OVERVIEW OF THE MAIN CAPTIVE PORTALS ......................................... 17

PFSENSE .................................................................................................................. 18

ALCASAR ................................................................................................................ 18
ZEROSHELL ............................................................................................................ 18
CHILLISPOT ............................................................................................................ 18

3
ANANG GLAMICK CHE
2.3.4 COMPARISION OF CAPTIVE PORTALS ....................................................... 19
2.3.5 CHOOSING A CAPTIVE PORTAL SOLUTION ............................................. 21
2.4 SECURING WIRELESS NETWORK USING PFSENSE CAPTIVE PORTAL
WITH RADIUS AUTHENTICATION ........................................................................ 21
2.5 BUILDING A SECURE WIRELESS ACCESS POINT BASED ON
CERTIFICATE AUTHENTICATION AND FIREWALL CAPTIVE PORTAL ...... 22
2.6 DNS BASED CAPTIVE PORTAL WITH INTEGRATED TRANSPARENT
PROXY ......................................................................................................................... 23
2.7 DESIGN AND CONFIGURATION OF APP SUPPORTIVE INDIRECT
INTERNET ACCESS USING A TRANSPARENT PROXY SERVER ...................... 24
2.8 TWO FACTOR AUTHENTIFICATION USING SMARTPHONE TO
GENERATE ONE TIME PASSWORD ...................................................................... 24
CHAPTER THREE: METHODOLOGY AND DESIGN ........................................... 25
3.1 INTRODUCTION .................................................................................................. 25
3.2 FLOWCHART ....................................................................................................... 25
3.3 FRAMEWORK ...................................................................................................... 27
3.4 ALGORITHM ........................................................................................................ 28
3.5 OVERVIEW OF THE PROJECT AND RESEARCH .......................................... 29
SUMMARY .................................................................................................................. 31
4.1 INTRODUCTION .................................................................................................. 33
4.2 IMPLEMENTATION ............................................................................................ 33
4.2.1 INSTALLATION AND CONFIGURATION ..................................................... 34
4.2.2 INSTALLATION OF PFSENSE ......................................................................... 35
4.2.3CONFIGURATION OF PFSENSE ..................................................................... 38
4.2.3.2 CONFIGURATION OF INTERFACES .......................................................... 40
A- WAN INTERFACE ..................................................................................................... 40
B- LAN INTERFACE....................................................................................................... 41
4.2.3.3 CONFIGURATION OF THE DHCP SERVER ............................................... 42
4.2.3.4DEFINITION OF FIREWALL RULES ........................................................... 43
4.2.4 CREATION OF THE CAPTIVE PORTAL ....................................................... 44
4.3 RESULTS ............................................................................................................... 47
5.1 SUMMARY OF FINDINGS ................................................................................... 48
5.2 RECOMMENDATIONS ........................................................................................ 49
5.3 CONCLUSION ....................................................................................................... 49
REFERENCES ............................................................................................................. 50

4
ANANG GLAMICK CHE
 LIST OF TABLES
Table 1 Comparision of captive portals ...................................................................................
20
Table 2: Overview of the project and research ........................................................................
29

LIST OF FIGURES

Figure 1: Hotspot network protected by a Captive Portal Router.....................................................

Figure 2: Flowchart...........................................................................................................................
Figure 3: Framework.........................................................................................................................
Figure 4: Proposed Algorithm...........................................................................................................
Figure 5: pfsense architecture............................................................................................................
Figure 6: FreeBSD boot screen.........................................................................................................
Figure 7: Launching the installation of pfsense................................................................................
Figure 8: Confirmation of the installation.........................................................................................

5
ANANG GLAMICK CHE
Figure 9: End of installation..............................................................................................................
Figure 10: Configuration menu.........................................................................................................
Figure 11: Portal connection of pfsense............................................................................................
Figure 12: pfsense general menu.......................................................................................................
Figure 13: Configuration of the WAN interface...............................................................................
Figure 14: Configuration of the LAN interface.................................................................................
Figure 15: Configuration of the DHCP server..................................................................................
Figure 16: Rules on the WAN interface............................................................................................
Figure 17: Activation of the captive portal........................................................................................
Figure 18: Captive portal page..........................................................................................................

LIST OF ABBREVIATIONS

AD: Active Directory

Admin: Administrator
CD: Compact Disk

DHCP: Dynamic Host Configuration Protocol

DNS: Domain Name System

LAN: Local Area Network

6
ANANG GLAMICK CHE
NPS: Network Policy Server
Pfsense: Packet Filter Sense

RADIUS: remote access dial in user service

SSID: Service Set Identifier

TLS: Transport Layer Security

USB: Universal serial bus

VLAN: Virtual local area network

VPN: Virtual private network

WAN: Wide Area Network Wi-Fi:

Wireless Fidelity

WLAN: Wireless Local Area Network

ABSTRACT

Nowadays, networking technology is increasing as well as a number of user increase. Each

user can communicate to transfer data information through a network. However, when
network continues to grow up, network administrator has to monitor traffic flow or bandwidth
that are traversing networks.The main purpose is to design a simulation that can monitor
network and optimize network usage as well as limiting bandwidth and time. The importance
of solving this problem is enhanced network traffic performance. Next, One Time Password
algorithm has use as a technique which apply into captive portal. Captive portal is a web page
that control any Hyper Text Transfer Protocol (HTTP) browser access to the internet. A user
that wants to access internet would be redirected to webpage for authentication. This is
making the network administrator to easily monitor and handle network traffic. Besides,
pfSense is an open-source computer software distribution based on FreeBSD. It can be
installed on a physical computer or a virtual machine to make a dedicated router for a
network. Network activity is easy to monitor when the user is accessing the Internet in real
time. As an expected result of this project, the network performance will smooth well as
simulation can limit bandwidth and minimize users that want to access Internet at one time.

7
ANANG GLAMICK CHE
 RESUME

De nos jours, la technologie des réseaux se développe, tout comme le nombre d'utilisateurs.
Chaque utilisateur peut communiquer pour transférer des informations via un réseau.
Cependant, lorsque le réseau continue à se développer, l'administrateur réseau doit surveiller
le flux de trafic ou la bande passante qui traverse les réseaux. Certains utilisateurs qui
accèdent à l'Internet sans but précis peuvent causer un problème comme un goulot
d'étranglement. L'objectif principal est de concevoir une simulation qui puisse surveiller le
réseau et optimiser son utilisation, tout en limitant la bande passante et le temps. L'importance
de la résolution de ce problème réside dans l'amélioration des performances du trafic réseau.
Ensuite, l'algorithme du mot de passe à usage unique est utilisé comme une technique qui
s'applique au portail captif. Le portail captif est une page web qui contrôle l'accès à Internet
de tout navigateur Hyper Text Transfer Protocol (HTTP). Un utilisateur qui veut accéder à
Internet est redirigé vers une page Web pour s'authentifier. L'administrateur réseau peut ainsi
facilement surveiller et gérer le trafic réseau. En outre, pfsense est une distribution de
logiciels informatiques à code source ouvert basée sur FreeBSD. Elle peut être installée sur
un ordinateur physique ou sur une machine virtuelle afin de créer un routeur dédié à un
réseau. L'activité du réseau est facile à surveiller lorsque l'utilisateur accède à l'Internet en
temps réel. Comme résultat attendu de ce projet, la performance du réseau sera bien régulée
car la simulation peut limiter la bande passante et minimiser les utilisateurs qui veulent
accéder à Internet en même temps.

8
ANANG GLAMICK CHE
CHAPTER ONE : DESIGN AND IMPLEMENTATION OF A CAPTIVE
PORTAL SYSTEM USING PFSENSE

1 GENERAL INTRODUCTION

1.1 INTRODUCTION TO THE STUDY

Nowadays, IT systems in companies are becoming increasingly important but also complex.
The need to maintain and manage these systems has quickly become a priority. Several
network monitoring and supervision software have been developed to check the network
status in real time and to be informed of any network incident. Thanks to this software,
intervention times are greatly reduced and anomalies can be dealt with immediately without
the users of the network in question being affected or noticing any errors.
In view of all this, we can see and say that the causes of the installation and configuration of
authentication and network access management systems are diverse. However, we were faced
with a problem: how to optimize the network security policy? In this perspective, we plan to
set up a network administration console. This console will allow to supervise and control the
network as well as the state of the computer equipment. Thus, we worked on the theme:
"IMPLEMENTATION OF A CAPTIVE PORTAL SYSTEM WITH PFSENSE".
This report presents all the steps followed for the development of this application; it contains
four chapters organized as follows: in chapter one, we will talk about the backgrounds of the
study. In chapter two, we will talk about literature review; In chapter three, we will talk about
the generalities on the captive portal with the objective of presenting the concepts on the
captive portal and also to highlight the theoretical study of the monitoring solution adopted
for this work, its architecture and its operating principle. In chapter four, we will talk about
the presentation and analysis of data. Finally, in chapter five, we will implement the solution,
which presents the working environment as well as the criticisms and suggestions related to
our work in view of the realization of our project.
9
ANANG GLAMICK CHE
 1.2 BACKGROUND OF THE STUDY

In an era of globalization, access Internet has become a part of life and it is compulsory
activity in everyday especially students. Besides, the Internet acts as medium communication
between one person to another person in the world. The Internet can also become a resource
for education which is teaching and learning. It is often connected by using wired but today,
many places have connected the Internet using wireless as simply called as Wi-Fi at home or
building such as university and company. Based on that statement, network usage will
increase from time to time with an application that user can use for access. This problem can
be worse if it is not managed efficiently.
Next, Internet can be defined as a massive network of networks. A network is a collection of
computers and other devices that can send data to and receive data from one another, more or
less in real time (Elliotte Rusty Harold,2013). Development of network may lead data access
to become exceed. So, a network administrator should monitor the network using pfsense. In
current research, pfsense is an essential software that use for easy monitor the network.
pfsense is an open-source software distribution based on FreeBSD. pfsense is commonly used
as a router, perimeter firewall, DHCP server, wireless access point and DNS server.
Moreover, pfsense also support installation of third-party packages like Snort as intrusion
detection and prevention (IDS/IPS). In order to overcome network problem, pfsense must be
configured as DHCP server. Switch is use to make two device such as computer connected.
Switch act as bridge. Switch is better performance in average time compared with hub
(Christopher Udeagha, R. Maye, D. Patrick, D. Humphery, D. Escoffery and E. Campbell,
2016). It can send and receive information at same time and faster than hub. Many peoples
use switch in forwarding a message to specific host. Authentication is an importance process
used to validate access from authorized user before he or she has given access to the resource.
One Time Password is one form of authentication that mostly use with other forms of
authentication. In other word, One Time Password algorithm is one of the simplest and most
popular forms of two-factor authentication today (Nilesh Khankari and Geetanjali Kale,
2014).

10
ANANG GLAMICK CHE
1.3 PROBLEM STATEMENT

Some of the problems are common causes of this project is developed. The problem is:

i. Lack of captive portal system will lead to congestion in network hence, will limit

communication between client (user) and server so a situation that stops a process or activity

from progressing may occur. ii. Users are consuming a lot of bandwidth at one time when

access the Internet.

iii. Unexpected scalability and performance problem appear as number of network’s user
increase at one time.

1.4 OBJECTIVES OF THE STUDY

1.4.1 GENERAL OBJECTIVES

The goal of this undertaking project is to plan and design a web page that the user of a publicaccess
network is will view and interact with before access to the internet is granted.

1.4.2 SPECIFIC OBJECTIVES

The main objective of our project seeks to achieve the following objectives.
i. Study existing LAN infrastructure.

ii. Develop a system that will automatically register a device.

iii. Implement the simulation that optimize network usage as well as limiting
Bandwidth and time in pfsense.

1.5 SIGNIFICANCE AND JUSTIFICATION OF THE STUDY

11
ANANG GLAMICK CHE
 The need for this project is driven by various challenges faced by small organizations
due to unauthorized access to the network, inappropriate use of existing bandwidth and
absence of bandwidth management strategies. That has promoted bandwidth wastage on
unwanted traffic such as music and movie download by some users.
This project is designed to make sure that the available Internet facility is effectively
and optimally used to support the core business of an organization that is, maximizing profit
while minimizing expenditure.

1.6 SCOPE OF STUDY

The scope area of this study is to do the following:

I. Develop a captive portal for WI-FI system that will enable the users to
automatically register their devices within the system, thereby permitting their
device to access the internet.
II. Evaluate the effectiveness of the captive portal for the users.
III. Provide different user identification medium within the captive portal.

12
ANANG GLAMICK CHE
 CHAPTER TWO: LITERATURE REVIEW

2.1 INTRODUCTION

This chapter is about selected literature review that need to describe and explain which
are relate to a simulation will be developed. The literature review is a text of a trusted paper
such as journal, article and book that include current knowledge about theoretical and
methodological contribution. Main purpose of the literature review is to identify research
methods and strategies that should be applying in this project. It is important to know and
understand about all information from previous research and takes a consideration before
develop this project. A few previous research or existing system will also be discussed in this
chapter. Therefore, the literature review is carried out to be used as references in developing
the proposed simulation.

2.2 REVIEWS OF CONCEPTS AND THEORIES

2.2.1 COMPUTER NETWORK

According to Data Communication and Networking Fifth Edition book, a network is the
interconnection of a set devices capable of communication (Behrouz A. Forouzan,2012). In this
definition, a device can be connecting device or host which connects the network to other
networks and transmission data will be occur. These devices are connected by using wired and
wireless transmission media. Wired use copper wires or fiber optic cable to send data and receive
data. Instead of wireless transmission, the data signal will travel on electromagnetic waves. In this
case, we use switch act as a bridge to make client and server are connected. For information, two
type of network that involve in this simulation which are Local Area Network (LAN) and Wide
Area Network (WAN). LAN is a privately own and connects some hosts in single office, building
or campus but it also depends on organization needs. Most LAN are design to allow resources to
be shared between hosts. Normally, LAN is limited size of area while WAN is wider size of area.
Rate of transmission that transmit between can be measured in kilobyte, megabyte or gigabyte per
second.

13
ANANG GLAMICK CHE
 2.2.2 BANDWIDTH USAGE

Bandwidth is defined as a range of frequencies that can be transmitted by a particular

system or medium (Jorge L. Olenewa,2012). Although this term often defines as the
maximum data transmission capacity but it is also referred as transmission speed. The growth
of technology will make bandwidth usage increase. So, when bandwidth usage increase then
network administrator must handle and maintain network performance as well as before this.
Moreover, bandwidth need to manage by an organization. Bandwidth management is a
generic term that describes the various techniques, technologies, tools and policies employed
by an organization to enable the most efficient use of its bandwidth resources (Lockias
Chitanana,2012). Bandwidth is measured in bits per seconds and is particularly important in
the case of transferring large amounts of data over a network (Stanislaw Lota and Marcin
Markowski,2015). Wireless technology such as third generation (3G) and fourth generation
(4G) have significant give impact on the bandwidth. Most of universities are prefer use
wireless means of providing internet to wired connection using Wireless Local Area Network
(WLAN) (Aryeh, F. L., Asante, M. and Danso, A. E. Y.,2016). Many students consume a lot
of data access for streaming video and surfing media social. For example, a twenty megabits-
persecond (20 Mbps) is sufficient for download high-definition video. Video-based
applications require large amount of bandwidth because they contain video and audio.

2.2.3 FIREWALL

A firewall is a network security device that monitors and filters incoming and outgoing
network traffic based on an organization’s previously established security policies. A firewall
is essentially the barrier that sits between a private internal network and the public internet. A
firewall’s main purpose is to allow non-threatening traffic in and keep dangerous traffic out.
Firewalls have existed since the late 1980’s and started out as packet filters, which were
network set up to examine packets, or bytes transferred between computers. Though packet
filtering firewalls are still on use today, firewalls have come along way as technology has
developed throughout the decades.
2.3 CONCEPTS ON THE CAPTIVE PORTAL

2.3.1 DEFINITION

14
ANANG GLAMICK CHE
 A captive portal is a security system that manages the authentication of users on a local
network who wish to access an external network (usually the Internet). It requires users on the
local network to authenticate themselves before accessing the external network. When a user
seeks to access the Internet for the first time, the portal captures his connection request
through routing and offers him to identify himself in order to receive his Wi-Fi access and be
offered Internet access. In addition to authentication, captive portals make it possible to offer
different classes of services and associated charges for Internet access (e.g., free Wi-Fi, paid
wired). This is achieved by intercepting all packets regardless of their destination until the
user opens their web browser and tries to connect to the internet. When the connection is
established, no security is active. This security will not be active when the connected
computer tries to access the internet with its web browser. The captive portal will on the first
HTTP request redirect the web browser to authenticate the user, otherwise no request will
pass through the captive server. Once the user is authenticated, the firewall rules are modified
and the user is allowed to use the Internet for a period of time set by the administrator. At the
end of the set time, the user will request their login credentials again in order to open a new
session.
This system offers security for the available network, it allows the company's web
filtering policy to be respected thanks to a proxy module and also allows access to the desired
protocols to be prohibited thanks to an integrated firewall.

2.3.2 GENERAL OPERATION OF A CAPTIVE PORTAL

The client connects to the network via a wired connection or to the wireless access point.
Then the access point provides him with an IP address and the network configuration
parameters. At this point, the client only has access to the network between itself and the
gateway, with the gateway preventing access to the rest of the network for the time being.
When the client makes its first web request in HTTP or HTTPS, the gateway redirects it to an
authentication web page that allows it to authenticate itself with a login and password. This
page is encrypted using the SSL protocol to secure the transfer of the login and password.
The authentication system will then contact a database containing the list of users authorized
to access the network. Finally, the authentication system indicates more or less directly,
depending on the captive portals, to the gateway that the client's MAC/IP pair is authenticated
on the network. Finally, the client is redirected to the web page he initially requested; the
network behind the gateway is now accessible to him. The captive portal, through various

15
ANANG GLAMICK CHE
mechanisms such as a pop-up window on the client refreshed at regular intervals or ping
requests to the client, is able to find out if the user is still connected to the network. After a
period of absence from the network, the captive portal will cut off access to that user.

Figure 1: Hotspot network protected by a Captive Portal Router

2.3.3 OVERVIEW OF THE MAIN CAPTIVE PORTALS

All the solutions we have studied are free and open source, which allows us to
considerably reduce the cost of their implementation.

• Pfsense
It is easily installed via a dedicated distribution and all configuration can be done
either via SSH command line or via the HTTPS web interface. Configuration backup and
restore is available through the web interface and allows to generate a simple file of a
reasonable size. The portal ensures a constant evolution thanks to regular updates whose
installation is managed automatically in a part of the administration panel. This solution
allows secure authentication via the HTTPS protocol and a user/password pair.

16
ANANG GLAMICK CHE
 • Alcasar
It is a French project essentially dedicated to captive portal functions. This application
is installed via a script and is supported by the Mandriva Linux distribution, the
configurations are done via the secure management interface (HTTPS) or in command
line directly on the Mandriva server. A backup of the configuration is taken care of by
creating a system ghost (system file) in the administration panel, which still generates a
file of a certain size. Regular updates ensure that the solution is future-proof. The
authentication to the captive portal is secured by HTTPS and a user/password pair. Like
pfsense, ALCASAR is compatible with many platforms, user page customization and
ease of use are present.

• Zeroshell
It is a Linux distribution designed to implement global security within a network
(firewall, VPN, captive portal, etc.). Its installation is simple via a dedicated distribution.
It has an easy-to-use web management interface that allows, among other things, to save
the captive portal configuration or to customize the connection and disconnection pages
in an integrated HTML editor. Like the other two solutions, the authentication page is
secure and the connection is made via a user/password pair. Its use remains identical to
the other solutions presented.

• Chillispot

It is an application dedicated to the management of authentication on networks, its

installation is quite simple via an application package available on the Red Hat and Fedora
distributions. The backup of the configuration is available but it implies to copy the
configuration files and thus to know them.

2.3.4 COMPARISION OF CAPTIVE PORTALS

17
ANANG GLAMICK CHE
 In the comparative study of the solutions, we have highlighted several important criteria
that the different solutions must take into account:

• Security of exchanges during authentication: to avoid password recovery on the

network.

• Presence of complete documentation: to ensure the rapid implementation of the

solution.

• Simplicity of administration: to allow different people to administer the software.

• Easy to use: to allow all visitors to connect to the wired or wireless network.

• Multi-platform compatibility: to allow connection from smartphones, different web

browsers and different operating systems.

• Presence of backup and restoration of configurations: to allow a quick restart of the

system in case of problems.

• Sustainability of the solution: to address security vulnerabilities and increase the

functionality of the solution through updates.

Solutions

Criteria Pfsense ALCASAR Zeroshell Chillispot

Security HTTPS HTTPS HTTPS HTTPS

authentication

Documentation ✓ ✓ o o

18
ANANG GLAMICK CHE
 Supported All All All All
Platforms
Personalization ✓ ✓ o o

Ease of use ✓ o o o

Save/restore ✓ ✓ ✓ •
configurations

Ease of Installation Installation Installation Installation

administration via a via an via a via .rpm
dedicated automated dedicated
distribution script distribution on Red
Hat and
Fedora

✓ Highly available o
Moderately available

• Less available

Table 1 Comparision of captive portals

2.3.5 CHOOSING A CAPTIVE PORTAL SOLUTION

Although we did not put all these solutions into practice to compare them, the
theoretical study allows us to retain the first two solutions, namely pfsense and
ALCASAR, because they both meet our needs: free solutions, can be installed on a
server as well as on a workstation, user authentication by login and password,

19
ANANG GLAMICK CHE
 bandwidth control, ease of administration, installation and configuration, ease of use,
very detailed and available documentation, availability of updates, etc. Both solutions
fit the case under study, but ALCASAR is only installed via a Mandriva distribution.
Also, ALCASAR is installed via an automated script, whereas pfsense is installed via
a dedicated distribution, which makes the choice of pfsense imperative. In addition,
pfsense has a more user-friendly interface and a main dashboard page where all
essential information can be found and modified as required. This product also has a
higher level of assurance as the user community is very active. In conclusion, in the
rest of our study, we will use the pfsense captive portal solution.

2.4 SECURING WIRELESS NETWORK USING PFSENSE CAPTIVE

PORTAL WITH RADIUS AUTHENTICATION

This paper discusses the authentication method to avoid unauthorized users to access.
Effective ways of achieving a secure wireless network authentication are by using a Captive
Portal with Radius authentication method. Wireless network allows users easy making
connection although within local coverage of network. However, some problem about
wireless network is security. The improvement security of WLAN is by using secure
mechanism called Captive Portal. The advantages of that mechanism are users will direct to
login page when they open web browser for accessing the internet and users does not need to
install access controller software on their mobile device. Windows 7 and Windows 8 are
setup as a client while Windows Server 2012 has Active Directory (AD) and Network Policy
Service (NPS) acts as local RADIUS server. AD is responsible about user’s credential for
authentication. NPS is responsible for allowing network administrator create network policies
to authenticate and authorize connections from wireless access points and authenticating
switches.
In this project, pfsense can be function as a perimeter firewall, router, Proxy server and
DHCP server. However, pfsense prefer act as a firewall in this case. Captive Portal setting up
with RADIUS so combination both of them will be more secured.
The main disadvantage in this project is that it is difficult for large organization within over
2000 user login credential to be registered in the AD. (Aryeh, Asante,2016).

2.5 BUILDING A SECURE WIRELESS ACCESS POINT BASED ON

20
ANANG GLAMICK CHE
 CERTIFICATE AUTHENTICATION AND FIREWALL CAPTIVE
PORTAL

According to this paper, discuss about securing wireless local area network used WPA2
Enterprise based PEAP MS-CHAP and Captive Portal. Protected Extensible Authentication
Protocol (PEAP) is a member of family of Extensible Authentication Protocol (EAP)
protocols. It is use in Transport Layer Security to create encrypted channel between
authenticating PEAP client. Moreover, PEAP does not specify an authentication method but
provide additional security for other EAP authentication protocol. PEAP MS-CHAP will
utilize Active Directory Certificate Service to generate digital certificate that install on NPS.
Authentication process occurs in two phases. Firstly, use protocol EAP for opening channel
TLS. Second, authentication mechanism of username and password that connect WLAN
through SSID Internal by using protocol EAP. Proposed method in this research that have
two level security which are firewall with pfsense Captive Portal and WPA2 Enterprise. On
the other hand, this paper focus on two SSID which is SSID for guest and internal user. Next,
advantage of this paper is use strong authentication to protect data transmission.

2.6 DNS BASED CAPTIVE PORTAL WITH INTEGRATED

TRANSPARENT PROXY

This paper present about DNS-based captive portal. Name server receive Domain Name
System (DNS) request and queries login database. Then, name server responds to DNS
request with Internet Protocol (IP) address of web server as resolve IP address of specified
domain name when user device is logged in. Web server acts as transparent proxy between
user device and non-local target Uniform Resource Locator (URL). Captive portal involves a
DNS server resolving all domain names for unlogged in user devices to the IP address of a
login portal. Advantage from this paper is about good in security. This is because when the

21
ANANG GLAMICK CHE
user wants to access a website, he needs to be logged in portal first before that website
successful appear. Second advantage is making organization easy for managing users because
possible instruct users to manually navigate URL or IP address by placing instructional card
at specific place. Instead, they expect all process are automatically. Disadvantage of DNS-
based captive portal is only work if user initially attempt to browse to URL with domain
name address. Next, perform DNS poisoning for unlogged in user device. The user device
may cache IP address of login portal even after they are logged in. Solution to that problem is
configuration DNS server of captive portal to provide low time-to-live (TTL). TTL will
resolve domain name to IP address of login portal for unauthorized user device. TTL should
complete prevent user device from cache an incorrect IP address. However, no guarantee user
device will respect TTL. (Peter S. Warrick and David T. Ong, 2014)

2.7 DESIGN AND CONFIGURATION OF APP SUPPORTIVE

INDIRECT INTERNET ACCESS USING A TRANSPARENT PROXY
SERVER

A Company or an institute need to perform many tasks such as web filtering, caching
and user monitoring but only allow access Internet after authentication by using explicit
proxy. According that statement, this paper has been proposed transparent proxy and
captive portal to get application work with it. pfsense use as firewall which has both proxy
server and captive portal services integrated on single platform. User cannot be challenged
for credential by proxy server itself since transparent proxy is use. So, user have to
authenticate by using captive portal. Transparent proxy has been proposed for fulfill filtering,
caching and monitoring requirement. Advantage from this approach is proxy server will be
allowing the client computer to make indirect network connection to other network services.
Transparent proxy also does not require any configuration on client’s end and makes use of
efficient forwarding mechanism. More importantly, ideal choice for web accelerator and web

22
ANANG GLAMICK CHE
filtering gateway. Disadvantage of transparent proxy deployment, web browser is unaware
that it is communicate with a proxy. Captive portal technique is also used in this research for
preventing user from access network until authentication occur.
This way may protect confidential information. (Pranjal Sharma and T. Benith, 2014)

2.8 TWO FACTOR AUTHENTIFICATION USING SMARTPHONE TO

GENERATE ONE TIME PASSWORD

This paper proposes a system that involves generating and delivering a One Time Password to
mobile phone. The authors also explain about method of two factor authentication (2FA)
implemented using One Time Password (OTP) generate by Smartphone. Smartphone use as
token for creating OTP. OTP is valid for short period of time only and it is generated and
verified using Secured Cryptographic Algorithm. High security is the main advantage of
using OTP. Security is the major concern in all sector. So, OTP can solve a problem about
password because it is valid in one session only. However, this system also has disadvantage.
More than one two-factor authentication system require multiple tokens. From user’s point of
view, token gives drawback which include cost of purchasing, issuing and managing the
token as well. (Sagar Archarya, Apoorva Polawar and P.Y.Pawar, 201

CHAPTER THREE : METHODOLOGY A ND DESIGN

3.1 INTRODUCTION

Methodology is a systematic way that solve the research problem by applying technique,
algorithm or method. It comprises theoretical analysis of methods and principles associated
with a branch of knowledge. Methodology is also defined to as principles, rules or procedure
that use for developing a project or system. According to the project, methodology that shows
in this chapter are flowchart and framework. In order to overcome problem stated in 1.2, this
methodology builds referring to the three main objectives stated in 1.3. First, to study existing
LAN infrastructure, second to design the simulation and lastly, to implement the simulation.
This project will be focused on network monitoring.

23
ANANG GLAMICK CHE
 3.2 FLOWCHART

Flowchart is a type of diagram represent algorithm or process where it is shows various of

box has been connected with arrow. It is means visual diagram presenting flow of data
through information processing system in sequence to be performed in solving a problem.
Flowchart also shows step by step for user authentication before administrator has monitor
their network usage by limiting their bandwidth or time of access Internet. These flowchart
plays a vital role in solving a problem that relate with programming. It is quite helpful in
understanding a complicated problem that appear by solving this problem wisely. Besides,
box represent as an operation of process, circle represent as a connector or joining of two
parts of program and arrow represent as a flow line.

Figure 2: Flowchart

Figure 2 shows a flowchart for user authentication of simulation in this project. This
simulation has involved user and administrator. According to the project, two computers are
needed to use as requirement for testing. One computer represents as DHCP server while
another computer act as client’s computer or user’s computer. Moreover, pfsense is installed
in virtual box of computer that acting as DHCP Server.

24
ANANG GLAMICK CHE
 Users must be authenticated by captive portal before get access the Internet. So, users
should enter username and password for verifying and identifying by administrator . Once
users cannot pass in authentication, users cannot access the Internet although user try
hundreds of times to enter browser or access the Internet. When users enter a correct

username and password, they are easy to access the Internet.

Next, the administrator has to monitor the network usage of users. The administrator
will enter the total amount of bandwidth and time consume by users for limiting or maximize
usage of network in configuration of pfsense. pfsense will record the IP address or mac
address of each computer that access the network.

3.3 FRAMEWORK

This part will be discussed and focused on simulation of framework. Simulation is imitation
of operation that will be applied as real-world process or system over a time. This simulation
is requiring a model has develop and that model represents the key characteristics or
functions of selected system. This simulation of framework defines a process has need for
operationalization of model that show design of network system will develop in the future.
According to the project, it is explained that the design of network system which involve
device such as computer and switch for making connection between them. Furthermore, this
framework helps to understand concept of monitor network usage in Local Area Network by
administrator.

Figure 3: Framework

25
ANANG GLAMICK CHE
 Figure 3 shows a simulation model of network for user’s computer that gets Internet
access after connecting with DHCP Server. The switch in this case acts as bridge making both
computers to be connected. A computer with pfsense installed is configured as DHCP
Server for monitoring network usage of the user. DHCP Server and user’s computer are
connected by switch and forms an intranet. Actually, an intranet is a private network that
contain within an enterprise. Intranet is involved in connection through one or more gateway
computers to the outside Internet. In this case, the intranet is used for sharing data access or
Internet from DHCP Server. The user’s computer should go through the captive portal first
before the user can access network.

3.4 ALGORITHM

Figure 4 shows a proposed algorithm that applies into the captive portal. This algorithm is called
One Time Password algorithm.

Start
User can register username, phone number and email address

User will enter username which he or she entered at registration if

username is TRUE then

Administrator sent OTP code to phone or email address which is entered during registration

User enters OTP code and user can access network else is username is FALSE User can

enter username again

else

Password is wrong then user can login again

End

Figure 4: Proposed Algorithm

One Time Password algorithm is a representative technique that is applied in the

project for securing relate to authentication of users into captive portal. One Time Password is
a different technique than others where different password is generated each time a password

26
ANANG GLAMICK CHE
used. In other word, One Time Password is a randomly generated password and need sending
to users by using email or mobile phone services. As an administrator, when users want to
enter a captive portal, administrator need to send one time password code to the users after
they are making pre-register. Users will be allowed into the network after they are successful
authenticate by captive portal. Password usually for secure need consist of 8 characters with
at least one digit, one capital letter and one small letter. Advantage of One Time Password is
not vulnerable to replay attack. This means intruder who want to attack the system cannot
easily enter that system because intruder need to break the password first.

3.5 OVERVIEW OF THE PROJECT AND RESEARCH

Author/Year Project Name Technology Description Advantage Disadvanta
Aryeh, F. L., Securing Wireless Radius - Authentication - Users will Difficult fo
Asante, M. Network Using authentication method to avoid direct to login organizatio
and Danso, pfSense Captive unauthorized users page when they over 2000
A. E. Y. Portal with to access open web credential
(2016) RADIUS - Effective ways in browser for Directory
Authentication overcome problem access internet -
is use a Captive Users does not
Portal with Radius need install
authentication access controller
method
software on their
mobile device
B. Soewito Building secure WPA2 - Secure wireless Use strong Use PEAP
and Hirzi wireless access Enterprise local area network authentication to CHAP sec
(2014) point based on used WPA2 protect data vulnerable
certificate Enterprise based transmission airodump-
authentication and PEAP MS-CHAP aireplay-ng
firewall Captive and Captive Portal
Portal - Two phase of
authentication
process are use
protocol EAP and
authentication
mechanism of
username and
password

Peter S. DNS-based Captive Integrated - Captive portal - Good in security Only work i
Warrick and Portal with transparent involves a DNS - Make initially attempt
David T. Ong integrated proxy server resolve all organization easy browse to U
(2014) transparent proxy to domain names for for managing domain name ad
protect against user unlogged in user
devices to IP
device caching

27
ANANG GLAMICK CHE
 incorrect IP address address of a login
portal - Solution
of problem is
configuration
DNS server of
captive portal to
provide low time-
to-live
(TTL)

Table 2: Overview of the project and research

Author/Year Project Name Technology Description Advantage Disadvantage

Pranjal Design and Transparent - Proposed - Allow Web browser is
Sharma and configuration of Proxy transparent proxy client computer to unaware that it is
T. Benith app supportive Server and captive portal to make indirect communicate with a
(2014) indirect internet overcome problem - network proxy
access using a Transparent proxy connection to
Transparent Proxy use for fulfill other network
Server filtering, caching and services
monitoring - Does not
requirement - require any
Captive portal configuration on
technique use in this client’s end and
research for makes use of
preventing user efficient
from access network forwarding
until mechanism
authentication occur

Harsh Mittal, Monitoring Local Remote - Control and monitor - Use Vast functionalities
Manoj Jain Area Network Method network of Local wireless network regarding its
and Latha using Remote Invocation Area Network by so can get Internet performance
Banda Method Invocation using Remote Protocol address
(2013) Method Invocation - of client and keep
Allow java object pinging every
execute on one time for checking
machine to invoke latest status LAN
method of a Java - Instant of
object that execute on client’s machine
another machine image saved to
- database when
server shutdown
client’s machine

Larkins Secure network Mobile - Network - Ability to Process of system

28
ANANG GLAMICK CHE
Carvalho and monitoring system agents monitoring system achieve slow and delay at a
Nielet using mobile agents that follow confidentiality certain time
Dmello decentralized and integrity -
(2013) approach for Reduce network
overcome problem of bandwidth
existing system - To
reduce network
bandwidth by using
mobile agent

Author/Year Project Name Technology Description Advantage Disadvantage

V. Srinivas Low-cost web Embedded - Web monitoring - Dedicated to Only focus on specific
and based remote system and controlling task may specific task only
V.V.S.R.K.K. monitoring and system is capable of reduce size and cost of product -
Pavan. Bh controlling system monitoring visually Increase reliability and performance
(2015) and controlling
device at remote
areas autonomously
through web page -
Embedded system is
special-purpose
computer system
design to perform
one or few dedicated
function

Aditya Android based Android - Develop system - High throughput - Security model and
Bhosale, network monitor that user not - Scalability algorithms of GPRS
Kalyani available at the actual - Availability develop in secrecy
Thigale, site can monitor the - Reliability and never publish -
Sayali Dodke network - - Transparency System does not
and Tanmay Administrator is
support duplex
Bargal authenticate using
communication
(2014) Secure hash
algorithm and gain between client and
right to monitor server
network - Two ways
of control network
are enter a command
through mobile
device and control

29
ANANG GLAMICK CHE
 network directly
through server

Sagar Two factor One Time - System that High security Cost of purchasing,
Archarya, authentication Password involves generating issuing and
Apoorva using smartphone and delivering a managing the token
Polawar and generate one time One Time Password
P.Y.Pawar password to mobile phone -
OTP is valid for
(2013)
short period of time
only

SUMMARY

This chapter is discussing about the methodology used to complete this project. In this
chapter, the methodology shows the flowchart, framework and algorithm. These elements are
important to make this project more systematic. Because of that, methodology must be
followed during simulation development in order to complete and make the project
successful. One Time Password algorithm is a technique that is applied in this project.
Overview about captive portal and pfsense which is important to be discussed in this chapter.

30
ANANG GLAMICK CHE
 CHAPTER FOUR : IMPLEMENTATION AND RESULTS OF THE
SOLUTION

4.1 INTRODUCTION

This chapter constitutes the heart of the development process of our software
and aims at implementing each module described in the preceding chapter. We have
presented the stages of analysis and design in the preceding chapter and in this
chapter, we will present the phases of the implementation and the results. Thus, we
will be presenting the various pages or views of our application using the print screen
option with some short notes for brief explanation.

4.2 IMPLEMENTATION

In this section we will describe the main snapshots of our developed system. Our
system is made up of two actors, the captive portal administrator and users, so we
are going to describe the snapshots of each of these actors.

31
ANANG GLAMICK CHE
4.2.1 INSTALLATION AND CONFIGURATION

Pfsense is a dedicated distribution that can be installed on a single workstation, a

server or even on an embedded box. What is attractive about pfsense is its ease of
installation and configuration of network administration tools. Indeed, after an
installation in console mode, it can be easily administered from a web interface and
natively manages VLANs (802.1q). The pfsense distribution provides network
administrators with a multitude of open-source tools and services to optimise their
tasks. One of these services is the Captive Portal, which is the subject of this project.

Figure 5: pfsense architecture

32
ANANG GLAMICK CHE
4.2.2 INSTALLATION OF PFSENSE

For a practical implementation, we have described step by step the different steps of the
installation. Indeed, the software can be used in two ways: install directly on the hard disk or
use the software via a live CD without installing it.
The last option is very fast and efficient, the loading is done automatically as well as the
configuration. But it has some disadvantages such as long loading time, unreliability and the
impossibility to add packages or software because you cannot touch the structure of the CD.
Since we do not have a CD for the network implementation, we will install it via the live CD.
First, let's check that the computer has the required characteristics and then create a new
machine in the virtual machine after installing Virtual box. Name of the virtual machine
pfsense, type BSD with the operating system FreeBSD. The RAM is 1024Mb; then we go to
configuration to activate the two network cards: the first card is access by bridge and the
second network card is host private. Once we access the boot, let's insert the disk; this then
takes us to the FreeBSD boot screen.

33
ANANG GLAMICK CHE
 Figure 6: FreeBSD boot screen

You must now confirm the installation on the hard disk by clicking on accept.

Figure 7: Launching the installation of pfsense

Once the installation is launched, we have different installation procedures and here we
opt for the quick installation and confirm

34
ANANG GLAMICK CHE
 Figure 8: Confirmation of the installation

Once the partitions have been created and set up, it is necessary to restart the computer for the
changes to take effect.

Figure 9: End of installation

After restarting, we have the menu of figure 4.6 which will allow us to configure
pfsense.

35
ANANG GLAMICK CHE
Figure 10: Configuration menu

First of all, it is advisable to change the LAN IP address of pfsense for simplicity later
on; its default LAN IP address is 192.168.1.1. It will then be modified to be in our local
network. To do this, in the configuration menu we will type 2 "set LAN IP address" and
change the IP address of pfsense.
Now that the installation is complete, we can start configuring either in console mode
or from the web interface. Here we have chosen the web interface as it is more
convenient.

4.2.3CONFIGURATION OF PFSENSE

For configuration via the web interface, you need to connect a PC to the
pfsense LAN interface. Start by opening a web browser and enter the LAN IP address
of the machine (pfsense) in the address bar. In our case, we will do http://192.168.1.2
to access the login interface where we are asked to enter a username and password.
Then enter the default username(admin) and password(pfsense) to log in as
administrator.

36
ANANG GLAMICK CHE
 Figure 11: Portal connection of pfsense

4.2.3.1 GENERAL PARAMETERS

The general menu of pfsense gives global information about the software (version, release
date, kernel version, number of connected interfaces).
For the general setup, go to the system tab, then general setup to see the general configuration
of pfsense. Enter here the name of the machine, the domain and the IP address of the DNS
server; you must uncheck the option below (allow DNS server list to be overridden by
DHCP/PPP on WAN). Indeed, this option causes conflicts since the DNS of the clients is no
longer pfsense but a DNS of the WAN inaccessible by the LAN.
Then change the name and password to connect to pfsense.

37
ANANG GLAMICK CHE
 Figure 12: pfsense general menu

Then go to the service tab and then the DNS forwarder section, to check the enable DNS
forwarder option. This option will allow pfsense to forward and transmit DNS requests for
clients.

4.2.3.2 CONFIGURATION OF INTERFACES

A- WAN Interface

In the interfaces tab, select WAN and then enable it by checking Enable interface;
then select the static or DHCP addressing type for dynamic. Here, we have assigned a static
address. Then, specify its MAC address in the indicated format, its public IP address and its
gateway in the boxes provided for this purpose. Then leave the other parameters by default.

38
ANANG GLAMICK CHE
 Figure 13: Configuration of the WAN interface

B- LAN Interface

It is now necessary to activate the LAN interface in the same way as we did
with the WAN, but this interface must necessarily be static for the type of addressing
because, being the one on which the DHCP server will be activated, its address must
be fixed. Then assign its MAC address in the format indicated, its IP address being
already defined above, its gateway is left by default, i.e., its own IP address, as this is
the gateway for clients.

39
ANANG GLAMICK CHE
 Figure 14: Configuration of the LAN interface

4.2.3.3 CONFIGURATION OF THE DHCP SERVER

All that remains is to configure the DHCP server for the LAN, in order to
simplify the connection of the clients. To do this, go to the service tab, then to the
DHCP server section; check the Enable DHCP server on LAN interface box. Then
enter the IP address range that will be assigned to the clients; before activating the
pfsense DHCP service, make sure that no other DHCP server is activated on the
network to avoid address conflicts.Then enter the IP address of the DNS server and
the domain name that will be assigned to the clients. Then enter the gateway address
for the clients; this will be the address of the captive portal. Then the other parameters
can be left as default.

40
ANANG GLAMICK CHE
 Figure 15: Configuration of the DHCP server

4.2.3.4DEFINITION OF FIREWALL RULES

Pfsense being also a Firewall, it is necessary to define some elementary rules

on the interfaces to allow them to communicate between them and with the outside.
To do this, go to the Firewall tab, then to the Rules section, then select an interface
on which you want to define rules.On the LAN interface, you must leave the default
rules as they authorize all IP packets from the LAN source to any destination. For the
WAN, it is necessary to modify because all is blocked by default; which prevents the
two interfaces from communicating, then click on the symbol "e" to edit a rule which
will allow the passage of packets from the WAN to the LAN. To do this, in Action,
choose the PASS option; in Protocol, choose Any; in Interface, select WAN; in
Source, select WAN subnet and then in Destination choose LAN.In some cases, it
may be necessary to define floating rules, i.e., rules that are independent of interfaces.

41
ANANG GLAMICK CHE
 To do this, in the Rules tab, then in the Floating sub-tab, click on the "e" symbol to
edit this rule.

Figure 16: Rules on the WAN interface

Thus, pfsense is correctly configured but for the moment, it only serves as a firewall
and router. It remains to activate the listening of requests on the LAN interface and to force
the users to authenticate themselves to cross the firewall.
4.2.4 CREATION OF THE CAPTIVE PORTAL

To enable the captive portal on the pfsense LAN interface, go to the Service tab and
then to the Captive portal section; then check the Enable captive portal box, and choose the
interface on which the captive portal will listen. Here, we have chosen LAN since we want
the users of our local network to go through the captive portal to go on the internet.In the
following options, we must first define the number of clients requesting the authentication
page at a time, then the time after which the client will be automatically disconnected if it is
inactive and the time after which it will be disconnected regardless of its state and then be
asked for the authentication parameters again. Thus, Maximum concurrent connections
define the number of clients requesting the captive page at a time; Idle timeout defines the
time after which it will be disconnected regardless of its state.We have chosen to set 2 for the
number of simultaneous connections and 20 minutes for inactivity. It is then possible to

42
ANANG GLAMICK CHE
redirect an authenticated client to a specified URL.Otherwise, it is redirected to the page
initially requested. We have chosen to redirect the client to the following URL:
"http://www.google.com".

Figure 17: Activation of the captive portal

Once this configuration has been saved, the captive portal should be functional. The
home page of the captive portal can also be modified to suit the company's needs, as well as
the redirection page in the event of authentication failure, by importing HTML or PHP code
into the fields provided for this purpose. All this in order to make the captive page more
userfriendly. To this end, we will go to the service tab then captive portal to activate enable
to use a custom uploaded logo as shown in the figure below.

43
ANANG GLAMICK CHE
 This will allow us to choose an image as the logo for the captive page. Then at the
bottom we also enable to use a custom uploaded background image which allows us to
choose an image as the background of the captive portal. Then we click on Save to save the
configuration. So now we have to create our users and group.

This page shows the different users that have been created in pfsense. To do this, go to
the system tab and then to user manager. Then, create user groups for each user; go to
system again then user manager and then enter group.

44
ANANG GLAMICK CHE
 We can see the different users who can connect to our captive portal by going to the
status tab and then to captive portal; we obtain the following page:

4.3 RESULTS

Finally, you can open a new browser window and type in the address of the captive portal
(192.168.1.2). Hence the captive portal page

45
ANANG GLAMICK CHE
Figure 18: Captive portal page

CHAPTER FIVE: CONCLUSION AND RECOMMANDATION

46
ANANG GLAMICK CHE
5.1 SUMMARY OF FINDINGS

To authenticate network users in order to share the Internet connection securely, we

turned to a captive portal solution. After a presentation of the host organization, the approach
followed for this study was to first analyze its IT system to identify its strengths and
weaknesses. Then a comparative study of captive portals allowed the choice of a solution to
be implemented. The pfsense solution was chosen. This free application was then technically
studied and its captive function was effectively implemented. We believe that the goal of this
project has been reached because it allowed us to know first the existence of free solutions for
captive portals, then to carry out a comparative study and finally to make the concrete
implementation of the pfsense free solution. Moreover, the pfsense tool as designed, offers
other network services that can be leveraged as needed. Setting up a captive portal is one
thing, but it must be secure. As security issues become increasingly important in networks,
and particularly on the Internet, it is important to be aware of the strengths and limitations of
the captive portal, and of other existing solutions to ensure the best practicability/security
ratio. The captive portal is particularly well suited to network accesses for many people,
usually passing through: it guarantees ease of use by the customer, who will not need any
support from the technical team responsible for the portal.

5.2 RECOMMENDATIONS

We cannot afford to end our work without making one or two recommendations concerning
this project. As the Methodology used in this project is the prototyping, the researcher
recommends that this simulation will be better if all requirement for this project can be fulfilled.
So, this project of simulation can widely be used by everyone especially administrator to monitor
network performance in easy way.

47
ANANG GLAMICK CHE
5.3 CONCLUSION

The primary goal of our research was to design and implement a captive portal system with
pfsense. This project proposal will help any organization or company administrator to easily
monitor network performance. Regarding to the project, it will make reducing the cost or budget
in any organization. This project can minimize network usage by limiting bandwidth and time. A
lot of discussion has been made that describe about network monitoring in pfsense and also study
of literature review in research paper based on the previous related works. Last but not least, this
project hope can help many people especially administrator and users. According to the
statement, this project will be beneficial and useful to all organization and clients. On the other
hand, these limitations can monitor network usage through Captive Portal so users do not access

network without any purpose in the future.

REFERENCES

Aditya Bhosale, Kalyani Thigale, Sayali Dodke and Tanmay Bargal. 2014.
Android Based network monitor. International Journal of Computer Science
and Information Technology & Security, Vol. 4, No.2, pp. 2249-9555.
Aryeh, F. L., Asante, M. and Danso, A. E. Y. 2016. Securing Wireless
Network using pfSense Captive Portal with RADIUS Authentication. Ghana
Journal of Technology, Vol. 1, pp. 40-45
B. Soewito and Hirzi. 2014. Building secure wireless access point based on certificate
authentication and firewall Captive Portal. EPJ Web of Conferences
68. doi:10.1051/epjconf/20146800029
Behrouz A. Forouzan. 2012. Data Communication and Networking Fifth
Edition. pp. 7-17.

48
ANANG GLAMICK CHE
Eduardo Ciliendo and Takechika Kunimasa. 2007. Linux Performance and
Tuning Guidelines First Edition. pp. 15.
Hussain A. Alhassan and Dr. Christian Bach. 2014. Operating System and Decision
Making. ASEE 2014 Zone I Conference, pp. 80-85.
Jorge L. Olenewa. 2012. Guide to Wireless Communication Third Edition. pp.
18-56.
Larkins Carvalho and Nielet Dmello. 2013. Secure network monitoring system
using mobile agents. International Journal of Modern Engineering Research, Vol.
3, Issue. 3, pp. 1850-1853.
Salim Istyaq. 2016. A New Technique for User Authentication Using Numeric
One Time Password Scheme. International Journal of Advanced Trends in Computer Science and
Engineering, Vol. 4, Issue 5, pp. 163-165.
Saranya S. Devan. 2013. Windows 8 V/S Linux Ubuntu 12.10 – Comparison Of
The Network Performance. International Journal of Research in

49
ANANG GLAMICK CHE