On Astaro Gateway Feature Requests Gert asked for feedback on the captive portal...
I've only had a quick play, but it's got some really useful potential in my organisation. Here are my observations:
1) I'm using Ubuntu 8.10 and Firefox 3.0.10 on my client - when I authenticate, I get no feedback on my main browser window - it's just blank (I still get the pop-up window with the countdown timer).
2) It would be great if once you've authenticated the client gets redirected to the page they originally requested, or there was some configuration option to redirect to a chosen URL.
3) The authentication tracking appears to be by source IP address - if you connect a NAT router then any client on the remote side can get web access once another client has authenticated.
4) It would be really good if you can integrate packet filtering with the proxy, so a client is totally blocked from going outside until they have authenticated. Once they have authenticated, they can then be allowed out according to packet filters (eg to create a VPN back to their home network, to get POP mail etc). For me, even if this means the entire device must operate in a special portal mode, this is acceptable.
5) For organisations that want to provide access via role-based accounts (like "student", "tutor" etc), how about creating a special kind of user where the ASG can change the password randomly or from a list at a specific time/day of the week, and automatically email the new password somewhere like your reception or helpdesk?
6) I really like the way you have decided to configure the proxy as a portal by operating mode - so you can use proxy profiles to override content checking, authentication eg by source address range etc.
Regards,
Stuart
