This system restricts the network users and records usage log of the users. It is applicable to the campus wide network and is compatible to almost all network terminals. We have been developing a Web-based authentication system 'Opengate'(http://sourceforge.net/projects/opengateproject). But recently, network terminals are evolving and increasing. Some terminals require always network connection. Some do not support smooth keyboard typing. Thus, we start to develop the system more applicable to the environments. This system checks the packet at the gateway, and opens the firewall when the source MAC address is found in the database, where allowable MAC addresses and the owners are registered. It is suited for campus network environment where various users bring in various terminals. It is not suited for the network environment needing high security. If external conditions are prepared, it is recommend to replace the system with a more secure system.
- It can be used together with Opengate on the same gateway as an Opengate supplement system. Also, it can be used without Opengate.
- Only a network connection function is required for the terminal. It is compatible to various devices with WiFi, such as smart phones, tablets, note PCs, audio/video players and more.
- Enormous users can be registered, though the users using the network at a moment is limited by the processing capacity of the gateway and firewall.
- In our load test, it processes concurrent access from more than several thousand terminals on 1Gbps network. When the huge number of packet arrive, the capture of some packets is failed. Therefore, checking of a new terminal is postponed to the next packet from the terminal. But, terminals already checked can be used without influence. The daemon does not collapse by overload.
- The user ID and password are required only at the registration and updating of the database. No authentication interrupts at using the network. Minimum guidance is required for usage.
- The user management is integrated into the database. No registration is needed to each access point or firewall.
- It prepares easy methods for MAC address registration. In most methods, the address is acquired automatically. The address can be linked to the user ID acquired from several authentication systems.
- It is possible to register correct data without large management cost, by using the captive portal type authentication and automatic MAC address acquisition on the terminals having Web.
- It uses popular hardware and open-source software.
- Permission or suppression of specific ports or sites can be controlled by devising the firewall rules.
- It can save the usage log including user ID.
- It has automatic usage expiration. A warning email arrives before the limit date. The user oneself checks the usage log and extends the limit. Thus it is easy to notice the illegal use.
- It have a function to detect NAT / router insertion, as the checking of terminal's MAC address is not available via NAT/router.
- It can be modified and distributed under GPL(GNU General Public License).
Be the first to post a review of OpengateM!