In an effort to reign in my kids Internet usage, I had been looking at a few ways to manage this. I settled on using a captive portal. After diving into that tech I found many of the solutions to cobbled together using various FOSS software. I don't mind this so much, but many of then relied on RADIUS. If you have never used RADIUS, it's an extremely complicated method of Authenticating, Authorizing, and Accounting (AAA). It's hard to do right and on top of that it uses pretty week encryption standards. This is not something I wanted to invest my time in managing my SOHO.
After coming to terms with my time constraints, I started looking into All-in-one solutions. I found two FOSS solutions that brought allot of extras to the table. They gave me the ability to move from a simple WiFi router to something much more expansive. This gives me more bang for my time.
The first one I tried was ZeroShell. I had a lot of good things to say about this solution. It comes with a wide array of features and accompanying documentation. It's downfall and the biggest reason I stop using it was the antiquated interface. I found several inconsistencies when using it which led to some configuration mistakes. Also since my wife would be supervising the majority the kids internet access time. She found it very frustrating to add credits to the kids. On top of that, each kid had to have a login including their friends who came over.
After my experience with ZeroShell I really wanted a "easy button" for this stuff. I also realized that I needed some better hardware to run this stuff on. I had been using an old desktop and it worked fine except for the space and power it consumed. A basic requirement of these solutions are dual NIC's. I didn't really want a RaspberryPi since I understand its limitations on network speed via its USB interconnects. I found this brilliant piece of hardware that's meant to be used as firewall. So next up I tried pfSense.
So far I've been very happy with pfSense. It has a wonderful interface and huge community behind it. They have done a great job on simplifying complex tasks in regards to networking. On the Captive Portal front pfSense provides the typical username and password as-well as a one time use voucher program. This voucher aspect of it was a game changer for me. This fixed the aforementioned auth problem. Also once the vouchers are generated you never have to login and assign time limits anymore. The one problem I found was when talking with my wife was the implementation. She didn't want to keep up with pre-printed cards with the voucher code on them. I didn't want to print off 4000 vouchers either on full size printer paper and cut them up (back to time constraints). After some research, the solution I came up with was to print off the vouchers as needed using a thermal printer (receipt printer) using our Android phones. That printer uses Bluetooth for its communication which is even better. The next problem was how to print off the vouchers using our smartphones.
After looking/playing around with existing receipt printing apps, I came across this app which has a nifty feature of taking json input which contains the content and formatting via a website and prints it off. With this new found knowledge I wrote a simple web app called pfSense-voucher-printer that keeps track of used vouchers and prints them off. Now I have my easy button!
In the end, I have a more secure SOHO network, with an easy to use and manage Captive Portal.