In this series I will show you how I have set up a system that authenticate users on a public guest WLAN with SMS codes. It is not limited to WLAN, it can be set up with any network controlled by the Sophos UTM with Web Protection.
I will do my best to make the series not as technical that only geeks understand it. I also promise to give the geeks enough info so they can manage to set up a similar system.
Most companies today want to offer a public Wi-Fi for their guests, but they might want to have some sort of control of who their users are.
The Sophos UTM with Wireless Protection already have functions for vouchers which is a great thing to give out to your guests, but it does require some manual handling and administration. So what I wanted was to make a solution for guests to automatically gain access with an SMS code. This will not guarantee that these users really are your guests, but as the phone numbers are registered at least you can have an overview of who they are and you could lock out unwanted users by their phone number. If you like to go even further this could be an idea for companies like hotels, restaurants, shopping centers or tourist attractions to do some direct marketing.
In many countries there also have actually been talk about forbidding anonymous access to public networks or making owners of public networks liable of users traffic. Some articles regarding this: England [ZDNet], Norway [Computerworld.no in Norwegian], India [The Economic Times]. As far as I know there are no countries that have enforced this yet, but it is a consideration to take when offering open wi-fi.
The equipment I use is a Sophos UTM with Web Protection license and a server (HW/VM) running Linux/BSD with Apache, mySQL, php and FreeRADIUS. I will split up the series in the following parts: