The idea behind Coova is simple: to provide you with the open (and free) tools and services you need to manage and access your WiFi network, just the way you want to. Our philosophy is that you shouldn’t be required to use any specific hardware (like FON or Meraki) or software (like Whisher). From the ground up, Coova is about being open and standards based - compatible with the widest possible range of hardware, protocols, and services. It’s about bringing “Carrier” grade features and services to the open-source/services world. It’s also about making dumb routers a bit smarter - recycling is good, right?

With Coova, you can pick and choose the software and services you need - depending on the kind of network you are building and how you want to access it. Here are some typical uses of Coova technologies:

• Use CoovaAP for easy configuration of CoovaChilli (or WiFiDog):
  • with or without using CoovaAAA services,
  • using RADIUS or locally defined users,
  • using the customizable “Internal” captive portal, or
  • configured to use your own portal or RADIUS service.
• Use CoovaChilli either in CoovaAP or in your own firmware or server to:
  • enforce a captive portal and authentication using CoovaAAA or any other portal/RADIUS service,
  • works with a variety of commercial services (ask your provider),
  • integrate with 802.1X authentication to provide accounting and access limitations.
• Use CoovaAAA to manage the access to your network:
  • with a CoovaChilli/AP captive portal,
  • using a patched WiFiDog captive portal,
  • using your own captive portal (no advanced programming needed),
  • using our Facebook or standard captive portal applications,
  • using a commercial access controller (like Colubris), or
  • using any router supporting WPA Enterprise/802.1X (like the AirPort Extreme).
• Use and share your CoovaAAA controlled network:
  • using one account to login to both your captive portal and your secure WPA Enterprise networks (using any device supporting 802.1X, like your laptop or Nokia phone),
  • using your account at any CoovaAAA location that is being shared with you,
  • selectively share your network with only those you choose - individuals or entire realms, or
  • share your network based on OpenID logins or Facebook fans/friends.
• Use CoovaFX and CoovaSX in Firefox or your phone, respectively, to login past a captive portal using the WISPr standard and a pre-configured account - WISPr is supported by CoovaAAA and most commercial access controllers and service providers.

• Use JRadius to program your own RADIUS provisioning logic for your network.

If you are building a WiFi network and haven’t found anything on this site that can help you, you probably haven’t looked hard enough. Though, it has been said, and we do acknowledge, that more documentation is needed. For this, we call out to the development and user community to help out in the Wiki (click on the “* wiki” to create an account and login), forums, and mailing lists. Note: In the Wiki, we do lock pages to prevent SPAM - either create a new page or ask for more permissions on one of the mailing lists.

We are also hoping to hear more about how and where you are using Coova! In fact, a friend of mine was recently vacationing in the Dominican Republic and was pleasantly surprised to find a Coova signal at the Hotel. They were using CoovaAP for their WiFi. Stories like this are terrific — lets get them in the forum!

For fun, here is a break-down of the devices (WiFi or Ethernet NIC) seen by CoovaAAA grouped by manufacturer based on IEEE OUI assignments. Some companies are listed multiple times because they have been allocated multiple blocks of MAC addresses - sometimes under slightly different names in the OUI database.

Many people think that WiFi will be everywhere sometime soon. I agree, but wonder in what form, or rather, how many forms. Muni wireless projects are happening all over the place, as they should. There are substantial benefits for public infrastructure - providing private networks for city departments and emergency services. But, what about public access? Given that politics is involved, I somehow don’t think ‘anonymous’ open access to WiFi will last long, not on that scale. Just one high-profile law suit of a minor or transient downloading illegal porn or committing other crimes over the Internet and there’s the end of that. And what about CALEA? Can a wire-tap be targeted and guaranteed without being certain of IP or even MAC address? Then there is also the constant threat of the so-called Evil Twin and the harvesting of MAC addresses, usernames and passwords.

The need for 802.1X

Wireless security. It just sounds right. And it is right. Particularly in certain circumstances. It’s when you’re talking massive coverage through a city-wide mesh or in the homes of residents. Many people already use some kind of wireless security in their homes, usually WEP (not good) or WPA Personal (better). Others intentionally leave their access points open as a way of sharing or just don’t know any better. Regardless, I believe people want security and the ability to share with friends and community. This is possible by passing around WEP or WPA-PSK keys, made easy with the help of software. But, perhaps not well suited for the muni or large scale community.

For ubiquitous WiFi access networks, the solution lies in WPA-Enterprise and 802.1X. Wireless security using standard technologies; takes advantage of inter-community roaming and provisioning features found in access controllers using RADIUS; and very likely to be compatible with WiMAX networks down the road.

What makes 802.1X so great? The answer can get technical, but boils down to 1) robust wireless security, 2) centralized access provisioning and configuration, and 3) being able to ‘authenticate’ the network before revealing any username or password (similar to how SSL works on secure websites). Then, why don’t people use 802.1X more? First of all, people do! At work, on campus, even at commercial and public hotspots. Perhaps main-stream adoption is slow because Windows doesn’t make it overly easy to configure - certainly not as easy as on a Mac. But, that might soon change as cross-platform “smart clients” become more widely available and easy to use.

The need for captive portal

Ok, wireless security is great, but there is a purpose to having a captive portal - almost always with an “open” access point (no wireless security), though not necessarily. The portal is important to communities and venues like cafes, hotels, airports, and so on, not only to sell access, but to give useful location specific content. In many of these cases, the threats of the open access point are mitigated by the fact they are in public places - people doing something they shouldn’t be tend to be suspicious in other ways and draw attention (as the theory goes). Additionally, some commercial WiFi products can help venue owners detect and deal with rogue access points and other security threats. Captive portals applications can be made relatively safe for casual use. And, do visitors of such places really expect their traffic to be secure? I would guess the expectation of security is less than when connecting at home, work, school, or the city mesh - places where people feel comfortable and networks they use every day.

That’s not to say having a captive portal, or “walled garden,” isn’t beneficial even when using 802.1X. It can provide instructions on how to access the Internet using an existing account (of this or a roaming network, or voucher code) and how to obtain one if new to the network. Also to give general information about the community, the project, maps of the area, and where to find help.

Community awareness

Large scale WiFi networks should, of course, service their communities in a responsible way. I believe doing so is part technical: wireless security, part social: not promoting “all WiFi is good”, part legal: not a safe haven to do all the things you don’t want to do from home, and part business: don’t ruin the commercial and community WISP.

What is still needed is the ability to seamlessly access your home and community WiFi without having to compromise individual security. At the same time, being able to selectively share and use the access of others. Using your own credentials for 802.1X, in friends’ homes or in the city mesh, or captive portal in the community centers, cafes, hotels,… places you “trust.” As previously noted, we still need client software to balance security with ease-of-use, and that is coming. But, we also need for communities to be built and a public roaming network to be established. One step at a time.

Well, there’s one opinion. What’s your’s? Leave comments or join us in the forum… we are particularly interested in hearing from those responsible for networks with an interest in community roaming.

“Wow! That’s amazing”

said François Proulx of the WifiDog project talking about CoovaAP firmware, and later replied, “I am truly pleased to see that someone took the time to create a nice, easy to use package. OpenWRT is now within reach of almost anyone. And I love the fact that Coova integrates a configuration interface for Wifidog.”

“This looks really nice.”, said Tomas Krag, who is interested in this type of functionality to help make it easier for small ISP’s in the developing world to provide simple wi-fi services without requiring too many technical skills.

Thanks! That is part of our mission… to make it a whole lot easier to deploy and use Wi-Fi. I hope you let us know where we can improve to make your deployments easier! Also thanks to those who have shared with me their experiences using and developing with open-source Wi-Fi solutions. Visit us in the forums and share more of your ideas and suggestions…