User Tools

Site Tools


Setup for Auth/Gateway

An Auth/gateway architecture is a construction that allows multiple HSMX devices to split functionality per machine and act as one-entity. One parent node handles Authentication while one or more children (called Gateways) execute the necessary packet-processing. When a subscriber connects to a subscriber network attached to a Gateway all unauthenticated traffic will be forwarded towards the Auth machine. Once the subscriber authenticates on the Auth machine, the Gateway is notified of the change and authenticated traffic egresses over the childs default gateway.


You can choose yourself which gateway you want to appoint as Auth gateway.

Configuring the external gateway

In order for the Auth gateway to connect to the network from the external gateway, the configuration for the interfaces on the gateway need to be set.

  • On the external gateway go to Network – Network configuration
  • Configure the subscriber network

Configuring the Auth gateway

The rest of the configuration is done on the Auth gateway. Connections to the external gateways are configured here, you will also be able to indicate which subscriber networks need to forwarded to the Auth HSMX.

Auth gateway settings

First we need to let the chosen gateway know that it will become the Auth gateway.

  • On the Auth HSMX go to System – Settings
  • Under system mode, choose Authentication
  • Save your settings.

Now the gateway knows it has to handle all authentication for connected gateways.

Other modes to set the gateway in are:

  • Gateway – This is the standard setting and is set by default. The HSMX will behave as a normal gateway.
  • Mixed – This type of gateway will behave as an Auth, but it will also be possible to handle the traffic itself.

Attach a gateway

The Auth needs to know which gateways to control so we have to link them. When you set a gateway to mode ‘Authentication’, an extra tab - ‘Client gateway’ - will become visible under Periphery.

  • Go to Periphery – Client gateway
  • Add a new external gateway
  • Fill in the IP of the external gateway.
  • Fill in the username and password for login on that gateway.
  • When you save this it will fill out the name, and the connection should be accepted.

Now we have added the gateway we need to let the Auth HSMX know which subscriber network to control.

  • Next to the data you just entered there are three icons displayed.
  • Click on the first one so the networks of this gateway will be displayed.
  • Enable the subscriber network
  • Save

Parent / child – Virtual guest network

The Auth device is now set as parent of your other gateway. The subscriber network of your child gateway will now contain the IP of the parent device as virtual guest network. This means that an IP is set to which the child gateway will forward the user for authentication.

  • On the child gateway go to Network – Network configuration
  • There you see next to your subscriber network a gear icon you can click on.
  • When you click this a control panel will show up.
  • Here you can see that Virtual guest network is now enabled and the parent IP is filled in.

Using Auth gateway

Now that you have set up the connection you can start configuring the portal and such. The idea is that you now configure your portals on the Auth gateway. When a user connects to the subscriber network of the portal he will land on the portal page configured on the Auth gateway.

User accounts are created and managed on the Auth HSMX. Accounts created on the Gateway cannot be used. The advantage of keeping accounts on the shared HSMX is that this way subscribers can use their account on every location where a HSMX connected with the Auth-gateway.


After I have added a gateway the connection is not accepted

  • Restart your firewall.

I can connect to the subscriber network but I do not have access to internet & do not get a portal page

  • Check the IP of the Subscriber network on the gateway, this should be:

I can connect and the portal page appears but after that I cannot visit any site

  • Refresh your DNS for both machines under Network - DNS
  • Release the subscriber connections & reconnect

When connecting to the network I still see the portal of the gateway itself, instead of that from the Auth

  • Make sure the subscriber network of the external gateway is checked on the Auth under Periphery – client gateway – your gateway IP – Joined subscriber networks (icon)
recipe/setup-gateway-auth.txt · Last modified: 2021/06/03 14:40 (external edit)