Opengate Home Page

Opengate - A Network User Authentication System for Public and Mobile Terminals
Outline | What's New | Download | Development and Management | Background | Purpose | Usage | Function and Requirements | Flow | Features | Publications | Another System | Contacts | Recent Q&A | Q&A | References | Chart of WorkFlow | Document of WorkFlow | Install Memo | Error Check List | Example of User Help | Merits and Specifications | Administration Memo

Caution: Project main page is moved to http://opengate.osdn.jp. This page may not follow the main page.


Redirect Page Auth Request
Accept Page Usage Start Page
(Popped Up)

What's New


Following link has download files. The code "****" in "opengate****.tar.gz" indicates the version. Please download the newest one.

Download Files

We link the construction procedure and the system image using VirtualBox below.
Please use it for inspection and the system construction.

Trial of Opengate/OpengateM on VirtualBox

Development and Management

The Main Project Page is http://en.osdn.jp/projects/opengate/. It includes Git repository.


To support educational and research activities, a lot of "public terminals", "network sockets" and "wireless LANs" were implemented throughout the campus. Considering the many incidents such as computer cracking or copyright infringement that were occurring on the network, authentication and usage log methods before network access is granted, quickly became a necessity. Seeing it can prove quite difficult to maintain such systems in terminals for public use, network sockets, and wireless LANs, Opengate was developed to address these issues.


Authenticate users and record usage logs in a public network environment..


When a user tries to access any given site, the authentication request page is returned. The user enters user a ID and password. Network access is granted to the client terminal when the accept pages are displayed. Network access is denied when closing the browser.

usage flow

Function and Requirements

The Opengate system functions as a gateway between terminals and the network. The system filters packets passing through the Opengate gateway.
hardware structure

Only a Web browser is required for the terminal. For the gateway, a Web server and firewall software are required. At present, Opengate is being developed on a FreeBSD system, using ipfw as the firewall software. Opengate can communicate with many authentication methods, such as FTP, POP3, POP3S, FTPS, RADIUS, LDAP, PAM, Shibboleth, HttpBasic. Opengate is loaded as CGI, sends an Ajax script to the terminal, and watches the existence of the terminal. 

software structure


  1. By default, the gateway firewall is closed.

  2. A user tries to access some web site through the gateway.
  3. The gateway steals the packet and sends back the authentication page.
  4. The server process - loaded as CGI - accepts the user information. The process authenticates the user and opens the firewall for the requesting terminal.
  5. The process sends an Ajax script to the terminal and sets up a TCP connection to watch the existence of the terminal (~ Comet).
  6. If above watching fails, the process closes the firewall after a set time, a MAC address change or if no packets are exchanged in a set time frame.
  7. Periodically, the process performs message exchanges with the terminal.
  8. The process closes the firewall when the TCP connection is closed.
  9. Server process records usage log when opening and closing the firewall.


  1. Simple User Interface: Opengate uses the clients web browser for GUI interaction.

  2. Broad Applicability: Opengate works independent of client OS's such as Windows, Windows Ce, Mac OS, Linux, etc. Opengate is compatible with various connection technologies such as wireless LANs, network outlets, and open service terminals.

  3. Real Time: Because Opengate employs an Ajax script for checking terminal status, user disconnection can be detected in real time without extra software.

  4. Low Maintenance Costs: Opengate authenticates users by using your existing FTP, POP,RADIUS,LDAP servers. Opengate requires no setup procedure for the client terminals.


Another System : OpengateM

OpengateM is a MAC address based network user authentication system. Refer OpengateM Homepage OpengateM Homepage

If you have any questions or advice regarding this page, please send a message to the following address:
Yoshiaki Watanabe : watanaby(at)users.osdn.me
Makoto Otani : otani(at)cc.saga-u.ac.jp