ARPMiner is a multi-purpose access control software runs under Windows
(Vista, Windows 7/8/10, 2008-2016 Server).
ARPMiner consists of a GUI and a service application called TekSpot. PPPoE, HTTP, DHCP server and a proxy DNS server. RADIUS Accounting and PPP encrytpion are supported in only SP edition. ARPMiner supports three modes of operation for access control; Network Address Translation (NAT), bridge mode and PPPoE server mode.
Network Address Translation, NAT (Routed) Operation Mode
Sample NAT (Routed) Configuration
ARPMiner will translate source IP address and port number (Port translation is performed when it’s needed, ARPMiner performs symmetric NAT by default) while forwarding a packet from Private Network to the Internet. ARPMiner will stop Windows Internet Connection Sharing (ICS) at startup if it is enabled. Please also make sure that IP routing is disabled on ARPMiner installed machine.
ARPMiner uses an Auxiliary IP address (192.168.88.2/24 in the example above) for IP address translation on the Public Network side. Windows machine would reject return packets from the Internet if the translation was performed using public interface IP address (192.168.88.3/24 in the example above).
Auxiliary IP address is chosen automatically but you can also set it manually. You must set it to an IP address which is not used in the public network when you set it manually for proper operation.
Built-in DHCP server deployment is optional. Built-in DHCP server will assign an IP address from its IP pool to the client on the private network (Either wireless or wired). Assigned IP subnet mask will be the same with the Private Interface of the ARPMiner installed machine. DNS server and gateway IP address will be assigned as the Private Network IP address of the ARPMiner running machine.
You must set gateway IP address as the Private Network IP address of the ARPMiner running machine and set a DHCP IP pool range with same subnet of the IP address as the Private Network IP address when you choose to use an external DHCP server on the private network.
ARPMiner allows you set private interface IP address and subnet mask directly from the management interface. IP address and subnet mask of interface will be changed at operating system level when you save the settings changes in ARPMiner.
Bridge Operation Mode
Bridge Mode Configuration
ARPMiner acts as a bridge in bridge operation mode. ARPMiner transparently performs packet forwarding between public and private networks and maintains its own MAC address table for the private network.
ARPMiner Settings / NAT tab
This operation mode enables you to perform access control for the private network without any topology change in your network. NAT should be performed by the Internet router if it’s needed. You do not need to assign an IP address to the private network interface of ARPMiner installed machine and ARPMiner will reset private interface IP address to an IP address in 169.254.0.0/16 subnet automatically when this operation mode is set.
Built-in DHCP server deployment is also optional in this operation mode. Built-in DHCP server will assign an IP address from its IP pool to the client on the private network (Either wireless or wired). Assigned IP subnet mask will be the same with the Public Interface of the ARPMiner installed machine. DNS server as the Public Network IP address of the ARPMiner running machine and Gateway as the default gateway of the ARPMiner running machine will be assigned to the DHCP clients.
PPPoE Server Operation Mode
ARPMiner does not perform Network or MAC address translation in PPPoE Server Operation Mode. TekRADIUS authenticates user sessions using PAP, CHAP, MS-CHAP-v1 or MS-CHAP-v2 authentication methods based on client preference. MS-CHAP-v1 or MS-CHAP-v2 must be set as authentication method in client settings for MPPE encryption. Encryption level (40/128 bits) is also determined by either client settings or MS-MPPE-Encryption-Types attribute received in RADIUS authorization response.
ARPMiner will stop Windows Internet Connection Sharing (ICS) at startup if it is enabled. Please also make sure that IP routing is disabled on ARPMiner installed machine.
- Simple design and easy to use user interface.
- Simple interface for user definitions
- Real time monitoring of connected users.
- NAT and bridge operation modes for HotSpot Captive Portal.
- PPPoE Server with MPPE (40/128 bits) Encryption.
- PAP, CHAP, MS-CHAP-v1 and MS-CHAP-v2 authentication methods.
- Built-in HTTP server with enhanced SSL and CGI/1.1 support, built-in DHCP server and DNS proxy.
- RADIUS AAA support (Commercial editions only). ARPMiner accepts Packet of Disconnect (PoD) from RADIUS servers.
- RADIUS MAC authentication.
- DNS redirection.
- Client Id (Ethernet MAC address) in DNS requests (Experimental).
- WISPr 2.0 authentication and partial RADIUS dictionary support.
- Customizable HTTP interface.
- Performance monitoring through Windows Performance Monitor.