Captive portal with shared access between routers

Installing and Using OpenWrt
1

Hello,

I have Mikrotik hAP Lite with newest OpenWrt installed and I need to achieve this behavior:

  1. User connects to open wifi
  2. Login window opens and loads page https://login.example.com, pass MAC address to the page
  3. The page somehow process the login (depends if it's known MAC address or not)
  4. Page should somehow tell the router "Ok, this device can connect"

There will be more routers, but not on the same local network, they will be in different buildings. The login window should be opened everytime even if the user has already been connected because the page is handling this.

The Mikrotik hAP Lite is not that good, so I can't install Luci, I am configuring everything through SSH.

Is it somehow configurable just with OpenWrt or which packages are the best for this?

I read this, but the captive portal is located in the router, I need it online. I also read about CoovaChilli but they said the documentation is pretty bad.

Thanks for any suggestion and help!

2

Can't use HTTPS on a captive portal without advanced config in the router.

How?

Your client hasn't been given access to the Internet yet.

This thread may be helpful too:

It sounds like you want a captive portal for your entire LAN, then. Like in hospitals, hotels, restaurants, etc. That has to be located somewhere on the LAN.

3

Maybe Captive portal is not the right word then. Maybe more like some sort of banning all communications except to communication to the login server unless the user is verified.

Also, these routers will not be on the same LAN, because they will be placed in businesses with different owners.

4

Nope, "Captive Portal" is the right phrase. If you want it to be Internet-based, it gets more complex. You can't initially block Internet access when you need access to the online portal. You may have to setup a VPN from these sites - to the captive portal server...but then, all the businesses' bandwidths are dependent on the VPN server holding the captive portal (and the latency generated).

Then how do you expect all the businesses to reach the same Internet-based captive portal???

  • Perhaps, you prefer RADIUS-based WiFi authentication, instead?
  • As I suggested above, you may have to configure all routers via VPN to a captive portal

And if they're not on the same network, this just got even more complex. I'd suggest setting each up for it's own Captive Portal.