Issue with Captive Portal not Appearing on OpenWrt

Hello everyone,

I am facing difficulties in getting my captive portal to appear on OpenWrt. I have correctly configured OpenNDS as the captive portal service, and the device seems to connect successfully to the Wi-Fi network, but the captive portal does not show up on client devices.

Here are some relevant details about my configuration:

I have installed OpenWrt on my device.
I am using OpenNDS to implement the captive portal.
Client devices connect successfully to the Wi-Fi network.

However, as soon as the devices connect to the network, the captive portal does not appear. I have checked firewall settings and created a rule to redirect traffic to the captive portal port, but the issue persists.

Has anyone encountered a similar situation or has suggestions on what might be wrong in my configuration? I have also examined system logs, but I haven't identified any significant errors.

Please provide any insights or guides to resolve this issue. Thanks in advance for your help!

config opennds 'my_opennds_config'
    option enabled '1'
    option faskey 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
    option gatewayname 'caprinetworkgateway'
    list users_to_router 'allow tcp port 8888'
    list users_to_router 'allow tcp port 8888'
    option login_option_enabled '1'
    option log_mountpoint '/logs'
    option max_log_entries '1000'
    list faskey 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
    list faskey 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
    option faskey 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
    option gatewayinterface 'br-lan'
    option gatewayport '2080'
    option maxclients '500'
    option fwhook_enabled '1'

Unfortunately you have not configured it correctly. Your config file is very wrong.

What version of OpenWrt and what version of openNDS are you using?

  1. Why do you have two option faskey entries?
  2. Why do you also have two list faskey entries?
  3. faskey is an option, not a list and can therefore only have one entry.
  4. Have you defined a subnet capable of supporting 500 clients and configured dnsmasq to provide dhcp for those 500 clients?
  5. I hope you have /logs as a genuine mountpoint for some external storage. If not you will sooner rather than later destroy your router's flash.

Start again by deleting everything in the /etc/config/opennds file and add a single line reading:

config opennds

Remove this rule. At best it will do nothing, at worst it will break something.
OpenNDS is a dynamic firewall with a higher priority than the static OpenWrt firewall (fw4) that will only come into play once openNDS has done what it needs to do.

With the config stripped down and your rule removed, either reboot or do the following:

service opennds stop
service firewall restart
service opennds start

Now see what happens when a client device (eg ios or android) connects.

I edit:

cat opennds
config opennds 'my_opennds_config'
    option enabled '1'
    option gatewayname 'Caprinetwork'
    list users_to_router 'allow tcp port 8888'
    list users_to_router 'allow tcp port 8888'
    option login_option_enabled '1'
    option log_mountpoint '/logs'
    option max_log_entries '1000'
    list faskey 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'
    option faskey 'xxxxxxxxxxxxxxxxxxxxx'
    option gatewayinterface 'phy0-ap0'
    option gatewayport '2080'
    option maxclients '500'
    option fwhook_enabled '1'
 cat dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ra 'server'
        option dhcpv6 'server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

But still captive portal does not appear.

some logs:

Sat Feb 24 16:15:10 2024 authpriv.warn dropbear[13495]: Bad password attempt for 'root' from 192.168.1.22:50687
Sat Feb 24 16:15:15 2024 authpriv.notice dropbear[13495]: Password auth succeeded for 'root' from 192.168.1.22:50687
Sat Feb 24 16:16:25 2024 daemon.warn odhcpd[929]: No default route present, overriding ra_lifetime!
Sat Feb 24 16:17:28 2024 daemon.err uhttpd[1047]: [info] luci: accepted login on / for root from 192.168.1.22
Sat Feb 24 16:18:23 2024 daemon.notice opennds[13913]: openNDS Version 10.2.0 is in startup
Sat Feb 24 16:18:23 2024 daemon.info opennds[13913]: openNDS Version 10.2.0 is in startup - Please wait....
Sat Feb 24 16:18:23 2024 daemon.notice opennds[13913]: The name of this gateway is Caprinetwork
Sat Feb 24 16:18:26 2024 daemon.notice opennds[13913]: Attempting to Bind to interface: phy0-ap0
Sat Feb 24 16:18:26 2024 daemon.err opennds[13913]: Could not get IP address information of phy0-ap0, exiting...
Sat Feb 24 16:18:41 2024 daemon.notice opennds[16103]: openNDS Version 10.2.0 is in startup
Sat Feb 24 16:18:41 2024 daemon.info opennds[16103]: openNDS Version 10.2.0 is in startup - Please wait....
Sat Feb 24 16:18:41 2024 daemon.notice opennds[16103]: The name of this gateway is Caprinetwork
Sat Feb 24 16:18:43 2024 daemon.notice opennds[16103]: Attempting to Bind to interface: phy0-ap0
Sat Feb 24 16:18:43 2024 daemon.err opennds[16103]: Could not get IP address information of phy0-ap0, exiting...
Sat Feb 24 16:18:59 2024 daemon.notice opennds[18269]: openNDS Version 10.2.0 is in startup
Sat Feb 24 16:18:59 2024 daemon.info opennds[18269]: openNDS Version 10.2.0 is in startup - Please wait....
Sat Feb 24 16:18:59 2024 daemon.notice opennds[18269]: The name of this gateway is Caprinetwork
Sat Feb 24 16:19:01 2024 daemon.notice opennds[18269]: Attempting to Bind to interface: phy0-ap0
Sat Feb 24 16:19:01 2024 daemon.err opennds[18269]: Could not get IP address information of phy0-ap0, exiting...
Sat Feb 24 16:19:16 2024 daemon.notice opennds[20433]: openNDS Version 10.2.0 is in startup
Sat Feb 24 16:19:16 2024 daemon.info opennds[20433]: openNDS Version 10.2.0 is in startup - Please wait....
Sat Feb 24 16:19:16 2024 daemon.notice opennds[20433]: The name of this gateway is Caprinetwork
Sat Feb 24 16:19:19 2024 daemon.notice opennds[20433]: Attempting to Bind to interface: phy0-ap0
Sat Feb 24 16:19:19 2024 daemon.err opennds[20433]: Could not get IP address information of phy0-ap0, exiting...
Sat Feb 24 16:19:22 2024 daemon.info hostapd: phy0-ap0: STA ea:ab:eb:b9:9d:fd IEEE 802.11: disassociated
Sat Feb 24 16:19:22 2024 daemon.notice hostapd: phy0-ap0: AP-STA-DISCONNECTED ea:ab:eb:b9:9d:fd
Sat Feb 24 16:19:32 2024 daemon.info hostapd: phy0-ap0: STA ea:ab:eb:b9:9d:fd IEEE 802.11: associated
Sat Feb 24 16:19:32 2024 daemon.notice hostapd: phy0-ap0: AP-STA-CONNECTED ea:ab:eb:b9:9d:fd auth_alg=open
Sat Feb 24 16:19:33 2024 daemon.warn odhcpd[929]: No default route present, overriding ra_lifetime!
Sat Feb 24 16:19:34 2024 daemon.notice opennds[22598]: openNDS Version 10.2.0 is in startup
Sat Feb 24 16:19:34 2024 daemon.info opennds[22598]: openNDS Version 10.2.0 is in startup - Please wait....
Sat Feb 24 16:19:34 2024 daemon.notice opennds[22598]: The name of this gateway is Caprinetwork
Sat Feb 24 16:19:37 2024 daemon.notice opennds[22598]: Attempting to Bind to interface: phy0-ap0
Sat Feb 24 16:19:37 2024 daemon.err opennds[22598]: Could not get IP address information of phy0-ap0, exiting...
Sat Feb 24 16:19:37 2024 daemon.warn odhcpd[929]: No default route present, overriding ra_lifetime!
Sat Feb 24 16:19:42 2024 daemon.warn odhcpd[929]: No default route present, overriding ra_lifetime!
Sat Feb 24 16:19:44 2024 daemon.warn odhcpd[929]: No default route present, overriding ra_lifetime!
Sat Feb 24 16:19:48 2024 daemon.warn odhcpd[929]: No default route present, overriding ra_lifetime!
Sat Feb 24 16:19:52 2024 daemon.notice opennds[24764]: openNDS Version 10.2.0 is in startup
Sat Feb 24 16:19:52 2024 daemon.info opennds[24764]: openNDS Version 10.2.0 is in startup - Please wait....
Sat Feb 24 16:19:52 2024 daemon.notice opennds[24764]: The name of this gateway is Caprinetwork
Sat Feb 24 16:19:52 2024 daemon.warn odhcpd[929]: No default route present, overriding ra_lifetime!
Sat Feb 24 16:19:54 2024 daemon.notice opennds[24764]: Attempting to Bind to interface: phy0-ap0
Sat Feb 24 16:19:54 2024 daemon.err opennds[24764]: Could not get IP address information of phy0-ap0, exiting...
Sat Feb 24 16:20:09 2024 daemon.notice opennds[26934]: openNDS Version 10.2.0 is in startup
Sat Feb 24 16:20:09 2024 daemon.info opennds[26934]: openNDS Version 10.2.0 is in startup - Please wait....
Sat Feb 24 16:20:10 2024 daemon.notice opennds[26934]: The name of this gateway is Caprinetwork
Sat Feb 24 16:20:12 2024 daemon.notice opennds[26934]: Attempting to Bind to interface: phy0-ap0
Sat Feb 24 16:20:12 2024 daemon.err opennds[26934]: Could not get IP address information of phy0-ap0, exiting...
Sat Feb 24 16:20:27 2024 daemon.notice opennds[29099]: openNDS Version 10.2.0 is in startup
Sat Feb 24 16:20:27 2024 daemon.info opennds[29099]: openNDS Version 10.2.0 is in startup - Please wait....
Sat Feb 24 16:20:27 2024 daemon.notice opennds[29099]: The name of this gateway is Caprinetwork
Sat Feb 24 16:20:30 2024 daemon.notice opennds[29099]: Attempting to Bind to interface: phy0-ap0
Sat Feb 24 16:20:30 2024 daemon.err opennds[29099]: Could not get IP address information of phy0-ap0, exiting...
Sat Feb 24 16:20:45 2024 daemon.notice opennds[31263]: openNDS Version 10.2.0 is in startup
Sat Feb 24 16:20:45 2024 daemon.info opennds[31263]: openNDS Version 10.2.0 is in startup - Please wait....
Sat Feb 24 16:20:45 2024 daemon.notice opennds[31263]: The name of this gateway is Caprinetwork
Sat Feb 24 16:20:47 2024 daemon.notice opennds[31263]: Attempting to Bind to interface: phy0-ap0
Sat Feb 24 16:20:48 2024 daemon.err opennds[31263]: Could not get IP address information of phy0-ap0, exiting...
Sat Feb 24 16:21:03 2024 daemon.notice opennds[968]: openNDS Version 10.2.0 is in startup
Sat Feb 24 16:21:03 2024 daemon.info opennds[968]: openNDS Version 10.2.0 is in startup - Please wait....
Sat Feb 24 16:21:03 2024 daemon.notice opennds[968]: The name of this gateway is Caprinetwork
Sat Feb 24 16:21:05 2024 daemon.notice opennds[968]: Attempting to Bind to interface: phy0-ap0
Sat Feb 24 16:21:05 2024 daemon.err opennds[968]: Could not get IP address information of phy0-ap0, exiting...
Sat Feb 24 16:21:20 2024 daemon.notice opennds[3137]: openNDS Version 10.2.0 is in startup
Sat Feb 24 16:21:20 2024 daemon.info opennds[3137]: openNDS Version 10.2.0 is in startup - Please wait....
Sat Feb 24 16:21:20 2024 daemon.notice opennds[3137]: The name of this gateway is Caprinetwork
Sat Feb 24 16:21:23 2024 daemon.notice opennds[3137]: Attempting to Bind to interface: phy0-ap0
Sat Feb 24 16:21:23 2024 daemon.err opennds[3137]: Could not get IP address information of phy0-ap0, exiting...
Sat Feb 24 16:21:23 2024 daemon.info procd: Instance opennds::instance1 s in a crash loop 11 crashes, 8 seconds since last crash
Sat Feb 24 16:23:47 2024 daemon.warn odhcpd[929]: No default route present, overriding ra_lifetime!

Thanks, if there's anything else I've forgotten.

Not surprising, your config is now even worse than it was before.
You have totally ignored the changes I suggested.

Perhaps I should give VERY precise instructions.

By trying a basic config, you will be making sure everything is working.
Then and only then should you start modifying the config.

FOLLOW THESE INSTRUCTIONS

Make sure you have an Internet feed from your ISP router connected to the wan port on your router. Then do the following commands in a terminal session:

  1. service opennds stop
  2. rm /etc/config/opennds
  3. echo "config opennds" > /etc/config/opennds
  4. service opennds restart

Now try connecting with an Android or iOS device....

Only if this works will you be ready to customise the config.

Hi thanks, I did as you told me, but it still doesn't happen

OK, then show the outputs of:

ubus call system board

uci export opennds

ip addr

root@OpenWrt:~# ubus call system board
{
        "kernel": "5.15.137",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 3",
        "model": "Raspberry Pi 4 Model B Rev 1.1",
        "board_name": "raspberrypi,4-model-b",
        "rootfs_type": "ext4",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.2",
                "revision": "r23630-842932a63d",
                "target": "bcm27xx/bcm2711",
                "description": "OpenWrt 23.05.2 r23630-842932a63d"
        }
}
root@OpenWrt:~# uci export opennds
package opennds

config opennds
        option faskey 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
root@OpenWrt:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP qlen 1000
    link/ether dc:a6:32:43:d7:c1 brd ff:ff:ff:ff:ff:ff
3: phy0-ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP qlen 1000
    link/ether de:a6:32:43:d7:c3 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::dca6:32ff:fe43:d7c3/64 scope link
       valid_lft forever preferred_lft forever
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether dc:a6:32:43:d7:c1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.100/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fdef:f0b0:ccf0::1/60 scope global noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::dea6:32ff:fe43:d7c1/64 scope link
       valid_lft forever preferred_lft forever

Thanks again for your help.

The output shows you do not have an Internet feed.
The purpose of openNDS is to manage access to the Internet.....

You might find it helpful if you read about the prerequisites for openNDS:
https://opennds.readthedocs.io/en/stable/install.html#prerequisites

On my router i have only one WAN port. But are busy. i have to buy TP-Link Gigabit Multi-WAN for solve my problem. Right?

A RPi4 has a fast cpu and loads of ram but it makes a terrible router due to its very limited networking i/o. Sure, an expert can make it sing and dance, but it never makes economic sense to use one as a router.

For a captive portal you need a wan port to connect to your isp router (for the Internet feed) and a lan port and/or wireless_radio_designed_for_AP_use, ie just about ANY OpenWrt compatible ROUTER.

No, not at all. Multi wan is for resilience and for parallel load sharing - nothing to do with a captive portal.

Yes the Raspberry is very powerful. I bought an external antenna + network card compatible with OpenWRT on Aliexpress. But it will take time before it arrives.

Also, what device do you recommend I use to do Captive Portal?

What for? More expense going down the Rpi route? As I said, it never makes economic sense to use one as a router.

Buy a ROUTER with a minimum of 16MB flash and 128MB ram:
https://openwrt.org/toh/start