OpenNDS on Guest Network not working

New installation of OpenNDS in new guest network(Ztucker). The only change to the config file was Option GatewayInterface 'wlan1-2'. 
TP-Link Archer 7 ver 5
Openwrt 22.03.3
There is no pop-up splash page on ZTucker, and access to internet is blocked. Any suggestions?

The problem is most likely to do with how your guest network is configured.
Show the output of:
ndsctl status
and
ip addr

ndsctl status and ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    link/ether 14:eb:b6:54:6a:58 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::16eb:b6ff:fe54:6a58/64 scope link 
       valid_lft forever preferred_lft forever
4: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 14:eb:b6:54:6a:57 brd ff:ff:ff:ff:ff:ff
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 14:eb:b6:54:6a:58 brd ff:ff:ff:ff:ff:ff
    inet 192.168.9.1/24 brd 192.168.9.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fd4a:4150:dff6::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::16eb:b6ff:fe54:6a58/64 scope link 
       valid_lft forever preferred_lft forever
7: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 14:eb:b6:54:6a:58 brd ff:ff:ff:ff:ff:ff
8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 14:eb:b6:54:6a:59 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::16eb:b6ff:fe54:6a59/64 scope link 
       valid_lft forever preferred_lft forever
9: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 14:eb:b6:54:6a:58 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.22/24 brd 192.168.0.255 scope global wlan1
       valid_lft forever preferred_lft forever
    inet6 fe80::16eb:b6ff:fe54:6a58/64 scope link 
       valid_lft forever preferred_lft forever
10: wlan1-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 16:eb:b6:54:6a:58 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::14eb:b6ff:fe54:6a58/64 scope link 
       valid_lft forever preferred_lft forever
11: wlan1-2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 12:eb:b6:54:6a:58 brd ff:ff:ff:ff:ff:ff
    inet 192.168.13.1/24 brd 192.168.13.255 scope global wlan1-2
       valid_lft forever preferred_lft forever
    inet6 fe80::10eb:b6ff:fe54:6a58/64 scope link 
       valid_lft forever preferred_lft forever
==================
openNDS Status
====
Version: 9.9.1
Uptime: 53s
Gateway Name: [ openNDS Node:12ebb6546a58  ]
Debug Level: [ 1 ]
Gateway FQDN: [ status.client ]
Managed interface: wlan1-2
Upstream gateway(s) [ online:192.168.0.1,wlan1  ]
MHD Server [ version 0.9.75 ] listening on: http://192.168.13.1:2050
Maximum Html Page size is [ 10240 ] Bytes
Preemptive Authentication is Disabled
Binauth: Disabled
Preauth Script: /usr/lib/opennds/libopennds.sh
FAS: Secure Level 1, URL: http://192.168.13.1:2050/opennds_preauth/
Client Check Interval: 15s
Rate Check Window: 2 check intervals (30s)
Preauthenticated Client Idle Timeout: 30m
Authenticated Client Idle Timeout: 120m
Download rate limit threshold (default per client): no limit
Upload rate limit threshold (default per client): no limit
Download quota (default per client): no limit
Upload quota (default per client): no limit
Total download: 0 kByte; average: 0.00 kbit/s
Total upload: 0 kByte; average: 0.00 kbit/s
====
Client authentications since start: 0
Current clients: 0
====
Trusted MAC addresses: none
Walled Garden FQDNs: none
Walled Garden Ports: none
========

thanks

This looks good, openNDS binding to the correct address.

I am taking a guess that you followed either the OpenWrt user guide for guest networks or one of the online tutorials.

These seem to set the "guest" firewall zone to reject input.
ie option input 'REJECT'

This blocks all access to the router from the guest network. Yet to be served the splash pages, the client must access the openNDS mini web server on the router.

You could change the option line above to read option input 'ACCEPT' to fix what I think is the problem, or better still, upgrade openNDS to version 9.10.0 that has just been released and it contains a fix for this problem.

The OpenWrt bots are part way through building it but right now have not got to mips_24kc, but certainly will in a few hours.
EDIT: All done now I think

Check here:
https://downloads.openwrt.org/releases/22.03.3/packages/mips_24kc/routing/

Keep refreshing the page and when it shows opennds_9.10.0-1_mips_24kc.ipk ypou will be good to go.

Run:

opkg update
opkg install opennds

(You can do similar in Luci if you wish.)

It will keep your openNDS config.

The new opennds works.
thanks

1 Like

I seem to have corrupted the OpenNDS config file. Can I get a fresh copy from Github or should I try to ru n the update again?
thanks

A copy of the default config can be found on your router here:
/etc/opennds/config.uci

Copy it to /etc/config/, deleting the corrupted one first. then renaming it to opennds

thank you

I'm helping set up a splash page for a friend's restaurant in Mexico. He wants to keep it simple. One page with his logo, brief disclaimer and some restaurant news. I set up the legacy splash page knowing its deprecated. However it goes to a status page after the continue button. Is there an easy way to bypass the status page(s) and just authenticate and close the splash page?