OpenWrt Setup on raspberrypi 4B using as a router for OpenNDS captive portal

i am using raspberry pi 4b with 8GB RAM 64bit and i flashed the latest version of OpenWrt23.05 on it and using desktop support to see the output and logs. in /etc/config/network i have changed ip address as 192.168.68.4 for the raspberrypi and 192.168.68.1 for the gateway. defined the DNS provided by the ISP. after that i connected to OpenWrt2 wifi and logged in to LUCI using 192.168.68.4 on browser and then set password for root. In network>> interfaces>> i have lan interface named br-lan only. then in network >>wireless >> i enabled the wireless interface and Voila i am now receiving internet on the OpenWrt Wifi.

Now in System>> Software >> i have updated the package list and then installed the OpenNDS package and after that when the refreshed the page openwrt terminal is not getting the access as well as LUCI it is saying >>>>>>>>>>>>"Error 403 No access to this client">>>>>>>>>>>> any soultion for this?

i want to implement a captive portal for my wifi "OpenWrt2" using user login or sms otp authentication, after the authentication only the internet access should be given to the user.

i am new to this concept of captive portal and networking so can someone help me for the configuration file setup in /etc/config/opennds and other changes that are required for captive portal implementation. we can start with the basic click and continue kind of captive portal.

i have setup a wan interface with DHCP client protocol and and wan6 interface with DHCPv6 client protocol. i have attached the screenshots of the current setup and Ip address for connected interfaces. kindly look into that and one more thing i want to mention that i am able to use pi as a basic router as it is hosting the OpenWrt2 wifi and i am getting the internet but after installing opennds, internet access denied to Luci and openwrt root terminal. i am not aware of the interface wan and wan6 how they are used in the setup. if you can help me in that that would be the greatest help.

kindly look at the screenshots and settings if anything wrong somewhere and i can implement the basic captive portal using opennds on my Pi OpenWrt2 Wifi interface.IS the WAN interface settings correct?? please help regarding this issue as i want to implement a basic captive portal if someone connect to my OpenWrt2 wifi.





Unfortunately, an Rpi is the worst possible choice to use as a router at least for people who are not up to speed on the nitty-gritty of configuring a router. The network i/o is not really up to scratch as it only has one ethernet port and a wireless chip designed only for station use connecting to an access point.

Also unfortunate, most of what you are saying is incorrect, no doubt stemming from your frustration, which in turn comes from trying to make the square peg Rpi fit into the round hole of a router!

If you had chosen even a basic home router, getting openNDS working would require:

  1. Enabling the wireless
  2. Installing openNDS

No configuration to do.

Luci, on all versions of OpenWrt after reflashing, is accessible at:
https://192.168.1.1

Note the https part.

change xxxx option gatewayinterface 'xxxxx' to your wifi interface( similar to phy1-ap0)

Sorry, no, that will not work. gatewayinterface must be a bridge device. A wireless interface name is not the same thing.

If you are determined to use an Rpi, then look on this forum for advice on how to set up the Rpi as a router (which will involve setting up a complex vlan configuration and/or finding a usb wifi dongle that will actually work for more than 2 or 3 clients at the same time and has a range of more than a few metres).

You can buy a budget OpenWrt compatible travel router for very little cost and do just the two actions I mentioned above to get up and running.

You can get help and advice on openNDS by opening an issue on Github:

I created a ticket and got my expected answer.

I don't have rpi.

I have one u7621-06, one p2812 and two MI router 4. This is not true.

Test yourself and see whether your info is correct.

As I said, I gave up. I'm not going to waste another 2 days for a dead end

The title of this thread is "OpenWrt Setup on raspberrypi 4B using as a router for OpenNDS captive portal", so sorry if I jumped to that conclusion.

This has been the case for a number of years. What version of OpenWrt are you using?

I have, probably many hundreds of times on many different types of hardware and I can confirm my info is correct.

A "real world" example can be seen here:

I just realized that I was using snapshot for testing. Then removed my message

Ah! Snapshot does not have Luci installed by default.

I am happy to help you get this working if you still want to try.

I installed luci but https was not working. I'll give opennds another try using stable version

You can, more or less, follow the Github link I posted, in principle it will be the same.

It's working... :person_facepalming:
Is there a dedicated Q/A thread for OpenNDS on this forum? Just github?

Just Github.

1 Like

You have your eth0 in both the lan and the wan. That is unless you are using a USB to ethernet device.

And eth0 wan and wan6 are bifurcated when they should be one. Notice they have exactly the same traffic.

You should just enable IPV6 in the eth0 in network/interfaces/device and have only one eth0 device in the WAN interface.

-Yes you do; rpi is just shorthand for Raspberry Pi.-

Sorry, I thought you were the OP

@bluewavenet I have 8-10 clients using my internet. I told them not to give wifi password to anyone. But, as you know, getting wifi password is as easy as reading a QR code, so their friends steal the password from their phones.
I tried to use MAC filter, but it's hard to maintain (randomized mac addresses etc)

here's what I did :slight_smile: (I hope this won't cause any further problem)

used uci as credential backend

root@OpenWrt:/# cat /etc/config/captive
config users
        option my_pc '*'
        option my_phone '*'
        option my_tablet '*'
root@OpenWrt:/# uci show opennds
opennds.@opennds[0]=opennds
opennds.@opennds[0].login_option_enabled='3'
opennds.@opennds[0].themespec_path='/usr/lib/opennds/my_login.sh'
opennds.@opennds[0].faskey='*'
root@OpenWrt:/# diff -u  "/usr/lib/opennds/theme_user-email-login-custom-placeholders.sh" "/usr/lib/opennds/my_login.sh"
--- /usr/lib/opennds/theme_user-email-login-custom-placeholders.sh      2023-11-29 04:01:25.000000000 +0000
+++ /usr/lib/opennds/my_login.sh        2024-01-02 01:41:02.000000000 +0000
@@ -93,7 +93,9 @@
        #
        # The client is required to accept the terms of service.

-       if [ ! -z "$username" ] && [ ! -z "$emailaddress" ]; then
+  password=$(uci get captive.@users[0]."$username")
+
+       if [ ! -z "$username" ] && [ ! -z "$emailaddress" ] && [ "$emailaddress" = "$password" ]; then
                thankyou_page
                footer
        fi
@@ -117,7 +119,7 @@
                <form action=\"/opennds_preauth/\" method=\"get\">
                        <input type=\"hidden\" name=\"fas\" value=\"$fas\">
                        <input type=\"text\" name=\"username\" value=\"$username\" autocomplete=\"on\" ><br>Name<br><br>
-                       <input type=\"email\" name=\"emailaddress\" value=\"$emailaddress\" autocomplete=\"on\" ><br>Email<br><br>
+                       <input type=\"password\" name=\"emailaddress\" value=\"$emailaddress\" autocomplete=\"on\" ><br>Password<br><br>
                        $custom_inputs
                        <input type=\"submit\" value=\"Accept Terms of Service\" >
                </form>

Nice idea!