OpenWrt travel router for VPN, how to deal with captive portal

Hi team,
I have built a RaspberryPi travel router running OpenWRT that passes all traffic through a VPN. This setup works brilliantly when there's no captive portal to sign in to use the network.

I'm currently staying in a hotel with an open wifi network that uses a captive portal (I assume to register my device MAC) to gain access.

Is there a way I can connect my router or is it impossible because of the portal? I'd prefer to keep all my traffic behind a VPN given this network's open.


Delay the start up of the VPN tunnel for X minutes, giving you time enough to manually logon to the captive portal ?

you do realize VPN provides zero additional security/privacy, right ?

No? How so? Isn't all my traffic encrypted and sent through the tun so can't be inspected by anyone on the network?

I don't see how delaying the start-up bypasses the requirement to sign in to the portal from the router.

that's what the padlock next your browser's address field's for, it's always there, doesn't matter if your VPN is up, or down.
check out

you might want to reread what i wrote.

1 Like

Sorry, I'm not trying to be difficult, dismissive or rude. Not all websites are https addresses and I'm pretty sure not all phone apps are encrypted either, so there's no harm in trying to secure my connection.

What I meant by dealing with the delay - how can I log in? The router has its own IP and runs DHCP to provide devices their own IP, right?. If the router hasn't completed the portal questions, the connecting devices have no network connectivity.

start the router
try to surf from a client (via the router), and get the captive portal
start wireguard, manually, or set it to autostart after X minutes.

1 Like

I tried that. But no joy. The device connected to the router doesn't get the login prompt, only an error that no internet connection is available. Oh well.

you can force the device to stay on the wifi, are you using any custom DNS servers anywhere ?

Custom DNS servers were and but removing them didn't help either.

removing them from where ?

router or clients ?

From the router

and your DHCP doesn't serve them to your clients, too ?

I believe it would have until I removed the two entries from OpenWRT. The clients (Phone and laptop) have no custom DNS setings.

depends on from where you removed them.

but on the laptop you can do a ipconfig /all in a cmd/pwsh window to see the DNS IPs.

The interface I use to connect to the hotel supplied wifi is called WWAN, I removed the DNS setting under that interface. No other interfaces have DNS entries.

ok, so what are the DNS settings for the laptop ?

The enforced local IP address of the router (10.xx.xx.1)

and the WAN side DNS IPs of the router ?

10 subnet IPs aren't public, no need to mask them.

Nothing is specified. The "Use DNS servers advertised by peer" box is unchecked and no entries exist below it for custom DNS server addresses.

The router is

then what does /etc/resolv.conf and /tmp/resolv.conf.d/ say ?