Request for Wifidog Support on Newer OpenWRT Versions

Dear Developers,

Wifidog has been a reliable and lightweight captive portal solution, offering a simpler alternative to options like CoovaChilli. Many users still depend on it for managing network access due to its ease of setup and efficient firewall integration.

However, on newer OpenWRT versions, Wifidog requires iptables-zz-legacy to function, which is not ideal and may lead to long-term compatibility issues. I kindly ask if there could be updates to make it work natively with the latest OpenWRT versions without relying on legacy iptables. Migrating to nftables would be a major step forward in ensuring its continued functionality.

Your support and contributions to this project are highly appreciated. Many users, including myself, would greatly benefit from these improvements. Thank you for your time and consideration

1000308495786×548 82.3 KB

I'm pretty sure that wifidog was abandoned quite some time ago, so it is unlikely that anyone is going to resurrect it (same with CoovaChilli).

OpenNDS is the captive portal that is commonly recommended. It's very powerful and quite flexible.

https://openwrt.org/docs/guide-user/services/captive-portal/opennds

You should ask wifidog to revert 10 years old move from iptables commands to now legacy zzz library call.

I am quite confident, you might be able to get what you want by offering some sponsoring. wifidog i.g. is used in commercialized wifi systems, which should be able to provide the funding for the requested changes.
I understand your request very well, but consider your expectation of a free-of-charge long-term solution for commercial use a bit far fetched.

Wifidog handles authentication internally, making setup simple—just install, configure, and it works. For example, it directly manages access rules without needing extra scripts. OpenNDS, on the other hand, relies on external methods like RADIUS or custom scripts for authentication, offering more flexibility but requiring additional configuration. If you just need a quick captive portal, overall Wifidog is much easier.

iptables-zz-legacy keeps Wifidog running but isn’t a long-term fix. A better solution is ensuring iptables-nft supports Wifidog’s rules or updating Wifidog for nftables. Otherwise, we must check with each OpenWRT update that iptables-zz-legacy remains compatible with Wifidog’s commands.

Wifidog is an open-source solution used by both commercial and non-commercial users. The goal is to maintain its compatibility with modern OpenWRT, not a complete redesign. Simple fixes might be enough without requiring major funding, but if sponsorship is necessary, clear requirements should be defined.

I don't think you get it. You've been told this is a FOSS project so your options are either to code the fixes yourself or pay someone to do the coding for you. Use of the term "sponsorship" was nothing more than politically correct BS to sugarcoat the truth, and it was NOT helpful at all. The truth is - you want it, pony up the money for it.

You were asking for someone to code up the changes for free. Now you are asking someone to project manage requirements for paying someone to do it - once more, for free. Cut the baloney. You want it, you want to pay for it, you project manage it and define your OWN requirements to whomever you are going to pay to code the changes.

You are missing something, wifidog uses library to load legacy xtables rules. You need to port library call to call iptables command and it will be compatible with both firewall worlds.

Best of luck, feel free report back once you've completed all the required tasks.

I'm using commercially wifidog develop cloud base management. last 5 years wifidog almost none functional due to upgrade issue. I tried many modification but we use internal purpose. I still interesting wifidog run with current openwrt.

Frankly the work needed to get wifidog to work is probably not that extensive and likely would not cost a huge amount to pay someone to do. If you have a system that is built around it with many access points then it's certainly worth the time to ask some developers.

You might start with the authors here:

wifidog-gateway/AUTHORS at master · wifidog/wifidog-gateway

Or contact the people:

Members · People · wifidog

Who told you that?
OpenNDS has never had radius support as standard or as an option.
OpenNDS will never have radius support as standard or as an option.
This is because radius is an ancient legacy authentication system dating back to the original dial up modem days of the 80's and 90's. There is no reason to go through the trials and tribulations of adding radius support when a simple database can be set up to do the job in seconds.

Really? But it has been broken since 2016 since the next iptables version of the day was released. Sure, some commercial outfits independently paid for a patch or two so they could compile a private fork to allow them to continue making use of their previous investment.

Right now if you want a quick captive portal, install OpenNDS. There is no configuration to do whatsoever on a standard OpenWrt flash, it will just come up and ask connecting clients to log in/ read ToS etc.

On top of that there are a number of "Theme" options that can be selected simply in the config file.
To the other extreme, if you want a centralised portal hosted on the Internet, serving hundreds of commercial venues (think coffee shop chain), that is also little more than config options as well.

OpenNDS was fully migrated to nftables some years ago and is fully compatible with the OpenWrt firewall, fw4 (compare with anything using iptables-zz-legacy that will very likely break the firewall, or at the very least generate dire warnings).

If your business is currently dependent on Wifidog, you need to urgently pay a consultant to do some research for you. Then you can come up with a business plan, one way or another.

Another option is eschewing OpenWRT completely and switching over to DD-WRT. Advantages of that are:

1. It supports Broadcom-based AP's so you have a whole universe of APs that work well under it that don't under OpenWRT

2. It is not constantly changing it's kernel the way OpenWRT is so it tends to break apps far less

3. It runs current security patched code on older, smaller flash devices that OpenWRT gave up on

4. It provides wifidog as part of it's distribution for many devices

5. It supports the hardware Network Address Translation in Broadcom Northstar devices

Downsides are:

1. Broadcom announced some years ago they would not release SDKs for Open Source development for wifi AX so only QCA devices support wifi AX under dd-wrt per this notice:

DD-WRT :: View topic - 802.11ax Supported routers - W.I.P.

2. VHT 80+80 bonding (aka 160Mhz wide radio channels) does not exist in any Broadcom devices under DD-WRT

As I said:

If he pays an OpenWRT consultant that consultant may not even mention DD-WRT.

I don't know how long you have been around this forum but there's a lot of people in the OpenWRT community who are biased against DD-WRT and to a lesser extent FreshTomato because those projects run counter to anti-Broadcom diatribes.

For a typical example:

[OpenWrt Wiki] Broadcom wireless

While this mentions DD-WRT once, it refers to lists of "neutered" routers under OpenWRT that use the b43 driver and only support 2.4Ghz.

This which creates threads like the following:

Build for Broadcom wireless using Opensource driver - For Developers - OpenWrt Forum

Where the questioner is explicitly asking for Broadcom support - probably because he has Broadcom devices already - and the respondents merely ignore DD-WRT instead of doing the public service of referring the questioner to it. Many routers that DD-WRT supports - such as the R7000 - have full 80Mhz wide 5Ghz radio support which is lacking under OpenWRT due to the b43 driver being used instead of the bcmwl driver

Note that the overview links don't mention the instructions buried in this documentation

[OpenWrt Wiki] Broadcom BCM47xx

that explain you can disable b43 and use the other driver in OpenWRT to get 5Ghz on Broadcom based routers like the R7000

In fact just about every respondent on the forum to any Broadcom-based question just repeats the claim Broadcom is not supported which is not true as explained in that link - it's just not supported by default in the openwrt firmware.

Now, I have no shortage of disgust for Broadcom as a company what they recently did to VMWare is criminal and what they have done in the past to Symantec Antivirus was also criminal. And of course, we don't want to encourage people spending money on NEW wifi gear that contains Broadcom devices due to their non-support of FOSS.

But many who come to OpenWRT do so with gear already purchased, often years earlier, who didn't know better and happened to buy Broadcom-based gear. Isn't it better for them to be running a FOSS router software like FreshTomato or DD-WRT or Merlin than the vendor's crappy insecure software? Is it really necessary to tell them to discard their devices and spend money buying an OpenWRT-compliant device just to participate in the FOSS router software community? (as some zealots on this forum have done in the past)

DD-WRT supports the older 2.4, 2.6, 3.0 and 4.4 kernels for Broadcom based devices thus it works with the older apps. Like OpenWRT it makes older devices more secure. Also like OpenWRT it gives you command line access and many of the popular apps like vpn support, etc.

DD-WRT descended from Sveasoft which descended from Grandpa Linksys WRT54g, which OpenWRT also descended from. But many in OpenWRT would like to forget that the original WRT54G was broadcom-based.

Well, I guess you got your work mapped out for you then? Just monitor the forum and inject references to DD-Wrt where you deem them helpful. This is a volunteer forum after all.

Why are you talking about these?
The title of this thread is "Request for Wifidog Support on Newer OpenWrt Versions".

Well I guess you got your work cut out for you also. Just scan all the OpenWRT official documentation and start defacing it by removing references to how to get Broadcom devices to work properly under OpenWRT

You can start here:

https://openwrt.org/docs/techref/hardware/soc/soc.broadcom.bcm47xx

Will that satisfy your anti-DD-WRT desire?

And I and others told the requestor if he wanted it he needed to pay a developer for it.

You are apparently going ballistic because I added to that by telling the poster (who obviously CANNOT code the support he wants) a usable free alternative that supports wifidog.