[SOLVED] A second wifi to reach the web without captive portal requests

Hi, this is my first post.
I have a TL-WR841N router, with OpenWrt 15.05.1
I explain what I would like to do why I ask your help. I tried to search guides on the web but I'm uncertain about which is the best way to follow.

In my residence, I access to a common wifi connection, protected by a captive portal (where I insert username/password).
Clients receive via DHCP an IP address like 10.191.16.XXX. The gateway is on 10.191.0.XXX.

I would like to connect to internet even clients that don't have a web browser to use the captive portal, so I would like to connect my router with OpenWrt to the main wifi network and then create a second internal wireless network where clients can reach internet without a captive portal request.
Is it possible to do it with Open Wrt?

Summing up, what I'd like to do is:

  • my router connects to the main network and obtains an IP address via DHCP
  • a second wifi is created to connect the clients. Clients receive from my router an IP address like 192.168.1.X
  • the first client requesting internet obtains the captive portal and login
  • the next clients will find the internet already reachable without a captive portal

Is it possibile?
Reading the guides I tried the mode "Relay bridge" or "Routed client masquerade", but I can't receive the captive portal in any client.

Thank you very much in advance.

See, for example

I suspect that your configuration is not quite right for your topology yet. Basically, it's not much different than a "standard" topology, just that the "outside" interface is your wireless client interface instead of the "WAN" interface.

Hi Jeff, thanks for your reply.

The text that you quote is exactly what I would to obtain: only first client see the captive portal page and log in.

Surely my configuration is not right.
Do you mean that I have "simply" to set the router as basic routed client, without other settigs?

1 Like

The complexity is in the automatic authentication to the captive portal. Usually the first HTTP requests after joining such a network get intercepted and presented with a login form instead. This process unfortunately isn't really standardized so you need to reverse engineer the HTTP request issued by your browser once you fill out the login form and click the submit button.

You'll basically need two things (apart from the basic routed client config):

  • Periodically load a web site with well known content and see if you receive the expected content or some login form
  • In the latter case, synthesize a login POST request

This of course assumes that you do want to perform the captive portal authentication automatically somehow. If its okay that the first requesting client on your repeated network receives the login form instead, then you do not need any additional steps apart from setting up a routed, natted client.

This should be as simple as clicking "join wifi" in LuCI and not ticking "replace configuration".

See, for example, https://success.tanaza.com/s/article/How-Automatic-Detection-of-Captive-Portal-works

I have never looked into it, but there are many mentions of "Travelmate" which may provide what you are looking for. Search is perhaps the best, but here is a seemingly interesting result

Yes. It's exactly what I do when I'm in hotels. There are two ways to do it.

The first way is to configure the TL-WR841N as a "wireless bridge" or "wireless repeater". Create two wireless interfaces, one WAN, one LAN. The WAN interface is the "client" of the hotel (or residence) wireless network. The LAN interface is the access point your devices connect to. GL-iNet's devices offer this feature as standard. The firmware is built on OpenWRT with a custom vendor-provided GUI. But it can be done with the native OpenWRT GUI and command-line tools.

I don't like this method. It's awkward to configure, and it means halving the available bandwidth. It can be done, and means using a single router to do everything, but it's not my preferred method.

The second method - and the one I prefer to use - involves using two routers. I use TL-WR810N devices for this, because they're very compact and come with built-in mains plugs.

Set up one router with the wireless interface configured solely as a WAN interface. By default OpenWRT sets up the wireless interface as a LAN interface; it's easy enough to delete and set up a new WAN-only wireless interface to replace it.

Set up the Ethernet interface solely as a LAN interface (or bridge the Ethernet interfaces, if more than one is present). Change the LAN subnet from to another one, e.g. This is important because of the next step. If you don't do this, then the second router will have on both its WAN and LAN interfaces, which won't work for obvious reasons.

Then set up the second router with the default OpenWRT configuration. The Ethernet port (or one of them, if more than one) will be the WAN connection, and will pick up an IP address in the subnet (or whichever one you chose in the step above), and the wireless interface will be the LAN connection for your devices. Change the SSID and encryption of this wireless network to suit your purposes.

One caveat: most hotel wifi networks are fine with this and work seamlessly. However, some don't. Occasionally I need to pass the captive portal challenge directly on my laptop, and then configure the client router to spoof the MAC address of my laptop so that it fools the hotel wifi into accepting the connection.

Thanks to all.
I've tryed "travelmate" and thanks to its functionality is was very simple to configure everything and I obtain what I wanted.

Thanks a lot.


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.