Hi guys/gals.

I realise this is an OpenWRT forum, but I am struggling to find a solution so I am reaching out. Router manufacturer doesn't seem to have a solution.

I have spent many hours attempting to install OpenNDS as a captive portal system on the GL-AXT1800. I am heading out to the Australian bush with my Starlink dish, and I KNOW that there are lots of people in the more remote areas who would be willing to pay for some of my ‘spare’ bandwidth. I’ve been out there in the last six months and there is quite a need.

When I go to install OpenNDS there is only one library that is not already loaded and that is libmicrohttpd-no-ssl.

The issue is as soon as I install the system it just bricks the router I have to press the rest button and start again.

Also tried to install nodogsplash (which installs the same library) and again, one bricked router. VERY frustrating!

I am running firmware OpenWrt 21.02-SNAPSHOT r16399+157-c67509efd7 / LuCI openwrt-22.03 branch git-21.284.67084-e4d24f0

Kernel version 4.4.6

BTW I tried using the Applications drop down from the left menu (and then plugins), selecting the OpenNDS and installing that way, and I also tried using the Luci interface. Same result for both methods.

Just to add more grist to the mill… I decided to have ‘fun’ and downloaded Putty and SSH’d into the router and try that method of install to see if there was anything showing under that method.

No joy! It appeared to install fine (ended with database updated), but when I try to get back into the router to do a bit more config I end up with “Error 403 - Forbidden - Access Denied to this Client!”.

I have also tried four different versions of the firmware for the slate modem. All the same results.

I am hardwired to the router.

Any suggestions/help VERY much appreciated.

iMac

As this device (and its whole target) isn't support by OpenWrt yet, you will have to take it up with gl.inet.

Thanks. Thought that might be the case, but you never know if you don't reach out

First of all, there seems to be a lot of work going on to get this officially supported by OpenWrt:

This is very outdated and you will be stuck with an equally outdated version of openNDS.

That said though, it should still work.

What exactly do you mean by bricked? Do you mean you get no response from Luci?

This is openNDS responding - basically telling you that you have not yet authenticated so do not have access to anything.

What happens when you try to go to http://status.client ?

FYI - You can see full openNDS documentation at:
https://opennds.readthedocs.io/

By the way, for an automatic popup of the login page you must have an active Internet feed on the openNDS router as well as have, enabled on your client, either CPD (default on most devices) or CPI (new rfc 8910/8908 portal login method, a few new devices are now appearing with this support).

Cutting a long story short, most likely the router is not bricked, it is openNDS working correctly and blocking you.

Believe it or not, that's great news!!! It means I have HOPE!

By bricked I mean that everything locks up and there is no response on any interface (wired or wireless) and the only way to get back in is to reset the modem back to factory default.

Getting it configured so I can still use the admin interface is essential (but now hopefully doable).

I will keep plugging away. You have revived my enthusiasm!

Jerji

It's late here in Australia (Sunday night) and I will get stuck in tomorrow and have another go. My plan is to use SSH to install, and then continue to finish the config (which hopefully I will be able to do) and use that to recover the admin interface. Will report back on progress...

Before doing anything else, test if openNDS is working by trying http://status.client

To get Luci you will have to change the uhttpd settings (port number for the web server Luci uses), then allow access in openNDS to it.
By default ssh is allowed to the router.

An update...

I have made MAJOR progress and the system is working beautifully with one small exception. I want to use a USB drive for the voucher file and logs (as suggested in the documentation). I saw in the doco that you can use option log_mountpoint '/logs', so I tried option log_mountpoint '/mnt/sda1/logs' - the location for the USB drive - but for some reason it would not work. I checked permissions; 766 on the log file and the voucher file. But it kept telling me the voucher was invalid As soon as I went back to the default it worked again (for which I breathed a sigh of relief ). Obviously, I am a knucklehead doing something wrong! Can someone please point me in the right direction?

I have been documenting the install as I have been going along and will share that when I am finished.

PS. Kudos to all involved. The system is a cracker, and perfectly meets what I need!!

Jerji

Here are my notes...

Installing OpenNDS on gl.1800ATX Router

Introduction

The process below worked for me, but may change over time as the firmware for the modem is updates and the application is changed.

There was a fair bit of trial and error to get here.

In general terms the things you need to look out for include:

• The wireless interface for the web gets closed when you install the software making it appear that you have bricked the device. Plow on!!
• You MUST have an SSH client BEFORE you start – I used Putty.
• You need an Internet connection
• You need to know how to use a command line editor in linux (nano, vi, vim, etc) – google it if you need to know how.

A good resource is https://opennds.readthedocs.io/en/stable/install.html

The install

I recommend going from a fresh install (hold the reset button down for over 10 seconds until the blue light on the top is flashing fast). This ensures that other extensions are not going to impact/interfere.

I started with a WIRED CONNECTION. For that you will need a fixed IP address of 192.168.8 100 and a Netmask of 255.255.255.0 on your PC/Mac/X/X. I will assume a PC from here on in.

In a browser on your PC, open the web interface at http://192.168.8.1 Set up the language and the password (if you reset).

I used the repeater setting on the router to join onto my existing network.

On the router set up the two MAIN wireless interfaces (give them a name and a password you can remember).

Set up the guest wireless networks with open security (OpenNDS will be your security)!

Open putty as root (uses same password as the web interface) and connect to 192.168.8.1 and enter the root password.

Type opkg update and press enter

Type opkg install opennds and press enter

Type service opennds stop and press enter – what this does is to stop the service so we can configure it This is where I ran into some issues to start with as the running service stopped me from connecting wirelessly to manage/configure the newly installed service – a bit of a catch 22.

OK at this point you can disconnect the ethernet and connect to the main wireless interface – do this now so your putty session can continue over the air (you may have to restart the session).

You now need to work out the interface to which you need to connect. The interface which the system runs on by default is br-lan.

To find yours type ifconfig and press enter

The list is longer than shown below…

The one I wanted it to run on was br-guest. To modify this (in putty) edit the file /etc/config/opennds (using VIM or VI or your choice of editor). You need to scroll down uncomment the line (by removing the #) that says #option gatewayinterface ‘br-lan’ and change br-lan to br-guest. See the corrected line below.

Next, we may as well change the gateway name while we are here. Scroll down to find GatewayName. Read the comments and then change the name to suit.

OK at this point we can restart the service. Type service opennds start and press enter

And now we can test to see if our magic works

Notice at this stage there is no voucher details being asked for. That comes later… The main thing is the captive portal is working.

We can customise the landing page.

Now because there is currently no protection on that connection, I suggest you go into putty and type service opennds stop and press enter and also go back into the web interface and stop the guest networks. What comes next takes a while and we don’t want others using our network in the meantime.

It should now be running with a simple "click to continue" splash page sequence.
Test it by connecting with your smartphone or tablet and you should get the "popup" login screen.

Now you need to download the Community "Voucher script" and "Voucher Roll"
Use the following commands:
`
cd /usr/lib/opennds

wget https://raw.githubusercontent.com/openNDS/openNDS/master/community/themespec/theme_voucher/theme_voucher.sh

cd /tmp/ndslog

wget https://raw.githubusercontent.com/openNDS/openNDS/master/community/themespec/theme_voucher/vouchers.txt`

Now you need to activate the voucher script.
Use the following commands:

`chmod 744 /usr/lib/opennds/theme_voucher.sh

uci set opennds.@opennds[0].login_option_enabled='3'

uci set opennds.@opennds[0].themespec_path='/usr/lib/opennds/theme_voucher.sh'

uci commit opennds

service opennds restart`

OpenNDS should now be running the voucher script.
Test it by connecting again with your phone or tablet.
You will need a voucher code from the example vouchers.txt file you downloaded.

At this point it is safe to leave the system running as there is some form of protection (albeit the standard vouchers copied over from the Internet)

Now to customise it a bit…

First go to /usr/lib/opennds and modify theme.voucher.sh

Search for portal and replace Blue Wave Projects and Services 2015 with your domain (insert it in an HREF if desired). Save.

Upload a new splash screen image to /etc/opennds/htdocs/images/splash.jpg and it becomes…

You need to test it with some of the vouchers and check that it lets you in. The user should now accept the terms and enter the voucher… Ok it SHOULD now be working.

The next step (yes, the story continues) is to generate your vouchers…

Vouchers

In order to generate new vouchers, you need two things:

• a script
• a program to run the script.

In both cases they are very easy to get from the internet.

The script you can get from https://raw.githubusercontent.com/openNDS/openNDS/master/community/themespec/theme_voucher/voucher_generator.py

The program, I recommend downloading the python application from https://www.python.org/downloads/ . Hint – you may need to install it as an administrator.

Below is a copy of the script with a few explanations (comments are after the #):
`

Hotspot Voucher Generator

import random

import string

rate_down=5120 # in Bits so this is 5Mb/s download (plenty for youtube)

rate_up=1024 # in bits so this is 1Mb/s upload

quota_down=5120 # in MB so this is 5GB

quota_up=0

validity=7200 #minutes

voucher_qty=20 # adjust as needed

def randomstring(length=4):

letters = string.ascii_uppercase + string.digits

return "".join(random.choice(letters) for i in range(length))

def new_voucher():

voucher_code = f"{randomstring()}-{randomstring()}"

return f"{voucher_code},{rate_down},{rate_up},{quota_down},{quota_up},{validity},0\n"

filepath="vouchers.txt"

with open(filepath, "a") as voucher_file:

for i in range(voucher_qty):

voucher_file.write(new_voucher())`

To run the script, open an administrator level command prompt. Navigate to where you have the script and type python voucher_generator.py

It only takes a second and a new file called voucher.txt is created. Copy the contents to the voucher.txt file on the router and you are good to go.

If you want to get fancy then you can open the voucher.txt file in excel and use that to create a maailmerge/form letter that you can give/sell to clients with the details. Over to you for that!

Terms of Service

One important step to do is to review the provided Terms of Service. They are hidden in a script so…

Using an ssh session on the router open /usr/lib/opennds/theme_voucher.sh

You will need to scroll down a fair way and read the terms. Don’t like them, then edit/create your own and follow the same format.

Storage of Logs and Voucher.txt file

We need to have a system that protects the logs and the voucher.txt file from the RAM of the router. For that we use a USB. In order to get the USB ready, follow the instructions at https://openwrt.org/docs/guide-user/storage/usb-drives

Set up USB for vouchers and logs – A work in progress!

Backup

Now that you have finished the setup and everything is working – BACKUP!!!