TTYD not working in Luci with running Opennds 10.3.1

Dear guys, after installing Opennds I can only access AP with https:// which redirects to http://. Accessing directly through http:// gives 403. I can live with that.

I would like to use TYYD within Luci GUI but I get white screen in Luci, what can I do about that?

Kind regards

TTYD? What does that do?
Sorry, but none of what you are saying makes any sense.

OpenNDS is "Open Network Demarcation Service", ie it controls the border between your local network and the upstream Internet feed - like a firewall but dynamic in its operation. By default it provides a Captive Portal Pop-up where clients are served a web page with terms and conditions of use etc.

Perhaps you could try to explain what it is you are trying to achieve.

Thanks for quick reaction! I would like to administrate OpenWRT through terminal TTYD within Luci which ran without issues until I installed OpenNDS. From that point on TTYD terminal app isnt loaded when accessing Luci, meaning there is only white tile. It seems like common issue and I am aware that most of you guys do anything through SSH.

Had missed binding now binded to br-lan and I can see blinking cursor but still no shell login.

I can reproduce the following behaviour:

I can access directly through http://192.168.1.150/cgi-bin/luci/admin/services/ttyd

BUT NOT through https://192.168.1.150/cgi-bin/luci/admin/services/ttyd then ttyd is not loaded!

With OpenNDS I can only acces through https and then TTYD isnt displayed

Yes but what are you wanting to achieve using OpenNDS?
This is important to know because it can/will effect access to Luci.
For example if you are providing a guest network, with restrictions for your guests, you don't really want to give those guests access to Luci, even if they haven't yet guessed your password

For clarity:

1. I have no idea what TTYD is, having never heard about it before. I assume it means TeleTYpeDaemon, or something similar.
2. I am the developer/maintainer of OpenNDS, so I like to think I am fairly knowledgeable about it. I am sure I can help with setting it up.
3. Luci does not have any support for OpenNDS. Luci is blissfully unaware of what OpenNDS does, including anything firewall related. OpenNDS is a firewall in its own right and operates at a higher priority than fw4.
4. There is no luci-app-opennds or similar.

You could start by sharing the outputs of:

uci export opennds

and

uci export network

This might give us something to work with.

Wow, ok, then I will supply as much information as possible.

I would like to run Opennds on 5ghz radio with voucher system. I have an R6100 running this setup with working ttyd - now I would like to set up an R6800. But I cant remember what I did to get ttyd running.

For now ttyd is web based terminal app https://github.com/Stensal/ttyd

Will give requested information as well

@bluewavenet Running Opennds:

http://192.168.178.5/cgi-bin/luci/ >> forbidden 403
(which is normal behaviour)

https://192.168.178.5/cgi-bin/luci/ >> redirects http://192.168.178.5/cgi-bin/luci/
(normal behaviour)

I can login but https://192.168.178.5/cgi-bin/luci/admin/services/ttyd isnt displayed

Opennds running > http://192.168.178.5:7681/ doesnt load

Opennds stopped > http://192.168.178.5:7681/ displays ttyd terminal

This is requested output:

root@OpenWrtR6800:~# ps | grep ttyd
 1830 root      1400 R    grep ttyd
23171 root      6592 S    /usr/bin/ttyd -p 7681 -i br-lan -d 7 /bin/login
root@OpenWrtR6800:~# netstat -lntp | grep 7681
tcp        0      0 192.168.178.5:7681      0.0.0.0:*               LISTEN      23171/ttyd
root@OpenWrtR6800:~# /etc/init.d/opennds stop
root@OpenWrtR6800:~# /etc/init.d/opennds start
This is openNDS version 10.3.1
root@OpenWrtR6800:~# uci export opennds
package opennds

config opennds
        option faskey '0c94c4___________d3a350f22765a4d2'

root@OpenWrtR6800:~# uci export network
package network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd1f:+++++:c133::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.178.5'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.178.1'
        option force_link '0'
        list dns '192.168.178.1'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'none'

Is ist Javascript blocked content? Websocket issue?

No, not normal at all. What is 192.168.178.5?
OpenNDS MUST be run on a device cofigured as a layer 3 ROUTER and binds to the ipv4 gateway address. 192.168.178.1 or 192.168.178.254 would be considered as normal for an ipv4 gateway.

No, this is not normal behaviour either. OpenNDS will NEVER redirect https to http.

If you really are being redirected as you say, it is NOT OpenNDS doing it.

I asked to see some basic configuration details, I will ask again. If you are not willing to share, then there is nothing more I can do for you.

Here, again, is what I want to see:

? I shared .....you might have a look on previous post but I can share twice:

root@OpenWrtR6800:~# /etc/init.d/opennds start
This is openNDS version 10.3.1
root@OpenWrtR6800:~# uci export opennds
package opennds

config opennds
        option faskey '0c94c4___________d3a350f22765a4d2'

root@OpenWrtR6800:~# uci export network
package network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd1f:+++++:c133::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.178.5'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.178.1'
        option force_link '0'
        list dns '192.168.178.1'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'none'

192.168.178.5 > Bridge / AP (running OpenNDS)

192.168.178.1 > Gateway

Ah, yes - I see it now. All I noticed was the output from ps, which I did not ask for.

As I stated earlier, OpenNDS MUST be run on a ROUTER with both "lan" AND "wan" connections with "wan" connected to the upstream Internet feed.

So, my guess is you have an ethernet connection between your isp router and a lan port on your "Access Point"?

In words, tell me what other configuration you did to the device you call your bridge/AP.

You still have a wan section in the network config, so it will think it is actually running as a router. Its dhcp server probably fails because it detects the isp router's dhcp most of the time..

We need to step back and properly review what you are trying to achieve. You seem to have made some fundamentally incorrect assumptions with what you have set up currently.
Sketch a diagram, take a photo of the sketch and post it here - it might help.,

Alright I appreciate your help. 1st I would like to say that the system I want to run is already running on R6100 along with Squid. If it is setup correctly - I dont know but it is working (with the help of AI but I guess it is not setup correctly ). My aim is to setup same on R6800 which has stronger specs….

Goal: OpenNDS running only on 5GHZ radio. Kids need to input vouchers to gain access. Maybe later Squid as will….but for now OpenNDS only.

(On R6100 I had to setup another subnet and set static routes and several other things, mostly done with AI help)

What I did so far:

Configured R6800 as AP/Bridge, DHCP disabled, set gateway as nameserver, installed several packages, one is TTYD terminal.

IMG_00931920×2164 458 KB

yes ttyd in luci: no terminal, plez report bug

luci-app-ttyd has options to configure the terminal for https. The browser likely blocks 'mixed active content' - an http connection when a page is viewed via https and vice-versa.

ttyd expects pem type cert+key.

A very common configuration - no problem there.

Is this for your family, or is this for a school/school-dorm/youth-club or similar?

Is it your intention to charge for the Internet access?
Your customers will just use their phone data instead.

Voucher systems are not officially supported, but are certainly possible. A community member wrote a ThemeSpec voucher system as a guide/template for a voucher system. This is now quite old, but still a good place to start - You WILL have to write your own voucher system or at the very least bring this old template up to date.

Why? What would be the purpose? It will only work reliably and without errors in Explicit HTTPS proxy mode and that requires proxy settings to be configured on every users browser and apps - quite an overhead.

OpenNDS WILL NOT work with this configuration.
For a standard ethernet connected AP (aka a Dumb Ap), the wan interface is disabled.
OpenNDS will detect this and shut down.

If you have left the wan interface enabled, OpenNDS will continually log errors saying the upstream gateway is down.

If dhcp is disabled, but somehow OpenNDS has managed to start, all logins will be disabled.

Remember I said earlier:

Now - your diagram, what it shows and what needs to be done.

1. What you call "Gateway", is this your isp router?
2. Your AP/Bridge (the R6800). This will not work with OpenNDS.
3. The R6800 needs first to be reflashed (or reset) to a basic router.
4. The R6800 wan port will be connected by ethernet to a lan port on the isp router
5. By default, the R6800 wan interface will get an ipv4 address from the isp router.
6. The R6800 lan bridge will need an ipv4 address in its own subnet eg 192.168.2.1
7. The R6000 will have its own dhcp server for its own subnet
8. Once this is all working, both 2.4 and 5GHz networks on eg192.168.2.x network, the next step will be to create a "guest" network with another subnet eg 192.168.3.1.
9. Once the guest network is up and tested, then and only then is it time to configure and enable OpenNDS.
10. Only the guest network will be controlled by OpenNDS, so TTYD should work as long as you are not on guest.

Thanks for the information!

We are slowly moving away from the actual topic, which is “TTYD no longer works after installing OpenNDS.”

I also have to disagree: the configuration I mentioned — the one I drew in the picture — is actually running on my R6100 . OpenWrt is running on the R6100 with OpenNDS installed, and OpenNDS is operating only on the 5 GHz radio in its own network , using 5-digit PIN voucher authentication via a CGI script , completely without a WAN connection . The device is simply connected through LAN1 . I would like to set up a stronge device now R6800!

It may be true that this setup is not 100% secure or does not follow the usual configuration or networking best practices. However, the goal is simply to have a system that works at home , so the kids cannot surf the internet endlessly.

The only issue at the moment is that the session gets terminated, but for example when a stream is running, the stream continues . I know this because I have the device here at home and it is actively being used by the kids.

Since I’m still a newbie , I set everything up with the help of ChatGPT. It wasn’t easy, but eventually it worked somehow.

As for the OpenNDS configuration , I would prefer to discuss that in a separate thread . I’m currently documenting the router setup for myself, and I had exactly the same TTYD problem back then , but I can’t remember what the solution was.

Since I only use this system at home, I would like TTYD to work even when OpenNDS is installed , which currently is not the case .
That is the only thing I want to focus on here for now .

@bluewavenet : why is OpenNDS' behaviour not normal? I documented any step for this setup so far, nothing special done so far

@systemcrash What shell I do?

@tdelco are you sure?

That is because OpenNDS is NOT ACTUALLY DOING ANYTHING.
It blocks access from LAN to WAN on the ROUTER on which it is running.
You have NOTHING connected to WAN.

You obviously know more about the package than its author.
Sorry but you and your hallucinating AI are on your own from here.
Good luck.

Thanks so much for the kindergarden! And again, the issue is TTYD not working nothing more/less

You're welcome.

yes, ttyd doesn’t work on x86 APU1 APU2 on 25.12.0. You’re right, not being fixed due to ssh working ok. plez file bug report.

image656×704 29.7 KB

You know better than me, so I guess my screenshot shows it not working....

I suppose then that "there is only white tile" means white text on a black background, not sure.