What type of authentication is my dorm using and how can I connect my OpenWrt router to it?

My dorm has an ethernet port and I want to connect my OpenWrt router's wan port to it to create my own subnet here. The instructions to connect to the network are as follows from IT: Plug into the port, open a browser to any page, a page will load asking for your university credentials.

What type of authentication is this? How can I connect my router to it? If I authenticate with my laptop can I then plug in the router or does the client always authenticate every time it connects? Is there another way to authenticate without a web browser? Is it likely that whatever the first device that authenticates gets their mac address whitelisted and then no one else can connect?

Thanks for any help.

These are all questions you should ask the IT department or network admins who handle the dorm/campus connections. There are many different types of authentication or captive portal systems, and they all operate differently. Every single one of your questions is impossible for anyone to answer except those familiar with your dorm's network. You can run some experiments and answer several of your questions yourself.

And, until you actually have answers for your questions, nobody can help you determine if/how you can connect an OpenWrt router to that network.

1 Like

Sounds like a captive portal, just over ethernet instead of wifi. Yes, it will likely just whitelist the MAC address doing the authentication. Putting a router between should likely work, even if you authenticate from a connected client as the masqueraded MAC of the router will be whitelisted then.

Automating the login could be doable, depending on the specific setup of the authentication page. In the simplest case it is just sending username and password as HTTP post data using wget or curl, but as @psherman said, this is highly specific to the network setup, so you need to figure out those details yourself.

1 Like

Thanks for the replies. I got it working by authenticating on a laptop with a spoofed randomly generated MAC address. Then overrided the MAC address of the WAN interface in OpenWRT with the MAC I authenticated. I assume once you authenticate the MAC becomes whitelisted and then it is always authenticated.

... or at least for a while

1 Like

If you're routing through the WAN port, the network only ever sees the MAC of your router as if it were one user.

It should also work to connect a laptop to the LAN side and authenticate indirectly from it. This actually authenticates the router's MAC not the laptop.

Yeah it will probably deauth as some point but I'll cross that bridge when I get there. As mk24 said I might be able to authenticate with a client in the subnet.

Take a look at travelmate. It can do what you need.

1 Like