fine, but are you handling the ipv6 traffic as well ?
I am not exactly sure, I am new to network stuff.
I just install wifidog for captive portal to block everything for me.
I just follow this configuration like others did.
I start wifidog and then reboot.
no need to paste the same config twice ....
if you disable ipv4 on your client, does everything still work ?
if you disable ipv6, does everything stop ?
Other sites are block like baidu.com, stackoverflow and many more.
but it was not able to block sites like google, youtube and some popular sites.
try answering the question(s) ....
Wifidog has been broken since 2016 with no new releases since 2015.
It is broken because it assumes an ancient version of iptables
There have been some patches done to allow it to at least compile - but really it is now dead and should probably be removed from OpenWrt.
Appreciate the answer.
How about CoovaChilli, is it recommended to learn it.
I have no network knowledge, so I am dependent on packages like this.
May be, my old comment regarding coova and IPv6 is outdated, because new version(s) of coova available, which allow set up incl. IPv6. However, I never used it, and my comment regarding complexity of setup is still valid.
2 Likes
fair enough, rephrased - should => could 
A little history:
Way back, because Wifidog was only being sparsely maintained, NoDogSplash was forked.
Again, for the same reason, in 2020, OpenNDS was forked from NoDogSplash.
OpenNDS is actively maintained so would be a good way forward.
1 Like
As captive portals must use dnat redirection to be compatible with the client based defacto CPD standard (aka canary probing) to give an "automatic popup", ipv6 support is very much a hack to the point of being more trouble than it is worth.
The upcoming rfc8910/8908 CPI standard will enable simple and reliable captive portal ipv6 support. This may take some time though as takeup of the CPI standard is slow as it is still very immature.
As far as I can see, ipv6 support in Coovachilli is flagged as "experimental" and does not have much code behind it as it predates CPI.
2 Likes
Thank you for this suggestion.
OpenNDS has a Forwarding Authentication Service (FAS) options, seems like this is a way to go.
I have a server which runs a nodejs application as authentication server.
You can write a FAS server in any language - php is the most common, but nodejs is fine.
Assuming you have an Internet hosted web server running your nodejs auth app, the simplest way forward is to use the standard fas-aes-https.php script on your Internet web server and modify it to use the node.js app to do the client credential verification.
If you have any questions or problems, open an issue at:
2 Likes
Thank you.
I am running my nodejs application on my local server.
I will try to do some experiment if it would work, if not I'll host on cloud.
I can write php application as well, I'll try to understand the inner working of opennds first.
is it possible to use my local server with ip 10.0.0.22?
I am running my nodejs application at port 80.
Then you should start with fas-aes.php (the http:// version) and modify that.
1 Like
Thank you.
Seems like you are one of developers. 
1 Like
Update.
I tried to apply the same solution on my other router.
It works flawlessly. Ipv6 just need to be disabled in order to block everything.
Wifidog works perfectly but OpenNDS is better.
Thanks
So basically what was suggested 11 days ago...?
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.