Hi all,

I have setup a TP-Link MR3020 on ChaosCalmer to be able to broadcast my own WiFi when travelling. This all works very well, with one exception which I don't understand and hope some of you can help me with:

Whenever the Router is behind a Captive Portal (which is the usual case these days), what happens is that any of the connected clients forwards to the URL of the respective Captive Portal correctly, i. e. the adress bar changes, but I get a "page not found" error. In other words I can't authenticate on the Captive Portal. I currently circumvent this issue by first authenticating with one of the clients directly in the respective network and then doing a MAC clone of the router to make it look like I am still connected with the other client.

However, this is not really a satisfying solution as whenever the guest network demands to re-authenticate I need to once again change networks, re-authenticate and change back to the router network.

I assume this is some sort of routing or DNS issue. On the other hand, it can't be because why would the clients be able to surf without any issues after the authentification on the Captive Portal has taken place?

I have tried everything, setting the DNS manually on the LAN interface to the DNS of the WAN, checked all the route, no sucess... Right now I am having the issue again and route -n shows this:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1        0.0.0.0         UG    0      0        0 eth0
172.22.222.0    0.0.0.0         255.255.255.0   U     0      0        0 wlan0
192.168.1.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth0

Any ideas?

Rgds
maxx1982

(Last edited by maxx1982 on 4 May 2016, 21:50)

Be so kind to Search before posting. This forum is flooded with threads pertaining to this topic.

Trust me that I did, but the only topics that I found were around how to set up a Captive Portal on OpenWRT which is not what I want. Pls. share the link to a post re. my question if you have one.

-1 (untrustworthy)

First hit, with keywords 'captive' and 'logon'.

-2 (topic is unrelated to OpenWrt)

Hi all,

In case anybody is interested in the solution to this - after another session of searching around I finally found this pretty old post: Connecting router to Brit Telecom wifi hotspot as client. Though the question is specific to Brit Telecom it contains the key to it:

My suspicion of DNS was correct; the reason for this is the DNS Rebind protection of OpenWRT. Option Network > DHCP and DNS > General Settings > Rebind protection needs to be turned off to make this work or the respective captive portal URLs have to be whitelisted (see also Wiki Page DNS/DHCP, options rebind_protection and rebind_domain).

Works fine for me!

@Max Hopper
1) likewise. maybe you've got that impression because that was my first post in this forum? The reason for that is that I usually spend a lot of time researching and finding my way myself (which I did for the past three months re. OpenWRT already) before I start posting stuff in forums. I also don't blow up my number of posts with posting useless stuff like "search in google" or "create a script".
Sorry to say so, but your behaviour clearly indicates that you have no clue yourself what the solution is. If that is the case, then why do you waste yours and my time posting messages like "use the search function" or "there is something i found on the first hit"? Had you really found something or known the answer you could have just said "turn that option off" or posted a link. That would have saved a lot of words on your end (and additional search time for me - which is the whole point of a forum).
2) nonsense - see above, just confirms my point of view of your ignorance of the topic

After searching 'a lot of time' it is fortuitous then that within 6 hours of posting, a solution was found.

-3 (a lot untrustworthy)

Perhaps a primative graphic assists -

-----    ----------        -----                    -----
|STA|    |AP & STA|        |AP |                    |URL|
-----    ----------        ----------    --------    -----
         |DNSmasq |        |CP & DNS|    |CP URL|
         ----------        ----------    --------

• STA requests URL example.com

• The STA of AP & STA is associated with an AP hosting a CP

• DNSmasq on AP & STA forwards this upstream (not cached)

• The CP (built-in DNS) responds with the IP address of the webserver hosting the CP login page (and a very short cache validity)

• DNSmasq caches the returned IP address of the CP webserver *as* example.com

• CP login authenticated

• CP webserver returns HTTP 301

• STA redirects to example.com

• DNSmasq forwards the request upstream

• CP recognises the authenticated STA and forwards the DNS request upstream

• DNSmasq compares the returned IP address because --stop-dns-rebind is enabled

• DNSmasq indicates a host not found (11001) error to the STA