?Simple captive portal using OpenWRT
OpenWRT has 2 walled garden solutions, one is coovachilli and the other is OpenNDS. I used the coovachilli solution to integrate with freeradius. However, I wanted a simple walled garden with no auth and decided to use OpenNDS as it had a configuration that supported this. But it bombed! But then I persisted, modified one of the existing scripts and boom. Here it is:
# Install opennds and change dnsmasq (NB!)
opkg update
opkg remove dnsmasq
opkg install dnsmasq-full
opkg install opennds
# Modify /etc/config/opennds
option login_option_enabled '3'
option themespec_path '/usr/lib/opennds/theme_click-to-continue-legacy.sh'
# Create a seperate interface for the hotspot captive portal
option gatewayinterface 'br-hot'
option gatewayname 'Fusion Hotspot'
option maxclients '500'
list walledgarden_fqdn_list 'xxx.yyy.com yyy.com bing.com google.co.za'
list walledgarden_port_list '80 443'
# Create /usr/lib/opennds/theme_click-to-continue-legacy.sh
# This is create from a copy of the basic script
#!/bin/sh
#
# Title of this theme:
title="theme_click-to-continue-legacy"
# functions:
generate_splash_sequence() {
click_to_continue
}
header() {
# Define a common header html for every page served
gatewayurl=$(printf "${gatewayurl//%/\\x}")
echo "<!DOCTYPE html>
<html>
<head>
<meta http-equiv=\"Cache-Control\" content=\"no-cache, no-store, must-revalidate\">
<meta http-equiv=\"Pragma\" content=\"no-cache\">
<meta http-equiv=\"Expires\" content=\"0\">
<meta charset=\"utf-8\">
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">
<link rel=\"shortcut icon\" href=\"$gatewayurl/images/splash.png\" type=\"image/x-icon\">
<link rel=\"stylesheet\" type=\"text/css\" href=\"$gatewayurl/splash.css\">
<title>$gatewayname</title>
</head>
<body>
<div class=\"offset\">
<med-blue>
$gatewayname <br>
</med-blue>
<div class=\"insert\" style=\"max-width:100%;\">
"
}
footer() {
# Define a common footer html for every page served
year=$(date +'%Y')
imagepath="/images/splash.png"
echo "
<hr>
<div style=\"font-size:0.5em;\">
<br>
<img style=\"height:60px; width:60px; float:left;\" src=\"$gatewayurl""$imagepath\" alt=\"Splash Page: For access to the Internet.\">
© Powered by Fusion Broadband South Africa - [email protected]<br>
<br><br><br><br>
</div>
</div>
</div>
</body>
</html>
"
exit 0
}
click_to_continue() {
# This is the simple click to continue splash page with no client validation.
# The client is however required to accept the terms of service.
if [ "$continue" = "clicked" ]; then
footer
fi
continue_form
footer
}
continue_form() {
# Define a click to Continue form
echo "
<big-blue>Welcome to the Saints Sports Festival!</big-blue><br>
<italic-black>
Connectivity provided by Cammington - [email protected] <br>
Please use responsibly.
</italic-black>
<hr>
<form action=\"/opennds_preauth/\" method=\"get\">
<input type=\"hidden\" name=\"fas\" value=\"$fas\">
<input type=\"hidden\" name=\"continue\" value=\"clicked\">
<input type=\"hidden\" name=\"landing\" value=\"yes\">
<input type=\"submit\" value=\"Access Internet\" >
</form>
<br>
"
footer
}
thankyou_page () {
# If we got here, we have both the username and emailaddress fields as completed on the login page on the client,
# or Continue has been clicked on the "Click to Continue" page
# No further validation is required so we can grant access to the client. The token is not actually required.
if [ -z "$custom" ]; then
customhtml=""
else
customhtml="<input type=\"hidden\" name=\"custom\" value=\"$custom\">"
fi
# Continue to the landing page, the client is authenticated there
footer
}
landing_page() {
originurl=$(printf "${originurl//%/\\x}")
gatewayurl=$(printf "${gatewayurl//%/\\x}")
configure_log_location
. $mountpoint/ndscids/ndsinfo
# authenticate and write to the log - returns with $ndsstatus set
auth_log
# output the landing page - note many CPD implementations will close as soon as Internet access is detected
# The client may not see this page, or only see it briefly
auth_success="
<p>
<big-blue>
Access to the Internet has been provided.
</big-blue>
<hr>
(Ads, unsafe and adult content is blocked!)
<hr>
</p>
<form>
<input type=\"button\" VALUE=\"Status\" onClick=\"location.href='$gatewayurl'\" >
</form>
<hr>
"
auth_fail="
<p>
<big-red>
Something went wrong and you have failed to log in.
</big-red>
<hr>
</p>
<p>
<italic-black>
Your login attempt probably timed out.
</italic-black>
</p>
<p>
<br>
Click or tap Continue to try again.
</p>
<form>
<input type=\"button\" VALUE=\"Continue\" onClick=\"location.href='https://$gatewayfqdn'\" >
</form>
<hr>
"
if [ "$ndsstatus" = "authenticated" ]; then
echo "$auth_success"
else
echo "$auth_fail"
fi
footer
}
#### end of functions ####
#################################################
# #
# Start - Main entry point for this Theme #
# #
# Parameters set here overide those #
# set in libopennds.sh #
# #
#################################################
# Quotas and Data Rates
#########################################
# Set length of session in minutes (eg 24 hours is 1440 minutes - if set to 0 then defaults to global sessiontimeout value):
# eg for 100 mins:
# session_length="100"
#
# eg for 20 hours:
# session_length=$((20*60))
#
# eg for 20 hours and 30 minutes:
# session_length=$((20*60+30))
session_length="0"
# Set Rate and Quota values for the client
# The session length, rate and quota values could be determined by this script, on a per client basis.
# rates are in kb/s, quotas are in kB. - if set to 0 then defaults to global value).
upload_rate="0"
download_rate="0"
upload_quota="0"
download_quota="0"
quotas="$session_length $upload_rate $download_rate $upload_quota $download_quota"
# Define the list of Parameters we expect to be sent sent from openNDS ($ndsparamlist):
# Note you can add custom parameters to the config file and to read them you must also add them here.
# Custom parameters are "Portal" information and are the same for all clients eg "admin_email" and "location"
ndscustomparams=""
ndscustomimages=""
ndscustomfiles=""
ndsparamlist="$ndsparamlist $ndscustomparams $ndscustomimages $ndscustomfiles"
# The list of FAS Variables used in the Login Dialogue generated by this script is $fasvarlist and defined in libopennds.sh
#
# Additional custom FAS variables defined in this theme should be added to $fasvarlist here.
additionalthemevars=""
fasvarlist="$fasvarlist $additionalthemevars"
# You can choose to define a custom string. This will be b64 encoded and sent to openNDS.
# There it will be made available to be displayed in the output of ndsctl json as well as being sent
# to the BinAuth post authentication processing script if enabled.
# Set the variable $binauth_custom to the desired value.
# Values set here can be overridden by the themespec file
#binauth_custom="This is sample text sent from \"$title\" to \"BinAuth\" for post authentication processing."
# Encode and activate the custom string
#encode_custom
# Set the user info string for logs (this can contain any useful information)
userinfo="$title"
# Customise the Logfile location. Note: the default uses the tmpfs "temporary" directory to prevent flash wear.
# Override the defaults to a custom location eg a mounted USB stick.
#mountpoint="/mylogdrivemountpoint"
#logdir="$mountpoint/ndslog/"
#logname="ndslog.log"
# Modify the /etc/opennds/htdocs/splash.css
body {
background-image: url('https://xxx.yyy.com/extra/images/wallpaper.jpg');
color: #add8e6;
margin: 0;
padding: 10px;
font-family: sans-serif;
}
Ronald ensures that Internet inhabiting things are connected reliably online at Fusion Broadband South Africa - the leading specialized SD-WAN provider in South Africa.