I recently bought a WRT54GS V7.2 for about $30. I intended to use this as a Captive Portal Wifi for guests. It turns out that this version of the GS has only 2Megs of Flash, nearly crippling it.
I was able to run VxWorksKiller and replace the VxWorks OS with dd-wrt-v2.4Sp1-micro-generic, which is a large improvement. It has network statistics and repurposes the "Secure Easy Setup" button on the front to toggle the Wifi on/off, which is nice. But I was unable to run anything useful for a portal, which would redirect clients.
Useful notes:
This will allow you to tftp up an image to the router from a linux box
#tftp 192.168.1.1
>binary
>rexmt 1
>timeout 60
>trace
>put file.bin
If the image seems corrupt, meaning when you power it on all the Ethernet lights blink, then only the one port you are plugged into blinks, yet you can ping the device, you can bring it back from the brink of death by:
Powering it up, wait until it gets into its hung state, then press the reset button for 20 seconds
still holding the reset button down, pull the power plug, and continue to hold it down for another 20 seconds
still holding the reset button down, plug the power in, and continue to hold the reset button for 20 seconds
Hotspot notes:
Chillispot won't run on Micro. Even if it did, it requires a RADIUS server
NoCatSplash won't run on micro
CoovaChili works as a stand-alone Captive Portal for the WRT54GL--I'll use this if I need one
Sveavasoft is commercial (you have to pay or get it from a torrent), and I didn't try to get it for the micro
UseMyNet is a commercial product
WiFiDog needs back end a php or PostgresSQL server
eWRT, which runs NoCatSplash runs on the OpenWRT, but not on 2MB of space
Sputnik DOES run, and I was excited to get that going. They also have a network management only (NMS) mode, which supposedly incurs no licensing or subscription fees. This supposedly provides "Client Isolation", and "Enables each user in a hotspot to have a private, hence "isolated" session, improving security on public Wi-Fi networks without adding complexity."
Here is a screenshot:
In testing, this never was able to work, even in NMS mode. The error is that was "unable to resolve Jabber service IP" even when connected directly to the Internet. My assumption is that their site went down.
So, I got dd-wrt to run as an open WiFi hotspot, and can turn the wifi on/off using the Easy Setup button.
But I could not get a captive portal working on the WRT54GS. My next try at a Captive Portal will be on a WRT54GL using either ewrt0.4.3 with NoCatSplash, which was state of the art two years ago, or CoovaAP, which I'm pretty confident will work well, and seems to be the latest best thing (but perhaps without a configurable splash page).
NoCatSplash has authentication deprecated (ghetto!), so I can't use that, as I wanted to hand guests a userid/password.
ewrt wouldn't work, and ChilliSpot required a RADIUS server. Ugh.
Tried CoovaAP (openwrt-54g-squashfs.bin). It looks like this might be the ticket. Tried to configure this, and somehow messed up my configuration. tried to upload a new firmware and start over, and it turns out that CoocvaAP takes over the firmware, and won't let you install anything else. SO USE COOVAAP AT YOUR OWN RISK. The only way I was able to reflash the router was with the JTAG cable again. This thing has been worth its weight in gold with this router, as it's helped me recover from a corrupt BIOS (CFE Image), enabled me to reflash the router when the boot-wait was not turned on, enabled me to reflash nvram that was corrupt and I couldn't fix (say with the reset button), but mostly just fix bad firmware images that like to take over the OS and lot let it go.
Uploaded the CoovaAP WRT54GL 1.0-beta.8 openwrt-54g-squashfs.bin file to the router, and started over. Tried to do this directly via the JTAG cable, which took over three hours, but it didn't work. So I uploaded the original Linksys firmware, and upgraded through the GUI.
When CoovaAP booted, I changed the default password, and then went to the Hotspot section. Under the "Configuration Tab", I changed the Hotspot type to Internal, Wireless only, Deny, Http for configured users.
Under the "Access List" tab, I added one guest.
Under the Portal Tab, I selected "Login Page", and changed the HTML to what I wanted it to say. The cool thing about this is that it allows you to customize your login page!
I applied changes, and tested it. It didn't work. So I went in to the GUI and started CoovaChilli (it was installed, but not running). This worked like a champ (after unplugging and then plugging the router back in).
A couple of items worth note is that the Coova firmware is a little buggy, and wouldn't finish applying the changes I made unless it had an Internet connection. Also, a user has to have a browser with JavaScript enabled to see the login page. This is a little ghetto, but I suppose that most folks have Javascript enabled on their browsers anyway, so I guess that I can live with it.
So I have an authenticated, encrypted Captive Portal to the Internet. Finally! CoovaAP seems like the ticket. Next on the list is installing a client and server certificate-authenticated VPN tunnel, so that I can jump to the Internet from my home router when accessing it from an external, unencrypted Hotspot.
I was able to run VxWorksKiller and replace the VxWorks OS with dd-wrt-v2.4Sp1-micro-generic, which is a large improvement. It has network statistics and repurposes the "Secure Easy Setup" button on the front to toggle the Wifi on/off, which is nice. But I was unable to run anything useful for a portal, which would redirect clients.
Useful notes:
This will allow you to tftp up an image to the router from a linux box
#tftp 192.168.1.1
>binary
>rexmt 1
>timeout 60
>trace
>put file.bin
If the image seems corrupt, meaning when you power it on all the Ethernet lights blink, then only the one port you are plugged into blinks, yet you can ping the device, you can bring it back from the brink of death by:
Powering it up, wait until it gets into its hung state, then press the reset button for 20 seconds
still holding the reset button down, pull the power plug, and continue to hold it down for another 20 seconds
still holding the reset button down, plug the power in, and continue to hold the reset button for 20 seconds
Hotspot notes:
Chillispot won't run on Micro. Even if it did, it requires a RADIUS server
NoCatSplash won't run on micro
CoovaChili works as a stand-alone Captive Portal for the WRT54GL--I'll use this if I need one
Sveavasoft is commercial (you have to pay or get it from a torrent), and I didn't try to get it for the micro
UseMyNet is a commercial product
WiFiDog needs back end a php or PostgresSQL server
eWRT, which runs NoCatSplash runs on the OpenWRT, but not on 2MB of space
Sputnik DOES run, and I was excited to get that going. They also have a network management only (NMS) mode, which supposedly incurs no licensing or subscription fees. This supposedly provides "Client Isolation", and "Enables each user in a hotspot to have a private, hence "isolated" session, improving security on public Wi-Fi networks without adding complexity."
Here is a screenshot:
In testing, this never was able to work, even in NMS mode. The error is that was "unable to resolve Jabber service IP" even when connected directly to the Internet. My assumption is that their site went down.
So, I got dd-wrt to run as an open WiFi hotspot, and can turn the wifi on/off using the Easy Setup button.
But I could not get a captive portal working on the WRT54GS. My next try at a Captive Portal will be on a WRT54GL using either ewrt0.4.3 with NoCatSplash, which was state of the art two years ago, or CoovaAP, which I'm pretty confident will work well, and seems to be the latest best thing (but perhaps without a configurable splash page).
NoCatSplash has authentication deprecated (ghetto!), so I can't use that, as I wanted to hand guests a userid/password.
ewrt wouldn't work, and ChilliSpot required a RADIUS server. Ugh.
Tried CoovaAP (openwrt-54g-squashfs.bin). It looks like this might be the ticket. Tried to configure this, and somehow messed up my configuration. tried to upload a new firmware and start over, and it turns out that CoocvaAP takes over the firmware, and won't let you install anything else. SO USE COOVAAP AT YOUR OWN RISK. The only way I was able to reflash the router was with the JTAG cable again. This thing has been worth its weight in gold with this router, as it's helped me recover from a corrupt BIOS (CFE Image), enabled me to reflash the router when the boot-wait was not turned on, enabled me to reflash nvram that was corrupt and I couldn't fix (say with the reset button), but mostly just fix bad firmware images that like to take over the OS and lot let it go.
Uploaded the CoovaAP WRT54GL 1.0-beta.8 openwrt-54g-squashfs.bin file to the router, and started over. Tried to do this directly via the JTAG cable, which took over three hours, but it didn't work. So I uploaded the original Linksys firmware, and upgraded through the GUI.
When CoovaAP booted, I changed the default password, and then went to the Hotspot section. Under the "Configuration Tab", I changed the Hotspot type to Internal, Wireless only, Deny, Http for configured users.
Under the "Access List" tab, I added one guest.
Under the Portal Tab, I selected "Login Page", and changed the HTML to what I wanted it to say. The cool thing about this is that it allows you to customize your login page!
I applied changes, and tested it. It didn't work. So I went in to the GUI and started CoovaChilli (it was installed, but not running). This worked like a champ (after unplugging and then plugging the router back in).
A couple of items worth note is that the Coova firmware is a little buggy, and wouldn't finish applying the changes I made unless it had an Internet connection. Also, a user has to have a browser with JavaScript enabled to see the login page. This is a little ghetto, but I suppose that most folks have Javascript enabled on their browsers anyway, so I guess that I can live with it.
So I have an authenticated, encrypted Captive Portal to the Internet. Finally! CoovaAP seems like the ticket. Next on the list is installing a client and server certificate-authenticated VPN tunnel, so that I can jump to the Internet from my home router when accessing it from an external, unencrypted Hotspot.
Comments
Post a Comment