Skip to main content

Captive Portal Fail using DD-Wrt on WRT54GS

I recently bought a WRT54GS V7.2 for about $30.  I intended to use this as a Captive Portal Wifi for guests.  It turns out that this version of the GS has only 2Megs of Flash, nearly crippling it.  

I was able to run VxWorksKiller and replace the VxWorks OS with dd-wrt-v2.4Sp1-micro-generic, which is a large improvement.  It has network statistics and repurposes the "Secure Easy Setup" button on the front to toggle the Wifi on/off, which is nice.  But I was unable to run anything useful for a portal, which would redirect clients.  

Useful notes:  

This will allow you to tftp up an image to the router from a linux box
>rexmt 1
>timeout 60
>put file.bin

If the image seems corrupt, meaning when you power it on all the Ethernet lights blink, then only the one port you are plugged into blinks, yet you can ping the device, you can bring it back from the brink of death by:

Powering it up, wait until it gets into its hung state, then press the reset button for 20 seconds
still holding the reset button down, pull the power plug, and continue to hold it down for another 20 seconds
still holding the reset button down, plug the power in, and continue to hold the reset button for 20 seconds

Hotspot notes:
Chillispot won't run on Micro.  Even if it did, it requires a RADIUS server
NoCatSplash won't run on micro
CoovaChili works as a stand-alone Captive Portal for the WRT54GL--I'll use this if I need one
Sveavasoft is commercial (you have to pay or get it from a torrent), and I didn't try to get it for the micro
UseMyNet is a commercial product
WiFiDog needs back end a php or PostgresSQL server
eWRT, which runs NoCatSplash runs on the OpenWRT, but not on 2MB of space

Sputnik DOES run, and I was excited to get that going.   They also have a network management only (NMS) mode, which supposedly incurs no licensing or subscription fees.  This supposedly provides "Client Isolation", and "Enables each user in a hotspot to have a private, hence "isolated" session, improving security on public Wi-Fi networks without adding complexity."  

Here is a screenshot:  

In testing, this never was able to work, even in NMS mode.  The error is that  was "unable to resolve Jabber service IP" even when connected directly to the Internet.   My assumption is that their site went down.  

So, I got dd-wrt to run as an open WiFi hotspot, and can turn the wifi on/off using the Easy Setup button. 

But I could not get a captive portal working on the WRT54GS.  My next try at a Captive Portal will be on a WRT54GL using either ewrt0.4.3 with NoCatSplash, which was state of the art two years ago, or CoovaAP, which I'm pretty confident will work well, and seems to be the latest best thing (but perhaps without a configurable splash page). 

NoCatSplash has authentication deprecated (ghetto!), so I can't use that, as I wanted to hand guests a userid/password.

ewrt wouldn't work, and ChilliSpot required a RADIUS server.  Ugh.  

Tried CoovaAP (openwrt-54g-squashfs.bin).   It looks like this might be the ticket.  Tried to configure this, and somehow messed up my configuration.  tried to upload a new firmware and start over, and it turns out that CoocvaAP takes over the firmware, and won't let you install anything else.  SO USE COOVAAP AT YOUR OWN RISK.  The only way I was able to reflash the router was with the JTAG cable again.   This thing has been worth its weight in gold with this router, as it's helped me recover from a corrupt BIOS (CFE Image), enabled me to reflash the router when the boot-wait was not turned on, enabled me to reflash nvram that was corrupt and I couldn't fix (say with the reset button), but mostly just fix bad firmware images that like to take over the OS and lot let it go.  

Uploaded the CoovaAP WRT54GL 1.0-beta.8 openwrt-54g-squashfs.bin file to the router, and started over.   Tried to do this directly via the JTAG cable, which took over three hours, but it didn't work.   So I uploaded the original Linksys firmware, and upgraded through the GUI.  

When CoovaAP booted, I changed the default password, and then went to the Hotspot section.  Under the "Configuration Tab", I changed the Hotspot type to Internal, Wireless only, Deny, Http for configured users.  

Under the "Access List" tab, I added one guest.  

Under the Portal Tab, I selected "Login Page", and changed the HTML to what I wanted it to say.  The cool thing about this is that it allows you to customize your login page!  

I applied changes, and tested it.  It didn't work.  So I went in to the GUI and started CoovaChilli (it was installed, but not running).   This worked like a champ (after unplugging and then plugging the router back in).   

A couple of items worth note is that the Coova firmware is a little buggy, and wouldn't finish applying the changes I made unless it had an Internet connection.  Also, a user has to have a browser with JavaScript enabled to see the login page.   This is a little ghetto, but I suppose that most folks have Javascript enabled on their browsers anyway, so I guess that I can live with it. 

So I have an authenticated, encrypted Captive Portal to the Internet.   Finally!   CoovaAP seems like the ticket.  Next on the list is installing a client and server certificate-authenticated VPN tunnel, so that I can jump to the Internet from my home router when accessing it from an external, unencrypted Hotspot.  


Popular posts from this blog

atftpd vs tftpd-hpa

Recently I was trying to tftp files from a Windows computer to a Kali box.   One version of Windows worked, but another didn't.    After much troubleshooting, here were my symptoms:

I could tftp a file from-to any Kali box from-to another Kali box
I could NOT tftp files to a specific Windows 7 box from any Kali box
I could NOT tftp files to a Chrooted-Ubuntu-Chromebook box from a Kali box

After MUCH troubleshooting, going through every setting in atftpd, it seemed like it literally was a client OS problem.  Different clients simply would not download files---unacceptable.

Thus, I switched to tftpd-hpa.   To install:
apt-get install tftpd-hpa

files go to/come from /srv/tftp, but it needs to be a tftp user. Thus, I needed to:
chroot -R /srv/tftp

Also, if you want to be able to put files ON the tftp server (from a client), you need to modify /etc/default/tftpd-hpa:
change "TFTP_OPTIONS="--secure" to "TFTP_OPTIONS="--secure --create"

I also changed the IP li…

ADS-B plotting with Kali (and other SDR goodies)

Recently I wanted to try some Software Defined Radio stuff.   
I had a RTL-SDR, FM+DAB, DVB-T USB Stick Set with RTL2832U & R820T. that I got from:
But, even though this dongle would break out FM radio stations, and ATC frequencies (like the local Ground Control, tower, and even ATIS), which was cool, it wouldn't break out ADS-B.   
Thus, I bought a Vantech Green Mini RTL2832U R820T DVB-T SDR DAB FM USB DIGITAL TV Tuner Receiver RTL-SDR Project + DAB dongle Tuner MCX Input from Amazon, and tried this.  
This dongle was able to listen to the 1090MHz frequency required for ADS-B (as it goes from 25MHz to 1700MHz).  There were tons of Windows programs out there for breaking out and plotting ADS-B Mode S broadcasts, but not many for Linux.  
For Kali Linux, here's how I got it running and plotting planes around my home:
0) before you start, you should do an apt-get update to ensure you hav…

Temper Temperature monitor on a Beaglebone Black

Beaglebone Black as a temperature monitor:

Recently I wanted to monitor the temperature of my shed.  I thought I'd use a small computer such as a Raspberry Pi or a Beaglebone or Odroid.

My Raspberry Pi boxes were all in use, so I grabbed my Beaglebone, which was doing nothing.

I flashed it with the Debian9.32018-03-054GB SDIoTimage, but that seemed like it was running lots of bloatware and the ethernet interface wouldn't take a static IP with /etc/network/interfaces.

So I went with the Debian9.32018-01-284GB SDLXQTi image instead.  I still had the same problem, that lots of junk was running, and I couldn't configure my interface by modifying /etc/network/interfaces

So my first step was to get rid of all the bloatware.  If you're using a Raspberry Pi or something, you can skip this and just go to the second step below

STEP 1--Remove Blotatware from Beaglebone Black:

With some searching, I came across this post:…