Captive WiFi OpenWRT OpenNDS Guide 📶

  1. Overview
  2. WiFi Hardware
  3. Captive WiFi OpenWRT OpenNDS Guide 📶

This setup has been tested successfully on GL.iNet GL-A1300 device with OpenWRT v21.

Please note you will need SHH knowledge before starting this guide, if you need our team to assist click here to log a support ticket 

Firewall Setup

By default, OpenWRT firewall does not allow web or SSH access on WAN IP. As a captive portal blocks all traffic on LAN until user is authenticated so when we initially enable captive portal on OpenWRT we lose access to the router from LAN side. To manage our OpenWRT we should therefore open access from WAN side.

Access your OpenWRT router via Luci interface. Go to Network => Firewall => Traffic Rules and add a new rule for opening port 80 (HTTP):

Name: ALLOW_WEB
Source Zone: WAN
Destination zone: Device (input)
Destination port: 80

Similarly, add a rule for allowing SSH access on port 22. Click on the Save and Apply button.

OpenNDS Installation Commands

Run the following commands for installing OpenNDS and its dependencies:

opkg update
opkg install opennds nano
opkg install php8 php8-cli php8-mod-openssl

OpenNDS Setup

Open the OpenNDS config file:

nano /etc/config/opennds

Uncomment/set the following parameters in the config file with appropriate values:

option fasport '443'
option fasremotefqdn 'test.wifi-ten.com'
option fasremoteip '159.223.123.94'
option faskey '1234567890'
option fas_secure_enabled '3'

Save and exit.

Restart OpenNDS process for the changes to take effect.

service opennds restart

ndsctl Commands

OpenNDS comes with a utility to interact with it. Here are some useful commands:

Check status:

ndsctl status

Deauthorize a client:

ndsctl deauth IP|MAC

References

OpenNDS Documentation


Was this article helpful?