分类 wifidog openwrt 下的文章

OpenWRT中添加新设备支持

这里还是向OpenWRT中添加对小度路由的支持
向 target/linux/ramips/image/makefile中写入新设备

image/build/profile/mt7620a_CLZ=$(call buildFirmware/Default8M/$(1),$(1),mt7620a_clz,MT7620a_CLZ)
$(call image/Build/Profile/MT7620a_CLZ,$(1))

base-files中的一些可用配置:

base-files/etc/diag.sh 控制LED在OpenWRT启动时是否闪烁
base-files/lib/upgrade/platform.sh 允许sysupgrade工作
base-files/etc/uci-defaults/network to configure(安装) default network interface(界面) settings, particularly MAC addresses
base-files/etc/uci-defaults/leds if you have configurable(可配置的) LEDs which should default to a behavior(行为), like a WLAN activity LED
base-files/etc/hotplug.d/firmware(固件)/10-rt2x00-eeprom to extract(提取) the firmware image for the wireless(无线的) module
base-files/lib/preinit/06_set_iface_mac to set the MAC addresses of any other interfaces(界面)

编写的小度路由用的dts文件

/dts-v1/;

/include/ "mt7620a.dtsi"

/ {
    compatible = "ralink,mt7620a-eval-board", "ralink,mt7620a-soc";
    model = "Ralink MT7620A xiaodu board";

    palmbus@10000000 {
        sysc@0 {
            ralink,gpiomux = "i2c";
            ralink,uartmux = "gpio";
            ralink,wdtmux = <1>;
        };

        gpio0: gpio@600 {
            status = "okay";
        };

        spi@b00 {
            status = "okay";

            w25q64bv@0 {
                #address-cells = <1>;
                #size-cells = <1>;
                compatible = "w25q64bv";
                reg = <0 0>;
                linux,modalias = "w25q64bv";
                spi-max-frequency = <1000000>;

                partition@0 {
                    label = "u-boot";
                    reg = <0x0 0x30000>;
                    read-only;
                };

                partition@30000 {
                    label = "u-boot-env";
                    reg = <0x30000 0x10000>;
                    read-only;
                };

                factory: partition@40000 {
                    label = "factory";
                    reg = <0x40000 0x10000>;
                    read-only;
                };

                partition@50000 {
                    label = "firmware";
                    reg = <0x50000 0x6b0000>;
                };

                partition@700000 {
                    label = "usercfg";
                    reg = <0x700000 0x100000>;
                };
            };
        };
    };

    ethernet@10100000 {
        status = "okay";

        pinctrl-names = "default";
        pinctrl-0 = <&ephy_pins>;

        ralink,port-map = "llllw";
    };

    gsw@10110000 {
        ralink,port4 = "ephy";
    };

    sdhci@10130000 {
        status = "okay";
    };

    pcie@10140000 {
        status = "okay";
    };

    gpio-keys-polled {
        compatible = "gpio-keys";
        #address-cells = <1>;
        #size-cells = <0>;
        poll-interval = <20>;
        wps {
            label = "wps";
            gpios = <&gpio0 12 1>;
            linux,code = <0x100>;
        };
        reset {
            label = "reset";
            gpios = <&gpio0 13 1>;
            linux,code = <0x101>;
        };
    };
};

添加设备后,最好需要将之前编译产生的临时文件删除,语句如下

 cd trunk
 rm -rf tmp
 make menuconfig

本文章由 http://www.wifidog.pro/2015/06/22/openwrt%E6%B7%BB%E5%8A%A0%E6%96%B0%E8%AE%BE%E5%A4%87.html 整理编辑,转载请注明出处

OpenWrt wifidog 实现收费提醒效果

需求场景

有一个免认证的 Wifi SSID,比如叫:OpenWrt,附近的同学可以随便连上这个 SSID,没有缴过费的同学不管访问什么地址,都会被跳转到收费提醒页面,而缴过费的同学就可以开心上网了。

解决办法

从需求上来说,这是一个非常标准的 WifiDog 效果,如果未来有很复杂的需求,可以直接通过 WifiDog 来实现跳转,然后再通过 AuthPuppy 来实现账户管理,不过想在 OpenWrt 上同时部署 WifiDog 与 AuthPuppy 也不是一件很容易的事情。

因此我们准备考虑直接通过 iptables 来实现这个需求,未来如果有复杂的扩展需求,也不影响扩展到 WifiDog 来实现。

实现流程

通过 SSH 登录到 OpenWrt,打开 /etc/config/uhttpd,在文件的最顶部增加以下配置

config uhttpd 'portal'
list listen_http '0.0.0.0:11990'
option home '/www/portal'
option error_page '/index.html'

然后在 /www/portal 下新建一个名为 index.html 的静态文件,文件内容可以如下

<html>
<head>
  <meta http-equiv="cache-control" content="no-cache">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <title>Wifi</title>
</head>
<body>
  Email: xxxx@xxx.com
</bodu>
</html>

之后再打开 /etc/firewall.user 文件,在末尾添加如下配置:

iptables -t nat -A prerouting_lan_rule -p tcp -m tcp --dport 80 -m mark ! --mark 8 -j REDIRECT --to-ports 11990
iptables -t filter -A forwarding_lan_rule -m mark ! --mark 8 -j REJECT

保存后执行 /etc/init.d/firewall restart 重新载入 iptables 的配置
然后再执行 /etc/init.d/uhttpd restart 重新载入 uhttpd 的配置

然后用手机连接这个无线网络,你就会发现总是弹出这个提示页面了

用户授权

当有用户缴费了之后,向他要到他的MAC地址,同样打开 /etc/firewall.user 文件,比如这个用户有 2 个设备,MAC 地址分别是 00:00:00:00:BB:AA 与 00:00:00:00:BB:BB 则添加以下 2 条 规则,以后这 2 个设备就可以随便上网了!

iptables -t mangle -A fwmark -m mac --mac-source 00:00:00:00:BB:AA -j MARK --set-mark 8
iptables -t mangle -A fwmark -m mac --mac-source 00:00:00:00:BB:BB -j MARK --set-mark 8

添加后同样需要执行 /etc/init.d/firewall restart 以使配置生效

注意事项

如果通过以太网口访问 OpenWrt luci 管理界面也是那个收费提示,只需要把该机器的 MAC 地址同样授权一样即可

本文章由 http://www.wifidog.pro/2015/04/08/openwrt-wifidog-5.html 整理编辑,转载请注明出处

OpenWrt WifiDog + wiwiz 安装配置

wifidog

WifiDog是路由器的一种上网认证功能,如果开启此功能,所有通过路由器上网的设备都会跳转到指定的界面,需要通过某种方式认证才可以上网,这种认证方式的优势在于安全性高,不容易被破解验证。

WifiDog安装
登录到 OpenWrt luci 后台,打开 System / Software,然后查找 wifidog
NewImage1.png

再点击 Available packages (wifidog),选择安装
NewImage2.png

NewImage.png

WifiDog 安装后,还需要到 System / Startup 使用 WifiDog 服务自动启动
NewImage4.png

然后还要到 Network /Firewall 里,把 lan => wan 的默认 Forward 规则改为 reject
NewImage3.png

wiwiz 账号申请

Wifidog 使用时需要配合认证系统来使用,你可以部署一个 AuthPuppy,不过如果为了测试方便,可以直接申请一个 wiwiz 的账号。Wiwiz是一个有线/无线网络热点管理系统,利用它你可以为你的热点创建一个强制门户/强制认证页面(captive portal)。

申请好账号之后,需要在 Wiwiz 里创建一个热点,这个时候将得到你的 HotSpot ID,把这个 ID 记录下来,等下 WifiDog 配置的时候要用到。

WifiDog配置

使用 SSH 登录到你的 OpenWrt 上,编辑 /etc/wifidog.conf 文件,在文件末尾增加以下配置:

GatewayID 14BBB888BBB
AuthServer {
    Hostname cp.wiwiz.com
    Path /as/s/
}

最后直接重新启动一下路由器,然后用你的终端通过你的路由器访问互联网,就会弹出 Wiwiz 的认证页面

本文章由 http://www.wifidog.pro/2015/04/08/wifidog-openwrt-2.html 整理编辑,转载请注明出处

wifidog安装Oauth login for Google and Facebook on OpenWrt routers

Oauth for OpenWrt routers aims to support authentication via OAuth services (Google, Facebook...) and run on the same box with WifiDog. It is using Luci and provides an alternative to single Auth Server for WifiDog. There is no need to setup a separated machine for authentication.

How does it work?

When a new guest uses Wifi from a router to go to the Internet, he/she will be presented a login page where he/she can use his Facebook or Google accounts to log in order to have permission of using our Wifi to access the Internet. When the session of using the Internet is over, a page with a message informing that the user is unauthenticated is displayed, and he/she is withdrawn the Internet access permission. This means he/she must be login again to have the permission.

System requirements

The followings are all you need to successfully deploy Oauth for OpenWrt:

  • OpenWrt firmware.
  • LuCi package.
  • Wifidog package.
  • Standard wget package.
  • Oauth for OpenWrt package.

a. Install Wifidog package:

  • Connect with your router via SSH.
  • Use this command to install Wifidog: opkg install wifidog.

Note: if you can not install wifidog, let's first use this command: “opkg update”, and then install it again.

b. Modify Wifidog's configuration file:

The configuration file of Wifidog is in /etc/wifidog.conf.

  • Use this command to access the file: vi /etc/wifidog.conf.
  • There are some parameters that you need to alter, according to your
    system: + ExternalInterface. + GatewayInterface. + GatewayAddress
    (your router) + AuthServer (your router) + GatewayPort.

c. Install Oauth for OpenWrt package:

We provide an ipk package to easily install via opkg.

You can also build your own from source (https://github.com/hongquan/Oauth for OpenWrt):

  • Copy the source folder to openwrt/package (source tree).
  • Rename Makefile_build_standalone to Makefile (replace the old
    Makefile).
  • Rename "dist" folder to "root" Choose the luci-app-Oauth for OpenWrt
    in"make menuconfig".
  • Run "make package/luci-app-Oauth for OpenWrt/compile V=99" to build.

After finishing the whole things above, let's do some more steps following to make Oauth for OpenWrt works:

  • In Terminal, connect to your router via SSH.
  • Run wifidog via this command: “/etc/init.d/wifidog start” (or
    “wifidog -d 7 -f” to see log information)
  • On your web browser, access your router via its IP address. After
    logging in, select tab “Network/Oauth for OpenWrt/Status”. Then,
    press “Apply” button.

Oauth for OpenWrt is now ready to work.

Configure Oauth for OpenWrt

We have created some nice stuffs for you to make Oauth for OpenWrt work as you like. First of all, you need to access the admin page of router by typing the your router address. There are some options that you can choose to bend the Oauth for OpenWrt with your needs.

本文章由 http://www.wifidog.pro/2015/04/07/wifidog%E5%AE%89%E8%A3%85%E6%8E%88%E6%9D%83.html 整理编辑,转载请注明出处