在默认配置中，OpenWrt会将无线网络与设备的LAN相桥接。桥接的优势在于从无线到LAN的broadcast traffic不会有近一步变更，反之亦然。
为了将无线网络从LAN中分离，必须创建一个新的具有相应DHCP的网络和固件设置。此文档概括了此设置的必要步骤。

配置
以下的变更都是在假设OpenWrt默认配置的情况下，相关联文件有：
/etc/config/network
/etc/config/wireless
/etc/config/dhcp
/etc/config/firewall
第一步：明确一个新的网络
编辑.etc/config/network并明确一个新的interface sectoin：
config 'interface' 'wifi'
option 'proto' 'static'
option 'ipaddr' '192.168.2.1'
option 'netmask' '255.255.255.0'
注意的是这里没有ifname选项设置，当此节引用无线网络时，就不需要ifname了。
第二步：变更已有无线网络
在/etc/config/wireless中，找到已有wifi-iface段并变更它的网络选项，指出新创建的interface段。
config 'wifi-iface'
option 'device' 'wl0'
option 'network' 'wifi'
option 'mode' 'ap'
option 'ssid' 'OpenWrt'
option 'encryption' 'none'
在已有节段，network被变更指出上一步骤明确的wifi interface。
选择性的改变最后一行option encryption ‘psk2’并添加option key ‘secret key’来启用WPA encryption。

本文章由 http://www.wifidog.pro/2015/01/16/wifidog-%E8%B7%AF%E7%94%B1ap.html整理编辑，转载请注明出处

Wifidog 网关安装
需求：
1） 熟悉GNU/Linux环境
2） 内核中编译了netfilter的GNU/Linux OS
3） Iptables
4） GNU C 编辑器。其它编辑器可能也适用，但我们没有测试，也不支持。
5） 可以从SourceForge得到最新的Wifidog TAR包
预安装
很多人会在这里遇到问题，所以我们大致陈述一下：
将Wifidog引入到环境之前先要确保一切都是正常运行
l 路由器须boot正确
l 路由器能正确调出界面
l 路由器须联网
l 正确设置DNS，并能正常运行
l 正确设置DHCP
l 装载ipt_mac.o内核模块
l 如果用NAT,路由器必须用iptables设置NAT/masquerading规则
l 获取WIFI的客户端必面能够绑定和联接到互联网
l 当路由器开始运行时，以上所有须自动运行
安装
Wifidog跟其它开源项目一样，使用标准的自动化工具，使得安装更加便捷。打开TAR包获取来自SVN的最新资源，然后按以下步骤：
./autogen.sh
make
make install

如果你没有用make install来安装，二进制文件会保存在src/wifidgo。

OpenWrt ipkg
mkdir ~/wifidog.openwrtcd ~/wifidog.openwrtwget http://downloads.openwrt.org/whi ... inux-i686-1.tar.bz2tar -jxvf OpenWrt-SDK-Linux-i686-1.tar.bz2svn checkout https://dev.wifidog.org/svn/trunk/wifidogcd wifidog./autogen.shmake ipk OPENWRTSDK=~/wifidog.openwrt/OpenWrt-SDK-Linux-i686-1
如果没有错误，你的包应该保存在~/wifidog.openwrt/OpenWrt-SDK-Linux-i686-1/bin/packages
配置
编辑/etc/wifidog.conf并依照说明操作，一切OK。
首次运行Wifidog
按照以下命令启动Wifidog：
Wifidog –f –d 7
测试：
当客户端获取WIFI后，用浏览器打开你喜欢的网页。
监测运行当中的Wifidog的output。
认证服务器安装
需求
PHP5
l PHP5网络服务器。推荐Apache httpd服务器，并提义使用虚拟主机。
l 必用：Pgsql,dom,bmstring
l 选用：xml,gettext,mcrypt,mhash,xmlrpc
l PEAR：radius,Auth_RADIUS,Crypt_CHAP
l PHP library：Smarty,MagpieRSS,Phlickr
强烈建议安装选用项，以便激活认证服务器的所有特性。如果你不知道哪些已经安装，install.php将会进行检测并显示出对你有用的信息。最后一项将会通过install.php自动下载安装。
重点：认证服务器所需内存要大于PHP默认的8Mb。你需要在php.ini将其提高到32Mb或64Mb。如果你没进行此操作，也会安装成功，但不久就会用光内存。
PostgreSQL
正确配置PostgreSQL服务器。install.php脚本不会向PostgreSQL数据库服务器提供特殊的安全方式。系统管理员要做的是授予正确的数据库存取许可。
快速安装
1） 将Wifidog认证服务器软件源从CVS中撤出
2） 在人喜欢的浏览器中打开http://server.com/wifidog/install.php并按说明操作
3） 在config.php设置语言
4） 用管理员身份登录，填入网络信息，创建热点和目录
install.php
即使是install.php也无法尽其所能的来简化安装。但它能很快的给你一个门户，你可以做为管理员进行登录，自定义你的网络，热点，目录，用户等。
首先，你需要在浏览器中打开install.php。如果你尝试另一个门户网页，并且认证服务器没有预先设置好，那么你的浏览器将自动重新导向install.php。
按照网页上的说明创建wifidog用户和数据库。
第一次打开install.php，脚本会在/tmp/dog_cookie.txt文件中随机产生密码。这只是一种安全控制，用来防止选程用户用新安装的认证服务器做坏事。这个文件只是随机密码，不需要用户名。

本文章由 http://www.wifidog.pro/2015/01/09/wifidog%E5%AE%89%E8%A3%851.html 整理编辑，转载请注明出处

configure openwrt Wireless
The WiFi settings are configured in the file /etc/config/wireless (currently supported on Broadcom, Atheros and mac80211). When booting the router for the first time it should detect your card and create a sample configuration file. By default ’option network lan’ is commented. This prevents unsecured sharing of the network over the wireless interface.

Each wireless driver has its own configuration script in /lib/wifi/driver_name.sh which handles driver specific options and configurations. This script is also calling driver specific binaries like wlc for Broadcom, or hostapd and wpa_supplicant for atheros.

The reason for using such architecture, is that it abstracts the driver configuration.

Generic Broadcom wireless config:

  config wifi-device      "wl0" 
      option type         "broadcom" 
      option channel      "5" 

  config wifi-iface 
      option device       "wl0" 
  #   option network  lan 
      option mode         "ap" 
      option ssid         "OpenWrt" 
      option hidden       "0" 
      option encryption   "none"

Generic Atheros wireless config:

  config wifi-device      "wifi0" 
      option type         "atheros" 
      option channel      "5" 
      option hwmode "11g" 

  config wifi-iface 
      option device       "wifi0" 
  #   option network  lan 
      option mode         "ap" 
      option ssid         "OpenWrt" 
      option hidden       "0" 
      option encryption   "none"

Generic mac80211 wireless config:

  config wifi-device      "wifi0" 
      option type         "mac80211" 
      option channel      "5" 

  config wifi-iface 
      option device       "wlan0" 
  #   option network  lan 
      option mode         "ap" 
      option ssid         "OpenWrt" 
      option hidden       "0" 
      option encryption   "none"

Generic multi-radio Atheros wireless config:

  config wifi-device  wifi0 
      option type     atheros 
      option channel  1 

  config wifi-iface 
      option device   wifi0 
  #   option network  lan 
      option mode     ap 
      option ssid     OpenWrt_private 
      option hidden   0 
      option encryption none 

  config wifi-device  wifi1 
      option type     atheros 
      option channel  11 

  config wifi-iface 
      option device   wifi1 
  #   option network  lan 
      option mode     ap 
      option ssid     OpenWrt_public 
      option hidden   1 
      option encryption none

There are two types of config sections in this file. The ’wifi-device’ refers to the physical wifi interface and ’wifi-iface’ configures a virtual interface on top of that (if supported by the driver).

A full outline of the wireless configuration file with description of each field:

  config wifi-device    wifi device name 
      option type       broadcom, atheros, mac80211 
      option country    us, uk, fr, de, etc. 
      option channel    1-14 
      option maxassoc   1-128 (broadcom only) 
      option distance   1-n 
      option hwmode     11b, 11g, 11a, 11bg (atheros, mac80211) 
      option rxantenna  0,1,2 (atheros, broadcom) 
      option txantenna  0,1,2 (atheros, broadcom) 
      option txpower  transmission power in dBm 

  config wifi-iface 
      option network  the interface you want wifi to bridge with 
      option device   wifi0, wifi1, wifi2, wifiN 
      option mode     ap, sta, adhoc, monitor, or wds 
      option txpower  (deprecated) transmission power in dBm 
      option ssid     ssid name 
      option bssid    bssid address 
      option encryption none, wep, psk, psk2, wpa, wpa2 
      option key      encryption key 
      option key1     key 1 
      option key2     key 2 
      option key3     key 3 
      option key4     key 4 
      option server   ip address 
      option port     port 
      option hidden   0,1 
      option isolate  0,1 
      option doth     0,1 (atheros, broadcom) 
      option wmm      0,1 (atheros, broadcom)

本文章由 http://www.wifidog.pro/2015/01/08/openwrt-wifidog-wireless.html 整理编辑，转载请注明出处

Configuring OpenWrt Network
The network configuration in Kamikaze is stored in /etc/config/network and is divided into interface configurations. Each interface configuration either refers directly to an ethernet/wifi interface (eth0, wl0, ..) or to a bridge containing multiple interfaces. It looks like this:

config interface     "lan" 
      option ifname    "eth0" 
      option proto     "static" 
      option ipaddr    "192.168.1.1" 
      option netmask   "255.255.255.0" 
      option gateway   "192.168.1.254" 
      option dns       "192.168.1.254"

ifname specifies the Linux interface name. If you want to use bridging on one or more interfaces, set ifname to a list of interfaces and add:

option type     "bridge"

It is possible to use VLAN tagging on an interface simply by adding the VLAN IDs to it, e.g. eth0.1. These can be nested as well.

This sets up a simple static configuration for eth0. proto specifies the protocol used for the interface. The default image usually provides ’none’ ’static’, ’dhcp’ and ’pppoe’. Others can be added by installing additional packages.

When using the ’static’ method like in the example, the options ipaddr and netmask are mandatory, while gateway and dns are optional. You can specify more than one DNS server, separated with spaces.

DHCP currently only accepts ipaddr (IP address to request from the server) and hostname (client hostname identify as) - both are optional.
PPP based protocols (pppoe, pptp, ...) accept these options:

• username: The PPP username (usually with PAP authentication)
• password: The PPP password
• keepalive: Ping the PPP server (using LCP). The value of this option specifies the maximum number of failed pings before reconnecting. The ping interval defaults to 5, but can be changed by appending "," to the keepalive value
• demand: Use Dial on Demand (value specifies the maximum idle time.
• server(pptp): The remote pptp server IP

For all protocol types, you can also specify the MTU by using the mtu option.

Setting up static routes
You can set up static routes for a specific interface that will be brought up after the interface is configured.
Simply add a config section like this:

  config route foo 
   option interface lan 
   option target 1.1.1.0 
   option netmask 255.255.255.0 
   option gateway 192.168.1.1

The name for the route section is optional, the interface, target and gateway options are mandatory. Leaving out the netmask option will turn the route into a host route.

Setting up the switch (currently broadcom only)
The switch configuration is set by adding a ’switch’ config section. Example:

  config switch       "eth0" 
      option vlan0    "1 2 3 4 5*" 
      option vlan1    "0 5"

本文章由 http://www.wifidog.pro/2015/01/08/openwrt-network-wifidog.html 整理编辑，转载请注明出处