In this article, I will explain how to configure a splash page on a Raspberry Pi. As you perhaps know, Coova-Chilli does not provide a landing page for the visitors of the captive portal. In this document, we will use the buitin web server (uhttpd) that provides the Luci administration interface to host a landing page for our visitors.
The Rapsberry Pi will run OpenWrt and will use following components to fulfill our needs:
- Coova-Chilli (the captive portal)
- Uhttpd (hosting the splash page and OpenWrt web management (LUCI))
An external radius server is also needed to authenticate the captive portal users. Any radius server (freeradius, Microsoft NPS , etc…) can do the job. The installation of the radius server is not covered in this document, but the following post (https://gremaudpi.emf-informatique.ch/configure-a-raspberry-pi-running-openwrt-and-coova-chilli-captive-portal-to-authenticate-visitors-to-active-directory/) describes a way to install and configure Microsoft NPS so serve as authenticator.
Schema
The following schema shows the actors in presence. Notice that the management workstation is just used for configuration and can be removed once the configuration is completed.
Prerequisite
The prerequisite for this installation is to configure the Rapberry Pi as a routed Access Point as described in my previous post available under this link: https://gremaudpi.emf-informatique.ch/create-a-routed-access-point-with-raspberry-pi-and-openwrt/
Once this is done, you should have a Raspberry Pi running OpenWrt and configured as a routed accesspoint. The SSID visible to the visitors will be "Guest", but you can rename it easily if you want.
WARNING : be aware that Chilli will create a tunnel (tun0) on the wlan0 interface of the Raspi.
The rest of the configuration is mainly based on https://openwrt.org/docs/guide-user/services/captive-portal/wireless.hotspot.coova-chilli
Install coova-chilli
Log on to the raspberry using root/<no password> and install coova-chilli.
opkg update
opkg install coova-chilli
opkg install nano
Stop and disable chilli to avoid lock down
/etc/init.d/chilli stop
/etc/init.d/chilli disable
The final configuration will be made later
Install the captive portal login page
Install php7-cgi
opkg install php7-cgi
Verify installation
ls /usr/bin/php*
Output:
/usr/bin/php-cgi
Configure uhttpd
Edit the main configuration file of the web server
nano /etc/config/uhttpd
Uncomment interpreter and save file
# List of extension->interpreter mappings. |
Restart uhttpd
service uhttpd restart
Now let's make some testing
Check if php is working
To check if php is running, we will create a test page in the /www directory
nano /www/test.php
Paste the following code into the newly created file
<html> |
Opening the page in a browser from the management station should give the following output:
Copy hotspot-login-master.zip from https://github.com/mongramosjr/hotspot-login
Unzip to /www/hotspotlogin
Edit hotspotlogin.php to allow http and have a look to $uamsecret
nano /www/hotspotlogin/hotspotlogin.php
Change the variable « uamsecret » to your needs and comment out the SSL part to allow HTTP requests
# Shared secret used to encrypt challenge with. Prevents dictionary attacks. |
Restart uhttpd
service uhttpd restart
Test login page from a browser on the management station (http://192.168.0.30/hotspotlogin/hotspotlogin.php), output should look like this
Configure coova-chilli
Save original config file and recreate one
mv /etc/config/chilli /etc/config/chilli-orig
nano /etc/config/chilli
Paste the following content. The section containing the radius parameter should be adapted to your environment.
# config chilli option interval 3600 ######## TUN and DHCP Parameters ######## ######## Radius parameters ######## option radiusserver1 '<external-radius-server-ip-address>' ######## Universal access method (UAM) parameters ######## option uamlisten 192.168.182.1 |
Start chilli
/etc/init.d/chilli start
Verify that chilli loaded our configuration by looking at following file
cat /var/run/chilli*.conf
If this is okay, enable chilli to survive reboot
/etc/init.d/chilli enable
Now, if you connect a WiFi enabled device to your Guest SSID, a splash page should be presented to your visitor.
You will need to configure an external Radius (Freeradius, Microsoft NPS or a cloud based solution like Jumpcloud) and to configure Coova-Chilli to use it in order to allow your visitors to log in.
That's all folks…