How to build a captive portal with Coova-Chilli and a local Splash Page on a Raspberry PI running OpenWrt

This document explains how to install and configure a Coova-Chilli hotspot on a Raspberry Pi. As you perhaps know, Coova-Chilli does not provide a landing page for the visitors of the captive portal. In this document, we will use the buitin web server (uhttpd) that provides the Luci administration interface to host a Splah page for our visitors.

The prerequisite for this installation is to configure the Rapberry Pi as a routed Access Point as described in my previous post available under this link: https://gremaudpi.emf-informatique.ch/create-a-routed-access-point-with-raspberry-pi-and-openwrt/

Once this is done, you should have a Raspberry Pi running OpenWrt and configured as a routed accesspoint. The SSID visible to the visitors will be “Guest”, but you can rename it easily if you want.

The rest of the configuration is mainly based on https://openwrt.org/docs/guide-user/services/captive-portal/wireless.hotspot.coova-chilli

Install coova-chilli

Log on to the raspberry using root/<no password> and install coova-chilli.

opkg update
opkg install coova-chilli
opkg install nano

Stop and disable chilli to avoid lock down

/etc/init.d/chilli stop
/etc/init.d/chilli disable

The final configuration will be made later

Install the captive portal login page

Install php7-cgi

opkg install php7-cgi

Verify installation

ls /usr/bin/php*

Output:

/usr/bin/php-cgi

Configure uhttpd

Edit the main configuration file of the web server

nano /etc/config/uhttpd

Uncomment interpreter

 

# List of extension->interpreter mappings.
# Files with an associated interpreter can
# be called outside of the CGI prefix and do
# not need to be executable.
list interpreter “.php=/usr/bin/php-cgi”

Restart uhttpd

service uhttpd restart

Now let’s make some testing

Check if php is working

To check if php is running, we will create a test page in the /www directory

nano /www/test.php

Paste the following code into the newly created file

 

<html>
<head>
<title>PHP Test</title>
</head>
<body>
<?php
echo ‘<p>Hello World</p>’;
// prints e.g. ‘Current PHP version: 4.1.1’
echo ‘Current PHP version: ‘ . phpversion();
// prints e.g. ‘2.0’ or nothing if the extension isn’t enabled
echo phpversion(‘tidy’);
?>
</body>
</html>

Opening the page in a browser from the management station should give the following output:

Copy hotspot-login-master.zip from https://github.com/mongramosjr/hotspot-login

Unzip to /www/hotspotlogin

Edit hotspotlogin.php to allow http and have a look to $uamsecret

nano /www/hotspot-login/hotspotlogin.php

Change the variable « uamsecret » to your needs and comment out the SSL part to allow HTTP requests

 

# Shared secret used to encrypt challenge with. Prevents dictionary attacks.
# You should change this to your own shared secret.
$uamsecret = “greatsecret”;

#/* if SSL was not used show an error */
#if (!($_SERVER[‘HTTPS’] == ‘on’)) {
    #include(‘hotspotlogin-nonssl.php’);
    #exit(0);
#}

Restart uhttpd

service uhttpd restart

Test login page from a browser on the management station, output should look like this

Configure coova-chilli

Save original config file and recreate one

mv /etc/config/chilli /etc/config/chilli-orig

nano /etc/config/chilli

Paste the following content. The section containing the radius parameter should be adapted to your environment.

 

#
# Sample Coova-Chilli configuration file modified by gremaudpi
#

config chilli

option interval 3600
option swapoctets 1        

######## TUN and DHCP Parameters ########
    
option tundev ‘tun0’
option dhcpif ‘wlan0’
option net 192.168.182.0/24
option lease 600
option dns1 8.8.8.8
option dns2 8.8.4.4
option ipup ‘/etc/chilli/up.sh’
option ipdown ‘/etc/chilli/down.sh’

######## Radius parameters ########

option radiusserver1 ‘<external-radius-server-ip-address>’
option radiusserver2 ”
option radiusauthport 1812
option radiusacctport 1813
option radiussecret ‘<external-radius-server-secret>’
option radiusnasid ‘ap001’
option ssid ‘ACME-company’

######## Universal access method (UAM) parameters ########

option uamlisten 192.168.182.1
option uamserver ‘http://192.168.0.30/hotspotlogin/hotspotlogin.php’
option uamsecret ‘greatsecret’
option uamallowed ”
option uamdomain ”
option uamanydns 1
option uamaliasname ‘login’
option nouamsuccess 1

Start chilli

/etc/init.d/chilli start

Verify that chilli loaded our configuration by looking at following file

cat /var/run/chilli*.conf

If this is okay, enable chilli to survive reboot

/etc/init.d/chilli enable

Now, if you connect a WiFi enabled device to your Guest SSID, a splash page should be presented to your visitor.

You will need to configure an external Radius (Freeradius, Microsoft NPS or a cloud based solution like Jumpcloud) and to configure Coova-Chilli to use it in order to allow your visitors to log in.

That’s all folks…

Leave a Reply

Close Menu