How to build a captive portal with Coova-Chilli and a local Splash Page on a Raspberry PI running OpenWrt

This document explains how to install and configure a Coova-Chilli hotspot on a Raspberry Pi. As you perhaps know, Coova-Chilli does not provide a landing page for the visitors of the captive portal. In this document, we will use the buitin web server (uhttpd) that provides the Luci administration interface to host a Splah page for our visitors.

The prerequisite for this installation is to configure the Rapberry Pi as a routed Access Point as described in my previous post available under this link:

Once this is done, you should have a Raspberry Pi running OpenWrt and configured as a routed accesspoint. The SSID visible to the visitors will be “Guest”, but you can rename it easily if you want.

The rest of the configuration is mainly based on

Install coova-chilli

Log on to the raspberry using root/<no password> and install coova-chilli.

opkg update
opkg install coova-chilli
opkg install nano

Stop and disable chilli to avoid lock down

/etc/init.d/chilli stop
/etc/init.d/chilli disable

The final configuration will be made later

Install the captive portal login page

Install php7-cgi

opkg install php7-cgi

Verify installation

ls /usr/bin/php*



Configure uhttpd

Edit the main configuration file of the web server

nano /etc/config/uhttpd

Uncomment interpreter


# List of extension->interpreter mappings.
# Files with an associated interpreter can
# be called outside of the CGI prefix and do
# not need to be executable.
list interpreter “.php=/usr/bin/php-cgi”

Restart uhttpd

service uhttpd restart

Now let’s make some testing

Check if php is working

To check if php is running, we will create a test page in the /www directory

nano /www/test.php

Paste the following code into the newly created file


<title>PHP Test</title>
echo ‘<p>Hello World</p>’;
// prints e.g. ‘Current PHP version: 4.1.1’
echo ‘Current PHP version: ‘ . phpversion();
// prints e.g. ‘2.0’ or nothing if the extension isn’t enabled
echo phpversion(‘tidy’);

Opening the page in a browser from the management station should give the following output:

Copy from

Unzip to /www/hotspotlogin

Edit hotspotlogin.php to allow http and have a look to $uamsecret

nano /www/hotspot-login/hotspotlogin.php

Change the variable « uamsecret » to your needs and comment out the SSL part to allow HTTP requests


# Shared secret used to encrypt challenge with. Prevents dictionary attacks.
# You should change this to your own shared secret.
$uamsecret = “greatsecret”;

#/* if SSL was not used show an error */
#if (!($_SERVER[‘HTTPS’] == ‘on’)) {

Restart uhttpd

service uhttpd restart

Test login page from a browser on the management station, output should look like this

Configure coova-chilli

Save original config file and recreate one

mv /etc/config/chilli /etc/config/chilli-orig

nano /etc/config/chilli

Paste the following content. The section containing the radius parameter should be adapted to your environment.


# Sample Coova-Chilli configuration file modified by gremaudpi

config chilli

option interval 3600
option swapoctets 1        

######## TUN and DHCP Parameters ########
option tundev ‘tun0’
option dhcpif ‘wlan0’
option net
option lease 600
option dns1
option dns2
option ipup ‘/etc/chilli/’
option ipdown ‘/etc/chilli/’

######## Radius parameters ########

option radiusserver1 ‘<external-radius-server-ip-address>’
option radiusserver2 ”
option radiusauthport 1812
option radiusacctport 1813
option radiussecret ‘<external-radius-server-secret>’
option radiusnasid ‘ap001’
option ssid ‘ACME-company’

######## Universal access method (UAM) parameters ########

option uamlisten
option uamserver ‘’
option uamsecret ‘greatsecret’
option uamallowed ”
option uamdomain ”
option uamanydns 1
option uamaliasname ‘login’
option nouamsuccess 1

Start chilli

/etc/init.d/chilli start

Verify that chilli loaded our configuration by looking at following file

cat /var/run/chilli*.conf

If this is okay, enable chilli to survive reboot

/etc/init.d/chilli enable

Now, if you connect a WiFi enabled device to your Guest SSID, a splash page should be presented to your visitor.

You will need to configure an external Radius (Freeradius, Microsoft NPS or a cloud based solution like Jumpcloud) and to configure Coova-Chilli to use it in order to allow your visitors to log in.

That’s all folks…

Leave a Reply

Close Menu