Install openNDS on raspberry PI OS lite and open splash page without internet

[6LpUkQSgQm]

Hello, I would like to install openNDS on my raspberry. I have several full stack applications that work on my raspberry in localhost, they are used by participants using a wifi access from the raspberry. I do not have internet access and I would never have internet access. I have a screen where a QR code is displayed and which allows to connect to the wifi network, then I have an application portal which is supposed to open with Nodogsplash but it does not work, it does not open the web browser, because there is no internet and no DNS response. What's the best way to use openNDS with my raspberry and setup with FAS? I tried a lot of things, notably Nodogsplash but nothing works without internet ... and I would like to install OpenNDS on my raspberry PI 3 B +, how to do?

[sicelo]

I think I saw a way for that in one of the older issues.

Anyway, do you really need a captive portal for your setup though?

[bluewavenet]

@alpha77788998778999877855

@Sicelo might have a point - do you really need a captive portal? Perhaps just spoofing DNS would be good enough in your case? This does depend on the clients knowing what they are doing and have a QR scanner.

I have implemented openNDS for this for some customers of mine. The requirement was to just connect to the wifi provided and get a pop up to the local web site on the client device. Then the client could either scan the QR code or navigate to the exhibit page on the web site.

Without the captive portal, clients would have to connect and scan, the scanning app opening the device browser app for the relevant page. The problem with this was many people did not have a QR scanner app (or did not know how to use it if they did).

Anyway, to answer your question about compiling and installing: First you must uninstall NoDogSplash and libmicrohttpd-dev and purge any files that might be left behind.

Now start afresh by following the documentation here: https://opennds.readthedocs.io/en/stable/compile.html#how-to-compile-opennds

I would recommend compiling the latest release version of openNDS (currently 6.0.0) at: https://github.com/openNDS/openNDS/releases/tag/v6.0.0

The configuration for offline mode requires a specific Dnsmasq setting to be used and can be found elsewhere in other issues. I can dig around and find which one(s) later.

"Offline Mode" is likely to be fully integrated into release v7.x.x in the near future, but don't have a timescale for this yet.

[6LpUkQSgQm]

Anyway, do you really need a captive portal for your setup though? I need to have a web browser that opens and displays the captive portal when i am connecting to my raspberry's wifi, so I think the captive portal is the best solution?

[bluewavenet]

@alpha77788998778999877855

I need to have a web browser that opens and displays the application portal when connecting to my raspberry's wifi, so I think the captive portal is the best solution?

The only solution if you want it to open automatically.

[6LpUkQSgQm]

@bluewavenet The only solution if you want it to open automatically. Yes, I want to automatically open the web browser and redirect to my site locally. Currently I'm using Nodogsplash, the "splash" page opens, I'm redirected to my application in localhost but it doesn't open a web browser but just the wifi connection popup on my mobile. I would like to close this popup when I press the "Validate" button and open the web browser automatically. Is it possible with a simple spoofing DNS ? @bluewavenet "Offline Mode" is likely to be fully integrated into release v7.x.x in the near future, but don't have a timescale for this yet. Your version of openNDS doesn't work without internet?

[bluewavenet]

@alpha77788998778999877855

Yes, I want to automatically open the web browser and redirect to my site locally.

FAS will do this.

I press the "Validate" button

Perhaps counter intuitively, to do what you want, you must not validate, but use FAS to display your application pages.

Is it possible with a simple spoofing DNS ?

For what you want, no.

Your version of openNDS doesn't work without internet?

Yes it does, but a manual configuration of Dnsmasq is required. Later versions will have this integrated into the openNDS config as a simple option, something like option enable offline_mode '1'

[6LpUkQSgQm]

@bluewavenet thanks a lot for your help !

I have compiled the latest openNDS version and the latest version of libmicrohttpd, the status is enabled. I cannot find the config file to set the gateway, like nodogsplash.conf. when I connect to the wifi of the raspberry, nothing happens, the splash page does not open.

[bluewavenet]

@alpha77788998778999877855 It is useful to look at the output of: sudo systemctl status opennds

The config file on generic Linux is: /etc/opennds/opennds.conf

[6LpUkQSgQm]

Ok, nice.

@bluewavenet I am trying to configure FAS, when i look the status of openNDS i have this:

Oct 24 15:55:05 raspberrypi opennds[1472]: [5][Sat Oct 24 15:55:05 2020][1473](src/main.c:377) Created web server on 192.168.4.1:2050 Oct 24 15:55:05 raspberrypi opennds[1472]: [5][Sat Oct 24 15:55:05 2020][1473](src/main.c:378) Handle [13461792] Oct 24 15:55:05 raspberrypi opennds[1472]: [5][Sat Oct 24 15:55:05 2020][1473](src/main.c:442) sha256sum provider is available Oct 24 15:55:05 raspberrypi opennds[1472]: [5][Sat Oct 24 15:55:05 2020][1473](src/main.c:504) FAS URL is http://192.168.4.1:2080'/fas-aes.php' Oct 24 15:55:05 raspberrypi opennds[1472]: [5][Sat Oct 24 15:55:05 2020][1473](src/main.c:576) Forwarding Authentication is Enabled. Oct 24 15:55:05 raspberrypi opennds[1472]: [5][Sat Oct 24 15:55:05 2020][1473](src/fw_iptables.c:374) Initializing firewall rules Oct 24 15:55:15 raspberrypi opennds[1472]: [5][Sat Oct 24 15:55:15 2020][1473](src/client_list.c:134) Adding 192.168.4.14 MACADDRESS token f4653a25 to client l Oct 24 15:55:38 raspberrypi opennds[1472]: [5][Sat Oct 24 15:55:38 2020][1473](src/client_list.c:134) Adding 192.168.4.4 MACADDRESS token 7923330d to client li Oct 24 15:55:55 raspberrypi opennds[1472]: iptables: Bad rule (does a matching rule exist in that chain?). Oct 24 15:55:55 raspberrypi opennds[1472]: [5][Sat Oct 24 15:55:55 2020][1473](src/fw_iptables.c:854) Authenticating 192.168.4.4 MACADDRESS

I have an error ? Bad rule (does a matching rule exist in that chain?). When i use this url http://192.168.4.1:2050 in my web browser, i am redirected to the splash page. When i am connected with internet and i am connected with the wifi of my raspberry, the popup is displayed by my laptop. When i am trying to use http://192.168.4.1:2080/fas-aes.php, i have nothing at all.

My configuration:

openNDS : 6.0.0 Apache2 PHP 7.3

my opennds.conf : maxclients 250 gatewayinterface wlan0 authenticated_users allow all users_to_router allow tcp port 53 users_to_router allow udp port 53 users_to_router allow udp port 67 users_to_router allow tcp port 22 users_to_router allow tcp port 23 users_to_router allow tcp port 80 users_to_router allow tcp port 443 WebRoot /etc/opennds/htdocs fasport 2080 fasremoteip 192.168.4.1 faspath /fas-aes.php fas_secure_enabled 1 faskey 123453343

@bluewavenet option enable offline_mode '1' Where is this option? I can't find...

[bluewavenet]

@alpha77788998778999877855

Your configuration is incorrect in a number of places.

I suggest you read this part of the documentation: https://opennds.readthedocs.io/en/stable/fas.html#using-the-fas-example-scripts-fas-hid-fas-aes-php-and-fas-aes-https-php

For a local FAS server you will need to decide if you want to use PreAuth, fas-hid or fas-aes. The documentation gives full details.

However you did say you want to run offline with clients accessing a "full stack of applications". In this case you do not want FAS to do any authenticating. But is is important for you to test with the example FAS scripts so that you can get a proper understanding of how it all works.

Summarising the documentation:

• PreAuth uses the openNDS built in web server.

• PreAuth can be enabled in its preconfigured form by adding login_option_enabled 1 to your config. This will override any other configuration.

• fas-hid and fas-aes require a separate web server eg Apache, etc.

• fas-aes requires php-cli support for openNDS to use, as well as php-cgi for the web server to use.

option enable_offline_mode '1' Where is this option? I can't find...

As I mentioned earlier, this will be available in the next release, version 7.0.0 that will be coming out soon. For version 6, "offline mode" requires changes to the local Dnsmasq configuration.

[6LpUkQSgQm]

@bluewavenet I read some of the documentation, but I couldn't find my choice. I don't want any login / password. i just want a hack to automatically open the web browser on wifi connection. I tested the installation of the different php files, but nothing works correctly, no popup opens to continue and be redirected to my site locally. In the dnsmasq.conf file, what is the best way to have the mode "offline"? Something like address:/#/192.168.4.1 I am a little lost 🙃

[bluewavenet]

@alpha77788998778999877855

I am a little lost upside_down_face

Lets step back a little and look at your requirement, fully simplified (based on my understanding of it):

• A client connects to your wifi and their device opens, automatically, the existing local web site for your "full stack of applications".

• When connected to your wifi, scanning a QR code will open the default browser and display the relevant web page for a particular "application"

• You want this to work without an Internet feed being available.

Lets deal with these requirements one by one.

First, client connects to wifi. Assuming all you need clients to see is your applications web site, what is the URL of the home page? We can configure openNDS to redirect directly to this home page instead of a FAS script as we do not want to "log in".

Let me know the url, ip address and port and I will give you the configuration details.

[6LpUkQSgQm]

thank you for your help, I continue to read your documentation to better understand the different possibilities of openNDS. It's very interesting but I don't think I have understood everything yet. However, I explain my need again to you, because point 2 is wrong, I would like my customers to connect to the wifi with a QR code, then they are redirected automatically to a local website, which also allows redirect customers to other local sites. it absolutely must work on smartphone and tablet as well, which I couldn't do with Nodogsplash ... I couldn't get out of the connection popup because there was no verification response from the page splash without an internet connection! I hope it's more understandable. Another important point, once the client is connected, if he closes his web browser, but is still connected to wifi, his session is still active, is it possible to direct him back to the website locally directly ? I'll get back to you in a few hours to give you the URL, IP and port ... 😎😅

[sicelo]

I suspect my initial question is still valid ... if your clients start the process by scanning a QR code (which is a manual process), it still isn't clear to me what a captive portal is needed for. The QR code can/should contain the link to the home page of what you describe as "local website."

All you need to do is make the WiFi open, without any captive portal.

Anyway, as mentioned by @bluewavenet , since you want a captive portal, you can still have openNDS help you with at least automatically popping up a browser (at which point I fail to see what scanning a QR code will be needed for) :-)

[bluewavenet]

@alpha77788998778999877855

I would like my customers to connect to the wifi with a QR code

This is not technically possible. It would require the client device to have a custom QR code scanner pre-installed on the client device and have the QR code also contain your specific SSID. EDIT: Actually I am wrong ;-)

@sicelo

The QR code can/should contain the link to the home page of what you describe as "local website."

Yes, but @alpha77788998778999877855 wants the QR code to force a wifi connection to the specific SSID.

My assumption for the QR code requirement was to take the client to a relevant web page depending on the location of the code - for example on museum exhibits.

A manual connection by the client to the wifi is required first. The captive portal would be required to show the client the "home" or "informational/welcome" page - again, I am thinking of the museum type of scenario.

[bluewavenet]

@alpha77788998778999877855 @sicelo I found a QR generator that takes SSID, password, and encryption type and tried it on my Android phone. To my surprise it worked. https://wifiqrcode.com/en/

Well, you learn something every day :-D

[bluewavenet]

The text string to encode needs to be in the following format: WIFI:T:WPA;S:MySSID;P:MyWiFiPassword

[6LpUkQSgQm]

@bluewavenet @sicelo

This is not technically possible. It would require the client device to have a custom QR code scanner pre-installed on the client device and have the QR code also contain your specific SSID. EDIT: Actually I am wrong ;-)

Yes, I am currently using this QR code generator to connect my customers to wifi !!!

The QR code can/should contain the link to the home page of what you describe as "local website.

Yes, of course, but i have a raspberry screen which can only one QR code but not two.

My scenario is really simple but I don't have the middle step. I have a QR code to connect wifi (it works) and I have a local website (it works). Between, I have a captive portal that allows customers, when they are connected to wifi, to open the web browser of their phone or tablet and display the website. it already works partially with nodogsplash but I cannot get out of the splash page, my website is displayed by the redirection option of nodogsplash.conf

[6LpUkQSgQm]

@bluewavenet

my scenario :

my project allows you to connect in meeting rooms where internet is not available. my customer don't want more than 1 click and don't want to write the url himself before displaying the web application.

IP : 192.168.4.1 ( or 10.0.0.1, it doesn't matter)

URL: http://mywebsite.lan

Port: 80

[bluewavenet]

@alpha77788998778999877855

IP : 192.168.4.1 ( or 10.0.0.1, it doesn't matter)

It does because port 80 is the redirect port. With a local port 80 web server you could get redirect loops. If we assume http://10.0.0.1, then try the following config:

fasremotefqdn not set faskey not set faspath not set fasremoteip set to 10.0.0.1 fasport set to 80 fas_secure_enabled set to 1 login_option_enabled set to 0

EDIT: This should work if online. If it does we can move on to making it work offline

[bluewavenet]

@alpha77788998778999877855 For offline working you must configure dnsmasq to return a public ip address ie NOT a private (RFC1918) address. eg: address:/#/123.123.123.123 It does not matter what it is as long as it is not a private address. It does not matter if there is something live at that address either, as, of course, you are offline.

The reason for requiring a public ip address is simple: An increasing number of vendor CPD implementations implement their own DNS Rebind protection by discarding upstream RFC1918 responses to their own CPD FQDN. The result is that such CPD implementations will not trigger the splash page.

[6LpUkQSgQm]

Hi,

fasremotefqdn not set faskey not set faspath not set fasremoteip set to 10.0.0.1 fasport set to 80 fas_secure_enabled set to 1 login_option_enabled set to 0

it doesn't work !

my opennds.conf: GatewayInterface br-lan login_option_enabled 0 use_outdated_mhd 0 unescape_callback_enabled 0 login_option_enabled 0 WebRoot /etc/opennds/htdocs FirewallRuleSet authenticated-users { FirewallRule allow all } FirewallRuleSet preauthenticated-users { } FirewallRuleSet users-to-router { FirewallRule allow udp port 53 FirewallRule allow tcp port 53 FirewallRule allow udp port 67 FirewallRule allow tcp port 22 FirewallRule allow tcp port 80 FirewallRule allow tcp port 443 } MaxClient 250 uploadrate 0 downloadrate 0 ratecheckwindow 2 uploadquota 0 downloadquota 0 fasport 80 fasremoteip 10.0.0.1

my dnsmasq.conf: interface=wlan0 listen-address=10.0.0.1 bind-interfaces server=8.8.8.8 domain-needed bogus-priv dhcp-range=10.0.0.2,10.0.0.250,12h

my hostapd.conf: interface=wlan0 driver=nl80211 hw_mode=g channel=8 ieee80211n=1 wmm_enabled=1 ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40] macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP ssid=MY_SSID_NAME wpa_passphrase=mypassword

my /etc/network/interfaces: allow-hotplug wlan0 iface wlan0 inet static
address=/#/10.0.0.1 netmask 255.255.255.0 network 10.0.0.0 broadcast 10.0.0.255

[bluewavenet]

@alpha77788998778999877855 You said:

IP : 192.168.4.1 ( or 10.0.0.1, it doesn't matter)

From this I assumed your web server was on the WAN network on 10.0.0.1:80 (as the lan was 192.168.4.x)

So your lan network is now 10.0.0.x and your web server is 10.0.0.1:80

Note my comment:

It does [matter] because port 80 is the redirect port. With a local port 80 web server you could get redirect loops.

openNDS blocks use of port 80 for a local FAS web server for this reason.

You must change the port your web server is using - lets say to 5080 (or whatever you like) Then reflect this port in fasport.

After these changes, restart everything and try again.

[bluewavenet]

@alpha77788998778999877855 You can also remove WebRoute from the config as it is not used.

[6LpUkQSgQm]

I try to understand:

/etc/apache2/ports.conf: Listen 2050

opennds.conf: fasport 2050 fasremoteip 10.0.0.1

On my laptop, no "splash" page but when my url is http://10.0.0.1 and connect to my wifi, i am redirected to http://10.0.0.1:2050 and after https:10.0.0.1... ^^

On my mobile, nothing, only ERR_CONNECTION_REFUSED

I am not a genius, allright :-)

[bluewavenet]

@alpha77788998778999877855

/etc/apache2/ports.conf: Listen 2050

The default port for openNDS is also 2050, so clash and not work. Change apache to something like 5080 and update fasport

[6LpUkQSgQm]

@bluewavenet you said:

The default port for openNDS is also 2050, so clash and not work. Change apache to something like 5080 and update fasport

It doesn't work :-/

Maybe a problem with my configuration like indicated above ? dnsmasq.conf? interfaces ? hostapd.conf ? or iptables ? I have three rules: sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

[bluewavenet]

@alpha77788998778999877855 So to confirm:

1. Apache is now on 10.0.0.1:5080
2. fasport is set to 5080

Show me the output of: ip address

and the output of: ip route

[6LpUkQSgQm]

Hi, @bluewavenet , you said:

So to confirm:

Apache is now on 10.0.0.1:5080

Yes, i have the index of/ page on 10.0.0.1:5080

fasport is set to 5080

Yes, in /etc/opennds/opennds.conf, i have fasport 5080

Show me the output of: ip address

pi@raspberrypi:~ ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul t qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether MACADDRESS brd ff:ff:ff:ff:ff:ff 3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP g roup default qlen 1000 link/ether MACADDRESS brd ff:ff:ff:ff:ff:ff inet 10.0.0.1/24 brd 10.0.0.255 scope global wlan0 valid_lft forever preferred_lft forever inet6 LINK::LINK:LINK:LINK:LINK/LINK scope link valid_lft forever preferred_lft forever

and the output of: ip route

10.0.0.0/24 dev wlan0 proto kernel scope link src 10.0.0.1

[bluewavenet]

@alpha77788998778999877855 I assume you have redacted mac addresses.

Please confirm that a device connected to wifi can manually browse to http://10.0.0.1:5080 and get your Apache index page.

Can you now show the outputs of ip address and ip route, this time with an Internet feed connected.

[6LpUkQSgQm]

@bluewavenet ,

I assume you have redacted mac addresses.

Yes

Please confirm that a device connected to wifi can manually browse to http://10.0.0.1:5080 and get your Apache index page.

Yes, it works ! Apache/2.4.38 (Raspbian) Server at 10.0.0.1 Port 5080

Can you now show the outputs of ip address

I am connected with usb !

pi@raspberrypi:~ ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul t qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether MACADDRESS brd ff:ff:ff:ff:ff:ff 3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP g roup default qlen 1000 link/ether MACADDRESS brd ff:ff:ff:ff:ff:ff inet 10.0.0.1/24 brd 10.0.0.255 scope global wlan0 valid_lft forever preferred_lft forever inet6 LINK::LINK:LINK:LINK:LINK/LINK scope link valid_lft forever preferred_lft forever 4: usb0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether MACADDRESS brd ff:ff:ff:ff:ff:ff

and ip route, this time with an Internet feed connected.

10.0.0.0/24 dev wlan0 proto kernel scope link src 10.0.0.1

[bluewavenet]

@alpha77788998778999877855 The usb interface is down and does not have an ip address.

I was going to ask if you could try stopping openNDS then connecting a device to the wifi and seeing if you get Internet access. This is to verify everything is configured correctly router wise. Then, keeping the Internet feed on, start openNDS and see if you get the redirect to Apache.

Once we get to this stage we can think about setting offline mode with Dnsmasq.

[6LpUkQSgQm]

I was going to ask if you could try stopping openNDS

My first command:

sudo systemctl disable opennds

and sudo systemctl status opennds return:

● opennds.service - openNDS Captive Portal Loaded: loaded (/etc/systemd/system/opennds.service; disabled; vendor preset: enabled) Active: inactive (dead)

connecting a device to the wifi and seeing if you get Internet access. This is to verify everything is configured correctly router wise.

if i use this command ip address:

pi@raspberrypi:~$ ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether MACADDRESS brd ff:ff:ff:ff:ff:ff 3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether MACADDRESS brd ff:ff:ff:ff:ff:ff inet 10.0.0.1/24 brd 10.0.0.255 scope global wlan0 valid_lft forever preferred_lft forever inet6 LINK::LINK:LINK:LINK:LINK/LINK scope link valid_lft forever preferred_lft forever 5: usb0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether MACADDRESS brd ff:ff:ff:ff:ff:ff

When i try to update package with this command sudo apt update, i have an error :

pi@raspberrypi:~ sudo apt update Err:1 http://raspbian.raspberrypi.org/raspbian buster InRelease Could not connect to raspbian.raspberrypi.org:80 (10.0.0.1). - connect (111: Connection refused) Err:2 http://archive.raspberrypi.org/debian buster InRelease Could not connect to archive.raspberrypi.org:80 (10.0.0.1). - connect (111: Connection refused) Err:3 https://deb.nodesource.com/node_12.x buster InRelease Could not connect to deb.nodesource.com:443 (10.0.0.1). - connect (111: Connection refused) Reading package lists... Done Building dependency tree Reading state information... Done 1 package can be upgraded. Run 'apt list --upgradable' to see it. W: Failed to fetch http://raspbian.raspberrypi.org/raspbian/dists/buster/InRelease Could not connect to raspbian.raspberrypi.org:80 (10.0.0.1). - connect (111: Connection refused) W: Failed to fetch https://deb.nodesource.com/node_12.x/dists/buster/InRelease Could not connect to deb.nodesource.com:443 (10.0.0.1). - connect (111: Connection refused) W: Failed to fetch http://archive.raspberrypi.org/debian/dists/buster/InRelease Could not connect to archive.raspberrypi.org:80 (10.0.0.1). - connect (111: Connection refused) W: Some index files failed to download. They have been ignored, or old ones used instead.

Then, keeping the Internet feed on, start openNDS and see if you get the redirect to Apache.

My first command sudo systemctl enable opennds and sudo systemctl start opennds

It doesn't work !

[bluewavenet]

@alpha77788998778999877855

5: usb0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN

You do not have an internet connection.

pi@raspberrypi:~ sudo apt update

Why? And it will not work anyway because you do not have an Internet connection.

My first command sudo systemctl enable opennds and sudo systemctl start opennds

It doesn't work !

Are you now saying openNDS fails to start?

I'm sorry, I do not mean to be harsh, but it seems you have no idea what you are doing. Setting up networks/routing etc on an Rpi under Rasbian is cumbersome at best and convoluted and confusing at worst.

I am not sure what I can do to help short of setting it up here on a pi0w and giving you a working configuration. I am rather too busy for that and have a living to make. I do have some testing to do on generic Linux, so I might set up a test for this as well, but cannot guarantee I will have time.

It might be worth (re-)reading these parts of the documentation: https://opennds.readthedocs.io/en/stable/howitworks.html#how-opennds-nds-works and https://opennds.readthedocs.io/en/stable/compile.html#linux-unix-compile-in-place-on-target-hardware

[bluewavenet]

@alpha77788998778999877855 Are your "several full stack (of) applications" all able to run an a web server, or do the need software specific to Rasbian?

If they will run on any web server, I would suggest getting a cheap router and run openWrt/webServer/openNDS on it instead. So much simpler and almost certainly cheaper too.

[6LpUkQSgQm]

@bluewavenet
Ok ... Thanks for your help.

I said above, at the start of this conversation:

I don't have internet

When i start opennds with this command sudo systemctl start opennds, it doesn't work because i don't have internet but if i write this url http://10.0.0.1 manuelly on my web browser, i am redirected to http://10.0.0.1:2050 and after i am redirected to https://10.0.0.1. It's allright ?

You are in right when you said:

I'm sorry, I do not mean to be harsh, but it seems you have no idea what you are doing.

Yes, Ok. I have been working on a project that is not mine. Since one month, i've been learning 3d printing, raspberry PI OS, screen configuration, GPIO, blender, kiosk service, apache configuration, nodogsplash, install all the updates that had not been done for several years, with the pressure of a project that doesn't work. OK, it's my work. I accept.

[6LpUkQSgQm]

@bluewavenet

Are your "several full stack (of) applications" all able to run on a web server, or do the need software specific to Rasbian?

It works on apache web server on 10.0.0.1:80

Can you explain me the dnsmasq configuration for offline connection, please ?

[bluewavenet]

@alpha77788998778999877855

sudo systemctl start opennds, it doesn't work because i don't have internet

That is not true, openNDS does not require a live Internet connection to start and run. Client devices do require to receive a valid, public IP address as a response to a DNS request before allowing the redirect to the FAS portal (or your Apache server in this case). You have something wrong in your configuration somewhere. But it can be made to work. You are at a disadvantage having to use an Rpi for networking/routing - not the easiest. I can and have done this but then I have been working with networks for ... ever ;-)

But as I said, I do not mean to be harsh, but it took a lot of pushing to get to the bottom of the requirement. What you are trying to do is fairly straightforward - once you know how. I cannot remember the Rasbian configuration details for the non openNDS parts, I would have to set one up again. I am actually going to do this for openNDS v7.x.x testing in the near future. It would be sensible if I added a section to the documentation....

[6LpUkQSgQm]

Hi, I have reinstalled all my configuration.

@bluewavenet, you said:

Then, keeping the Internet feed on, start openNDS and see if you get the redirect to Apache.

Now i have an popup opens automatically "gnome-shell-portal-helper" on fedora with the apache2 default page and the same on my mobile with an html viewer.

In my opennds.conf, i use GatewayInterface wlan0
Is it normal ? br-lan not working

Oct 30 16:20:17 raspberrypi opennds[4612]: [5][Fri Oct 30 16:20:17 2020]4613 Interface: br-lan is not yet ready - waiting... Oct 30 16:20:18 raspberrypi opennds[4612]: [5][Fri Oct 30 16:20:18 2020]4613 Interface: br-lan is not yet ready - waiting... Oct 30 16:20:19 raspberrypi opennds[4612]: [5][Fri Oct 30 16:20:19 2020]4613 Interface: br-lan is not yet ready - waiting...

and i don't understand:

Oct 30 16:02:22 raspberrypi opennds[3556]: [5][Fri Oct 30 16:02:22 2020]3556 Starting as daemon, forking to background Oct 30 16:02:22 raspberrypi opennds[3556]: [5][Fri Oct 30 16:02:22 2020]3557 Attempting to Bind to interface: wlan0 Oct 30 16:02:22 raspberrypi systemd[1]: Started openNDS Captive Portal. Oct 30 16:02:22 raspberrypi opennds[3556]: [5][Fri Oct 30 16:02:22 2020]3557 Interface wlan0 is up Oct 30 16:02:22 raspberrypi opennds[3556]: [5][Fri Oct 30 16:02:22 2020]3557 Interface wlan0 is at 192.168.4.1 (MACADDRESS) Oct 30 16:02:22 raspberrypi opennds[3556]: [5][Fri Oct 30 16:02:22 2020]3557 Created web server on 192.168.4.1:2050 Oct 30 16:02:22 raspberrypi opennds[3556]: [5][Fri Oct 30 16:02:22 2020]3557 Handle [3066080] Oct 30 16:02:22 raspberrypi opennds[3556]: [5][Fri Oct 30 16:02:22 2020]3557 FAS URL is http://192.168.4.1:5080/ Oct 30 16:02:22 raspberrypi opennds[3556]: [5][Fri Oct 30 16:02:22 2020]3557 Forwarding Authentication is Enabled. Oct 30 16:02:22 raspberrypi opennds[3556]: [5][Fri Oct 30 16:02:22 2020]3557 Initializing firewall rules

FAS URL is the FAS server ? if i try to set fasport 80 and fasremoteip 192.168.4.1, i have an error

Oct 30 16:19:18 raspberrypi systemd[1]: Stopped openNDS Captive Portal. Oct 30 16:19:18 raspberrypi systemd[1]: opennds.service: Start request repeated too quickly. Oct 30 16:19:18 raspberrypi systemd[1]: opennds.service: Failed with result 'exit-code'. Oct 30 16:19:18 raspberrypi systemd[1]: Failed to start openNDS Captive Portal.

[bluewavenet]

@alpha77788998778999877855

Now i have an popup opens automatically

See, I told you it was easy ;-)

In my opennds.conf, i use GatewayInterface wlan0 Is it normal ? br-lan not working

On an RPi, it is usual to have the lan interface as the wireless interface reserving eth0 (if on the Pi) as a wired wan connection.

You will only have br-lan if you configure a bridge interface. Don't even think about it for now.

Can you explain me the next step ?

Add the following line to the dnsmasq.conf file: address=/#/123.122.123.124

Then restart dnsmasq, (or reboot the pi) then try without the Internet connection.

[6LpUkQSgQm]

@bluewavenet

Then restart dnsmasq, (or reboot the pi) then try without the Internet connection.

Ok, it works, i have a popup without internet!

[bluewavenet]

Yay! :-D

[6LpUkQSgQm]

@bluewavenet

Yay! :-D

Yes ! But ... When i use the FAS server ? It doesn't open my web browser !

[6LpUkQSgQm]

@bluewavenet When i click on the "continue" button on "splash" page, can i be redirected to my web browser ?

[bluewavenet]

@alpha77788998778999877855

Yes ! But ... When i use the FAS server ? It doesn't open my web browser !

The configuration is supposed to be fasport 5080. This will redirect to your Apache applications server. You are not supposed to be using a FAS server page.

When i click on the "continue" button on "splash" page, can i be redirected to my web browser ?

You are not supposed to have a "continue" button with this configuration. Clients, instead, should be redirected to your applications server by the client device CPD as soon as they connect or scan the QR code.

[6LpUkQSgQm]

Hi,

@bluewavenet Thanks again for your help :-)

The configuration is supposed to be fasport 5080. This will redirect to your Apache applications server. You are not supposed to be using a FAS server page

Yes, i used fasport 5080 like above and i works! Yes! But ...

I tried, from the apache page, to insert a button to open the browser (like a href, for example) but it doesn't work because ... as indicated in your documentation, minimal browser CPD don't accept "href" if I understood correctly. In the meantime, I tried several things, I tried MITM but I have to write a url to be replaced by a fake site. I tried nodogsplash, I tried openNds, I tried to use iptables (without real success with --to- url) Can you tell me if it is impossible or possible to open a browser (not CPD but Safari, Firefox, Chrome) from the Android or Apple "detect portal"?

[bluewavenet]

@alpha77788998778999877855 To recap: When a client connects to a network, the CPD does its tests in the background. CPD is a part of the operating system of the client device. CPD is designed specifically to automatically pop up the web pages of the captive portal with security as the highest priority. This security is to protect the client and prevent external influences from controlling the client in any way. Just think how bad it would be if connecting to a wifi could trigger the startup of some application or download some files. CPD prevents all of this.

So in summary, if you would like the act of just connecting to start an application such as another browser, then the answer is most definitely NO.

If you want the CPD to display web pages or information or even interaction (such as payments on Paypal for example), then the answer is YES, you can do this.

[6LpUkQSgQm]

@bluewavenet thank you for your help it's really more understandable.

[voltusv]

@alpha77788998778999877855 @sicelo I found a QR generator that takes SSID, password, and encryption type and tried it on my Android phone. To my surprise it worked. https://wifiqrcode.com/en/

Well, you learn something every day :-D

You also can use RaspAp, where you have a QR generator with your Hostpot data. It is automatically generated and is a very simple tool to configure your Hostpot