Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:captive-portal:wireless.hotspot.nodogsplash [2018/05/24 14:01] – major config section overhaul - now up to date with the latest version josephmarlindocs:guide-user:services:captive-portal:wireless.hotspot.nodogsplash [2019/04/30 10:59] – [Nodogsplash Configuration File] someothertime
Line 11: Line 11:
  
 The secure wireless is bridged to the hard-wired ports, the hotspot is separate and isolated from the local network. The secure wireless is bridged to the hard-wired ports, the hotspot is separate and isolated from the local network.
 +
 +Official documentation: https://nodogsplashdocs.readthedocs.io/en/stable/
 +
 +===== Overview =====
 +
 +The nodogsplash captive portal runs as a service that manages client traffic over a router by adjusting firewall rules based on client tracking tools that interact with a users browser and client network requests.
 +
 +In order to fully setup user and password authentication or more complex configuration. You will need to read the linked documentation to gain better understanding of the layers that are involved.
 +
 +Usually this will require some basic script/web source editing and web server setup and modification. On Openwrt if user credentials are to be local to the router this will also need to be considered.
 + 
  
 ===== Installation ===== ===== Installation =====
Line 19: Line 30:
 </code> </code>
  
-By default nodogsplash is disabled after install; change "option enabled" in /etc/config/nodogsplash from 0 to to enable it.+In **/etc/config/nodogsplash** ensure option enabled is 1 
 +<code> 
 +  option enabled 1 
 +</code>
  
-Use "/etc/init.d/nodogsplash start" to start NDS.  Use "/etc/init.d/nodogsplash enable" to auto-start it in the future.+Enable and start the nodogsplash ( NDS ) service. 
 +<code> 
 +/etc/init.d/nodogsplash enable 
 +/etc/init.d/nodogsplash start 
 +</code>
  
-Use "/usr/bin/ndsctl status" to check if nodogsplash is up.+Some useful commands are listed below. 
 +<code> 
 +/usr/bin/ndsctl status                 ( check if nodogsplash is up 
 +/usr/bin/ndsctl clients                ( list connected clients and status ) 
 +/usr/bin/ndsctl deauth 192.168.1.10    ( useful for testing ) 
 +</code>
  
 See https://github.com/nodogsplash/nodogsplash#7-debugging-nodogsplash about how to debug start-up issues. See https://github.com/nodogsplash/nodogsplash#7-debugging-nodogsplash about how to debug start-up issues.
Line 35: Line 58:
 Older versions use ''/etc/nodogsplash/nodogsplash.conf'', while versions starting at 0.9_beta9.9.9-5 in Chaos Calmer 15.05 use UCI with ''/etc/config/nodogsplash''. Older versions use ''/etc/nodogsplash/nodogsplash.conf'', while versions starting at 0.9_beta9.9.9-5 in Chaos Calmer 15.05 use UCI with ''/etc/config/nodogsplash''.
  
-The "/etc/config/nodogsplash" config file can be seen [[https://github.com/openwrt-routing/packages/blob/master/nodogsplash/files/nodogsplash.config|here]], and is documented below.+The "/etc/config/nodogsplash" config file can be seen [[https://github.com/openwrt-routing/packages/blob/master/nodogsplash/files/nodogsplash.config|here]] or [[https://raw.githubusercontent.com/nodogsplash/nodogsplash/master/openwrt/nodogsplash/files/etc/config/nodogsplash|here]], and is documented below.
  
 Below is a documented version of the "/etc/config/nodogsplash" file. This UCI file is automatically turned into a temporary config file with the old format when nodogsplash starts. That file can be viewed in /tmp/etc/ Below is a documented version of the "/etc/config/nodogsplash" file. This UCI file is automatically turned into a temporary config file with the old format when nodogsplash starts. That file can be viewed in /tmp/etc/
Line 239: Line 262:
   # password when authenticating.   # password when authenticating.
   # option password 'nodog'   # option password 'nodog'
- 
  
   # Set to yes (or true or 1), to require a username matching   # Set to yes (or true or 1), to require a username matching
Line 252: Line 274:
   # a user is forced to reauthenticate.   # a user is forced to reauthenticate.
   # option passwordattempts '5'   # option passwordattempts '5'
- 
-  # Set to yes (or true or 1), to enable traffic control in Nodogsplash. 
-  # option trafficcontrol 'no' 
- 
-  # If TrafficControl is enabled, this sets the maximum download 
-  # speed to the GatewayInterface, in kilobits per second. 
-  # For example if you have an ADSL connection with 768 kbit 
-  # download speed, and you want to allow about half of that 
-  # bandwidth for the GatewayInterface, set this to 384. 
-  # A value of 0 means no download limiting is done. 
-  # option downloadlimit '384' 
- 
-  # If TrafficControl is enabled, this sets the maximum upload 
-  # speed from the GatewayInterface, in kilobits per second. 
-  # For example if you have an ADSL connection with 128 kbit 
-  # upload speed, and you want to allow about half of that 
-  # bandwidth for the GatewayInterface, set this to 64. 
-  # A value of 0 means no upload limiting is done. 
-  # option uploadlimit '64' 
  
   # By setting this parameter, you can specify a range of IP addresses   # By setting this parameter, you can specify a range of IP addresses
Line 299: Line 302:
 </code> </code>
  
 +==== mwan3 Compatibility ====
 +
 +NDS and mwan3 both mess with iptables. As such they need a little extra configuration sometimes to work together.
 +
 +**NDS 0.9** 
 +
 +Add the following lines to /etc/nodogsplash/nodogsplash.conf:
 +<code>
 +FW_MARK_AUTHENTICATED 262144
 +FW_MARK_TRUSTED 131072
 +FW_MARK_BLOCKED 65536
 +</code>
 +
 +**NDS 1.0**
 +
 +Make the following changes per [[https://github.com/nodogsplash/nodogsplash/issues/218|this]] issue.
 +
 +In /etc/config/nodogsplash:
 +<code>
 +list fw_mark_authenticated '30000'
 +list fw_mark_trusted '20000'
 +list fw_mark_blocked '10000'
 +</code>
 +
 +In /etc/config/mwan3:
 +<code>
 +config globals 'globals'
 +</code>
 +
 +**NDS 2.0**
 +//(compatible by default)//
  
 ==== Check status ==== ==== Check status ====
Line 478: Line 512:
 </code> </code>
  
-**NOTE: In Attitude Adjustment 12.09 there is no ''iptables-mod-imq'' package and so the above procedure will fail.**+NOTE: In Attitude Adjustment 12.09 there is no ''iptables-mod-imq'' package and so traffic control no longer works.
  
 For bandwidth control in **Attitude Adjustment 12.09** you can install [[http://lartc.org/wondershaper/|WonderShaper]] (which also uses [[docs:guide-user:network:traffic-shaping:packet.scheduler|tc]] as its back-end): For bandwidth control in **Attitude Adjustment 12.09** you can install [[http://lartc.org/wondershaper/|WonderShaper]] (which also uses [[docs:guide-user:network:traffic-shaping:packet.scheduler|tc]] as its back-end):
  • Last modified: 2020/04/15 22:45
  • by bobafetthotmail