/wifidog-ng

Next generation WifiDog

Primary LanguageCGNU Lesser General Public License v2.1LGPL-2.1

WifiDog-ng(中文)

license PRs Welcome Issue Welcome Release Version Build Status

Next generation WifiDog

WifiDog-ng is a very efficient captive portal solution for wireless router which with embedded linux(LEDE/Openwrt) system.

Keep Watching for More Actions on This Space

Features

  • Use epoll - Based on libubox: Single threaded, Fully asynchronous, No blocking operation at all
  • Writing kernel module to implement authentication management instead of using iptables to create firewall rules
  • Support HTTPS: OpenSSL, mbedtls and CyaSSl(wolfssl)
  • Remote configuration(With the help of rtty)
  • Code structure is concise and understandable

Dependencies

Install on OpenWrt

opkg update
opkg list | grep wifidog-ng
opkg install wifidog-ng-nossl

If the install command fails, you can compile it yourself.

UCI Config options

Section gateway

Name Type Required Default Description
enabled bool no 0 Whether to enable wifidog
id string no Gateway id. If not set, the mac address of the ifname will be used
ifname interface no br-lan Interface to listen by wifidog
port port number no 2060 port to listen by wifidog
ssl_port port number no 8443 ssl port to listen by wifidog
ssid ssid no Used for WeChat
checkinterval seconds no 30 How many seconds should we wait between timeout checks. This is also how often the gateway will ping the auth server and how often it will update the traffic counters on the auth server.
temppass_time seconds no 30 Temporary pass time
client_timeout seconds no 5 Set this to the desired of number of CheckInterval of inactivity before a client is logged out. The timeout will be INTERVAL * TIMEOUT

Section authserver

Name Required Default
host yes no
port no 80
path no /wifidog
login_path no login
portal_path no portal
msg_path no gw_message.php
ping_path no ping
auth_path no auth

Section popularserver

Name Type Required Default
server list no www.baidu.com www.qq.com

Section whitelist

Name Type Description
domain list Can be a domain or ipaddr
mac list A macaddr

Protocol

Gateway heartbeating (Ping Protocol)

http://authserver/wifidog/ping?gw_id=xx&sys_uptime=xx&sys_memfree=xx&sys_load=xx&wifidog_uptime=xx

To this the auth server is expected to respond with an http message containing the word "Pong".

Login

http://authserver/wifidog/login?gw_address=xx&gw_port=xx&gw_id=xx&ip=xx&mac=xx&ssid=xx&url=xx

Auth

http://gw_address:gw_port/wifidog/auth?token=xx

Auth confirm

http://authserver/wifidog/auth?stage=login&ip=xx&max=xx&token=xx&incoming=xx&outgoing=xx

The response of the auth server should be "Auth: 1" or "Auth: 0"

Counters (POST)

http://authserver/wifidog/auth/?stage=counters&gw_id=xx

{
    "counters":[{
        "ip": "192.168.1.201",
        "mac": "xx:xx:xx:xx:xx:xx",
        "token": "eb6d8d7f5ad6f35553a40f66cd2bff70",
        "incoming": 4916,
        "outgoing": 20408,
        "uptime": 23223
    }, {
        "ip": "192.168.1.202",
        "mac": "xx:xx:xx:xx:xx:xx",
        "token": "eb6d8d7f5ad6f35553a40f66cd2bff70",
        "incoming": 4916,
        "outgoing": 20408,
        "uptime": 23223
    }]
}

The response of the server should be:

{
    "resp":[{
        "mac": "0c:1d:ff:c4:db:fc",
        "auth": 1
    }, {
        "mac": "0c:1d:cf:c4:db:fc",
        "auth": 0
    }]
}

Temporary pass

http://gw_address:gw_port/wifidog/temppass?script=startWeChatAuth();

Test Server

Remote configuration(First install rtty)

wifidog-ng provides the UBUS configuration interface and then remotely configuring the wifidog-ng with the help of the remote execution command of the rtty

# ubus -v list wifidog-ng
'wifidog-ng' @5903037c
    "term":{"action":"String","mac":"String"}
    "whitelist":{"action":"String","domain":"String","mac":"String"}

Allow client

ubus call wifidog-ng term '{"action":"add", "mac":"11:22:33:44:55:66"}'

Kick off client

ubus call wifidog-ng term '{"action":"del", "mac":"11:22:33:44:55:66"}'

Add domain whitelist

ubus call wifidog-ng whitelist '{"action":"add", "domain":"qq.com"}'

Delete domain whitelist

ubus call wifidog-ng whitelist '{"action":"del", "domain":"qq.com"}'

Add macaddr whitelist

ubus call wifidog-ng whitelist '{"action":"add", "mac":"11:22:33:44:55:66"}'

Delete macaddr whitelist

ubus call wifidog-ng whitelist '{"action":"del", "mac":"11:22:33:44:55:66"}'

Remote configuration example

#!/bin/sh

host="your-rtty-server.com"
port=5912
devid="test"
username="root"
password="123456"
action="add"
domain="www.163.com"

params="[\"call\", \"wifidog-ng\", \"whitelist\", \"{\\\"action\\\":\\\"$action\\\", \\\"domain\\\":\\\"$domain\\\"}\"]"

data="{\"devid\":\"$devid\",\"username\":\"$username\",\"password\":\"$password\",\"cmd\":\"ubus\",\"params\":$params}"

echo $data
curl -k "https://$host:$port/cmd" -d "$data"

Contributing

If you would like to help making wifidog-ng better, see the CONTRIBUTING.md file.

QQ group: 153530783

If the project is helpful to you, please do not hesitate to star. Thank you!