By: XtendedGreg as seen on https://youtube.com/live/vCRdlZjwhsE
These commands will compile and install NoDogSplash, configure it as a captive portal, and start it as a service on Alpine Linux. This is useful for guest or customer networks where you would like to maintain access to the internet for temporary users, but do not want it to be exploited.
- Raspberry Pi running Alpine Linux configured as an access point following this guide: https://gist.github.com/XtendedGreg/5ef72d27c0dd1dbf1f2e2125092e7369
- Clone the NoDogSplash repository:
git clone https://github.com/nodogsplash/nodogsplash.git
- CD into the NoDogSplash directory:
cd nodogsplash
- Install the build base and build essentials:
apk add build-base linux-headers libmicrohttpd-dev iptables
- Compile NoDogSplash:
make
- Install compiled NoDogSplash
make install
- Add NoDogSplash to lbu:
lbu add /usr/bin/nodogsplash /usr/bin/ndsctl
- Configure NoDogSplash using VIM (Press "i" to edit):
vi /etc/nodogsplash/nodogsplash.conf
- Change the gateway interface to wlan0:
GatewayInterface wlan0
GatewayName [whatever name you want]
GatewayAddress [static IP address of your wlan0 interface]
RedirectURL http://[wlan0 IP address]:2050/status.html
GatewayPort 2050
BinAuth /bin/myauth.sh
- Save config and exit VIM (Press "Esc" key to exit edit mode):
:wq
- Create an init file for NoDogSplash (Press "i" to edit):
vi /etc/init.d/nodogsplash
- Add the following content to the init file:
#!/sbin/openrc-run
name=$RC_SVCNAME
cfgfile="/etc/$RC_SVCNAME/$RC_SVCNAME.conf"
command="/usr/bin/nodogsplash"
command_args="-f"
command_user="root"
pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid"
start_stop_daemon_args=""
command_background="yes"
depend() {
need net
}
start_pre() {
checkpath --directory --owner $command_user:$command_user --mode 0775 \
/run/$RC_SVCNAME /var/log/$RC_SVCNAME
echo 1 > /proc/sys/net/ipv4/ip_forward
}
- Save init file and exit VIM (Press "Esc" key to exit edit mode):
:wq
- Make the init file executable:
chmod +x /etc/init.d/nodogsplash
- Add the init file to lbu:
lbu add /etc/init.d/nodogsplash
- Register no dog Splash as a startup service:
rc-update add nodogsplash default
- Create myauth.sh file (Press "i" to edit):
vi /bin/myauth.sh
- Add the following content to the myauth.sh file:
#!/bin/sh
# EXAMPLE 1
# This is an example script for BinAuth
# It verifies a client username and password and sets the session length.
#
# If BinAuth is enabled, NDS will call this script as soon as it has received an authentication request
# from the web page served to the client's CPD (Captive Portal Detection) Browser by one of the following:
#
# 1. splash_sitewide.html
# 2. PreAuth
# 3. FAS
#
# The username and password entered by the clent user will be included in the query string sent to NDS via html GET
# For an example, see the file splash_sitewide.html
METHOD="$1"
CLIENTMAC="$2"
case "$METHOD" in
auth_client)
USERNAME="$3"
PASSWORD="$4"
if [ "$USERNAME" = "myuser" -a "$PASSWORD" = "mypassword" ]; then
# Allow Staff to access the Internet for the global sessiontimeout interval
# Further values are reserved for upload and download limits in bytes. 0 for no limit.
echo 0 0 0
exit 0
elif [ "$USERNAME" = "Guest" -a "$PASSWORD" = "thanks" ]; then
# Allow Guest to access the Internet for 10 minutes (600 seconds)
# Further values are reserved for upload and download limits in bytes. 0 for no limit.
echo 600 0 0
exit 0
else
# Deny client access to the Internet.
exit 1
fi
;;
client_auth|client_deauth|idle_deauth|timeout_deauth|ndsctl_auth|ndsctl_deauth|shutdown_deauth)
INGOING_BYTES="$3"
OUTGOING_BYTES="$4"
SESSION_START="$5"
SESSION_END="$6"
# client_auth: Client authenticated via this script.
# client_deauth: Client deauthenticated by the client via splash page.
# idle_deauth: Client was deauthenticated because of inactivity.
# timeout_deauth: Client was deauthenticated because the session timed out.
# ndsctl_auth: Client was authenticated by the ndsctl tool.
# ndsctl_deauth: Client was deauthenticated by the ndsctl tool.
# shutdown_deauth: Client was deauthenticated by Nodogsplash terminating.
;;
esac
- Save myauth.sh file and exit VIM (Press "Esc" key to exit edit mode):
:wq
- Make the myauth.sh file executable:
chmod +x /bin/myauth.sh
- Add the myauth.sh file to lbu:
lbu add /bin/myauth.sh
- Edit splash.html (Press "i" to edit):
vi /etc/nodogsplash/htdocs/splash.html
- Uncomment the following content to the login file (Remove
<!--
before and-->
after):
<form method="GET" action="$authaction">
<input type="hidden" name="tok" value="$tok">
<input type="hidden" name="redir" value="$redir">
- Save splash.html file and exit VIM (Press "Esc" key to exit edit mode):
:wq
- Save lbu
lbu commit -d
- Start NoDogSplash:
/etc/init.d/nodogsplash start
- Connect to Raspberry Pi Access Point
- If login page does not launch automatically, go to the url in a browser:
http://[wlan0 IP Address]:2050/
You've now set up a captive portal on your access point. You can change the users, passwords and session duration to match your needs and distribute it how you see fit. This can also be adapted to wired networks as well, however the configuration would be a bit different. Experiment to find what you like and go with what works for you.