libremesh / pirania Goto Github PK
View Code? Open in Web Editor NEWCaptive portal that will allow the communities to manage access to their Internet Gateways as they want.
License: MIT License
Captive portal that will allow the communities to manage access to their Internet Gateways as they want.
License: MIT License
What needs to happen in Pitbull and in LiMeApp in order to administer Pitbull through LiMeApp?
Letter and numbers that are similar shouldn't be used.
JUST USE:
2,3,4,5,6,7,8,9
q,w,e,r,t,y,u,p,a,s,d,f,g,h,j,k,l,z,x,v,b,n,m
Nodes should have a virtual access point with password for visitors. This AP will use a specific voucher for itself and will authorize any device connected to it.
I'd like to add pitbull
to the PACKAGES
file in my communities network-profile. I thought this would be possible after #11 was done, but it seems the feed still can't access it and building the firmware fails.
What would be needed for this to work?
We want to support the case where we have a captive portal on each community border (1 or more per community), and all the communities share one link to Internet.
In this scenario, we want the users of each community to be able to administer their captive portal independently from each other, even thou this borders do not announce Internet on BMX6 (they are borders for their networks, but they are not phisically connected to the Internet on their interfaces).
On the basis that we want everthing to work as plug-and-play as possible, the solution needs to work without manual intervention.
For this to work, we need to add a functionality that captures the traffic that goes through the border node to the internet
So, for each packet that goes through br-lan, if the destination goes to a node that announces Internet Access (bmx6 -c show tunnels | grep '0.0.0.0/0|::/0') then we need to show the Captive Portal to this user.
to catch DNS queries (from unauthenticated devices) trying to go out to 8.8.8.8 or the like (they would be rejected. REDIRECT them to local dnsmasq transparently)
Opening portal page from thisnode.info/portal creates a loop with redirect after authentication.
voucher create_many_vouchers
returns an error even if it works correctly.
Hello,
I want to try this captive portal in an experimental project that we are doing in NuestraRed.org.
Do you have any guide on how to install it ?
I already tried to add this repository as a feed in the openwrt code that I am using to create the firmware with LibreMesh for the teams that I am using in this project. But when I add it as a feed the pirania packages don't appear to compile them.
Thank you.
The get_mac_from_ip function in https://github.com/libremesh/pirania/blob/master/pirania-app/files/www/cgi-bin/client_ip#L8 should return a mac address but it is not doing it.
May be add a feature to clean the ones that have expired longer than one month.
The captive-portal UI in many languages. At least English, Spanish and Portuguese to start off.
Ipset isn't adding allowed macs from db.
Proposed by @nicoechaniz
Tested on WDR-4300 and WDR-3500 using LiMe 17.06 DaybootRely (17.06 rev. ac18095 20180306_2236 and rev. 704029c 20181010_2325).
Installed ipset
, ip6tables-mod-nat
and uhttpd-mod-lua
, copied all files using build-router.sh
script and ran captive-portal start
.
Expected behavior is to leave local traffic and redirect al other to portal. Actual behavior it blocks ssh
and ping
and doesn't redirect to portal. Tried stopping firewall, but it made internet traffic stop even after captive-portal stop
.
Strategy were you catch the first navigation page and then you open everything
Configure node in a way that an internal node, connected thru cable to a Libre Mesh node, can be authenticated instead of devices.
clean enable/disable of service
Voucher transactions would need have:
A user should be able to click a help button that shows a close by admin it's devices information. A help phrase should appear to the user saying: "get close to an admin".
here with @hiurequeiroz we just came across an android device 4.4.4 that could not display the bundle developed by @luandro
browsing to http://thisnode.info/pirania/ just showed a blank page (it did not even say You need to enable JavaScript to run this app.
). Disabling javascript in the android browser did correctly show the You need to enable JavaScript to run this app.
, indicating that the blank page is due to a failed javascript (quite possibly an outdated browser. But we'll definitely find this in the wild)
We need to provide a way to authorize oneself (enter a voucher) without javascript
details:
model: G620S-L01
version: Android 4.4.4
Every mac address (device) should have 15 minutes to access the internet per day.
default captive portal
Pirania web app always creates vouchers with same expire time.
The web portal always creates vouchers with 3 allowed macs, but it only excepts one mac at a time.
Oi Luandro,
have been thinking about Pirania and heard about something that we need to be aware of: MAC randomization.
It looks like in order for devices not to be tracked in corporate wifi environments (like Google's city wifi, or facebook's, or other corporations or state owned wifi hotspot networks), what devices started doing is doing MAC randomization, meaning that each time they connect to a new wifi network they will use a different MAC address.
We need to see how this would affect Pirania... I have seen that what some do is to have a separate wifi password per device... like an open wifi that gets captured by the hotspot, and a closed wifi that requires unique wifi passwords per device.
this is the article about MAC randomization: https://source.android.com/devices/tech/connect/wifi-mac-randomization
An implementation of that strategy: https://www.youtube.com/watch?time_continue=118&v=CxFx9PbkP8A&feature=emb_title
One way to do this is to generate a random group of vouchers that all share the same characteristics.
There must be also a way to see which ones where used.
Editing content on pirania-app returns Ubus error.
opkg packaging
config to setup an external captive portal
currently, one can use a voucher an unlimited amount of times, regardless of the value of amountofmacsallowed
In pirania/config there should be a way to add an url for an extra step after authentication.
Strategy when there is no gateway and you want the network to work without Internet
The voucher db should be stored on a external drive to persist in case the entire network goes down.
Sync captive portals using batman-adv Alfred/bmx6-sms
Should run firstbootwizzard instead of the captive-portal if it's the first run.
Strategy were if you have no voucher you go slower than the rest
Call the hooks folder when the db updated and when the captive-portal starts and stops. Enabling pirania and shared-state to work together.
Was finally able to get pitbull
installed. Been trying to test it out and I noticed that although add_voucher
works in adding a new voucher profile, auth_voucher
doesn't work in adding a new mac address to a profile.
If I have a userId luandro
it should be used like this voucher auth_voucher d0:a6:37:e8:1a:08 luandro
right?
Vouchers keep being valid despite expire time passing.
I just stumbled upon this behaviour using chromium Version 73.0.3683.75 (Developer Build) built on Debian 9.8, running on Debian 9.4 (64-bit)
connected to a libremesh running
root@LiMe-e9b944:~# opkg list *pirania*
pirania - 2019-09-27-1569563798
pirania-app - 2019-09-27-1569563798
shared-state-pirania - 2019-09-27-1569563798
browsed to http://ip4.me/
i was redirected to captive portal (thisnode.info/portal), entered a valid voucher and got internet access.
opened a new tab, and tried to browse to http://ip4.me/, i was again redirected to thisnode.info/portal. retried many times, every time i got redirected.
(i tried on a new browser session, and i was not redirected)
i did not look further into it but i got the impression that the browser is caching the redirect, which could be because pirania is sending "301 moved permanently" (permanent redirect) instead of "302 moved temporarily". is this the case? if then, i suggest to change it to 302
Allow tickets to limit traffic amount. In other words, 100 MB, 2 GB, etc. This is useful for traffic-limited internet connections, such as the satellite connections used in some communities in Brazil.
In practice, this will mean that each ticket can limit one or more of the following parameters:
Testing on an Android phone v6.0 and captive portal doesn't open and loading pages on Chrome simply shows no connection.
The ideal interaction would be to pop open the captive portal.
A cron should check for vouchers that have expired and delete them in order to save memory.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.