libremesh / pirania Goto Github PK

What needs to happen in Pitbull and in LiMeApp in order to administer Pitbull through LiMeApp?

Letter and numbers that are similar shouldn't be used.

JUST USE:
2,3,4,5,6,7,8,9
q,w,e,r,t,y,u,p,a,s,d,f,g,h,j,k,l,z,x,v,b,n,m

Nodes should have a virtual access point with password for visitors. This AP will use a specific voucher for itself and will authorize any device connected to it.

I'd like to add pitbull to the PACKAGES file in my communities network-profile. I thought this would be possible after #11 was done, but it seems the feed still can't access it and building the firmware fails.

What would be needed for this to work?

We want to support the case where we have a captive portal on each community border (1 or more per community), and all the communities share one link to Internet.

In this scenario, we want the users of each community to be able to administer their captive portal independently from each other, even thou this borders do not announce Internet on BMX6 (they are borders for their networks, but they are not phisically connected to the Internet on their interfaces).

On the basis that we want everthing to work as plug-and-play as possible, the solution needs to work without manual intervention.

For this to work, we need to add a functionality that captures the traffic that goes through the border node to the internet

So, for each packet that goes through br-lan, if the destination goes to a node that announces Internet Access (bmx6 -c show tunnels | grep '0.0.0.0/0|::/0') then we need to show the Captive Portal to this user.

to catch DNS queries (from unauthenticated devices) trying to go out to 8.8.8.8 or the like (they would be rejected. REDIRECT them to local dnsmasq transparently)

Opening portal page from thisnode.info/portal creates a loop with redirect after authentication.

voucher create_many_vouchers returns an error even if it works correctly.

Hello,

I want to try this captive portal in an experimental project that we are doing in NuestraRed.org.
Do you have any guide on how to install it ?
I already tried to add this repository as a feed in the openwrt code that I am using to create the firmware with LibreMesh for the teams that I am using in this project. But when I add it as a feed the pirania packages don't appear to compile them.

Thank you.

The get_mac_from_ip function in https://github.com/libremesh/pirania/blob/master/pirania-app/files/www/cgi-bin/client_ip#L8 should return a mac address but it is not doing it.

https://serverfault.com/questions/822835/minimum-bandwidth-limit-on-linux-systems/822839

May be add a feature to clean the ones that have expired longer than one month.

• User should be able to save voucher page as a PWA to phone home screen
• User should be able to see how many days are left with it's voucher
• User should be able to identify new devices that connect to the network

The captive-portal UI in many languages. At least English, Spanish and Portuguese to start off.

Ipset isn't adding allowed macs from db.

Proposed by @nicoechaniz

Tested on WDR-4300 and WDR-3500 using LiMe 17.06 DaybootRely (17.06 rev. ac18095 20180306_2236 and rev. 704029c 20181010_2325).

Installed ipset, ip6tables-mod-nat and uhttpd-mod-lua, copied all files using build-router.sh script and ran captive-portal start.

Expected behavior is to leave local traffic and redirect al other to portal. Actual behavior it blocks ssh and ping and doesn't redirect to portal. Tried stopping firewall, but it made internet traffic stop even after captive-portal stop.

Strategy were you catch the first navigation page and then you open everything

Configure node in a way that an internal node, connected thru cable to a Libre Mesh node, can be authenticated instead of devices.

clean enable/disable of service

Voucher transactions would need have:

• date
• mac
• voucher
• action (approved, rejected)

A user should be able to click a help button that shows a close by admin it's devices information. A help phrase should appear to the user saying: "get close to an admin".

here with @hiurequeiroz we just came across an android device 4.4.4 that could not display the bundle developed by @luandro

browsing to http://thisnode.info/pirania/ just showed a blank page (it did not even say You need to enable JavaScript to run this app.). Disabling javascript in the android browser did correctly show the You need to enable JavaScript to run this app., indicating that the blank page is due to a failed javascript (quite possibly an outdated browser. But we'll definitely find this in the wild)

We need to provide a way to authorize oneself (enter a voucher) without javascript

details:
model: G620S-L01
version: Android 4.4.4

Every mac address (device) should have 15 minutes to access the internet per day.

default captive portal

Pirania web app always creates vouchers with same expire time.

The web portal always creates vouchers with 3 allowed macs, but it only excepts one mac at a time.

Oi Luandro,
have been thinking about Pirania and heard about something that we need to be aware of: MAC randomization.
It looks like in order for devices not to be tracked in corporate wifi environments (like Google's city wifi, or facebook's, or other corporations or state owned wifi hotspot networks), what devices started doing is doing MAC randomization, meaning that each time they connect to a new wifi network they will use a different MAC address.
We need to see how this would affect Pirania... I have seen that what some do is to have a separate wifi password per device... like an open wifi that gets captured by the hotspot, and a closed wifi that requires unique wifi passwords per device.
this is the article about MAC randomization: https://source.android.com/devices/tech/connect/wifi-mac-randomization
An implementation of that strategy: https://www.youtube.com/watch?time_continue=118&v=CxFx9PbkP8A&feature=emb_title

One way to do this is to generate a random group of vouchers that all share the same characteristics.
There must be also a way to see which ones where used.

Editing content on pirania-app returns Ubus error.

opkg packaging

config to setup an external captive portal

currently, one can use a voucher an unlimited amount of times, regardless of the value of amountofmacsallowed

In pirania/config there should be a way to add an url for an extra step after authentication.

Strategy when there is no gateway and you want the network to work without Internet

The voucher db should be stored on a external drive to persist in case the entire network goes down.

Sync captive portals using batman-adv Alfred/bmx6-sms

Should run firstbootwizzard instead of the captive-portal if it's the first run.

Strategy were if you have no voucher you go slower than the rest

Call the hooks folder when the db updated and when the captive-portal starts and stops. Enabling pirania and shared-state to work together.

Was finally able to get pitbull installed. Been trying to test it out and I noticed that although add_voucher works in adding a new voucher profile, auth_voucher doesn't work in adding a new mac address to a profile.

If I have a userId luandro it should be used like this voucher auth_voucher d0:a6:37:e8:1a:08 luandro right?

Vouchers keep being valid despite expire time passing.

I just stumbled upon this behaviour using chromium Version 73.0.3683.75 (Developer Build) built on Debian 9.8, running on Debian 9.4 (64-bit)
connected to a libremesh running

root@LiMe-e9b944:~# opkg list *pirania*
pirania - 2019-09-27-1569563798
pirania-app - 2019-09-27-1569563798
shared-state-pirania - 2019-09-27-1569563798

browsed to http://ip4.me/
i was redirected to captive portal (thisnode.info/portal), entered a valid voucher and got internet access.
opened a new tab, and tried to browse to http://ip4.me/, i was again redirected to thisnode.info/portal. retried many times, every time i got redirected.
(i tried on a new browser session, and i was not redirected)
i did not look further into it but i got the impression that the browser is caching the redirect, which could be because pirania is sending "301 moved permanently" (permanent redirect) instead of "302 moved temporarily". is this the case? if then, i suggest to change it to 302

Allow tickets to limit traffic amount. In other words, 100 MB, 2 GB, etc. This is useful for traffic-limited internet connections, such as the satellite connections used in some communities in Brazil.

In practice, this will mean that each ticket can limit one or more of the following parameters:

• speed (up and down)
• traffic (up and down)
• time

Testing on an Android phone v6.0 and captive portal doesn't open and loading pages on Chrome simply shows no connection.

The ideal interaction would be to pop open the captive portal.

A cron should check for vouchers that have expired and delete them in order to save memory.