Currently I have two AR150’s and love them - but they are often useless in hotels running captive portals.
Is the new GL-USB150 better in this area?
I’m not familiar with the AR150’s but I have a AR300M and have found in some hotels I just can’t get them to work but in many if I log on using my computer then clone the computer’s MAC to the AR300M I can then connect. I’ve also found some places that connect fine but block my VPN. That is really frustrating!
I think one way you can get around it is SSH tunnel to AR150 using SOCKS5 proxy to your web browser.
Linux command would be:
ssh -D 1234 root@192.168.8.1
Set your browser to use SOCKS5 proxy to 127.0.0.1 port 1234
Then you should be able to accept the captive portals to allow your AR150 to connect.
After you can just remove the proxy settings of your browser to browse over the AR150 normally.
1 Like
The correct way is via /etc/config/dhcp file. Please understand the implication of this change first
Change
option rebind_protection ‘1’
to
option rebind_protection ‘0’
Thanks for the suggestions!
@LostDog cloning the MAC requires connecting a laptop or phone directly to the network. That creates an opportunity for infection or data leakage that the AR150 prevents. So for me the risk with this option is not acceptable.
@heavymetal sometimes the only device I have is a phone, that means using a SOCKS5 proxy might not always be possible.
@sammo would option rebind_protection need to remain changed (set to 0) or can it be reset (to 1) and the dnsmasq service restarted after clearing the captive portal?
@alzhao Monday I’ll be at a hotel where previous attempts to use the AR150 failed and will try both solutions.
@ds. Most hotel captive portal usually requires first time registration.
Hence you can revert the change once you’re registered.
The second option is to leave rebind_protection ‘1’ and use whitelisting.
A bit technical for me.
I found that if I entered the captive portal URL directly, instead of waiting (hoping) for a redirect, that it mostly worked. The only issue I recall was that the lease times were not a full 12\24. It’s been a while since I traveled, but yes this was one of the more frustrating issues with a travel router.
I think it’s the same for all OpenWrt.
Typing this from a Marriott via my AR150 after using the tip from @sammo. Two weeks ago I was unable to access the wireless at this same location.
Later this week I’ll be at another hotel where I was unable to access the wireless and will continue testing the @sammo tip.
@ds-Iceland - What was the tip that worked? <em style=“outline: none; vertical-align: baseline; background: #f9f9f9; margin: 0px; padding: 0px; color: #222222; font-family: source_sans_proregular, ‘Helvetica Neue’, Arial, Helvetica, Geneva, sans-serif; font-size: 14.6667px;”>option rebind_protection 0 then back to 1 once you are registered?
@ds-iceland, if you find you are visiting the same hotel with captive portal, you can do whitelisting
Leave
rebind_protection ‘1’
After captive portal fails and add the website to whitelisting, ‘logread’ will tell you the website thats bening redirect
This way you dont have to keep changing the rebind_protection.
Obviously you will need to add to whitelisting for each new captive portal
@ds-iceland,if the problem is the captive portal failure, I think used the computer’s MAC to the AR300M is the sasy way to solve the problem, gedit the /etc/config/network for
config interface ‘wan’
option ‘macaddr’ ‘computer’s MAC’
>> After captive portal fails and add the website to whitelisting, ‘logread’ will tell you the website thats bening redirect.
Hi.
Excuse my ignorance but:
- how to do a “logread”
- how to “whitelist”?
Thanks in advance,
Glitch
@sammo thanks, this was useful for me too. Got a captive portal that would not work (DNS unable to resolve), changing the setting worked for me.
Explaining what rebind_protection does: When enabled DNS queries cannot be answered with a local IP address. OpenWrt has it turned on as default.
@alzhao; Maybe an idea to make it on ON/OFF button in the GUI?
I’m a Information Security Officer at a large firm, myself and many colleagues travel a lot. The AR300M is always with me and I encourage each and everyone around me to get one for themselves. But it must be fool-proof. I might have a deep technical background but many of my colleagues don’t. Hence that is why I like the GLI stuff so much! Keep it up!
@Glitch, logread is a command on the unix shell level, tells you what’s happening. Guide below should help
You want it automated, no buttons as the average user would forget the button or what it does.
OK, regarding whitelisting, I finally found the solution and answered my own question:
Luci > network > DHCP and DNS > general settings.
The last box is “Domain whitelist”. Enter the captive portal domain here eg. captiveportal.com.
I believe this has the same effect as editing the /etc/config/dhcp file (under config dnsmasq) and adding the line:
list rebind_domain captiveportal.com
Regards,
Glitch
PS. @sammo: thanks, reading the link now.
Thanks, I have never setup my box using the Luci/gui ever.
I have only ever needed 1 scenario, and thats repeater mode (natted) and I have heavily customised mine.
Second hotel and second time the tip from @sammo worked!
So happy with how it works that I’ve created two simple shell scripts to copy a version of dhcp with option rebind_protection set to either 0 or 1 over the file in /etc/config and restart the dnsmasq service. Yes I’m lazy 
It requires me to attach the AR150 to the captive portal network (with the GUI), then SSH into the AR150 and run the script. But what counts (for me) is that this solution works and can be done from either a laptop or smart phone.
Thank you for the information @sammo, I’m in love with my AR150 all over again.