Captive Portal & GL-USB150

Thinking about the suggestion from @EEKtheCAT to use the button to set ‘rebind_protection’ - it would save me from having to SSH into the AR150 and edit ‘rebind_protection’. This evening I disabled the button on my AR150 (it was set to activate / deactivate VPN via the GUI). With the aid of some code my AR150’s button now controls setting ‘rebind_protection’ to 0 or 1.

@ ds

Of course you are going to share the code :slight_smile:

Did you try white-listing the portal instead of the rebind option?

Glitch

Per your request @Glitch, my code is attached. The install directions are:

  1. extract the contents of portal.zip
  2. copy the “portal” directory (and its contents) to /root
  3. cd to the “/root/portal” directory
  4. Perform “chmod +x” on /root/portal/config.sh
  5. Run config.sh (./config.sh)
  6. Reboot

Feel free to test / use / modify as you wish.

1 Like

@ds-Iceland Cool! Now lets see if this can be obtained in the stable :smiley:

@ds-iceland Everybody dhcp might be slightly different. Here’s a one liner, substitute in place

Disabled

sed -i – “s/^[[:blank:]]*option[[:blank:]][[:blank:]]rebind_protection.$/ option rebind_protection ‘0’/” /etc/config/dhcp

Enabled

sed -i – “s/^[[:blank:]]*option[[:blank:]][[:blank:]]rebind_protection.$/ option rebind_protection ‘1’/” /etc/config/dhcp

 

 

 

My dhcp file is stock, however you raise a good point @sammo. A revised version of the code using your in-place edit has been attached to my previous post as portal-v2.zip.

Thanks to everyone who has contributed to this effort.

why not use uci instead of sed

Disabled:

uci set dhcp.@dnsmasq[0].rebind_protection=‘0’

uci commit dhcp

Enabled:

uci set dhcp.@dnsmasq[0].rebind_protection=‘1’

uci commit dhcp

 

 

@ ds: thanks for sharing
@ everyone else: you just got to love this forum and the people that contribute to it!

Glitch

Piling on here to request this feature as a button of some sort in the gui…I currently can’t connect (and stupidly created another thread about these issues - sorry). It’s not completely beyond me to tinker at this level with the router but it’s not something I have the energy to mess with this trip. It would take a little research to just figure out exactly what you guys are all explaining how to do. That’s really been the beauty of these routers though…I don’t spend time messing around with settings and junk in the hotel when I just want to relax/recover/get work done. Having this feature easily available for dummies (like me) would be awesome!

Hey the tip from Sammo worked for me! I used WinSCP and connected via SCP to edit the dhcp config file. Might be handy for those who work better with gui than command line. Thanks guys!!!

I used the whitelisting suggested by Glitch

<span style=“color: #222222; font-family: source_sans_proregular, ‘Helvetica Neue’, Arial, Helvetica, Geneva, sans-serif; font-size: 14.6667px; background-color: #f9f9f9;”>Luci > network > DHCP and DNS > general settings.</span><br style=“outline: none; vertical-align: baseline; background: #f9f9f9; margin: 0px; padding: 0px; color: #222222; font-family: source_sans_proregular, ‘Helvetica Neue’, Arial, Helvetica, Geneva, sans-serif; font-size: 14.6667px;” /><span style=“color: #222222; font-family: source_sans_proregular, ‘Helvetica Neue’, Arial, Helvetica, Geneva, sans-serif; font-size: 14.6667px; background-color: #f9f9f9;”>The last box is “Domain whitelist”. Enter the captive portal domain here eg. captiveportal.com.</span>

Go to your browser and either try the captive portal address or in my case I just refreshed a page. Don’t try a SSL site though you’ll get a warning because it will have an invalid certificate.

So, to sum all of that up: enter each captive portal’s domain as a separate entry in LUCI’s web GUI under “Network -> DHCP and DNS -> domain whitelist” and captive portals should work without ssh’ing in the router and running scripts?

Can someone confirm this ‘LUCI-method’ to work? :slight_smile:

@budwoo: can’t confirm it myself but it would appear so.

Also, can you turn rebind on and off in the same menu (Network -> DHCP and DNS -> rebind protection).
At least, I assume this does what the scripts do (didn’t try it myself yet).

Glitch

@alzhao:

What would you think of adding a text hint next to the blue question mark icon in LUCI’s web GUI at the appropiate setting (i.e. “DNS whitelist”) to inform the users about the possibilities here to deal with captive portals? :slight_smile: Before I read this thread, I wasn’t aware of this setting’s effect.

@budwoo,

I will add rebind-protection settings in next firmware. For whitelisting, need to gather a list of domains.

I think dns rebind attacks are not that common so it is fairly safe to turn protection off and if you are really worried, turn off javascript in your browser.
I suppose it is a balance between protection and convenience.
Maybe a button in the UI that starts a script that turns it off for say 5 minutes to allow you to login then it re-enables automatically?

Add tengointernet to the list.

Any update since this thread ended? I would love a Gui solution to the problem since I know nothing about Linux and scripts.