Skip to content

A hight performance and lightweight captive portal solution for HTTP(s)

License

Notifications You must be signed in to change notification settings

bearllm/apfree_wifidog

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ApFreeWiFiDog

license PRs Welcome Issue Welcome Release Version OpenWRT Join the QQ Group

ApFree WiFiDog: A high performance captive portal solution for HTTP(s)

ApFree WiFiDog is a high performance captive portal solution for HTTP(s), which mainly used in (LEDE&Openwrt) platform.

中文介绍

Enhancement of apfree-wifidog

In fact, the title should be why we choose apfree-wifidog, the reason was the following:

Stable

apfree-wifidog was widely used in tens of thousands device, which were running in business scene. In order to improve its stable, we rewrite all iptables rule by api instead of fork call, which will easily cause deadlock in multithread-fork running environment. we also re-write the code and replace libhttpd (which unmaitained for years) with libevent

Performance

apfree-wifidog's http request-response is more quick, u can find statistic data in our test document

HTTPs redirect

apfree-wifidog support https redirect, in current internet environment, captive portal solution without supporting https redirect will become unsuitable gradually

More features

apfree-wifidog support mac temporary-pass, ip,domain,pan-domain,white-mac,black-mac rule and etc. all these rules can be applied without restarting wifidog

MQTT support

by enable mqtt support, u can remotely deliver such as trusted ip, domian and pan-domain rules to apfree wifidog

Compitable with wifidog protocol

u don't need to modify your wifidog authentication server to adapt apfree-wifidog; if u have pression on server-side, apfree wifidog's improved protocol can greatly relieve it, which disabled by default


How to added apfree-wifidog into Openwrt package

cd your_openwrt_sdk_dir
mkdir -p packages/net/apfree-wifidog
cp -r apfree_wifidog_openwrt/* packages/net/apfree-wifidog
make menuconfig
select apfree-wifidog

Please go to package_apfree_wifidog


Getting started

before starting apfree-wifidog, we must know how to configure it. apfree-wifidog use OpenWrt standard uci config system, all your apfree-wifidog configure information stored in /etc/confg/wifidogx, which will be parsed by /etc/init.d/wifidogx to /tmp/wifidog.conf, apfree-wifidog's real configure file is /tmp/wifidog.conf

The default apfree-wifidog UCI configuration file like this:

config wifidog
    option  gateway_interface   'br-lan'
    option  auth_server_hostname    'wifidog.kunteng.org.cn'
    option  auth_server_port    443
    option  auth_server_path    '/wifidog/'
    option  check_interval      60
    option  client_timeout      5
    option  apple_cna           1
    option  thread_number       5
    option  wired_passed        0
    option  enable      0

auth_server_hostname was apfree-wifidog auth server, it can be domain or ip; wifidog.kunteng.org.cn is a free auth server we provided, it was also open source

apple_cna 1 apple captive detect deceive; 2 apple captive detect deceive to disallow portal page appear

wired_passed means whether LAN access devices need to auth or not, value 1 means no need to auth

enable means whether start apfree-wifidog when we executed /etc/init.d/wifidogx start, if u wanted to start apfree-wifidog, you must set enable to 1 before executing /etc/init.d/wifidogx start

How to support https redirect

In order to support https redirect, apfree-wifidog need x509 pem cert and private key, u can generate youself like this:

PX5G_BIN="/usr/sbin/px5g"
OPENSSL_BIN="/usr/bin/openssl"
APFREE_CERT="/etc/apfree.crt"
APFREE_KEY="/etc/apfree.key"

generate_keys() {
    local days bits country state location commonname

    # Prefer px5g for certificate generation (existence evaluated last)
    local GENKEY_CMD=""
    local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
    [ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform pem -nodes"
    [ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -pem"
    [ -n "$GENKEY_CMD" ] && {
        $GENKEY_CMD \
            -days ${days:-730} -newkey rsa:${bits:-2048} -keyout "${APFREE_KEY}.new" -out "${APFREE_CERT}.new" \
            -subj /C="${country:-CN}"/ST="${state:-localhost}"/L="${location:-Unknown}"/O="${commonname:-ApFreeWiFidog}$UNIQUEID"/CN="${commonname:-ApFreeWiFidog}"
        sync
        mv "${APFREE_KEY}.new" "${APFREE_KEY}"
        mv "${APFREE_CERT}.new" "${APFREE_CERT}"
    }
}

or when u start /etc/init.d/wifidogx start, it will generate it automatically

Attention! when apfree-wifidog redirect https request, u will receive certificate file is illegal warning, no need to panic, it's normal response

apfree-wifidog Auth server open source project

apfree wifidog's official auth server is wwas, which support wfc pay and weixin auth-mode and more auth-way will be support.

demo pic

demo video

http://www.iqiyi.com/w_19s09zie6t.html

More auth server please read AUTHSERVER.md

How To Contribute

Feel free to create issues or pull-requests if you have any problems.

Please read CONTRIBUTING.md before pushing any changes.

contact us

QQ group: 331230369 telegram: apfreewifidog

donate


About

A hight performance and lightweight captive portal solution for HTTP(s)

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C 85.6%
  • CMake 7.3%
  • HTML 4.9%
  • Shell 1.7%
  • Makefile 0.5%