前言

最近在做关于路由器认证相关的工作，由于需求，认证的过程同往常的网页认证有稍许不同，因此，自己开始尝试编写wifidog的认证服务器，查阅了中外的一些资料，现将经验总结一下。

Wifidog的原理

下图是在Wifidog的wiki网站上截取的wifidog认证流程图，网址为点击打开链接。

wifidog由两部分组成，一个是运行在路由器上的程序，另一部分是运行在认证服务器上的程序。
wifidog的认证流程大致是：
1.首先，用户的终端可以连接上wifi，然后发起访问网站的请求，如www.baidu.com;
2.网关根据防火墙规则，将用户的请求重定向到本地端口（wifidog的监听端口）；
3.网关将用户的访问重定向到认证服务器上的认证页面；
4.认证服务器返回登录页面至用户；
5.用户再向认证服务器提供凭据，如用户名和密码；
6.认证服务器根据用户提供的凭据来确定用户是否符合要求，是否可以上网；
7.如果符合要求，认证服务器将用户的访问重定向至路由器的网关并携带标识token；
8.网关向认证服务器确认用户信息；
9.如果符合要求，服务器向用户返回登录成功页面；
10.用户就可以上网了。

WifiDog在openwrt上的安装和配置

Wifidog的配置如下所示：

GatewayID default  
GatewayInterface br-lan  
GatewayAddress 192.168.1.1  
ExternalInterface br-lan  
AuthServer{
    Hostname justyoung.com(也可以是域名)
    SSLAvailable no
    HTTPPort 8080(默认是80)
    Path /wifidog/(文件名的两边都要加‘/’号，除非是根目录，只要一个‘/’)
    LoginScriptPathFragment login.php/? （这里把第一次登陆时重定向的位置也修改了，加了一个后缀，默认是login/?，）<pre class="plain" name="code">
    PingScriptPathFragment ping.php/?
    PortalScriptPathFragment portal.html?
    AuthScriptPathFragment auth.php/?
}可以有多个AuthServer，Wifidog会从第一个往后找，直到找到可用的认证服务器为止。

这段代码首先根据mac地址来判断登录用户是否合法，如果合法则直接重定向至192.168.1.1:2060/wifidog/auth?token=XXX，如果是不合法，则重定向至欢迎页面，引导用户获得认证。

本文章由 http://www.wifidog.pro/2015/02/28/wifidog%E5%AE%89%E8%A3%85-2.html 整理编辑，转载请注明出处

条件检查：

1 基本的linux环境，并且熟练使用

2 内核中带有netfilter的linux系统

3 iptables 包

4 gcc编译器，其他的编译器可能也行，但是没有经过测试

5 从sourceforge 获得的最新的wifidog的源码

安装准备工作

确保一切正常运行再继续进行下一步安装wifidog！！

• 路由器能正常启动
• 路由器可以启动接口
• 路由器的路由正常运行
• 路由器可以连接到internet
• dns可以设置运行
• dhcp正常运行
• ipt_mac.o内核模块必须提前加载
• 如果使用了NAT，路由器必须在iptables中正确的设置NAT/伪装 规则
• wifi的客户的能够链接internet

以上条件在路由器启动或者重启后能自动的正常运行

开始安装

像任何开源的软件一样，先下载源码tarball，然后按照如下步骤安装 ：

./autogen.sh

make

make install

在openwrt下安装wifidog：

mkdir ~/wifidog.openwrt
cd ~/wifidog.openwrt
wget http://downloads.openwrt.org/whiterussian/newest/OpenWrt-SDK-Linux-i686-1.tar.bz2
tar -jxvf OpenWrt-SDK-Linux-i686-1.tar.bz2
svn checkout https://dev.wifidog.org/svn/trunk/wifidog
cd wifidog
./autogen.sh
make ipk OPENWRTSDK=~/wifidog.openwrt/OpenWrt-SDK-Linux-i686-1

编译完成的包在：~/wifidog.openwrt/OpenWrt-SDK-Linux-i686-1/bin/packages

配置wifidog：编辑/etc/wifidog.conf

运行wifidog：

wifidog -f -d 7
  -f means to run in foreground (do not become a background daemon)
  -d 7 increases debug output level to the maximum

打开任意wifi的客户端，查看wifidog输出信息。

本文章由 http://www.wifidog.pro/2015/02/27/wifidog%E5%AE%89%E8%A3%85%E8%AF%B4%E6%98%8E.html 整理编辑，转载请注明出处

Preparation

Prerequisites

Required Packages

• iptables-mod-extra
• iptables-mod-ipopt
• kmod-ipt-nat
• iptables-mod-nat-extra
• libpthread

Installation

opkg update
opkg install wifidog
vi /etc/wifidog.conf
/etc/init.d/wifidog enable
/etc/init.d/wifidog start
netstat -a

You can also run wifidog in foreground/debug mode:

wifidog -f -d 7
  -f means to run in foreground (do not become a background daemon)
  -d 7 increases debug output level to the maximum

Configuration

Start on boot

To enable/disable start on boot:
/etc/init.d/wifidog enable this simply creates a symlink: /etc/rc.d/S?0??? → /etc/init.d/???
/etc/init.d/wifidog disable this removes the symlink again

本文章由 http://www.wifidog.pro/2015/02/27/openwrt%E5%AE%89%E8%A3%85wifidog-2.html 整理编辑，转载请注明出处

Pre-installation

This is where a lot of people run into problems, so let's state this in bold:
MAKE SURE EVERYTHING WORKS FIRST BEFORE INTRODUCING Wifidog INTO THE ENVIRONMENT
That especially means:

• The router must boot properly
• The router must bring up the interfaces properly
• The router must set up the routes properly
• The router must connect to the internet properly
• DNS settings must be set or obtained properly. DNS must work.
• DHCP settings (client, server or both) must be set or obtained properly.
• The ipt_mac.o kernel module must be loaded.
• If using NAT, the router must setup NAT/masquerading rules with iptables properly
• Clients on the desired (WIFI) network must be able to bind, associate, lease and connect the internet properly
• All the above must happen automatically when the router starts or gets rebooted

Do NOT proceed with installing Wifidog until you've satisfied the above. It will not work otherwise and you will waste lots of time.

Installation

Wifidog, like many open source projects, is distributed with standard autotools utilities to make installation easy. Unpack the tarball (from Sourceforge) or get the lastest source from SVN (see Download menu), then follow the standard:

./autogen.sh
make
make install

If you do not install it with make install, then you will find the compiled wifidog gateway binary in src/wifidog (also don't forget to copy wifidog.conf to /etc).

OpenWrt? ipkg

mkdir ~/wifidog.openwrt
cd ~/wifidog.openwrt
wget http://downloads.openwrt.org/whiterussian/newest/OpenWrt-SDK-Linux-i686-1.tar.bz2
tar -jxvf OpenWrt-SDK-Linux-i686-1.tar.bz2
svn checkout https://dev.wifidog.org/svn/trunk/wifidog
cd wifidog
./autogen.sh
make ipk OPENWRTSDK=~/wifidog.openwrt/OpenWrt-SDK-Linux-i686-1

If there were no errors, your package should be in ~/wifidog.openwrt/OpenWrt-SDK-Linux-i686-1/bin/packages

Configuration

Edit /etc/wifidog.conf and follow the instructions in the file. Things should be self-explanatory.

Running Wifidog for the first time

Run Wifidog with the following switches:

wifidog -f -d 7
  -f means to run in foreground (do not become a background daemon)
  -d 7 increases debug output level to the maximum

Testing

As a client on the WiFi network (or whatever interface is configured as the LAN interface in /etc/wifidog.conf), open a web browser and try to browse to your favourite web site.

Monitor the output of the running Wifidog to see what it's doing.

本文章由 http://www.wifidog.pro/2015/02/27/linux%E5%AE%89%E8%A3%85wifidog%E6%95%99%E7%A8%8B.html 整理编辑，转载请注明出处