Captive Portal Raspberry Pi: Benefits, Features, and Best Practices
A Captive Portal is a screen that will be shown initially to anyone who connects to your Wi-Fi Access Point. Before they can begin utilizing the Wifi connection, they will need to complete an action, until then, the captive portal will continually greet them.
captive portal raspberry pi
You can display whatever you want on the captive portal, so it can be highly useful if you are going to lay out some ground rules to using your Wifi access point before a user gains access to it or whether you will require them to log in before getting access.
Before we proceed with setting up our captive portal, you will of first of had to follow our Wireless Access Point tutorial. This tutorial will build on top of the foundations that we set up in that tutorial and will show you how to configure it to show a captive portal. We can give no guarantee this will work otherwise.
I recently got a raspberry pi. I have it set up as an access point in a standalone network (not connected to the internet). I can also serve a static website on this network. I've been trying to set up a captive portal so that when a user joins the network it automatically takes them to this website.
So the access point is working but honestly, I have no clue about how the captive portal works with this. I'm wondering whether the pi has to be connected to the internet for the captive portal to work? If anyone knows anything useful, I will forever be in your debt.
Captive portals work because devices make a DNS request to specific URLS, depending on which operating system, and they expect a success response. If they get a redirect instead, then they will show that new site as a captive portal.
When Etcher has finished copying the image, remove the SD card from your computer, plug it into the Raspberry Pi, connect a keyboard and monitor, and plug in the AC adapter. The system should boot to a login prompt. Log in using the default username pi and password raspberry.
Once you reboot, your Raspberry Pi may lose internet access since you have converted its wireless hardware from a WiFi client to an Access Point. However, if your Raspberry Pi has an additional, wired network connection, you can continue to use it. After the Raspberry Pi boots, you should see the SSID that you chose and connecting to it should pop open your content in a captive portal connection dialog.
The nginx configuration sets up two virtual servers, both listening on port 80. The first virtual server specifies the server_name as go.rogueportal, so it will handle any requests that include this name. For example, This virtual server serves up the portal content from the /var/www/html folder. The Rogue Portal project only includes a simple test index.html, but you can add your own content here.
The second virtual server specifies the server_name as _, which makes it handle requests for any other server name. For example, This virtual server assumes that any request is an attempt to test for an internet connection and it responds with a redirect to the go.rogueportal captive portal server.
Raspberry Pi OS uses dhcpcd to configure tcpip for all network interfaces, by default via DHCP. Our modifications to its configuration tell dhcpcd to bring up wlan0 with the static IP address 10.1.1.1 and to invoke wpa_supplicant with our provided wpa_supplicant_rogueportal.conf that will put wlan0 into access point mode.
The nodogsplash project is a lightweight, highly configurable captive portal solution. It integrates nicely with RaspAP and is recommended over other methods. No configuration changes are needed with RaspAP, however you will need to modify some default settings in the nodogsplash config. This step-by-step guide assumes you have already installed RaspAP, either with the Quick Installer or manual setup instructions.
Now I want to redirect the users to a splash page to authenticate them first (aka captive portal style) before allowing internet access. I have the iptable rules below and they don't seem to affect the bridge traffic.
A Captive Portal is basically a screen that will be shown initially to anyone who connects to your Wi-Fi Access Point. Before they can begin utilizing the Wi-Fi connection they will need to complete an action, until they do that they will be continually greeted by the captive portal.
You can display whatever you want on the captive portal, so it can be highly useful if you want to layout some ground rules to using your Wi-Fi access point before a user gains access to it or whether you will require them to login before getting access.
Hi, I am working on a similar captive portal. I can make the iPhone to pop up the browser but I am having trouble to get android phone to pop the browser. Can you give me more details on how you did it for android phone?
Ambianic OS provides a convenient binary image for Raspberry Pi 4B with Ambianic Edge pre-installed. The released image files are ready to be flashed on to an SD card and plugged into an rpi. When the raspberry pi boots for the first time with the new image on its SD Card, it runs a WiFi captive portal that allows the user to connect to it and setup WiFi access for the rpi. Once the rpi connects to the internet it is ready to be accessed and managed by the Ambianic UI PWA.
One of the things I had noticed on the forums was a captive portal function. When someone connects to the Access Point, no matter where they point their web browser it will always direct them to the page hosted on the Pi.
One question.. how i can show the question to the user, to open a page (welcome page for example) after wifi connetion to my raspberry??(or open the browser after wifi connetion to the pi access point )thanks !!
I have setup my RPI3 as a AP running Captive Portal with no IP forwarding. I want people connection to only hit the Web page that I have running. All works except one part. I want people on Mobile devices such as Android / iOS / Others if possible to get an automatic pop or to the Page or notification they can click on that takes them to the page hosted on the RPI3. Basically just like they would experience when then connect to a hotel WiFi running captive portal.
I am trying to set up an authentication system for home WiFi that is agnostic about what access point/router is being used. This authentication system will closely follow the captive portal model, but I don't believe the details of the (custom) captive portal are important.
In order to accomplish this, I'd like to host the captive portal and authentication on an inexpensive device (like a Raspberry Pi). However, after they authenticate themselves, I would like the users to be reconnected to a different access point. That is, the Raspberry Pi would only perform the authentication step, but would not act as the normal-usage access point for authenticated users. Again, optimally this would work with any access point/router which has a normal password-protected WiFi network.
You may be able to largely achieve something similar with the co-operation of the router to disallow port DNS (port 53 requests) onto the WAN from any device other then the captive portal - and handing out the captive portal DNS with DHCP, and have the captive portal provide DNS responses for itself until the user is released. This could be subverted with a simple VPN or tunnel though.
Its a lot harder then it looks (Something I'm playing with in my spare time - so not much!) , but depending on your router, would something like "Wild Dog" - which is built in to modern versions of DD-WRT - work for you - it would appear that the router does the underlying capturing, and hands off the portal work to another device.
So the idea of captive portals is that a device along the regular path of the packets intercepts them and generates a fake "redirect" response, which tells the user they have to visit the login page. The redirection could be done by:
In any case, however, your "captive portal" Raspberry has to be inserted into the regular path. Even if you build it using the "fake DNS server" method (which handles very little traffic, but is also very easy to bypass), at minimum you would need to reconfigure the main router to provide your Raspberry's IP address via DHCP.
The Raspberry Pi will connect to the public Wi-Fi hotspot and deal with the captive portal. The Pi will then forward an internet connection through the ethernet interface, which has all traffic blocked except for the IP address of your external VPN.
For this setup, VNC will be used in order to provide remote desktop functionality. Remote desktop is required so that you can view the captive portal and authenticate in order to access the public Wi-Fi hotspot.
I also recommend adding a bookmark for a site that does not use TLS. This is because you'll need to visit a HTTP-only website in order to trigger the redirect to the captive portal. [HTTP]neverssl.com is great for this.
Open Chromium, and navigate to a website that does not use TLS, such as [HTTP]neverssl.com. The captive portal should then be shown. Ensure that you are on the legitimate captive portal (this can be hard to determine, but check the URL for known Wi-Fi services such as The Cloud or Virgin Wi-Fi - this is a prime opportunity for phishing attacks so be careful).