Open Networks

[aluminum-ice]

I'm using RaspAP with two WiFi networks: wlan0 for the AP and wlan1 as the client connecting to a network with access to the Internet. This works great for any client network that uses a password. But not for open networks like Starbucks, McDonalds or on an airplane. The WiFi client page on RaspAP states it doesn't support connecting to WEP but does that also mean I cannot connect to any open network?

[billz]

Good question. Most open wireless networks including, I suspect, the ones you mention use some form of captive portal to manage access.

When a wireless client device connects to one of these open SSIDs, the captive portal detection (CPD) mechanism will open a splash page to authenticate the client. Once the user on the client device has completed the splash page actions, the page will usually do a redirect with a query string containing a token. For security, the remote server expects the same valid token it allocated when the client received the initial HTTP request. If the token is valid, the portal "authenticates" the client and allows access to the internet.

This is a fairly simple process when the client is a mobile phone or laptop. With RaspAP in the middle it becomes quite a bit more complex. ie., the portal's HTTP response must be captured and handled in one of several ways. The user auth process may have multiple steps (for example, requiring an email address or phone number to receive an access code) and each would need to be brokered by RaspAP. Assuming that all goes well, a persistent token (ie., a "cookie") would need to be managed by RaspAP, else the client would be forced to authenticate all over again.

FWIW, I'm not aware of any commercial travel-type routers (Netgear, TP-Link, etc) that support captive portal logins.

tl;dr: most open networks use captive portals, which are non-trivial for travel routers to deal with.

[FallenChromium]

Actually, most of the captive portals I've seen are "remembering" the client based on the MAC address, which de-couples the device from which the info was entered and the device which is routing the traffic (i.e RaspAP). The problem I've faced with is that the default config (I believe? Still haven't looked properly into this) uses 1.1.1.1 as a DNS server, so with my (wlan0 as a client + wlan1 as a hotspot + wireguard) setup, the captive portal page never appears with the captive portal checks on either client, and even when I do it directly on the Pi, AND EVEN when I know the address of the login page, I can't reach it because of some upstream DNS problem. If that tricky thing could be circumvented, I think many captive portals would start working properly with RaspAP

[aluminum-ice]

Actually, most of the captive portals I've seen are "remembering" the client based on the MAC address, which de-couples the device from which the info was entered and the device which is routing the traffic (i.e RaspAP). The problem I've faced with is that the default config (I believe? Still haven't looked properly into this) uses 1.1.1.1 as a DNS server, so with my (wlan0 as a client + wlan1 as a hotspot + wireguard) setup, the captive portal page never appears with the captive portal checks on either client, and even when I do it directly on the Pi, AND EVEN when I know the address of the login page, I can't reach it because of some upstream DNS problem. If that tricky thing could be circumvented, I think many captive portals would start working properly with RaspAP

Are you able to get wlan0 to be assigned an IP address (as the client) via RaspAP for an open network? I don't get any IP address assigned unless the network has a password assigned. If it does, using the browser to go to the router's address usually brings up the captive portal for me.

[FallenChromium]

I've set up a DHCP client on wlan0 interface using PIXEL widget in the Raspberry's GUI, but my issue here is that 1.1.1.1 is used as the default DNS (and I am not sure how can I check if upstream servers are used), and I'm also using Wireguard always-on, which can surely prevent captive portal from working (but it's the way I access my RPi through cellular networks, so disabling it is not really an option).

[billz]

@FallenChromium upstream DNS servers can be managed on RaspAP's DHCP server > Advanced tab.

Re: open networks in general, I will open a PR to address this. Bear in mind captive portal support probably depends in large part on the specific implementation (there are many) and there's a likelihood many will fail to connect. Still with exploring, IMO.

IIRC, OpenWrt has a wlan connection manager package called Travelmate developed specifically to address this.

[billz]

@shinigami-78 this has been implemented in #1050. thanks for the suggestion

[feh123]

I never went to step 6 in the following: https://www.makeuseof.com/tag/raspberry-pi-vpn-travel-router/ although I did get the RPI WRT router to work as described on the web site. It's not an easy set up as I recall.
Luckily I already had RaspAP working very well and much easier then openwrt.

[aluminum-ice]

I wanted to share that the latest Insider version v2.8.0 works great now with public wifi spots! I've been able to connect to every public wifi I've tried flawlessly using two wireless connections (onboard and external). Thank you for considering and implementing this change.

[billz]

Great! Just as a note for readers, this is implemented in the main RaspAP repo as well (not exclusive to Insiders).
Thanks again for raising this discussion.

[MrGokilz]

I use RaspAp v3.0.4 and have a Problem to Connect to Open network.If i try to Connect the Network, I get Always this Error MSG: WPA Passphrase must be between 8 and 63 Charakters.

What should i do, so that i can Connect the WiFi Client to Open Network?

[crystalstyl]

Great! Just as a note for readers, this is implemented in the main RaspAP repo as well (not exclusive to Insiders).

Thanks again for raising this discussion.

Hi, Has this function already been implemented in the normal version?
I have the latest version, but I can't log into an "open" network?
Regards

[billz]

@crystalstyl can you be more specific?

[Moving-Electrons]

@billz , I’m experiencing the same issue described above. As described in the original post, I have two wireless interfaces: wlan1 for other devices to connect to RaspAP and wlan0 for RaspAp to connect to WiFi networks. RaspAp shows the “open networks” (I.e. those using a captive portal) in the WiFi Client section, but when attempting to connect with no password, I get an error saying that the password needs to be more than 8 characters.

How should I connect to networks not requiring a password that use a Captive Portal to authenticate?.

I’m using the latest version of RaspAp.

Any help will be greatly appreciated.

Thanks,