{"id":580,"date":"2014-02-15T23:19:09","date_gmt":"2014-02-15T21:19:09","guid":{"rendered":"http:\/\/bergs.biz\/blog\/?p=580"},"modified":"2014-03-21T17:55:54","modified_gmt":"2014-03-21T15:55:54","slug":"openwrt-easy-and-secure-guest-wlan-access","status":"publish","type":"post","link":"https:\/\/bergs.biz\/blog\/2014\/02\/15\/openwrt-easy-and-secure-guest-wlan-access\/","title":{"rendered":"OpenWRT: Easy and secure guest WLAN access"},"content":{"rendered":"

I use OpenWRT on my TP-Link TL-WDR3500<\/a>, and I have a guest WLAN defined on each of the two radios (2.4 and 5 GHz). The guest WLANs are isolated from my LAN, i. e. guest WLAN stations can’t talk to any of my own hosts (either on the WLAN, or in the LAN, i. e. hosts connected via Ethernet). Guest WLAN stations also can’t talk to each other. The actual OpenWRT configuration (apart from passwords, of course ;-)) is not a secret, I will publish an article about that soon.<\/p>\n

For security reasons I didn’t want a static guest WLAN password, but one that changes daily, so that I don’t have to manually revoke the right to use my WLAN by changing the password all the time. So I created two tiny scripts, one that actually changes the active WLAN password every day, and one CGI script that displays the password so that I can give it to my guests.<\/p>\n

Here’s the first one that sets the password. I run it from cron at 00:01 every day:<\/p>\n

 #!\/bin\/ash\r\n SALT=\"theSalt\"\r\n DATE=`date -I`\r\n PWD=`echo -n \"${SALT}${DATE}\" | md5sum | cut -c1-16`\r\n CHANGE=0\r\n\r\n if [ `uci get wireless.@wifi-iface[2].network`x = guestlanx ]; then\r\n   uci set wireless.@wifi-iface[2].key=$PWD\r\n   CHANGE=1\r\n fi\r\n if [ `uci get wireless.@wifi-iface[3].network`x = guestlan2x ]; then\r\n   uci set wireless.@wifi-iface[3].key=$PWD\r\n   CHANGE=1\r\n fi\r\n if [ $CHANGE -eq 1 ]; then\r\n   uci commit wireless\r\n   wifi\r\n fi<\/pre>\n
And here’s the CGI script that needs to go to \/www\/cgi-bin<\/code> to show the current password:<\/p>\n
#!\/bin\/ash\r\nSALT=\"theSalt\"\r\nSSID=\"Guest-WLAN\"\r\nDATE=`date -I`\r\nPWD=`echo -n \"${SALT}${DATE}\" | md5sum | cut -c1-16`\r\n\r\necho \"Content-Type: text\/plain\"\r\necho \"\"\r\necho \"Today's Guest Password for $SSID is $PWD\"<\/pre>\n
Don’t forget to make the scripts executable by running “chmod +x <script><\/code>“.<\/p>\n
If you find this helpful I would appreciate your feedback.<\/p>\n","protected":false},"excerpt":{"rendered":"
How to automagically set a different WLAN password in OpenWRT every day for your guest WLAN.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,84],"tags":[112,83],"class_list":["post-580","post","type-post","status-publish","format-standard","hentry","category-computers","category-networking-computers","tag-guest-wlan","tag-openwrt"],"yoast_head":"\nOpenWRT: Easy and secure guest WLAN access - Ralf's Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/bergs.biz\/blog\/2014\/02\/15\/openwrt-easy-and-secure-guest-wlan-access\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OpenWRT: Easy and secure guest WLAN access - Ralf's Blog\" \/>\n<meta property=\"og:description\" content=\"How to automagically set a different WLAN password in OpenWRT every day for your guest WLAN.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/bergs.biz\/blog\/2014\/02\/15\/openwrt-easy-and-secure-guest-wlan-access\/\" \/>\n<meta property=\"og:site_name\" content=\"Ralf's Blog\" \/>\n<meta property=\"article:published_time\" content=\"2014-02-15T21:19:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2014-03-21T15:55:54+00:00\" \/>\n<meta name=\"author\" content=\"Ralf Bergs\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ralfbergs\" \/>\n<meta name=\"twitter:site\" content=\"@ralfbergs\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ralf Bergs\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/2014\\\/02\\\/15\\\/openwrt-easy-and-secure-guest-wlan-access\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/2014\\\/02\\\/15\\\/openwrt-easy-and-secure-guest-wlan-access\\\/\"},\"author\":{\"name\":\"Ralf Bergs\",\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/#\\\/schema\\\/person\\\/354e37390b493c875f972bd313d29201\"},\"headline\":\"OpenWRT: Easy and secure guest WLAN access\",\"datePublished\":\"2014-02-15T21:19:09+00:00\",\"dateModified\":\"2014-03-21T15:55:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/2014\\\/02\\\/15\\\/openwrt-easy-and-secure-guest-wlan-access\\\/\"},\"wordCount\":222,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/#\\\/schema\\\/person\\\/354e37390b493c875f972bd313d29201\"},\"keywords\":[\"guest WLAN\",\"OpenWRT\"],\"articleSection\":[\"Computers\",\"Networking\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/bergs.biz\\\/blog\\\/2014\\\/02\\\/15\\\/openwrt-easy-and-secure-guest-wlan-access\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/2014\\\/02\\\/15\\\/openwrt-easy-and-secure-guest-wlan-access\\\/\",\"url\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/2014\\\/02\\\/15\\\/openwrt-easy-and-secure-guest-wlan-access\\\/\",\"name\":\"OpenWRT: Easy and secure guest WLAN access - Ralf's Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/#website\"},\"datePublished\":\"2014-02-15T21:19:09+00:00\",\"dateModified\":\"2014-03-21T15:55:54+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/2014\\\/02\\\/15\\\/openwrt-easy-and-secure-guest-wlan-access\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/bergs.biz\\\/blog\\\/2014\\\/02\\\/15\\\/openwrt-easy-and-secure-guest-wlan-access\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/2014\\\/02\\\/15\\\/openwrt-easy-and-secure-guest-wlan-access\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OpenWRT: Easy and secure guest WLAN access\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/\",\"name\":\"Ralf's Blog\",\"description\":\"Just another WordPress weblog\",\"publisher\":{\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/#\\\/schema\\\/person\\\/354e37390b493c875f972bd313d29201\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/#\\\/schema\\\/person\\\/354e37390b493c875f972bd313d29201\",\"name\":\"Ralf Bergs\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/Ralf-Tower-2026-1024x1024.jpg\",\"url\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/Ralf-Tower-2026-1024x1024.jpg\",\"contentUrl\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/Ralf-Tower-2026-1024x1024.jpg\",\"width\":1024,\"height\":1024,\"caption\":\"Ralf Bergs\"},\"logo\":{\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/Ralf-Tower-2026-1024x1024.jpg\"},\"description\":\"Geek, computer guy, licensed and certified electrical and computer engineer, husband, best daddy.\",\"sameAs\":[\"https:\\\/\\\/bergs.biz\\\/\",\"https:\\\/\\\/linkedin.com\\\/in\\\/ralfbergs\\\/\",\"https:\\\/\\\/x.com\\\/ralfbergs\"],\"url\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/author\\\/rabe\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OpenWRT: Easy and secure guest WLAN access - Ralf's Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/bergs.biz\/blog\/2014\/02\/15\/openwrt-easy-and-secure-guest-wlan-access\/","og_locale":"en_US","og_type":"article","og_title":"OpenWRT: Easy and secure guest WLAN access - Ralf's Blog","og_description":"How to automagically set a different WLAN password in OpenWRT every day for your guest WLAN.","og_url":"https:\/\/bergs.biz\/blog\/2014\/02\/15\/openwrt-easy-and-secure-guest-wlan-access\/","og_site_name":"Ralf's Blog","article_published_time":"2014-02-15T21:19:09+00:00","article_modified_time":"2014-03-21T15:55:54+00:00","author":"Ralf Bergs","twitter_card":"summary_large_image","twitter_creator":"@ralfbergs","twitter_site":"@ralfbergs","twitter_misc":{"Written by":"Ralf Bergs","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/bergs.biz\/blog\/2014\/02\/15\/openwrt-easy-and-secure-guest-wlan-access\/#article","isPartOf":{"@id":"https:\/\/bergs.biz\/blog\/2014\/02\/15\/openwrt-easy-and-secure-guest-wlan-access\/"},"author":{"name":"Ralf Bergs","@id":"https:\/\/bergs.biz\/blog\/#\/schema\/person\/354e37390b493c875f972bd313d29201"},"headline":"OpenWRT: Easy and secure guest WLAN access","datePublished":"2014-02-15T21:19:09+00:00","dateModified":"2014-03-21T15:55:54+00:00","mainEntityOfPage":{"@id":"https:\/\/bergs.biz\/blog\/2014\/02\/15\/openwrt-easy-and-secure-guest-wlan-access\/"},"wordCount":222,"commentCount":0,"publisher":{"@id":"https:\/\/bergs.biz\/blog\/#\/schema\/person\/354e37390b493c875f972bd313d29201"},"keywords":["guest WLAN","OpenWRT"],"articleSection":["Computers","Networking"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/bergs.biz\/blog\/2014\/02\/15\/openwrt-easy-and-secure-guest-wlan-access\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/bergs.biz\/blog\/2014\/02\/15\/openwrt-easy-and-secure-guest-wlan-access\/","url":"https:\/\/bergs.biz\/blog\/2014\/02\/15\/openwrt-easy-and-secure-guest-wlan-access\/","name":"OpenWRT: Easy and secure guest WLAN access - Ralf's Blog","isPartOf":{"@id":"https:\/\/bergs.biz\/blog\/#website"},"datePublished":"2014-02-15T21:19:09+00:00","dateModified":"2014-03-21T15:55:54+00:00","breadcrumb":{"@id":"https:\/\/bergs.biz\/blog\/2014\/02\/15\/openwrt-easy-and-secure-guest-wlan-access\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/bergs.biz\/blog\/2014\/02\/15\/openwrt-easy-and-secure-guest-wlan-access\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/bergs.biz\/blog\/2014\/02\/15\/openwrt-easy-and-secure-guest-wlan-access\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/bergs.biz\/blog\/"},{"@type":"ListItem","position":2,"name":"OpenWRT: Easy and secure guest WLAN access"}]},{"@type":"WebSite","@id":"https:\/\/bergs.biz\/blog\/#website","url":"https:\/\/bergs.biz\/blog\/","name":"Ralf's Blog","description":"Just another WordPress weblog","publisher":{"@id":"https:\/\/bergs.biz\/blog\/#\/schema\/person\/354e37390b493c875f972bd313d29201"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/bergs.biz\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/bergs.biz\/blog\/#\/schema\/person\/354e37390b493c875f972bd313d29201","name":"Ralf Bergs","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/bergs.biz\/blog\/wp-content\/uploads\/2026\/04\/Ralf-Tower-2026-1024x1024.jpg","url":"https:\/\/bergs.biz\/blog\/wp-content\/uploads\/2026\/04\/Ralf-Tower-2026-1024x1024.jpg","contentUrl":"https:\/\/bergs.biz\/blog\/wp-content\/uploads\/2026\/04\/Ralf-Tower-2026-1024x1024.jpg","width":1024,"height":1024,"caption":"Ralf Bergs"},"logo":{"@id":"https:\/\/bergs.biz\/blog\/wp-content\/uploads\/2026\/04\/Ralf-Tower-2026-1024x1024.jpg"},"description":"Geek, computer guy, licensed and certified electrical and computer engineer, husband, best daddy.","sameAs":["https:\/\/bergs.biz\/","https:\/\/linkedin.com\/in\/ralfbergs\/","https:\/\/x.com\/ralfbergs"],"url":"https:\/\/bergs.biz\/blog\/author\/rabe\/"}]}},"_links":{"self":[{"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/posts\/580","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/comments?post=580"}],"version-history":[{"count":2,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/posts\/580\/revisions"}],"predecessor-version":[{"id":582,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/posts\/580\/revisions\/582"}],"wp:attachment":[{"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/media?parent=580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/categories?post=580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/tags?post=580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}