{"id":580,"date":"2014-02-15T23:19:09","date_gmt":"2014-02-15T21:19:09","guid":{"rendered":"http:\/\/bergs.biz\/blog\/?p=580"},"modified":"2014-03-21T17:55:54","modified_gmt":"2014-03-21T15:55:54","slug":"openwrt-easy-and-secure-guest-wlan-access","status":"publish","type":"post","link":"https:\/\/bergs.biz\/blog\/2014\/02\/15\/openwrt-easy-and-secure-guest-wlan-access\/","title":{"rendered":"OpenWRT: Easy and secure guest WLAN access"},"content":{"rendered":"

I use OpenWRT on my TP-Link TL-WDR3500<\/a>, and I have a guest WLAN defined on each of the two radios (2.4 and 5 GHz). The guest WLANs are isolated from my LAN, i. e. guest WLAN stations can’t talk to any of my own hosts (either on the WLAN, or in the LAN, i. e. hosts connected via Ethernet). Guest WLAN stations also can’t talk to each other. The actual OpenWRT configuration (apart from passwords, of course ;-)) is not a secret, I will publish an article about that soon.<\/p>\n

For security reasons I didn’t want a static guest WLAN password, but one that changes daily, so that I don’t have to manually revoke the right to use my WLAN by changing the password all the time. So I created two tiny scripts, one that actually changes the active WLAN password every day, and one CGI script that displays the password so that I can give it to my guests.<\/p>\n

Here’s the first one that sets the password. I run it from cron at 00:01 every day:<\/p>\n

 #!\/bin\/ash\r\n SALT=\"theSalt\"\r\n DATE=`date -I`\r\n PWD=`echo -n \"${SALT}${DATE}\" | md5sum | cut -c1-16`\r\n CHANGE=0\r\n\r\n if [ `uci get wireless.@wifi-iface[2].network`x = guestlanx ]; then\r\n   uci set wireless.@wifi-iface[2].key=$PWD\r\n   CHANGE=1\r\n fi\r\n if [ `uci get wireless.@wifi-iface[3].network`x = guestlan2x ]; then\r\n   uci set wireless.@wifi-iface[3].key=$PWD\r\n   CHANGE=1\r\n fi\r\n if [ $CHANGE -eq 1 ]; then\r\n   uci commit wireless\r\n   wifi\r\n fi<\/pre>\n
And here’s the CGI script that needs to go to \/www\/cgi-bin<\/code> to show the current password:<\/p>\n
#!\/bin\/ash\r\nSALT=\"theSalt\"\r\nSSID=\"Guest-WLAN\"\r\nDATE=`date -I`\r\nPWD=`echo -n \"${SALT}${DATE}\" | md5sum | cut -c1-16`\r\n\r\necho \"Content-Type: text\/plain\"\r\necho \"\"\r\necho \"Today's Guest Password for $SSID is $PWD\"<\/pre>\n
Don’t forget to make the scripts executable by running “chmod +x <script><\/code>“.<\/p>\n
If you find this helpful I would appreciate your feedback.<\/p>\n","protected":false},"excerpt":{"rendered":"
How to automagically set a different WLAN password in OpenWRT every day for your guest WLAN.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,84],"tags":[112,83],"class_list":["post-580","post","type-post","status-publish","format-standard","hentry","category-computers","category-networking-computers","tag-guest-wlan","tag-openwrt"],"_links":{"self":[{"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/posts\/580","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/comments?post=580"}],"version-history":[{"count":2,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/posts\/580\/revisions"}],"predecessor-version":[{"id":582,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/posts\/580\/revisions\/582"}],"wp:attachment":[{"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/media?parent=580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/categories?post=580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/tags?post=580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}