Implementing a Cost-Effective Captive Portal Solution with DD-WRT and Wifidog for WiFi Hotspots


5 views

When deploying public WiFi hotspots, many businesses want to redirect users to a specific webpage upon connection - typically their homepage or promotional content. This is achieved through a captive portal system that intercepts initial HTTP requests before granting full internet access.

The WRT54G series remains a popular choice for this purpose due to:

  • Affordability ($20-$50 on used market)
  • Broad DD-WRT compatibility
  • Adequate performance for captive portal use

However, newer alternatives like the TP-Link Archer C7 offer better performance for slightly higher cost.

1. Flashing DD-WRT

# Basic flash procedure for WRT54G
wget http://downloads.dd-wrt.com/dd-wrtv2/downloads/stable/rnxt/...
mtd -r write dd-wrt.bin linux
reboot

2. Wifidog Configuration

After flashing:

# Enable Wifidog in DD-WRT web interface
nvram set wifidog_enable=1
nvram set wifidog_gatewayid=your_unique_id
nvram set wifidog_redirecturl=http://clientwebsite.com
nvram commit

For supporting multiple deployments:

  • Enable SSH access with key authentication
  • Set up dynamic DNS for each router
  • Create standardized configuration backups

Potential issues and solutions:

Issue Solution
Router bricking Keep TFTP recovery tools ready
Wifidog crashes Set up cron watchdog script
Client compatibility Test with major OS/browser combos

For larger deployments, consider:

# Sample script to batch configure multiple routers
for ip in $(cat router_ips.txt); do
  ssh root@$ip "nvram set wifidog_redirecturl=$1; nvram commit"
done

When budget allows:

  • pfSense with captive portal module
  • MikroTik RouterOS hotspot feature
  • Commercial solutions like Aruba Instant

Remember to document each installation thoroughly, including MAC addresses and physical locations, to simplify troubleshooting.

A recent client requested a WiFi hotspot solution that redirects users to their website upon first browser access - a classic captive portal implementation without authentication requirements. After evaluating options, DD-WRT firmware with Wifidog emerged as the most cost-effective solution.

The setup requires a compatible router like the Linksys WRT54G series. Key specifications:

  • Minimum 4MB flash memory
  • 16MB RAM recommended
  • Broadcom BCM47xx or BCM53xx chipset

Here's the complete configuration process:

// Flash DD-WRT firmware
1. Download appropriate DD-WRT version (micro recommended for WRT54G)
2. Use TFTP client to flash firmware
3. Wait for router to reboot (5-10 minutes)

// Configure basic settings
nvram set wan_proto=static
nvram set wan_ipaddr=your.public.ip
nvram commit

// Install Wifidog
opkg update
opkg install wifidog

// Configure Wifidog
cat > /etc/wifidog.conf <

For secure remote support:

  • Enable SSH access with key authentication
  • Implement dynamic DNS for changing public IPs
  • Set up VPN for secure management tunnel

From field experience:

  • Create a backup config before deployment
  • Monitor CPU/memory usage during peak hours
  • Implement watchdog scripts to restart services if needed

Example watchdog script:

#!/bin/sh
if ! pgrep wifidog >/dev/null; then
    /etc/init.d/wifidog restart
    echo "$(date) - Wifidog restarted" >> /var/log/wifidog-monitor.log
fi

The WRT54G platform, while dated, proves surprisingly stable for this use case when:

  • Not overloaded with concurrent users (limit to ~15-20)
  • Kept in well-ventilated areas
  • Running minimal additional services