OpenWRT for guests

This morning I finally got round to setting up a guest wireless network on my OpenWRT router (a TP-Link TL WDR-3600 v1.5)

The goal of the guest wireless was to provide my kids friends with a connection they can use with their (mostly PAYG) smartphones

This was relatively simple as I followed the guide on the OpenWRT wiki

The only real difference I made was to select OpenDNS FamilyShield for the guest network.

So now I have a guest network that is safe for all to use.

If you have a router that is capable of having a Guest network and want to set up a guest wifi network in brief the steps taken (at your own risk) are:

login to the OpenWRT router

Navigate to: Network > WiFi >
click Add on the radio entry you want to have the guest network on (if you have 2.4Ghz and 5Ghz Radios , its normally the 2.4Ghz radio that carries the guest network)

Configure the new wireless entry , create a "guest" entry under the "network" section and make sure you set up encryption / change the name of guest wireless ssid.

Then Navigate to : Network > Interfaces >
Click on the edit button for "guest" and change the protocol to "Static address" fill in the ip address for the interface , (avoid 192.168.1.1 or 10.0.0.1 as these may be reserved already or in the future). I chose 10.0.0.5 (this will result in guests having an ip of 10.0.0.100-150) and set a Netmask from the dropdown, this where you add any alternate DNS lookups (I added 208.67.222.123 and 208.67.220.123). Make sure you enable DHCP and lower the lease time to an Hour.

Click on the firewall settings tab within the "Guest" interface
Create a "Guest" firewall zone.

Then Navigate to: Network > Firewall and Click Edit on the "Guest" Zone
Change "Input" to "Reject" and mark the Wan entry in the "allow forward to destination zone"

At this point Click "Save and Apply" , but we are not done yet, now you have a network that goes nowhere we need to set up 2 firewall rules.

One rule for DNS and another for DHCP.

Navigate to: Network > Firewall >traffic rules
Locate the subsection titled "open ports on router"

rule 1 DNS:
set a name for the first rule eg:"GuestDNS" select "TCP+UDP" in the protocol dropdown and external port "53". and click "add", and then "edit" to configure this rule.
In the "source Zone" select "Guest" and "input(device)" in Destination Zone
and save

rule2 DHCP:
Set a name for the rule "GuestDHCP" select "UPD" in teh protocol dropdown and external port "67-68" and click "add", and then "edit" to configure this rule
In the "source Zone" select "Guest" and "input(device)" in Destination Zone
and save

Check there are no unsaved changes (in Chaos Calmer there is a green "unsaved Changes" button in the top-right of the Luci webpage, click that and make sure all changes are saved

after all changes are saved reboot the router, and you are done

Advertisements
OpenWRT for guests

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s