This setup has been tested successfully on GL.iNet GL-MT300N-V2 device with OpenWRT v22.
By default OpenWRT firewall does not allow web or SSH access on WAN IP. As a captive portal blocks all traffic on LAN until user is authenticated so when we initially enable captive portal on OpenWRT we lose access to the router from LAN side. To manage our OpenWRT we should therefore open access from WAN side.
Access your OpenWRT router via Luci interface. Go to Network => Firewall => Traffic Rules and add a new rule for opening port 80 (HTTP):
Name: ALLOW_WEB
Source Zone: WAN
Destination zone: Device (input)
Destination port: 80
Similarly, add a rule for allowing SSH access on port 22. Click on the Save and Apply button.
Run the following commands for installing OpenNDS and its dependencies:
opkg update
opkg install opennds nano
opkg install php8 php8-cli php8-mod-openssl
Open the OpenNDS config file:
nano /etc/config/opennds
Uncomment/set the following parameters in the config file with appropriate values:
option fasport '443'
option fasremotefqdn 'opennds.splashnetworks.co'
option fasremoteip '34.74.216.108'
option faskey '128bcddbf4df3e16147dbb31b3b1b16472a3d2608f10b5407c8cdc352433761f'
option fas_secure_enabled '3'
Save and exit.
Restart OpenNDS process for the changes to take effect.
service opennds restart
OpenNDS comes with a utility to interact with it. Here are some useful commands:
Check status:
ndsctl status
Deauthorize a client:
ndsctl deauth IP|MAC