To provide internet access, you will need to...

Différentes stratégies

On peut partager une connexion Internet sur le Réseau de différentes façons:

  1. Point d'accès ouvert, avec ou sans portail captif;
  2. Fournir un accès par vpn aux voisins que vous connaissez. Comme ça, le traffic est encrypté et authentifié.

Trouver un fournisseurs légal

Fournisseurs permettant la revente:

Fournisseurs qui n'interdisent pas: (à vos risques!)

Fournisseurs interdisant la revente:

  • ColbaNet
  • TekSavvy
  • Primus
  • Bell et Vidéotron interdisent également non seulement le partage de votre connexion mais aussi l'hébergement de serveurs

Configure an access point

This requires adding a new node to the network that is part of the mesh. So you will probably need to follow:

  • flashing
  • a wired connexion to the mesh - not ad-hoc, as you want the wifi to be "managed"
  • mesh software: batman or preferably babel so you get the mesh routes
  • ip configuration

Some known working access point which you can base your configuration on:

  • ?plastik - batman, babel
  • leon - batman

Configure a splash page (optional)

This consists of setting up a Captive Portal on the access point so that people know that they are on relais libre. This serves two purposes: 1) it protects you legally and 2) it makes the user know how he gets internet access.

The idea is that whenever a user visits a webpage on your access point, they get redirected on a page where they can agree to a terms of service (for example) or just read up on the project. Then when the click through they are redirected to their original destination.

Some portals also double as a firewall or can limit bandwidth usage.

Software evaluation

There are a lot of options for captive portal software and unfortunately it's unclear which one is the best. After a quick evaluation in 2012 by anarcat, we are suggesting the following tools:

  • NoDogSplash - inspired by NoCatSplash but based on WifiDog's code.
  • Authpuppy - complex authentication gateway, replacement for Wifidog
    • Last release: 2011
    • OpenWRT only
  • Coova - main derivative of Chillispot
    • Last release: 2012
    • Seems to be a solid replacement for chilispot, but also relies on RADIUS, which makes everything much more complicated
    • Debian, OpenWRT, and others: Redhat, Febora, Mandrake, Gentoo, FreeBSD (out of date port) and OpenBSD
  • Pepperspot - other derivative of Chillispot
    • Last release: 2011.
    • Radius, IPv6 support
  • DHCP-splash - Freifunk's software
    • Last release: ?
    • OpenWRT-only, packaged in official OpenWRT repos
  • PfSense - full firewall solution that features a captive portal, based on M0n0wall
    • Last release: 2011
    • FreeBSD-based
  • Anarcat's pf hack - a crude hack I quickly wrote but then stopped using because it was unreliable
    • No release.
    • FreeBSD or (probably) OpenBSD support
  • Captive::Portal - perl captive portal module
    • Last release: 2012
    • GPL, written in perl, runs as a CGI


root@OpenWrt:~# opkg install nodogsplash

Fichier de configuration dans /etc/nodogsplash/nodogsplash.conf:

GatewayInterface wlan0

FirewallRuleSet authenticated-users {
  FirewallRule block to
  FirewallRule block to

  # Serveur de fichiers
  FirewallRule allow tcp port 80 to

  # respectivement: DNS, http, https, ssh
  FirewallRule allow tcp port 53
  FirewallRule allow udp port 53
  FirewallRule allow tcp port 80
  FirewallRule allow tcp port 443
  FirewallRule allow tcp port 22

FirewallRuleSet preauthenticated-users 
  # DNS
  FirewallRule allow tcp port 53
  FirewallRule allow udp port 53

  # Splash page
  FirewallRule allow tcp port 80 to

GatewayName ReseauLibre
# redirect the user here after logging in
# this may break, use with care
#TrafficControl yes
#UploadLimit 128

On peut modifier le html de la splash page dans /etc/nodogsplash/htdocs/.