banner
miaoer

miaoer

喵二の小博客 https://www.miaoer.net xLog 分站
tg_channel
telegram
bilibili
HomeArchives

Wuhan University Dormitory Campus Network OpenWrt Internet Authentication

#校园网#Openwrt53
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The document discusses how to enhance internet connectivity in WHU dormitories, which limit users to three devices and throttle speeds after 7 PM. By connecting an OpenWrt router to a functional network port in the dorm, users can share an account, connect smart devices, and bypass speed restrictions. The guide outlines the necessary preparations, including obtaining an OpenWrt router, an authentication script, and SSH software. It provides a sample script for network authentication, detailing its usage and configuration options. The script checks for online status, validates user inputs, and manages connections effectively.

Introduction#

As we all know, WHU's campus network limits three devices, and after 7 PM, it directly throttles to 20Mbps.

So if there is a network port in the dormitory, and this port can access the internet normally, then connecting a router equipped with OpenWrt can double the experience. It not only allows your dormitory to share an account to split the internet fee... and connect to the Mi Home devices of old alumni, but also lets you surf the internet freely after 7 PM when others are throttled, which is simply delightful!

Currently, the known dormitories with usable network ports are basically newly built, such as the 18th dormitory of the School of Information, while other dormitories need to be explored on your own. First, test whether the network port can be used with a computer; if it works, you can proceed to install a device.

Installation Preparation#

If you want to adopt this solution, you need to prepare the following:

  1. A router/software router running OpenWrt
  2. Authentication script
  3. SSH software (preferably with sftp)

This article uses CatWrt compiled by Miaoer as an example, with basically no requirements on the system.

The script requires bash and curl; if you are using the original OpenWrt, you need to check whether the components are installed. Additionally, if curl is pre-installed, it is better not to install it again to avoid issues.

1

The network authentication script is open source on GitHub, project link: https://github.com/7Ji/auto-whu-standard

Here we will directly use the auto-whu.sh from it with some minor modifications for use.

The script is as follows:

#!/bin/bash
# Online check
check_online() {
    ping -w1 -W1 -c 1 baidu.com 1>/dev/null 2>&1 
    [[ $? = 0 ]] && echo "Network is already up" && return 0
    return 1
}
# Check online and immediately exit if is running by systemd
check_online && [[ $? = 0 ]] && [[ ! -z "$INVOCATION_ID" ]] && exit
echo "Warning: running auto-whu when already online is dangerous, you may get your account banned for too many login requests. Use systemd and the bundled service and timer file to manage auto-whu instead. Check the repo for more info: https://github.com/7Ji/auto-whu-standard"
# Help message
help () {
    echo "Usage: $0 -u [username] -p [password] -n [network] -m [manual network] -u [url] -c [config file] -f -s -h"
    echo "      -u username, should be a number of 13 digits"
    echo "      -p password, any value not empty"
    echo "      -n network, single-digit number from 0 to 3, 0 for CERNET, 1 for China Telcom, 2 for China Unicom, 3 for China Mobile"
    echo "      -m a manually specified network name, replace the -n option"
    echo "      -c config file, path to the configuration file"
    echo "      -a eportal authorization URL, DO NOT SET IT unless you totally understand it"
    echo "      -f foreground mode, ignore the systemd check"
    echo "      -s skip check for sanity for username, password and network"
    echo "      -h print this message"
    echo "      *notice that all other arguments will overwrite the value provided by the config file"
}
# Check arguments
[[ $# = 0 ]] && help && exit
while [[ $# -ge 1 ]]; do
    if [[ "$1" = '-u' ]]; then
        ARG_USERNAME="$2"
        shift
    elif [[ "$1" = '-p' ]]; then
        ARG_PASSWORD="$2"
        shift
    elif [[ "$1" = '-n' ]]; then 
        ARG_NETWORK="$2"
        shift
    elif [[ "$1" = '-m' ]]; then
        ARG_NETWORK_MANUAL="$2"
        shift
    elif [[ "$1" = '-a' ]]; then
        ARG_URL="$2"
        shift
    elif [[ "$1" = '-c' ]]; then
        ARG_CONFIG="$2"
        shift
    elif [[ "$1" = '-f' ]]; then
        ARG_IGNORE_SYSTEMD='1'
    elif [[ "$1" = '-s' ]]; then
        ARG_IGNORE_SANITY='1'
    elif [[ "$1" = '-h' ]]; then
        help && exit
    fi
    shift
done    
# Check and read configuration file if necessary
if [[ ! -z "$ARG_CONFIG" ]]; then
    [[ ! -f "$ARG_CONFIG" ]] && echo "ERROR: The configuration file '$ARG_CONFIG' you've provided does not exist."
    [[ ! -r "$ARG_CONFIG" ]] && echo "ERROR: Not allowed to read the configuration file '$ARG_CONFIG', check your permission"
    source "$ARG_CONFIG"
fi
[[ ! -z "$ARG_USERNAME" ]] && USERNAME=$ARG_USERNAME
[[ ! -z "$ARG_PASSWORD" ]] && PASSWORD=$ARG_PASSWORD
[[ ! -z "$ARG_NETWORK" ]] && NETWORK=$ARG_NETWORK
[[ ! -z "$ARG_NETWORK_MANUAL" ]] && NETWORK_MANUAL=$ARG_NETWORK_MANUAL
[[ ! -z "$ARG_URL" ]] && URL=$ARG_URL
[[ ! -z "$ARG_IGNORE_SYSTEMD" ]] && IGNORE_SYSTEMD='1'
[[ ! -z "$ARG_IGNORE_SANITY" ]] && IGNORE_SANITY='1'
# Default value downgrading
[[ -z "$NETWORK" && -z "$NETWORK_MANUAL" ]] && NETWORK='0' && echo "Neither network number nor manual network name was set, defaulting network to 0(CERNET)"
[[ -z "$URL" ]] && URL='http://172.19.1.9:8080/eportal/InterFace.do?method=login' && echo "Using default eportial authorization URL 'http://172.19.1.9:8080/eportal/InterFace.do?method=login'"
# Check systemd
if [[ -z "$INVOCATION_ID" && "$IGNORE_SYSTEMD" != 1 ]]; then
    echo "You are running this script manually or in a non-systemd environment, it's better to manage this script with systemd."
    echo "Check the github repo to learn how to use this script properly: https://github.com/7Ji/auto-whu-standard"
    echo "You can set IGNORE_SYSTEMD='1' in the config file or use the argument -f to ignore this check"
fi
# Check integrity or sanity. return code 1 for insanity.
if [[ "$IGNORE_SANITY" != 1 ]]; then
    echo "Starting sanity check for username, password and network, you can set IGNORE_SANITY='1' in config file, or use argument -n to ignore this check."
    [[ ! "$USERNAME" =~ ^[0-9]{13}$ ]] && echo "ERROR:The username '$USERNAME' you provided is not a number of 13 digits" && exit 1
    [[ -z "$PASSWORD" ]] && echo "ERROR:You've specified an empty password" && exit 1
    [[ ! "$NETWORK" =~ ^[0-3]$ && -z "$NETWORK_MANUAL" ]] && echo "ERROR:You've specified a network number not supported, only 0-3 is supported, 0 for CERNET(default), 1 for China Telcom, 2 for China Unicom, 3 for China Mobile" && exit 1
    echo "Sanity check pass."
fi
# Network number conversion
if [[ -z "$NETWORK_MANUAL" ]]; then
    if [[ "$NETWORK" = 0 ]]; then
        NETWORK_STRING=Internet
    elif [[ "$NETWORK" = 1 ]]; then
        NETWORK_STRING=dianxin
    elif [[ "$NETWORK" = 2 ]]; then
        NETWORK_STRING=liantong
    else   
        NETWORK_STRING=yidong
    fi
else
    NETWORK_STRING=$NETWORK_MANUAL
fi
# Authorization
echo "Trying to authorize..."
curl -d "userId=$USERNAME&password=$PASSWORD&service=$NETWORK_STRING&queryString=`curl baidu.com | grep -oP "(?<=\?).*(?=\')" | sed 's/&/%2526/g' | sed 's/=/%253D/g'`&operatorPwd=&operatorUserId=&validcode=&passwordEncrypt=false" $URL 1>/dev/null 2>&1 
check_online && [[ $? = 0 ]] && exit
echo "Failed to authorize, you may need to check your account info and credit and network connection"

Usage Method#

You can create a new script and name it as you like; I will uniformly use the name auto-whu.sh and then copy the script content into it.

Upload this script to the Catwrt's /usr/sbin/ directory using an sftp tool, and use

chmod 777 /usr/sbin/auto-whu.sh

to grant executable permissions to the script.

Here we can use SSH clients with sftp file transfer like Termius, or if you prefer, you can also use vi, vim, or nano to copy it directly in the terminal editor.

2

Test Command#

You can authenticate directly by running the command in the terminal:

/usr/sbin/auto-whu.sh -u your_student_account -p your_password -n 0 -f

After running the command, if the device successfully goes online, it will output:

image-20241221140333731

root@CatWrt:~# /usr/sbin/auto-whu.sh -u your_student_account -p your_password -n 0 -f
Warning: running auto-whu when already online is dangerous, you may get your account banned for too many login requests. Use systemd and the bundled service and timer file to manage auto-whu instead. Check the repo for more info: https://github.com/7Ji/auto-whu-standard
Using default eportial authorization URL 'http://172.19.1.9:8080/eportal/InterFace.do?method=login'
Starting sanity check for username, password and network, you can set IGNORE_SANITY='1' in config file, or use argument -n to ignore this check.
Sanity check pass.
Trying to authorize...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   521  100   521    0     0   130k      0 --:--:-- --:--:-- --:--:--  254k
Failed to authorize, you may need to check your account info and credit and network connection

If the device is already online, repeated authentication will output:

image-20241221140257011

root@CatWrt:~# /usr/sbin/auto-whu.sh -u your_student_account -p your_password -n 0 -f
Network is already up
Warning: running auto-whu when already online is dangerous, you may get your account banned for too many login requests. Use systemd and the bundled service and timer file to manage auto-whu instead. Check the repo for more info: https://github.com/7Ji/auto-whu-standard
Using default eportial authorization URL 'http://172.19.1.9:8080/eportal/InterFace.do?method=login'
Starting sanity check for username, password and network, you can set IGNORE_SANITY='1' in config file, or use argument -n to ignore this check.
Sanity check pass.
Trying to authorize...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (52) Empty reply from server
Network is already up

This method will automatically exit authentication after the device restarts and occupy one campus network account's device count. The switch for seamless authentication does not affect this situation. Therefore, after each restart, you need to kick off the previous device and then execute the command in the device's backend.

Adding Autostart#

After testing and confirming everything is correct, add a startup task so that every time you restart, you only need to kick off the previous device, and the router will authenticate itself. The operation method is as follows:

Open System - Startup Items

image-20241221135800402

Scroll to the bottom and add a line before exit0: /usr/sbin/auto-whu.sh -u your_student_account -p your_password -n 0 -f

image-20241221135905771

This way, the script command will be executed with the device startup.

Summary#

After the above operations, you can happily use the campus network in WHU's dormitory. Of course, it's best to use one account.

image

Script Parameters - Appendix#

-u [username] declares the login username, which should be a 13-digit number

-p [password] declares the password, which should not be an empty field

-n [network] declares the type of network to log in, an integer from 0 to 3, where 0 is for the education network (default), 1 for China Telecom, 2 for China Unicom, 3 for China Mobile

-m [network_manual] manually declares the network name, which will override the -n parameter; for example, the education network here is -m Internet. Unless the network situation changes later, or you plan to use auto-whu in a non-WHU campus network environment, this parameter should not be used.

-c [config file] path to the configuration file, from which username, password, network type, manual network name, verification URL, whether to check systemd, and the legality of each variable will be read. These options will be overridden by the parameters provided on the command line (for example, -u will override the USERNAME item in the configuration file).

-a [authorization URL] the verification URL of eportal, only recommended for users in non-WHU campus network environments. If you discover changes in the verification method of WHU's campus network through packet capture, you should fork this repo, modify it, and submit a pull request.

-f enables foreground mode, which will disable systemd checks.

-s skips parameter legality checks, including disabling the 13-digit username check, non-empty password check, and 0-3 integer network number check.

-h prints help text

For example, a user with the username 2024300000000 and password 123456,

/usr/sbin/auto-whu.sh -u 2024300000000 -p 123456 -n 0 -f

If they want to log in to the China Telecom network, they should use the following command (-f can be omitted):

/usr/sbin/auto-whu.sh -u 2024300000000 -p 123456 -m dianxin -f

References#

7Ji/auto-whu-standard

Auto WHU for standard linux distributions i.e. Arch Linux, Ubuntu, etc. With systemd in mind, this version is much more concise than the openwrt version.

Shell60

This article was synchronized and updated to xLog by Mix Space. The original link is https://www.miaoer.net/posts/network/whu-openwrt-authentication

Footnotes#

  1. https://www.miaoer.net/posts/network/catwrt

  2. https://www.miaoer.net/posts/blog/ssh-connection-to-openwrt

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.