Setting a random password for guest wifi

[SullyTheUnusual]

I found an easier way (for me) to manage my kid's WiFi access. I enable/disable guest networks via a small script that my wife and I can run from a term app on our phones. The networks then automatically turn off via a cron set to run in the evening. This way, they don't have to "forget the network" and retype a password every day. Also, if I want to turn off their WiFi at some point during the day, I just run the script with "off" as an argument instead of "on".

#/bin/sh

# Turn on/off kid's wifi for 16 hours

if [ $1 = "on" ]; then
   nvram set wl0.1_bss_enabled=1
   nvram set wl0.1_expire_tmp=57600 
   service restart_wireless
elif [ $1 = "off" ]; then
   nvram set wl0.1_bss_enabled=0
   nvram set wl0.1_expire_tmp=0
   service restart_wireless
else
   echo "Invalid parameter!  Acceptable parameters are ON or OFF"
fi

 

[mad_daddy]

Hi All
Just a couple of questions.
**Has anyone managed to get this script to work via yahoo.com (or is everyone using gmail)??
**If i wanted to set 2 passwords (random password for guest 1 network and random password for guest 2 network), would i need to run two scripts??
Please note that i dont want guest 1 and guest 2 networks to have the same random password

Thank You

 

[redvers]

Can't answer the Yahoo question, but you could call two different functions (or the same one twice) and set different passwords from within the same script execution...

 

[mad_daddy]

Brilliant, Thanks for the quick reply @redvers
Cant wait to play with this script

 

[redvers]

I think the relevant lines are included but commented out; if you need any more help just holler

 

[mad_daddy]

Sorry to trouble you guys but looking at the scripts, i guess i'm supposed to amend the new-password.sh (from V1.01 script)?? but i can see wl0.1 and wl1.1 this is the first guest network (2.4 and 5.0) but i need to amend this script for Guest 1 and Guest 2 (wl0.1 and wl1.1 and wl0.2 and 1.2).
Could someone point me to where i can amend this please??
Or shall i create a second new-password.sh (eg new-password2.sh) and enter the 2nd guest settings on this??

 

[redvers]

Tweak the script using the following :


# Now call the function we want to use

getrandomphrase

# getrandopenssl

# getpasswdme

guest1pass=$phrasepasswd

# Call function again for Guest 2 network

getrandomphrase
guest2pass=$phrasepasswd


# log what we have done
logger -t $(basename $0) "Today's Guest1 password is :" $guest1pass

logger -t $(basename $0) "Today's Guest2 password is :" $guest2pass

# nvram settings for the three guest 2.4 networks
nvram set wl0.1_wpa_psk=$guest1pass
nvram set wl0.2_wpa_psk=$guest2pass
nvram set wl0.3_wpa_psk=$datepasswd

# nvram settings for the three guest 5.0 networks
nvram set wl1.1_wpa_psk=$guest1pass
nvram set wl1.2_wpa_psk=$guest2pass
nvram set wl1.3_wpa_psk=$datepasswd

# passwords have been changed but we need to restart the wifi for it to pick them up
service restart_wireless

 

[mad_daddy]

Thanks @redvers
Will try the script tonight and let you know the outcome.
Thanks for all your hard work, it's appreciated

 

[mad_daddy]

Hi @redvers
Your script worked brilliantly!!!!!

There is however one change i made.

When the email was being sent, only one network password was being out, so i amended the script to:
# now send out the email
echo "Subject: Guest network password notification" >/tmp/mail.txt
echo "From: \\"$FROMNAME\\"<$FROM>" >>/tmp/mail.txt
echo "Date: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "Today's guest network 1 password is : $guest1pass" >>/tmp/mail.txt
echo "Today's guest network 2 password is : $guest2pass" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt


These two lines allowed both passwords to be sent:
echo "Today's guest network 1 password is : $guest1pass" >>/tmp/mail.txt
echo "Today's guest network 2 password is : $guest2pass" >>/tmp/mail.txt

Thank you for such a fantastic script!!!!

 

[Lucrecious]

Hello mad_daddy,

I have your script running on 380.59 firmware, i have executed the main script rpg-passgen.sh and email works, wireless gets new password, however, it does not stick... the "service restart_wireless" may not be functioning... just a guess... any suggestions?

 

[Lucrecious]

Hello mad_daddy,

I have your script running on 380.59 firmware, i have executed the main script rpg-passgen.sh and email works, wireless gets new password, however, it does not stick... the "service restart_wireless" may not be functioning... just a guess... any suggestions?

Addendum: When I save the modified settings for Guest Wifi, through the web interface, the updated password showing does stick...

 

[mad_daddy]

@Lucrecious
Did you get the script fully working?
Did you also create the init-start script as well?
Also any problems please post here.

 

[Lucrecious]

@Lucrecious
Did you get the script fully working?
Did you also create the init-start script as well?
Also any problems please post here.

Here is what I have for "init-start":

#!/bin/sh
cru a ResetGuestPassword "0 4 * * * /jffs/scripts/rpg-passgen.sh"

The term "ResetGuestPassword" should that be renamed to reflect the name for the Asus Router?

I did run into this issue with the "rpg-passgen.sh" file wherein:

FROMNAME="MustUseCustomRouterName"

I resolved this issue by entering the name for my Router, removing "Asus Router".

When i run the "rpg-passgen.sh", it does the job of changing the Guest Wifi passwords, and, I do get an email from a GMail account setup to notify.

With the Router Page open I can see the new random password applied to both 2.4 and 5 G Guest networks, however, when attempting to connect with the password showing it does not work until I access the parameters and then save them, without changing anything. So, the passwords are populating the fields, they are the same as the email received, however it does not seem to be restarting the Wireless on the Router from here (of course, this is just my guess):

service restart_wireless

Should the above line reflect a custom name for the Router?

I am running the script from within SCP with no errors, and the results seem to be almost complete except for the stickiness of the Guest Wifi Password...

I also have this for "services-start" in the scripts folder:

#!/bin/sh
sh /jffs/scripts/rpg-passgen.sh

Any thoughts?

 

[Lucrecious]

Here is what I have for "init-start":

#!/bin/sh
cru a ResetGuestPassword "0 4 * * * /jffs/scripts/rpg-passgen.sh"

The term "ResetGuestPassword" should that be renamed to reflect the name for the Asus Router?

I did run into this issue with the "rpg-passgen.sh" file wherein:

FROMNAME="MustUseCustomRouterName"

I resolved this issue by entering the name for my Router, removing "Asus Router".

When i run the "rpg-passgen.sh", it does the job of changing the Guest Wifi passwords, and, I do get an email from a GMail account setup to notify.

With the Router Page open I can see the new random password applied to both 2.4 and 5 G Guest networks, however, when attempting to connect with the password showing it does not work until I access the parameters and then save them, without changing anything. So, the passwords are populating the fields, they are the same as the email received, however it does not seem to be restarting the Wireless on the Router from here (of course, this is just my guess):

service restart_wireless

Should the above line reflect a custom name for the Router?

I am running the script from within SCP with no errors, and the results seem to be almost complete except for the stickiness of the Guest Wifi Password...

I also have this for "services-start" in the scripts folder:

#!/bin/sh
sh /jffs/scripts/rpg-passgen.sh

Any thoughts?

In addition, I have executed both "services-start" as well as "init-start" from SCP and receive a 127 error... undefined...

This was an error I had executing "rpg-passgen.sh" prior to changing the FROMNAME variable as shown above...

FYI, not certain if this aids in a resolution...

 

[mad_daddy]

@Lucrecious
**Your init-start script is fine (ResetGuestPassword can be named anything, its for your reference)

**i didnt bother with the services-start script. As everytime the router reboots, it generates a new password and can potentially annoy users.
I find one random password a day is enough

**Regarding the rpg-passgen.sh script, I changed the 'From', 'Auth', 'Pass' with my gmail login.
The 'Fromname' i changed to my router nickname (this can be changed to anything).
The 'To' field i changed to my email address i wanted to receive the email on and finally the last change i did to my file was the ones noted above.

service restart_wireless is a command, this forces the wireless to restart and for the changes to take effect

Do you have any other scripts running on the router??

If you are receiving errors when running your scripts, then try to recreate them using winscp, there shouldn't be any errors when executing the scripts

 

[Lucrecious]

@Lucrecious
**Your init-start script is fine (ResetGuestPassword can be named anything, its for your reference)

**i didnt bother with the services-start script. As everytime the router reboots, it generates a new password and can potentially annoy users.
I find one random password a day is enough

**Regarding the rpg-passgen.sh script, I changed the 'From', 'Auth', 'Pass' with my gmail login.
The 'Fromname' i changed to my router nickname (this can be changed to anything).
The 'To' field i changed to my email address i wanted to receive the email on and finally the last change i did to my file was the ones noted above.

service restart_wireless is a command, this forces the wireless to restart and for the changes to take effect

Do you have any other scripts running on the router??

If you are receiving errors when running your scripts, then try to recreate them using winscp, there shouldn't be any errors when executing the scripts

Hello,

Well all is working as it ought to, save for the wireless password "sticking".

The script ran last night on schedule, the email was received.

The updated password did no work, however, I did confirm that it appears correctly within the Guest Wireless section.

The only way I am able to have the updated password work is to open the Guest Wireless page and "Save Changes".

I confirmed on reboot of the router that the Guest Wireless Password will revert back to the most recent manually saved password even though the field shows it updated by way of the script.

I am wondering if this may be a change to the Firmware in the version I am using. Perhaps "admin" credentials can be added to the script, or, there is a way to encode a "Saved Changes" to the Guest Wireless parameters.

I did confirm that the script does restart the wireless, the lights went out and turned back on for the wireless as the script was running, however, this does not seem to make the changes stick in this firmware version.

Any thoughts?

 

[redvers]

What happens when you ssh in and type "service restart_wireless" ?

 

[Lucrecious]

What happens when you ssh in and type "service restart_wireless" ?

The wireless lights go out and back on. So... it works, however, the Guest password is still not working to connect.

It only seems to work when I access the webpage, open the Guest Network, click on the settings to open the modify page and then save the page without changing anything... perhaps a bug in firmware 380

I did try another method, setting UID and GID permissions within WinSCP, to no avail... will also add Sticky bit and let you know the results...

Pretty frustrating... the last thing to do will be to revert to an earlier firmware version and start all over... or, perhaps restoring saved settings and see if it is a firmware versioning issue...

 

[Lucrecious]

The wireless lights go out and back on. So... it works, however, the Guest password is still not working to connect.

It only seems to work when I access the webpage, open the Guest Network, click on the settings to open the modify page and then save the page without changing anything... perhaps a bug in firmware 380

I did try another method, setting UID and GID permissions within WinSCP, to no avail... will also add Sticky bit and let you know the results...

Pretty frustrating... the last thing to do will be to revert to an earlier firmware version and start all over... or, perhaps restoring saved settings and see if it is a firmware versioning issue...

Okay, now I have changed the UID GID and Sticky bit within WinSCP, in case there were permission issues, and have now confirmed that the updated Guest Wireless password, appearing correctly within the webpage, reverts back to the most recently "Save Changes" Guest Wireless password when rebooting the router.

So... the Guest Wireless does update, the issue is that it appears correct within the router web interface, BUT, does not "STICK" until the changes are saved therein.

Restarting the Wireless within firmware 380 does not make the password "STICK".

I am out of options, any ideas?

 

[Lucrecious]

Okay, now I have changed the UID GID and Sticky bit within WinSCP, in case there were permission issues, and have now confirmed that the updated Guest Wireless password, appearing correctly within the webpage, reverts back to the most recently "Save Changes" Guest Wireless password when rebooting the router.

So... the Guest Wireless does update, the issue is that it appears correct within the router web interface, BUT, does not "STICK" until the changes are saved therein.

Restarting the Wireless within firmware 380 does not make the password "STICK".

I am out of options, any ideas?

The Router is set in AP Mode, however, it was behaving the same way in Wireless Router mode...