The other day I read an article about some nice project using a Raspberry Pi as a WIFI access point generating a guest WIFI network. The key is generated randomly and presented as QR code to the user on a small TFT display. For protection purposes it is re-generated every 24 hours or the like (See ).
I tried to implement such a thing using 802.1X with predefined user and passwords placing the user into a separated VLAN. That failed because it required SSL certificates signed by an official Certification Authority which I do not have. The other option would be to integrate my own CA into the devices connecting the wireless network. So no option either.
Web Browser on a Wall Mounted Tablet Showing the WIFI Key
Inspired by the Howto mentioned above I analyzed the options to let some script configure a virtual access point on my WNDAP360 by Netgear. And I found it: You can enable SSH access (unfortunately not using RSA keys), login and configure the virtual access point (VAP) with some command line options.
I could not get it to work with some shell magic and sshpass so I wrapped everything into a little Perl script running on a server placed in the management network.
This emulates a SSH login and executes the commands to re-configure the WIFI key. In this case it is security profile number 3 - I use the other two for personal purposes. The image with the QR-code contains not only the key but some sort of string that can be used to configure Android devices automatically. The QR-code is placed in the web servers path. The web page is then displayd by the tablet installed to the wall in the living room.
The second part is a PHP file served by the web server. It displays the QR-code and has some java script magic to calculate the remaining time the displayed key is valid for. In my case the key is changes ervery 24 hours at 3 AM.
The source for the web page is:
The Perl script is executed by a cron job and the web page automatically reloads every hour in order to display the correct key on the next day.
Apparently there is no error checking during executing the commands to change the WIFI key. So it may be possible that this solution fails :).