Hi All
I wanted to share a project with you all that I have been working on - its totally overkill for a home network, but I think it’s pretty cool
I wanted to keep my guests seperate from my core devices on my LAN for multiple reasons. I have a sort of theory around devices I trust and devices I don’t, I feel like isolating your guests on their own LAN is a good practice. (I won’t go into how to install LEDE or setup a Guest WIFI in this post - I’ll just share my Home Assistant integration.
The Guest Wifi only has internet access. I don’t want it to be active all of the time and want the password to refresh on a periodic basis, utilizing Home Assistant I want guests or the significant other to enable or disable the guest wifi and display the current guess wifi password.
To achieve this I had to install LEDE on my router, create a few bash scripts to disable/enable the Wifi, check its status and regenerate a password.
I created some command line switches to run the scripts from Home Assistant and interface looks like this
Running LEDE on my router and doing a SSH keyless password exchange between the Home Assistant server and my router(saves exposing my server password to my HA config or the scripts) - I can SSH to my router and run UCI commands to perform set activities, like disabling the wifi or setting the guest password.
Guest Wifi Current Password
Script
#!/bin/bash
command="ssh [email protected] \"uci show wireless.Guest.key | cut -d\' -f 2\""
result=`eval ${command}`
echo $result;
Sensor
- platform: command_line
command: '/home/user/scripts/wifi/guestPassword'
name: GuestWifiPassword
Generate new Guest Wifi Password
Running via CRONTAB every Wednesday
#!/bin/bash
newpassword=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)
command="ssh [email protected] \"uci set wireless.Guest.key=${newpassword}; uci commit wireless; wifi\""
result=`eval ${command}`
echo $result;
HA Switches
To check status of Wifi and enable or disable
guestwifi:
command_on: '/home/user/scripts/wifi/enableWifi 192.168.0.1 0 Guest'
command_off: '/home/user/scripts/wifi/enableWifi 192.168.0.1 1 Guest'
command_state: '/home/user/scripts/wifi/Wifi2gStatus 192.168.0.1 Guest'
value_template: '{{ value == "on" }}'
friendly_name: Guest Wifi
Script for Guest Wifi Status
Find the current status of the guest wifi
#!/bin/bash
RouterToCheck=$1
wifiToCheck=$2
command="ssh root@${RouterToCheck} \"uci show wireless | grep wireless.${wifiToCheck}.disabled |cut -d\' -f 2\""
result=`eval ${command}`
if [ -z "$result" ]; then
echo on
else
echo off
fi
Enable or disable Guest Wifi
Single script to manage enablement or disablement of the Wifi
#!/bin/bash
RouterToCheck=$1
stateToSet=$2
networktochange=$3
if [ "$stateToSet" -eq "0" ]; then
command="ssh root@${RouterToCheck} \"uci delete wireless.${networktochange}.disabled; uci commit wireless; wifi\""
else
command="ssh root@${RouterToCheck} \"uci set wireless.${networktochange}.disabled=${stateToSet}; uci commit wireless; wifi\""
fi
result=`eval ${command}`
sleep 30
Its been working very well for the last few months and has a high WAF factor while keeping my network a little more secure and not having to share my wifi password with everyone.
Next steps might be automatic disablement when the Guest Wifi hasn’t had any use for a set time - I also bet there is a whole host of other things you can do on your lan using LEDE and Home Assistant.
You’ll also notice I have multiple routers with multiple WiFi Access points to help with full home wifi coverage.
Let me know what you think and any suggestions you might have.