====== Install CoovaChilli on Ubuntu 14.04 ======
===== Introduction =====
* RADIUSdesk can function perfectly without CoovaChilli.
* CoovaChilli is however the best open source captive portal software around.
* If you want to install CoovaChilli on a machine; make sure that there are at least two functional network cards present.
* One network card will be used by CoovaChilli as the Internet connection.
* The second network card will be used to run a captive portal on. This captive portal will be controlled by CoovaChilli who in turn receives it's instructions from FreeRADIUS (RADIUSdesk)
===== Installing CoovaChilli =====
* If you have a 32 bit machine the install of CoovaChilli will be a bit easier compared with the actions to install it on a 64 bit machine. They are however both easy to follow.
==== 32 Bit Machines ====
* We will assume that we are installing CoovaChilli on the same machine running RADIUSdesk. You are not required though to run them on the same machine.
* We also assume that the machine has an Internet connection on eth0 while eth1 will be used to run the captive portal on.
* Grab the latest binary build of CoovaChilli from this page. http://coova.org/CoovaChilli/Binaries
* As of this writing it is 1.3.0
* Install it on the machine with the two network cards running RADIUSdesk
sudo dpkg --install coova-chilli_1.3.0_i386.deb
* From the output of the dpkg command you will see that CoovaChilli is by default disabled. In the next section we will configure it to become a working entity.
==== 64 bit Machines ====
* We have to compile the 64 bit package from source.
* Download the latest version of the source here: http://coova.org/Download
* As of this writing it is at 1.3.0.
* Install the build tools, build and install the package
sudo apt-get install build-essential linux-headers-server libssl-dev
sudo apt install devscripts debhelper
tar -xzvf zxvf coova-chilli-1.3.0.tar.gz
cd coova-chilli-1.3.0/
debuild -i -us -uc -b
cd ..
sudo dpkg --install coova-chilli_1.3.0_amd64.deb
* From the output of the dpkg command you will see that CoovaChilli is by default disabled. In the next section we will configure it to become a working entity.
===== Configuring CoovaChilli =====
==== Enable CoovaChilli ====
* Edit the following file
sudo vi /etc/default/chilli
* Change it to look like this
START_CHILLI=1
CONFFILE="/etc/chilli.conf"
HS_USER="chilli"
* Save the file and start CoovaChilli
sudo /etc/init.d/chilli start
* Make sure there is a tun interface present when you look at the feedback of the ifconfig command.
ifconfig
.....
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.1.0.1 P-t-P:10.1.0.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
......
==== Modify the configuration file ====
* CoovaChilli is configured by editing or creating certail files unser the /etc/chilli directory.
^ File ^ Comment ^
| **config** | start as a copy of **default** and is edited to override specific variables defined in **default** |
| **default** | To avoid the splash screen we have to remove one line from this file |
| **ipup.sh** | Custom firewall rules for start-up |
| **ipdown.sh** | Custom firewall rule clean-up during shut-down. |
* Use the following /etc/chilli/config file as a guideline to configure CoovaChilli
HS_LANIF=eth1 # Subscriber Interface for client devices
HS_NETWORK=10.1.0.0 # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.0.0 # HotSpot Network Netmask
HS_UAMLISTEN=10.1.0.1 # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990 # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
HS_NASID=localhost
HS_RADIUS=localhost
HS_RADIUS2=localhost
HS_RADSECRET=testing123 # Set to be your RADIUS shared secret
HS_UAMSECRET=greatsecret # Set to be your UAM secret
HS_UAMALIASNAME=chilli
HS_SSID="Struisbaai"
HS_NASIP=127.0.0.1 # To explicitly set NAS-IP-Address
HS_UAMSERVER=$HS_UAMLISTEN
HS_UAMFORMAT=http://\$HS_UAMLISTEN/cake2/rd_cake/dynamic_details/chilli_browser_detect/
HS_MACAUTH=on # To turn on MAC Authentication
HS_TCP_PORTS="80 23 8000"
HS_MODE=hotspot
HS_TYPE=chillispot
HS_WWWDIR=/etc/chilli/www
HS_WWWBIN=/etc/chilli/wwwsh
HS_PROVIDER=Coova
HS_PROVIDER_LINK=http://www.coova.org/
HS_LOC_NAME="My HotSpot" # WISPr Location Name and used in portal
HS_COAPORT=3799
* Comment the following line out of ///etc/chilli/default//.
# Same principal goes for HS_UAMHOMEPAGE.
#HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
* Also comment the DNS server settings out in ///etc/chilli/default// to force CoovaChilli to use the DNS servers of the system that it is running on.
# OpenDNS Servers
#HS_DNS1=208.67.222.222
#HS_DNS2=208.67.220.220
* Use the following ///etc/chilli/ipup.sh// file as a guideline
UAM server specified as 10.1.0.1
iptables -I INPUT -i tun0 -p tcp -m tcp --dport 80 --dst 10.1.0.1 -j ACCEPT
iptables -I INPUT -i tun0 -p tcp -m tcp --dport 443 --dst 10.1.0.1 -j ACCEPT
iptables -I INPUT -i tun0 -p tcp -m tcp --dport 22 --dst 10.1.0.1 -j ACCEPT
iptables -I INPUT -i tun0 -p tcp -m tcp --dport 8000 --dst 10.1.0.1 -j ACCEPT
* Use the following ///etc/chilli/ipdown.sh// file as a guideline
UAM server specified as 10.1.0.1
iptables -D INPUT -i tun0 -p tcp -m tcp --dport 80 --dst 10.1.0.1 -j ACCEPT
iptables -D INPUT -i tun0 -p tcp -m tcp --dport 443 --dst 10.1.0.1 -j ACCEPT
iptables -D INPUT -i tun0 -p tcp -m tcp --dport 22 --dst 10.1.0.1 -j ACCEPT
iptables -D INPUT -i tun0 -p tcp -m tcp --dport 8000 --dst 10.1.0.1 -j ACCEPT
===== Add NAT support =====
* By default CoovaChilli does not do NAT between the two interfaces. We have to add NAT support during start-up in order to have a working system.
Failing to do this step will leave you with a broken system.
* Edit the ///etc/init.d/chilli// file and add the following:
test ${HS_ADMINTERVAL:-0} -gt 0 && {
(crontab -l 2>&- | grep -v $0
echo "*/$HS_ADMINTERVAL * * * * $0 radconfig"
) | crontab - 2>&-
}
#NAT mod
iptables -F POSTROUTING -t nat
iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
#END NAT mod
ifconfig $HS_LANIF 0.0.0.0
===== Test it out =====
* Restart CoovaChilli for the latest changes to be effected.
sudo /etc/init.d/chilli stop
sudo /etc/init.d/chilli start
* Confirm it started fine
sudo tail /var/log/messages
.......
May 23 13:17:01 RADIUSdesk-Beta1-1 CRON[2427]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
May 23 13:18:28 RADIUSdesk-Beta1-1 coova-chilli[2109]: chilli.c: 5511: DHCP Released MAC=08-00-27-90-61-AE IP=10.1.0.2
May 23 13:20:48 RADIUSdesk-Beta1-1 crontab[2444]: (root) LIST (root)
May 23 13:20:48 RADIUSdesk-Beta1-1 crontab[2446]: (root) REPLACE (root)
May 23 13:20:48 RADIUSdesk-Beta1-1 coova-chilli[2109]: chilli.c: 7544: CoovaChilli shutting down
May 23 13:20:48 RADIUSdesk-Beta1-1 coova-chilli[2448]: main-script.c: 94: Running /etc/chilli/down.sh (107/0)
May 23 13:20:51 RADIUSdesk-Beta1-1 coova-chilli[2561]: CoovaChilli(ChilliSpot) 1.3.0. Copyright 2002-2005 Mondru AB. Licensed under GPL. Copyright 2006-2012 David Bird (Coova Technologies) . Licensed under GPL. See http://www.coova.org/ for details.
May 23 13:20:51 RADIUSdesk-Beta1-1 coova-chilli[2561]: tun.c: 605: TX queue length set to 100
May 23 13:20:51 RADIUSdesk-Beta1-1 coova-chilli[2563]: main-script.c: 94: Running /etc/chilli/up.sh (0/0)
May 23 13:21:01 RADIUSdesk-Beta1-1 cron[809]: (root) RELOAD (crontabs/root)
.......
===== Making things permanent =====
* Ensure that CoovaChilli will start up after reboots.
sudo update-rc.d chilli start 99 2 3 4 5 . stop 20 0 1 6 .
* Reboot the system and make sure CoovaChilli started up fine