====== OpenVPN Bridges ======
=====  Prepare Coova Chilli =====
 
===== Building and Installing Coova Chilli =====
  * Download the latest release of Coova Chilli. (Version 1.3.1.4 at the time of this writing)
  * [[https://github.com/coova/coova-chilli/releases|Coova Chilli Releases]]
<code bash>
wget  https://github.com/coova/coova-chilli/archive/1.3.1.4.tar.gz
</code>
  * Extract the source and edit the **debian/control** file to remove the dependency on the **haserl** package.
<code bash>
tar -xzvf 1.3.1.4.tar.gz
vi coova-chilli-1.3.1.4/debian/control
#Look for this line
Depends: iptables, haserl
#Remove haserl so that it looks like this:
Depends: iptables
#Save your changes
</code>
  * Install the packages that is required for building **debs**.
<code bash>
sudo apt-get update
sudo apt-get install build-essential linux-headers-server libssl-dev
sudo apt install devscripts debhelper gengetopt libtool automake
</code>
  * Build and install the package:
<code bash>
cd coova-chilli-1.3.1.4/
debuild -i -us -uc -b
cd ..
sudo dpkg --install coova-chilli_1.3.0_amd64.deb
</code>

---------

===== Configuring Coova Chilli =====
==== Enable CoovaChilli ====
  * Edit the following file
<code bash>
    sudo vi /etc/default/chilli
</code>
  * Change it to look like this
<code bash>
    START_CHILLI=1
    CONFFILE="/etc/chilli.conf"
    HS_USER="chilli"
</code>
  * Save the file.

==== Create the main config file ====
  * Create a file called **/etc/chilli/config** and use the following as reference:
<file bash /etc/chilli/config>
HS_WANIF=eth1            # WAN Interface toward the Internet
HS_DNS1=4.4.4.4
HS_DNS2=8.8.8.8
HS_RADIUS=198.27.111.78
HS_RADIUS2=198.27.111.78
HS_RADSECRET=testing123    # Set to be your RADIUS shared secret
HS_UAMSECRET=greatsecret     # Set to be your UAM secret
HS_UAMALIASNAME=chilli
HS_UAMSERVER=$HS_UAMLISTEN
HS_UAMFORMAT=http://198.27.111.78/cake2/rd_cake/dynamic_details/chilli_browser_detect/
HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
HS_MODE=hotspot
HS_TYPE=coovachilli
HS_WWWDIR=/etc/chilli/www
HS_WWWBIN=/etc/chilli/wwwsh
HS_PROVIDER=Coova
HS_PROVIDER_LINK=http://coova.github.io/
HS_LOC_NAME="My HotSpot"           # WISPr Location Name and used in portal
</file>
  * Create the VLAN config directories
<code bash>
sudo su
cd /etc/chilli
./newmulti.sh br0.101
./newmulti.sh br0.102
./newmulti.sh br0.103
</code>
  * Create the three VLAN configs
<file bash /etc/chilli/br0.101/config>
HS_LANIF=br0.101            # WAN Interface toward the Internet
HS_NETWORK=10.101.0.0      # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.0.0   # HotSpot Network Netmask
HS_UAMLISTEN=10.101.0.1  # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990            # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)

HS_DYNIP=10.101.1.1
HS_DYNIP_MASK=255.255.0.0
HS_STATIP=10.101.0.1
HS_STATIP_MASK=255.255.255.0
# HS_DNS_DOMAIN=

HS_NASID=rd-vlan101
HS_SSID=rd-vlan101-ssid
</file>

--------------------

<file bash /etc/chilli/br0.102/config>
HS_LANIF=br0.102            # WAN Interface toward the Internet
HS_NETWORK=10.102.0.0      # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.0.0   # HotSpot Network Netmask
HS_UAMLISTEN=10.102.0.1  # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3991            # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4991          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)

HS_DYNIP=10.102.1.1
HS_DYNIP_MASK=255.255.0.0
HS_STATIP=10.102.0.1
HS_STATIP_MASK=255.255.255.0
# HS_DNS_DOMAIN=

HS_NASID=rd-vlan102
HS_SSID=rd-vlan102-ssid

</file>

---------------

<file bash /etc/chilli/br0.103/config>
HS_LANIF=br0.103            # WAN Interface toward the Internet
HS_NETWORK=10.103.0.0      # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.0.0   # HotSpot Network Netmask
HS_UAMLISTEN=10.103.0.1  # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3992            # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4992          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)

HS_DYNIP=10.103.1.1
HS_DYNIP_MASK=255.255.0.0
HS_STATIP=10.103.0.1
HS_STATIP_MASK=255.255.255.0
# HS_DNS_DOMAIN=

HS_NASID=rd-vlan103
HS_SSID=rd-vlan103-ssid

</file>

--------------------

===== Add NAT Support =====
  * By default CoovaChilli does not do NAT between the two interfaces. We have to add NAT support during start-up in order to have a working system. 
<WRAP center round alert 90%>
Failing to do this step will leave you with a broken system. 
</WRAP>
  * Edit the **/etc/init.d/chilli** file and add the following:
<code bash>
test ${HS_ADMINTERVAL:-0} -gt 0 && {
    (crontab -l 2>&- | grep -v $0
        echo "*/$HS_ADMINTERVAL * * * * $0 radconfig"
        ) | crontab - 2>&-
}
 
#NAT mod
iptables -F POSTROUTING -t nat
iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
#END NAT mod
 
ifconfig $HS_LANIF 0.0.0.0
</code>

------------

===== Test it out =====
  * Restart CoovaChilli for the latest changes to be effected.
<code bash>
sudo /etc/init.d/chilli stop
sudo /etc/init.d/chilli start
</code>

------

===== Making things permanent =====
  * Ensure that CoovaChilli will start up after reboots.
  * If your server only has one interface card, add this line to the **/etc/rc.local** file:
<code bash>
#Add the startup of OpenVPN
/usr/sbin/service openvpn start

#Start up Chill
/etc/init.d/chilli start

exit 0

</code>
  * If your server has two interface cards, issue the following command:
<code bash>
sudo update-rc.d chilli start 99 2 3 4 5 . stop 20 0 1 6 .
</code>
  * Reboot the system and make sure CoovaChilli started up fine