Install CoovaChilli on Ubuntu 14.04

• RADIUSdesk can function perfectly without CoovaChilli.
• CoovaChilli is however the best open source captive portal software around.
• If you want to install CoovaChilli on a machine; make sure that there are at least two functional network cards present.
• One network card will be used by CoovaChilli as the Internet connection.
• The second network card will be used to run a captive portal on. This captive portal will be controlled by CoovaChilli who in turn receives it's instructions from FreeRADIUS (RADIUSdesk)

• If you have a 32 bit machine the install of CoovaChilli will be a bit easier compared with the actions to install it on a 64 bit machine. They are however both easy to follow.

• We will assume that we are installing CoovaChilli on the same machine running RADIUSdesk. You are not required though to run them on the same machine.
• We also assume that the machine has an Internet connection on eth0 while eth1 will be used to run the captive portal on.
• Grab the latest binary build of CoovaChilli from this page. http://coova.org/CoovaChilli/Binaries
• As of this writing it is 1.3.0
• Install it on the machine with the two network cards running RADIUSdesk

sudo dpkg --install coova-chilli_1.3.0_i386.deb

• From the output of the dpkg command you will see that CoovaChilli is by default disabled. In the next section we will configure it to become a working entity.

• We have to compile the 64 bit package from source.
• Download the latest version of the source here: http://coova.org/Download
• As of this writing it is at 1.3.0.
• Install the build tools, build and install the package

sudo apt-get install build-essential linux-headers-server libssl-dev
sudo apt install devscripts debhelper
tar -xzvf zxvf coova-chilli-1.3.0.tar.gz 
cd coova-chilli-1.3.0/
debuild -i -us -uc -b
cd ..
sudo dpkg --install coova-chilli_1.3.0_amd64.deb

• From the output of the dpkg command you will see that CoovaChilli is by default disabled. In the next section we will configure it to become a working entity.

• Edit the following file

    sudo vi /etc/default/chilli

• Change it to look like this

    START_CHILLI=1
    CONFFILE="/etc/chilli.conf"
    HS_USER="chilli"

• Save the file and start CoovaChilli

   sudo /etc/init.d/chilli start

• Make sure there is a tun interface present when you look at the feedback of the ifconfig command.

    ifconfig
 
    .....
 
    tun0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.1.0.1  P-t-P:10.1.0.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
 
    ......

• CoovaChilli is configured by editing or creating certail files unser the /etc/chilli directory.

• Use the following /etc/chilli/config file as a guideline to configure CoovaChilli

HS_LANIF=eth1              # Subscriber Interface for client devices
HS_NETWORK=10.1.0.0        # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.0.0     # HotSpot Network Netmask
HS_UAMLISTEN=10.1.0.1      # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990            # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
HS_NASID=localhost
HS_RADIUS=localhost
HS_RADIUS2=localhost
HS_RADSECRET=testing123    # Set to be your RADIUS shared secret
HS_UAMSECRET=greatsecret     # Set to be your UAM secret
HS_UAMALIASNAME=chilli
HS_SSID="Struisbaai"
HS_NASIP=127.0.0.1    # To explicitly set NAS-IP-Address
HS_UAMSERVER=$HS_UAMLISTEN
HS_UAMFORMAT=http://\$HS_UAMLISTEN/cake2/rd_cake/dynamic_details/chilli_browser_detect/
HS_MACAUTH=on              # To turn on MAC Authentication
HS_TCP_PORTS="80 23 8000"
HS_MODE=hotspot
HS_TYPE=chillispot
HS_WWWDIR=/etc/chilli/www
HS_WWWBIN=/etc/chilli/wwwsh
HS_PROVIDER=Coova
HS_PROVIDER_LINK=http://www.coova.org/
HS_LOC_NAME="My HotSpot"           # WISPr Location Name and used in portal
HS_COAPORT=3799

• Comment the following line out of /etc/chilli/default.

#   Same principal goes for HS_UAMHOMEPAGE.
#HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html

• Also comment the DNS server settings out in /etc/chilli/default to force CoovaChilli to use the DNS servers of the system that it is running on.

# OpenDNS Servers
#HS_DNS1=208.67.222.222
#HS_DNS2=208.67.220.220

• Use the following /etc/chilli/ipup.sh file as a guideline

UAM server specified as 10.1.0.1 
iptables -I INPUT -i tun0 -p tcp -m tcp --dport 80 --dst 10.1.0.1 -j ACCEPT
iptables -I INPUT -i tun0 -p tcp -m tcp --dport 443 --dst 10.1.0.1 -j ACCEPT
iptables -I INPUT -i tun0 -p tcp -m tcp --dport 22 --dst 10.1.0.1 -j ACCEPT
iptables -I INPUT -i tun0 -p tcp -m tcp --dport 8000 --dst 10.1.0.1 -j ACCEPT

• Use the following /etc/chilli/ipdown.sh file as a guideline

UAM server specified as 10.1.0.1 
iptables -D INPUT -i tun0 -p tcp -m tcp --dport 80 --dst 10.1.0.1 -j ACCEPT
iptables -D INPUT -i tun0 -p tcp -m tcp --dport 443 --dst 10.1.0.1 -j ACCEPT
iptables -D INPUT -i tun0 -p tcp -m tcp --dport 22 --dst 10.1.0.1 -j ACCEPT
iptables -D INPUT -i tun0 -p tcp -m tcp --dport 8000 --dst 10.1.0.1 -j ACCEPT

• By default CoovaChilli does not do NAT between the two interfaces. We have to add NAT support during start-up in order to have a working system.

• Edit the /etc/init.d/chilli file and add the following:

test ${HS_ADMINTERVAL:-0} -gt 0 && {
    (crontab -l 2>&- | grep -v $0
        echo "*/$HS_ADMINTERVAL * * * * $0 radconfig"
        ) | crontab - 2>&-
}
 
#NAT mod
iptables -F POSTROUTING -t nat
iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
#END NAT mod
 
ifconfig $HS_LANIF 0.0.0.0

• Restart CoovaChilli for the latest changes to be effected.

sudo /etc/init.d/chilli stop
sudo /etc/init.d/chilli start

• Confirm it started fine

sudo tail /var/log/messages
 
.......
 
May 23 13:17:01 RADIUSdesk-Beta1-1 CRON[2427]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
May 23 13:18:28 RADIUSdesk-Beta1-1 coova-chilli[2109]: chilli.c: 5511: DHCP Released MAC=08-00-27-90-61-AE IP=10.1.0.2
May 23 13:20:48 RADIUSdesk-Beta1-1 crontab[2444]: (root) LIST (root)
May 23 13:20:48 RADIUSdesk-Beta1-1 crontab[2446]: (root) REPLACE (root)
May 23 13:20:48 RADIUSdesk-Beta1-1 coova-chilli[2109]: chilli.c: 7544: CoovaChilli shutting down
May 23 13:20:48 RADIUSdesk-Beta1-1 coova-chilli[2448]: main-script.c: 94: Running /etc/chilli/down.sh (107/0)
May 23 13:20:51 RADIUSdesk-Beta1-1 coova-chilli[2561]: CoovaChilli(ChilliSpot) 1.3.0. Copyright 2002-2005 Mondru AB. Licensed under GPL. Copyright 2006-2012 David Bird (Coova Technologies) <support@coova.com>. Licensed under GPL. See http://www.coova.org/ for details.
May 23 13:20:51 RADIUSdesk-Beta1-1 coova-chilli[2561]: tun.c: 605: TX queue length set to 100
May 23 13:20:51 RADIUSdesk-Beta1-1 coova-chilli[2563]: main-script.c: 94: Running /etc/chilli/up.sh (0/0)
May 23 13:21:01 RADIUSdesk-Beta1-1 cron[809]: (root) RELOAD (crontabs/root)
 
.......

• Ensure that CoovaChilli will start up after reboots.

sudo update-rc.d chilli start 99 2 3 4 5 . stop 20 0 1 6 .

• Reboot the system and make sure CoovaChilli started up fine