RADIUSdesk

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
getting_started:18_install_ubuntu_coova [2019/12/23 12:25]
admin removed
— (current)
Line 1: Line 1:
-====== Install CoovaChilli on Ubuntu 18.04 ====== 
  
-===== Introduction ===== 
-  * RADIUSdesk can function perfectly without CoovaChilli. 
-  * CoovaChilli is however the best open source captive portal software around. 
-  * If you want to install CoovaChilli on a machine; <wrap hi>make sure that there are at least two functional network cards present</​wrap>​. 
-  * One network card will be used by CoovaChilli as the Internet connection. 
-  * The second network card will be used to run a captive portal on. This captive portal will be controlled by CoovaChilli who in turn receives it's instructions from FreeRADIUS (RADIUSdesk) 
- 
-===== Installing CoovaChilli ===== 
-  * If you have a 32 bit machine the install of CoovaChilli will be a bit easier compared with the actions to install it on a 64 bit machine. They are however both easy to follow. 
-==== 32 Bit Machines ==== 
-  * We will assume that we are installing CoovaChilli on the same machine running RADIUSdesk. You are not required though to run them on the same machine. 
-  * We also assume that the machine has an Internet connection on eth0 while eth1 will be used to run the captive portal on. 
-  * Grab the latest binary build of CoovaChilli from this page. http://​coova.org/​CoovaChilli/​Binaries 
-  * As of this writing it is 1.3.0 
-  * Install it on the machine with the two network cards running RADIUSdesk 
-<code bash> 
-sudo dpkg --install coova-chilli_1.3.0_i386.deb 
-</​code>​ 
-  * From the output of the dpkg command you will see that CoovaChilli is by default disabled. In the next section we will configure it to become a working entity. 
-==== 64 bit Machines ==== 
-  * We have to compile the 64 bit package from source. 
-  * Download the latest version of the source here: http://​coova.org/​Download 
-  * As of this writing it is at 1.3.0. 
-  * Install the build tools, build and install the package 
-<code bash> 
-sudo apt-get install build-essential linux-headers-server libssl-dev 
-sudo apt install devscripts debhelper 
-tar -xzvf zxvf coova-chilli-1.3.0.tar.gz ​ 
-cd coova-chilli-1.3.0/​ 
-debuild -i -us -uc -b 
-cd .. 
-sudo dpkg --install coova-chilli_1.3.0_amd64.deb 
-</​code>​ 
-   * From the output of the dpkg command you will see that CoovaChilli is by default disabled. In the next section we will configure it to become a working entity. 
- 
- 
-===== Configuring CoovaChilli ===== 
-==== Enable CoovaChilli ==== 
-  * Edit the following file 
-<code bash> 
-    sudo vi /​etc/​default/​chilli 
-</​code>​ 
-  * Change it to look like this 
-<code bash> 
-    START_CHILLI=1 
-    CONFFILE="/​etc/​chilli.conf"​ 
-    HS_USER="​chilli"​ 
-</​code>​ 
-  * Save the file and start CoovaChilli 
-<code bash> 
-   sudo /​etc/​init.d/​chilli start 
-</​code>​ 
-  * Make sure there is a tun interface present when you look at the feedback of the ifconfig command. 
-<code bash> 
-    ifconfig 
- 
-    ..... 
- 
-    tun0  Link encap:​UNSPEC ​ HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  ​ 
-          inet addr:​10.1.0.1 ​ P-t-P:​10.1.0.1 ​ Mask:​255.255.255.0 
-          UP POINTOPOINT RUNNING ​ MTU:​1500 ​ Metric:1 
-          RX packets:0 errors:0 dropped:0 overruns:0 frame:0 
-          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 
-          collisions:​0 txqueuelen:​100 ​ 
-          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B) 
- 
-    ...... 
-</​code>​ 
-==== Modify the configuration file ==== 
-  * CoovaChilli is configured by editing or creating certail files unser the /etc/chilli directory. 
- 
- 
-^ File      ^ Comment ​      ^ 
-| **config** ​   | start as a copy of **default** and is edited to override specific variables defined in **default** ​    | 
-| **default** | To avoid the splash screen we have to remove one line from this file | 
-| **ipup.sh** | Custom firewall rules for start-up | 
-| **ipdown.sh** | Custom firewall rule clean-up during shut-down. | 
- 
-  * Use the following /​etc/​chilli/​config file as a guideline to configure CoovaChilli 
-<code bash> 
-HS_LANIF=eth1 ​             # Subscriber Interface for client devices 
-HS_NETWORK=10.1.0.0 ​       # HotSpot Network (must include HS_UAMLISTEN) 
-HS_NETMASK=255.255.0.0 ​    # HotSpot Network Netmask 
-HS_UAMLISTEN=10.1.0.1 ​     # HotSpot IP Address (on subscriber network) 
-HS_UAMPORT=3990 ​           # HotSpot UAM Port (on subscriber network) 
-HS_UAMUIPORT=4990 ​         # HotSpot UAM "​UI"​ Port (on subscriber network, for embedded portal) 
-HS_NASID=localhost 
-HS_RADIUS=localhost 
-HS_RADIUS2=localhost 
-HS_RADSECRET=testing123 ​   # Set to be your RADIUS shared secret 
-HS_UAMSECRET=greatsecret ​    # Set to be your UAM secret 
-HS_UAMALIASNAME=chilli 
-HS_SSID="​Struisbaai"​ 
-HS_NASIP=127.0.0.1 ​   # To explicitly set NAS-IP-Address 
-HS_UAMSERVER=$HS_UAMLISTEN 
-HS_UAMFORMAT=http://​\$HS_UAMLISTEN/​cake2/​rd_cake/​dynamic_details/​chilli_browser_detect/​ 
-HS_MACAUTH=on ​             # To turn on MAC Authentication 
-HS_TCP_PORTS="​80 23 8000" 
-HS_MODE=hotspot 
-HS_TYPE=chillispot 
-HS_WWWDIR=/​etc/​chilli/​www 
-HS_WWWBIN=/​etc/​chilli/​wwwsh 
-HS_PROVIDER=Coova 
-HS_PROVIDER_LINK=http://​www.coova.org/​ 
-HS_LOC_NAME="​My HotSpot" ​          # WISPr Location Name and used in portal 
-HS_COAPORT=3799 
-</​code>​ 
- 
-  * Comment the following line out of ///​etc/​chilli/​default//​. 
-<code bash> 
-#   Same principal goes for HS_UAMHOMEPAGE. 
-#​HS_UAMHOMEPAGE=http://​\$HS_UAMLISTEN:​\$HS_UAMPORT/​www/​coova.html 
-</​code>​ 
- 
-  * Also comment the DNS server settings out in ///​etc/​chilli/​default//​ to force CoovaChilli to use the DNS servers of the system that it is running on. 
-<code bash> 
-# OpenDNS Servers 
-#​HS_DNS1=208.67.222.222 
-#​HS_DNS2=208.67.220.220 
-</​code>​ 
-  * Use the following ///​etc/​chilli/​ipup.sh//​ file as a guideline 
-<code bash> 
-UAM server specified as 10.1.0.1 ​ 
-iptables -I INPUT -i tun0 -p tcp -m tcp --dport 80 --dst 10.1.0.1 -j ACCEPT 
-iptables -I INPUT -i tun0 -p tcp -m tcp --dport 443 --dst 10.1.0.1 -j ACCEPT 
-iptables -I INPUT -i tun0 -p tcp -m tcp --dport 22 --dst 10.1.0.1 -j ACCEPT 
-iptables -I INPUT -i tun0 -p tcp -m tcp --dport 8000 --dst 10.1.0.1 -j ACCEPT 
-</​code>​ 
-  * Use the following ///​etc/​chilli/​ipdown.sh//​ file as a guideline 
-<code bash> 
-UAM server specified as 10.1.0.1 ​ 
-iptables -D INPUT -i tun0 -p tcp -m tcp --dport 80 --dst 10.1.0.1 -j ACCEPT 
-iptables -D INPUT -i tun0 -p tcp -m tcp --dport 443 --dst 10.1.0.1 -j ACCEPT 
-iptables -D INPUT -i tun0 -p tcp -m tcp --dport 22 --dst 10.1.0.1 -j ACCEPT 
-iptables -D INPUT -i tun0 -p tcp -m tcp --dport 8000 --dst 10.1.0.1 -j ACCEPT 
-</​code>​ 
- 
-===== Add NAT support ===== 
-  * By default CoovaChilli does not do NAT between the two interfaces. We have to add NAT support during start-up in order to have a working system. ​ 
- 
-<WRAP center round alert 60%> 
-Failing to do this step will leave you with a broken system. 
-</​WRAP>​ 
- 
-  * Edit the ///​etc/​init.d/​chilli//​ file and add the following: 
-<code bash> 
-test ${HS_ADMINTERVAL:​-0} -gt 0 && { 
-    (crontab -l 2>&- | grep -v $0 
-        echo "​*/​$HS_ADMINTERVAL * * * * $0 radconfig"​ 
-        ) | crontab - 2>&- 
-} 
- 
-#NAT mod 
-iptables -F POSTROUTING -t nat 
-iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE 
-#END NAT mod 
- 
-ifconfig $HS_LANIF 0.0.0.0 
- 
-</​code>​ 
- 
-===== Test it out ===== 
-  * Restart CoovaChilli for the latest changes to be effected. 
-<code bash> 
-sudo /​etc/​init.d/​chilli stop 
-sudo /​etc/​init.d/​chilli start 
-</​code>​ 
-  * Confirm it started fine 
-<code bash> 
-sudo tail /​var/​log/​messages 
- 
-....... 
- 
-May 23 13:17:01 RADIUSdesk-Beta1-1 CRON[2427]: (root) CMD (   cd / && run-parts --report /​etc/​cron.hourly) 
-May 23 13:18:28 RADIUSdesk-Beta1-1 coova-chilli[2109]:​ chilli.c: 5511: DHCP Released MAC=08-00-27-90-61-AE IP=10.1.0.2 
-May 23 13:20:48 RADIUSdesk-Beta1-1 crontab[2444]:​ (root) LIST (root) 
-May 23 13:20:48 RADIUSdesk-Beta1-1 crontab[2446]:​ (root) REPLACE (root) 
-May 23 13:20:48 RADIUSdesk-Beta1-1 coova-chilli[2109]:​ chilli.c: 7544: CoovaChilli shutting down 
-May 23 13:20:48 RADIUSdesk-Beta1-1 coova-chilli[2448]:​ main-script.c:​ 94: Running /​etc/​chilli/​down.sh (107/0) 
-May 23 13:20:51 RADIUSdesk-Beta1-1 coova-chilli[2561]:​ CoovaChilli(ChilliSpot) 1.3.0. Copyright 2002-2005 Mondru AB. Licensed under GPL. Copyright 2006-2012 David Bird (Coova Technologies) <​support@coova.com>​. Licensed under GPL. See http://​www.coova.org/​ for details. 
-May 23 13:20:51 RADIUSdesk-Beta1-1 coova-chilli[2561]:​ tun.c: 605: TX queue length set to 100 
-May 23 13:20:51 RADIUSdesk-Beta1-1 coova-chilli[2563]:​ main-script.c:​ 94: Running /​etc/​chilli/​up.sh (0/0) 
-May 23 13:21:01 RADIUSdesk-Beta1-1 cron[809]: (root) RELOAD (crontabs/​root) 
- 
-....... 
-</​code>​ 
- 
-===== Making things permanent ===== 
-  * Ensure that CoovaChilli will start up after reboots. 
-<code bash> 
-sudo update-rc.d chilli start 99 2 3 4 5 . stop 20 0 1 6 . 
-</​code>​ 
-  * Reboot the system and make sure CoovaChilli started up fine