RADIUSdesk

Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

getting_started:18_install_ubuntu_coova [2019/12/19 15:59] – created admingetting_started:18_install_ubuntu_coova [2019/12/23 12:25] (current) – removed admin
Line 1: Line 1:
-====== Install CoovaChilli on Ubuntu 18.04 ====== 
  
-===== Introduction ===== 
-  * RADIUSdesk can function perfectly without CoovaChilli. 
-  * CoovaChilli is however the best open source captive portal software around. 
-  * If you want to install CoovaChilli on a machine; <wrap hi>make sure that there are at least two functional network cards present</wrap>. 
-  * One network card will be used by CoovaChilli as the Internet connection. 
-  * The second network card will be used to run a captive portal on. This captive portal will be controlled by CoovaChilli who in turn receives it's instructions from FreeRADIUS (RADIUSdesk) 
- 
-===== Installing CoovaChilli ===== 
-  * If you have a 32 bit machine the install of CoovaChilli will be a bit easier compared with the actions to install it on a 64 bit machine. They are however both easy to follow. 
-==== 32 Bit Machines ==== 
-  * We will assume that we are installing CoovaChilli on the same machine running RADIUSdesk. You are not required though to run them on the same machine. 
-  * We also assume that the machine has an Internet connection on eth0 while eth1 will be used to run the captive portal on. 
-  * Grab the latest binary build of CoovaChilli from this page. http://coova.org/CoovaChilli/Binaries 
-  * As of this writing it is 1.3.0 
-  * Install it on the machine with the two network cards running RADIUSdesk 
-<code bash> 
-sudo dpkg --install coova-chilli_1.3.0_i386.deb 
-</code> 
-  * From the output of the dpkg command you will see that CoovaChilli is by default disabled. In the next section we will configure it to become a working entity. 
-==== 64 bit Machines ==== 
-  * We have to compile the 64 bit package from source. 
-  * Download the latest version of the source here: http://coova.org/Download 
-  * As of this writing it is at 1.3.0. 
-  * Install the build tools, build and install the package 
-<code bash> 
-sudo apt-get install build-essential linux-headers-server libssl-dev 
-sudo apt install devscripts debhelper 
-tar -xzvf zxvf coova-chilli-1.3.0.tar.gz  
-cd coova-chilli-1.3.0/ 
-debuild -i -us -uc -b 
-cd .. 
-sudo dpkg --install coova-chilli_1.3.0_amd64.deb 
-</code> 
-   * From the output of the dpkg command you will see that CoovaChilli is by default disabled. In the next section we will configure it to become a working entity. 
- 
- 
-===== Configuring CoovaChilli ===== 
-==== Enable CoovaChilli ==== 
-  * Edit the following file 
-<code bash> 
-    sudo vi /etc/default/chilli 
-</code> 
-  * Change it to look like this 
-<code bash> 
-    START_CHILLI=1 
-    CONFFILE="/etc/chilli.conf" 
-    HS_USER="chilli" 
-</code> 
-  * Save the file and start CoovaChilli 
-<code bash> 
-   sudo /etc/init.d/chilli start 
-</code> 
-  * Make sure there is a tun interface present when you look at the feedback of the ifconfig command. 
-<code bash> 
-    ifconfig 
- 
-    ..... 
- 
-    tun0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00   
-          inet addr:10.1.0.1  P-t-P:10.1.0.1  Mask:255.255.255.0 
-          UP POINTOPOINT RUNNING  MTU:1500  Metric:1 
-          RX packets:0 errors:0 dropped:0 overruns:0 frame:0 
-          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 
-          collisions:0 txqueuelen:100  
-          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B) 
- 
-    ...... 
-</code> 
-==== Modify the configuration file ==== 
-  * CoovaChilli is configured by editing or creating certail files unser the /etc/chilli directory. 
- 
- 
-^ File      ^ Comment       ^ 
-| **config**    | start as a copy of **default** and is edited to override specific variables defined in **default**     | 
-| **default** | To avoid the splash screen we have to remove one line from this file | 
-| **ipup.sh** | Custom firewall rules for start-up | 
-| **ipdown.sh** | Custom firewall rule clean-up during shut-down. | 
- 
-  * Use the following /etc/chilli/config file as a guideline to configure CoovaChilli 
-<code bash> 
-HS_LANIF=eth1              # Subscriber Interface for client devices 
-HS_NETWORK=10.1.0.0        # HotSpot Network (must include HS_UAMLISTEN) 
-HS_NETMASK=255.255.0.0     # HotSpot Network Netmask 
-HS_UAMLISTEN=10.1.0.1      # HotSpot IP Address (on subscriber network) 
-HS_UAMPORT=3990            # HotSpot UAM Port (on subscriber network) 
-HS_UAMUIPORT=4990          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal) 
-HS_NASID=localhost 
-HS_RADIUS=localhost 
-HS_RADIUS2=localhost 
-HS_RADSECRET=testing123    # Set to be your RADIUS shared secret 
-HS_UAMSECRET=greatsecret     # Set to be your UAM secret 
-HS_UAMALIASNAME=chilli 
-HS_SSID="Struisbaai" 
-HS_NASIP=127.0.0.1    # To explicitly set NAS-IP-Address 
-HS_UAMSERVER=$HS_UAMLISTEN 
-HS_UAMFORMAT=http://\$HS_UAMLISTEN/cake2/rd_cake/dynamic_details/chilli_browser_detect/ 
-HS_MACAUTH=on              # To turn on MAC Authentication 
-HS_TCP_PORTS="80 23 8000" 
-HS_MODE=hotspot 
-HS_TYPE=chillispot 
-HS_WWWDIR=/etc/chilli/www 
-HS_WWWBIN=/etc/chilli/wwwsh 
-HS_PROVIDER=Coova 
-HS_PROVIDER_LINK=http://www.coova.org/ 
-HS_LOC_NAME="My HotSpot"           # WISPr Location Name and used in portal 
-HS_COAPORT=3799 
-</code> 
- 
-  * Comment the following line out of ///etc/chilli/default//. 
-<code bash> 
-#   Same principal goes for HS_UAMHOMEPAGE. 
-#HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html 
-</code> 
- 
-  * Also comment the DNS server settings out in ///etc/chilli/default// to force CoovaChilli to use the DNS servers of the system that it is running on. 
-<code bash> 
-# OpenDNS Servers 
-#HS_DNS1=208.67.222.222 
-#HS_DNS2=208.67.220.220 
-</code> 
-  * Use the following ///etc/chilli/ipup.sh// file as a guideline 
-<code bash> 
-UAM server specified as 10.1.0.1  
-iptables -I INPUT -i tun0 -p tcp -m tcp --dport 80 --dst 10.1.0.1 -j ACCEPT 
-iptables -I INPUT -i tun0 -p tcp -m tcp --dport 443 --dst 10.1.0.1 -j ACCEPT 
-iptables -I INPUT -i tun0 -p tcp -m tcp --dport 22 --dst 10.1.0.1 -j ACCEPT 
-iptables -I INPUT -i tun0 -p tcp -m tcp --dport 8000 --dst 10.1.0.1 -j ACCEPT 
-</code> 
-  * Use the following ///etc/chilli/ipdown.sh// file as a guideline 
-<code bash> 
-UAM server specified as 10.1.0.1  
-iptables -D INPUT -i tun0 -p tcp -m tcp --dport 80 --dst 10.1.0.1 -j ACCEPT 
-iptables -D INPUT -i tun0 -p tcp -m tcp --dport 443 --dst 10.1.0.1 -j ACCEPT 
-iptables -D INPUT -i tun0 -p tcp -m tcp --dport 22 --dst 10.1.0.1 -j ACCEPT 
-iptables -D INPUT -i tun0 -p tcp -m tcp --dport 8000 --dst 10.1.0.1 -j ACCEPT 
-</code> 
- 
-===== Add NAT support ===== 
-  * By default CoovaChilli does not do NAT between the two interfaces. We have to add NAT support during start-up in order to have a working system.  
- 
-<WRAP center round alert 60%> 
-Failing to do this step will leave you with a broken system. 
-</WRAP> 
- 
-  * Edit the ///etc/init.d/chilli// file and add the following: 
-<code bash> 
-test ${HS_ADMINTERVAL:-0} -gt 0 && { 
-    (crontab -l 2>&- | grep -v $0 
-        echo "*/$HS_ADMINTERVAL * * * * $0 radconfig" 
-        ) | crontab - 2>&- 
-} 
- 
-#NAT mod 
-iptables -F POSTROUTING -t nat 
-iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE 
-#END NAT mod 
- 
-ifconfig $HS_LANIF 0.0.0.0 
- 
-</code> 
- 
-===== Test it out ===== 
-  * Restart CoovaChilli for the latest changes to be effected. 
-<code bash> 
-sudo /etc/init.d/chilli stop 
-sudo /etc/init.d/chilli start 
-</code> 
-  * Confirm it started fine 
-<code bash> 
-sudo tail /var/log/messages 
- 
-....... 
- 
-May 23 13:17:01 RADIUSdesk-Beta1-1 CRON[2427]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly) 
-May 23 13:18:28 RADIUSdesk-Beta1-1 coova-chilli[2109]: chilli.c: 5511: DHCP Released MAC=08-00-27-90-61-AE IP=10.1.0.2 
-May 23 13:20:48 RADIUSdesk-Beta1-1 crontab[2444]: (root) LIST (root) 
-May 23 13:20:48 RADIUSdesk-Beta1-1 crontab[2446]: (root) REPLACE (root) 
-May 23 13:20:48 RADIUSdesk-Beta1-1 coova-chilli[2109]: chilli.c: 7544: CoovaChilli shutting down 
-May 23 13:20:48 RADIUSdesk-Beta1-1 coova-chilli[2448]: main-script.c: 94: Running /etc/chilli/down.sh (107/0) 
-May 23 13:20:51 RADIUSdesk-Beta1-1 coova-chilli[2561]: CoovaChilli(ChilliSpot) 1.3.0. Copyright 2002-2005 Mondru AB. Licensed under GPL. Copyright 2006-2012 David Bird (Coova Technologies) <support@coova.com>. Licensed under GPL. See http://www.coova.org/ for details. 
-May 23 13:20:51 RADIUSdesk-Beta1-1 coova-chilli[2561]: tun.c: 605: TX queue length set to 100 
-May 23 13:20:51 RADIUSdesk-Beta1-1 coova-chilli[2563]: main-script.c: 94: Running /etc/chilli/up.sh (0/0) 
-May 23 13:21:01 RADIUSdesk-Beta1-1 cron[809]: (root) RELOAD (crontabs/root) 
- 
-....... 
-</code> 
- 
-===== Making things permanent ===== 
-  * Ensure that CoovaChilli will start up after reboots. 
-<code bash> 
-sudo update-rc.d chilli start 99 2 3 4 5 . stop 20 0 1 6 . 
-</code> 
-  * Reboot the system and make sure CoovaChilli started up fine 
Last modified: 2019/12/19 15:59