RADIUSdesk

Trace: 18_install_ubuntu_coovachilli

This is an old revision of the document!

Table of Contents

Install CoovaChilli on Ubuntu 18.04

Introduction

  • RADIUSdesk can function perfectly without CoovaChilli.
  • CoovaChilli however is the best open source captive portal software around.
  • If you want to install CoovaChilli on a machine; make sure that there are at least two functional network cards present.
  • One network card will be used by CoovaChilli as the Internet connection (WAN).
  • The second network card will be used to run a captive portal on (LAN).
  • This captive portal is created by the CoovaChilli program who in turn receives it's instructions from FreeRADIUS (RADIUSdesk)

Installing CoovaChilli

  • The version of CoovaChilli is 1.5 as of this writing.
  • We will download and build the .deb package from source.
  • First ensure the required packages to build the .deb package are installed.
sudo apt-get install build-essential libssl-dev libjson-c-dev gengetopt
sudo apt install devscripts debhelper
  • Download the release 1.5's .tar.gz file of the source here: https://github.com/coova/coova-chilli/releases
  • A point of interest is that although the source's tar file specifies it as version 1.5; the package itself will be specified as 1.4.
  • Before we can build the package, we have to remove a dependency (hasrl) specified in the Debian control file.
  • This dependency is not required and including it causes trouble when you want to install the package.
tar -xzvf 1.5.tar.gz
cd coova-chilli-1.5/
 
 
vi debian/control
#Look for this part
#------
#Depends:
# ${shlibs:Depends},
# iptables,
# haserl,
# adduser,
#------
#------ CHANGE TO THIS (remove haserl as a dependency)
#------
#Depends:
# ${shlibs:Depends},
# iptables,
# adduser,
#-----
 
debuild -i -us -uc -b
cd ..
sudo dpkg --install coova-chilli_1.4_amd64.deb
  • From the output of the dpkg command you will see that CoovaChilli is by default disabled. In the next section we will configure it to become a working entity.
  • You can also see it is listed as version 1.4 although we actually downloaded and built version 1.5
 sudo dpkg --install coova-chilli_1.4_amd64.deb
[sudo] password for system:
Selecting previously unselected package coova-chilli.
(Reading database ... 119514 files and directories currently installed.)
Preparing to unpack coova-chilli_1.4_amd64.deb ...
Unpacking coova-chilli (1.4) ...
Setting up coova-chilli (1.4) ...
Chilli default off. Look at /etc/default/chilli
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for systemd (237-3ubuntu10.33) ...
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

Configuring CoovaChilli

Enable CoovaChilli

  • Edit the following file
    sudo vi /etc/default/chilli
  • Change it to look like this
    START_CHILLI=1
    CONFFILE="/etc/chilli.conf"
    HS_USER="chilli"
  • Save the file and start CoovaChilli
   sudo systemctl enable chilli
   # Feedback code should be...
   # chilli.service is not a native service, redirecting to systemd-sysv-install.
   # Executing: /lib/systemd/systemd-sysv-install enable chilli
   sudo systemctl start chilli
  • Check the feedback on our startup attempt.
sudo systemctl status chilli
  • Because we have not yet configured anything; we do get some errors. This will be fixed and Coova should run fine once we configured the program.
● chilli.service - LSB: Start CoovaChilli daemon at boot time
   Loaded: loaded (/etc/init.d/chilli; generated)
   Active: active (exited) since Fri 2019-12-20 20:07:51 UTC; 1s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 14452 ExecStop=/etc/init.d/chilli stop (code=exited, status=0/SUCCESS)
  Process: 14491 ExecStart=/etc/init.d/chilli start (code=exited, status=0/SUCCESS)
 
Dec 20 20:07:51 osboxes chilli[14580]: TX queue length set to 100
Dec 20 20:07:51 osboxes coova-chilli[14585]: PID 14585 loading binary options file /var/run/chilli.14580.cfg.bin
Dec 20 20:07:51 osboxes coova-chilli[14585]: Loading modules
Dec 20 20:07:51 osboxes coova-chilli[14585]: USER root(0/0), GROUP root(0/0) CHILLI[UID 113, GID 116]
Dec 20 20:07:51 osboxes coova-chilli[14585]: Running /etc/chilli/up.sh (0/0)
Dec 20 20:07:51 osboxes chilli[14580]: No such device: ioctl(SIOCSIFFLAGS) failed on eth1
Dec 20 20:07:51 osboxes chilli[14580]: No such device: ioctl(SIOCSIFFLAGS) failed
Dec 20 20:07:51 osboxes chilli[14580]: No such device: ioctl(SIOCSIFADDR) failed
Dec 20 20:07:51 osboxes chilli[14580]: No such device: ioctl(d=2, request=35111) failed
Dec 20 20:07:51 osboxes chilli[14580]: Failed to create dhcp listener on eth1

Modify the configuration file

  • CoovaChilli is configured by editing or creating certain files under the /etc/chilli directory.
  • Before we proceed with the config we have to touch the bit about our interfaces.
  • For CoovaChilli to work correct; there needs to be at least two network interfaces on the machine. (Excluding the loopback interface lo)
  • One interface will be directly connected to the Internet. We will refer to this interface as the WAN interface
  • The other interface will be running the captive portal on top of it. We will refer to this interface as the LAN interface.
  • With previous versions of Ubuntu, the network interfaces would have fairly predictable names like eth0 and eth1.
  • With the current versions of Ubuntu, the naming convention changed.
  • We would advice you to issue the ip addr command to see which it present.
 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:fe:57:09 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.111/24 brd 192.168.1.255 scope global dynamic enp0s3
       valid_lft 256221sec preferred_lft 256221sec
    inet6 fe80::a00:27ff:fefe:5709/64 scope link
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:8c:d3:32 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::a00:27ff:fe8c:d332/64 scope link
  • Using this, on our system, the WAN will be enp0s3 and the LAN will be enp0s8.
  • Next lets look at how to configure CoovaChilli under /etc/chilli.
File Comment
config start as a copy of defaults and is edited to override specific variables defined in defaults
defaults To avoid the splash screen we have to remove one line from this file
ipup.sh Custom firewall rules for start-up
ipdown.sh Custom firewall rule clean-up during shut-down.
  • Use the following /etc/chilli/config file as a guideline to configure CoovaChilli
HS_LANIF=enp0s8              # Subscriber Interface for client devices
HS_NETWORK=10.1.0.0        # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.0.0     # HotSpot Network Netmask
HS_UAMLISTEN=10.1.0.1      # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990            # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
HS_NASID=localhost
HS_RADIUS=localhost
HS_RADIUS2=localhost
HS_RADSECRET=testing123    # Set to be your RADIUS shared secret
HS_UAMSECRET=greatsecret     # Set to be your UAM secret
HS_UAMALIASNAME=chilli
HS_SSID="Struisbaai"
HS_NASIP=127.0.0.1    # To explicitly set NAS-IP-Address
HS_UAMSERVER=$HS_UAMLISTEN
HS_UAMFORMAT=http://\$HS_UAMLISTEN/cake2/rd_cake/dynamic_details/chilli_browser_detect/
HS_MACAUTH=on              # To turn on MAC Authentication
HS_TCP_PORTS="80 23 8000"
HS_MODE=hotspot
HS_TYPE=chillispot
HS_WWWDIR=/etc/chilli/www
HS_WWWBIN=/etc/chilli/wwwsh
HS_PROVIDER=Coova
HS_PROVIDER_LINK=http://www.coova.org/
HS_LOC_NAME="My HotSpot"           # WISPr Location Name and used in portal
HS_COAPORT=3799
  • Comment the following line out of /etc/chilli/defaults.
#   Same principal goes for HS_UAMHOMEPAGE.
#HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
  • Also comment the DNS server settings out in /etc/chilli/defaults to force CoovaChilli to use the DNS servers of the system that it is running on.
# OpenDNS Servers
#HS_DNS1=208.67.222.222
#HS_DNS2=208.67.220.220
  • Use the following /etc/chilli/ipup.sh file as a guideline
#UAM server specified as 10.1.0.1 
iptables -I INPUT -i tun0 -p tcp -m tcp --dport 80 --dst 10.1.0.1 -j ACCEPT
iptables -I INPUT -i tun0 -p tcp -m tcp --dport 443 --dst 10.1.0.1 -j ACCEPT
iptables -I INPUT -i tun0 -p tcp -m tcp --dport 22 --dst 10.1.0.1 -j ACCEPT
iptables -I INPUT -i tun0 -p tcp -m tcp --dport 8000 --dst 10.1.0.1 -j ACCEPT
  • Use the following /etc/chilli/ipdown.sh file as a guideline
#UAM server specified as 10.1.0.1 
iptables -D INPUT -i tun0 -p tcp -m tcp --dport 80 --dst 10.1.0.1 -j ACCEPT
iptables -D INPUT -i tun0 -p tcp -m tcp --dport 443 --dst 10.1.0.1 -j ACCEPT
iptables -D INPUT -i tun0 -p tcp -m tcp --dport 22 --dst 10.1.0.1 -j ACCEPT
iptables -D INPUT -i tun0 -p tcp -m tcp --dport 8000 --dst 10.1.0.1 -j ACCEPT

Add NAT support

  • By default CoovaChilli does not do NAT between the two interfaces. We have to add NAT support during start-up in order to have a working system.

Failing to do this step will leave you with a broken system.

  • Edit the /etc/init.d/chilli file and add the following:
test ${HS_ADMINTERVAL:-0} -gt 0 && {
    (crontab -l 2>&- | grep -v $0
        echo "*/$HS_ADMINTERVAL * * * * $0 radconfig"
        ) | crontab - 2>&-
}
 
#NAT mod
iptables -F POSTROUTING -t nat
iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
#END NAT mod
 
ifconfig $HS_LANIF 0.0.0.0

Test it out

  • Restart CoovaChilli for the latest changes to be effected.
sudo /etc/init.d/chilli stop
sudo /etc/init.d/chilli start
  • Confirm it started fine
sudo tail /var/log/messages
 
.......
 
May 23 13:17:01 RADIUSdesk-Beta1-1 CRON[2427]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
May 23 13:18:28 RADIUSdesk-Beta1-1 coova-chilli[2109]: chilli.c: 5511: DHCP Released MAC=08-00-27-90-61-AE IP=10.1.0.2
May 23 13:20:48 RADIUSdesk-Beta1-1 crontab[2444]: (root) LIST (root)
May 23 13:20:48 RADIUSdesk-Beta1-1 crontab[2446]: (root) REPLACE (root)
May 23 13:20:48 RADIUSdesk-Beta1-1 coova-chilli[2109]: chilli.c: 7544: CoovaChilli shutting down
May 23 13:20:48 RADIUSdesk-Beta1-1 coova-chilli[2448]: main-script.c: 94: Running /etc/chilli/down.sh (107/0)
May 23 13:20:51 RADIUSdesk-Beta1-1 coova-chilli[2561]: CoovaChilli(ChilliSpot) 1.3.0. Copyright 2002-2005 Mondru AB. Licensed under GPL. Copyright 2006-2012 David Bird (Coova Technologies) <support@coova.com>. Licensed under GPL. See http://www.coova.org/ for details.
May 23 13:20:51 RADIUSdesk-Beta1-1 coova-chilli[2561]: tun.c: 605: TX queue length set to 100
May 23 13:20:51 RADIUSdesk-Beta1-1 coova-chilli[2563]: main-script.c: 94: Running /etc/chilli/up.sh (0/0)
May 23 13:21:01 RADIUSdesk-Beta1-1 cron[809]: (root) RELOAD (crontabs/root)
 
.......

Making things permanent

  • Ensure that CoovaChilli will start up after reboots.
sudo update-rc.d chilli start 99 2 3 4 5 . stop 20 0 1 6 .
  • Reboot the system and make sure CoovaChilli started up fine
Last modified: 2019/12/21 04:38