RADIUSdesk

Trace: openvpn_bridges_prep_coova

Table of Contents

OpenVPN Bridges

Prepare Coova Chilli

Building and Installing Coova Chilli

  • Download the latest release of Coova Chilli. (Version 1.3.1.4 at the time of this writing)
  • Coova Chilli Releases
wget  https://github.com/coova/coova-chilli/archive/1.3.1.4.tar.gz
  • Extract the source and edit the debian/control file to remove the dependency on the haserl package.
tar -xzvf 1.3.1.4.tar.gz
vi coova-chilli-1.3.1.4/debian/control
#Look for this line
Depends: iptables, haserl
#Remove haserl so that it looks like this:
Depends: iptables
#Save your changes
  • Install the packages that is required for building debs.
sudo apt-get update
sudo apt-get install build-essential linux-headers-server libssl-dev
sudo apt install devscripts debhelper gengetopt libtool automake
  • Build and install the package:
cd coova-chilli-1.3.1.4/
debuild -i -us -uc -b
cd ..
sudo dpkg --install coova-chilli_1.3.0_amd64.deb

Configuring Coova Chilli

Enable CoovaChilli

  • Edit the following file
    sudo vi /etc/default/chilli
  • Change it to look like this
    START_CHILLI=1
    CONFFILE="/etc/chilli.conf"
    HS_USER="chilli"
  • Save the file.

Create the main config file

  • Create a file called /etc/chilli/config and use the following as reference:
/etc/chilli/config
HS_WANIF=eth1            # WAN Interface toward the Internet
HS_DNS1=4.4.4.4
HS_DNS2=8.8.8.8
HS_RADIUS=198.27.111.78
HS_RADIUS2=198.27.111.78
HS_RADSECRET=testing123    # Set to be your RADIUS shared secret
HS_UAMSECRET=greatsecret     # Set to be your UAM secret
HS_UAMALIASNAME=chilli
HS_UAMSERVER=$HS_UAMLISTEN
HS_UAMFORMAT=http://198.27.111.78/cake2/rd_cake/dynamic_details/chilli_browser_detect/
HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
HS_MODE=hotspot
HS_TYPE=coovachilli
HS_WWWDIR=/etc/chilli/www
HS_WWWBIN=/etc/chilli/wwwsh
HS_PROVIDER=Coova
HS_PROVIDER_LINK=http://coova.github.io/
HS_LOC_NAME="My HotSpot"           # WISPr Location Name and used in portal
  • Create the VLAN config directories
sudo su
cd /etc/chilli
./newmulti.sh br0.101
./newmulti.sh br0.102
./newmulti.sh br0.103
  • Create the three VLAN configs
/etc/chilli/br0.101/config
HS_LANIF=br0.101            # WAN Interface toward the Internet
HS_NETWORK=10.101.0.0      # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.0.0   # HotSpot Network Netmask
HS_UAMLISTEN=10.101.0.1  # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990            # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
 
HS_DYNIP=10.101.1.1
HS_DYNIP_MASK=255.255.0.0
HS_STATIP=10.101.0.1
HS_STATIP_MASK=255.255.255.0
# HS_DNS_DOMAIN=
 
HS_NASID=rd-vlan101
HS_SSID=rd-vlan101-ssid
/etc/chilli/br0.102/config
HS_LANIF=br0.102            # WAN Interface toward the Internet
HS_NETWORK=10.102.0.0      # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.0.0   # HotSpot Network Netmask
HS_UAMLISTEN=10.102.0.1  # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3991            # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4991          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
 
HS_DYNIP=10.102.1.1
HS_DYNIP_MASK=255.255.0.0
HS_STATIP=10.102.0.1
HS_STATIP_MASK=255.255.255.0
# HS_DNS_DOMAIN=
 
HS_NASID=rd-vlan102
HS_SSID=rd-vlan102-ssid
/etc/chilli/br0.103/config
HS_LANIF=br0.103            # WAN Interface toward the Internet
HS_NETWORK=10.103.0.0      # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.0.0   # HotSpot Network Netmask
HS_UAMLISTEN=10.103.0.1  # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3992            # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4992          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
 
HS_DYNIP=10.103.1.1
HS_DYNIP_MASK=255.255.0.0
HS_STATIP=10.103.0.1
HS_STATIP_MASK=255.255.255.0
# HS_DNS_DOMAIN=
 
HS_NASID=rd-vlan103
HS_SSID=rd-vlan103-ssid

Add NAT Support

  • By default CoovaChilli does not do NAT between the two interfaces. We have to add NAT support during start-up in order to have a working system.

Failing to do this step will leave you with a broken system.

  • Edit the /etc/init.d/chilli file and add the following:
test ${HS_ADMINTERVAL:-0} -gt 0 && {
    (crontab -l 2>&- | grep -v $0
        echo "*/$HS_ADMINTERVAL * * * * $0 radconfig"
        ) | crontab - 2>&-
}
 
#NAT mod
iptables -F POSTROUTING -t nat
iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
#END NAT mod
 
ifconfig $HS_LANIF 0.0.0.0

Test it out

  • Restart CoovaChilli for the latest changes to be effected.
sudo /etc/init.d/chilli stop
sudo /etc/init.d/chilli start

Making things permanent

  • Ensure that CoovaChilli will start up after reboots.
  • If your server only has one interface card, add this line to the /etc/rc.local file:
#Add the startup of OpenVPN
/usr/sbin/service openvpn start
 
#Start up Chill
/etc/init.d/chilli start
 
exit 0
  • If your server has two interface cards, issue the following command:
sudo update-rc.d chilli start 99 2 3 4 5 . stop 20 0 1 6 .
  • Reboot the system and make sure CoovaChilli started up fine
Last modified: 2016/10/06 06:18