Wednesday, July 25, 2012

Install and Configure CoovaChilli Hotspot


**Download Coova Chilli Updated new package from this link.
http://coova.org/CoovaChilli/Binaries

Download CoovaChilli 1.2.6 and install by double click on package coova-chilli_1.2.6_i386.deb via Ubuntu Software Center.

Step1: Good Practice to keep backup of CoovaChilli original config file by executing this command on your terminal:
Edit file by entering this command on terminal: nano /etc/network/interfaces.
cp /etc/chilli/defaults /etc/chilli/config

Step2: Create a hotspot folder inside www root directory for to keep the hotspot script by executing following command on your terminal.
mkdir /var/www/hotspot
mkdir /var/www/hotspot
cd /var/www/hotspot
cp /etc/chilli/www/* /var/www/hotspot

Replace the string in following javascript file by executing below command on your terminal. Make sure IP 192.168.0.1 is your local ethernet.
sed -i 's/1.0.0.1/192.168.0.1/g' /etc/chilli/www/ChilliLibrary.js
sed -i 's/1.0.0.1/192.168.0.1/g' /var/www/hotspot/ChilliLibrary.js

Step3: Now make changes in a file /etc/default/chilli just run this command
nano /etc/default/chilli and change
START_CHILLI=0 to
START_CHILLI=1

Step4: Configure the CoovaChilli /etc/chilli/config config file. Run this command on your terminal
nano /etc/chilli/config

Make following change:
HS_LANIF=eth1 # Internet Ethernet
HS_NETWORK=192.168.0.0 # HotSpot Network Series
HS_NETMASK=255.255.255.0 # HotSpot Network Netmask
HS_UAMLISTEN=192.168.0.1 # Local Ethernet IP
HS_UAMPORT=3990 # HotSpot Port

HS_NASID=nas01
HS_UAMSECRET=your-uam-password
HS_RADIUS=127.0.0.1
HS_RADIUS2=127.0.0.1
HS_RADSECRET= your-rad-password
HS_UAMALLOW=www.google.com,192.168.0.0/24 # allow this

HS_UAMSERVER=192.168.0.1 #local ethernet IP
HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
HS_UAMSERVICE=https://192.168.0.1/cgi-bin/hotspotlogin.cgi

HS_ANYIP=on # Allow any IP address on subscriber LAN
#
HS_MACAUTH=on  #To turn on MAC Authentication
HS_MACPASSWD=XXXXXX #The password must be the same as in the string /etc/chilli/functions

Step5: Now Configure your apache2. Install the SSL by run this command on your terminal
            apt-get install libapache2-mod-auth-mysql

Step6: Install SSl Certificate by run this command on your terminal
            apt-get install ssl-cert

Step7: Create ssl directory in /etc/apache2 directory. Run this command on your terminal
            mkdir /etc/apache2/ssl

Step8: Check your hostname and modify if you want to change it.
            hostname -f

Step9: Add your host name to use the ssl certificate. Run this command on terminal
            make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

Step 10: Enable Module ssl and reload the changes. Run this command on your terminal
            a2enmod ssl
            /etc/init.d/apache2 force-reload

Step11: Edit your host file by running this command on your terminal
            nano /etc/hosts

Make these Changes:
            127.0.0.1           localhost
            127.0.1.1           hotspotwifi # this is my hostname
            192.168.0.1       hotspotwifi

Step12: Create configuration file for to create hotspot site. Run this command on your terminal
            nano /etc/apache2/sites-available/hotspot

Copy and paste in this hotspot file. Save and close:
NameVirtualHost 192.168.0.1:443
<VirtualHost 192.168.0.1:443>
ServerAdmin webmaster@domain.org
DocumentRoot "/var/www/hotspot"
ServerName "192.168.0.1"
<Directory "/var/www/hotspot/">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

Alias "/dialupadmin/" "/usr/share/freeradius-dialupadmin/htdocs/"
<Directory "/usr/share/freeradius-dialupadmin/htdocs/">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

<Directory "/var/www/hotspot/cgi-bin/">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog /var/log/apache2/hotspot-error.log
LogLevel warn
CustomLog /var/log/apache2/hotspot-access.log combined

ServerSignature On
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>

Step13: Enable the hotspot site to load new configuration in order to run apache. Run this command on your terminal
a2ensite hotspot

Step14: make following changes in ports.conf file. Run this command and make following changes:
nano /etc/apache2/ports.conf

Add following line:
Listen 443
Listen 80

Edit also apache file nano /etc/apache2/apache2.conf and add following line in it.
ServerName 192.168.0.1

Step15: Edit the apache default configuration file. Run this command:
nano /etc/apache2/sites-available/default

Add this line on the top of this file:
NameVirtualHost *:80

Step16: Create the login page for hotspot. Download this package and extract in /var/www/hotspot directory. Run these command:
cd /var/www/hotspot/
wget http://www.truesoft.co.th/wifi/uam.tgz
tar xvf uam.tgz

Step17: Run this command to start the CoovaChilli on boot up time:
update-rc.d chilli defaults

Step18: Download(http://haserl.sourceforge.net/) and Install Haserl for to redirect the page. Run these command to install it.

sudo apt-get install gcc  #install the gcc for to install haserl
tar xvf haserl-0.8.0.tar.gz

cd haserl-0.8.0/

Now you should be in this directory: /var/www/hotspot/haserl-0.8.0#

Configure and Install it:
./configure
make
make install

Edit also this file to change the haserl directory variable:

Run this command
nano /etc/chilli/wwwsh file
and replace file haserl=$(which haserl 2>/dev/null)
with this
haserl=/usr/local/bin/haserl
 
Step19: Install Syslog-ng just by executing this command from  your terminal

apt-get install syslog-ng

edit the syslog config file. Good practice to backup original config file
cp /etc/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf.bak
nano /etc/syslog-ng/syslog-ng.conf

Add following line in it
destination remote {
udp("192.168.20.104" port(514));
};

Now Restart your syslog-ng
/etc/init.d/syslog-ng start

Step20: Edit the rc.capture service. Run this command nano /etc/init.d/rc.capture

Add Following line in this file:
#!/bin/bash
tail -F /var/log/squid/access.log logger -t squid -p local3.info &
tail -F /var/log/radius/radacct/127.0.0.1/details logger -t radiusd -p local3.info &

chmod a+x /etc/init.d/rc.capture
ln -s /etc/init.d/rc.capture /etc/rcS.d/S88rccapture

Step21: Edit this file by execution command on your terminal nano /etc/freeradius/modules/detail

Replace this line :
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
with this
detailfile = ${radacctdir}/%{Client-IP-Address}/details

Install NTP Server as a Log Server     

Step1: Just execute this command on your terminal for to install ntp
            apt-get install ntp

Step2: Took backup of original ntp.conf file and edit this file /etc/ntp.conf
cp /etc/ntp.conf /etc/ntp.conf.bak

Make following changes:
restrict default kod nomodify notrap noquery nopeer
restrict 127.0.0.1
# Allow Internal network Access
restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap

# You can give your own server or localhost or gps device

server 0.ubuntu.pool.ntp.org
server 1.ubuntu.pool.ntp.org
server 2.ubuntu.pool.ntp.org
server 3.ubuntu.pool.ntp.org
fudge 127.127.1.0 stratum 10
driftfile /var/lib/ntp/ntp.drift
broadcastdelay 0.008


Step4: On chkconfig service and restart ntp service
Run these command on your terminal:
chkconfig ntp on
/etc/init.d/ntp restart

Now you have CoovaChilli Hotspot WIFI. Switch On your access point
Make Sure Access Point IP Address Configuration should be like this:

IP Address: same series of your local ethernet. In my case:
local ethernet IP: 192.168.0.1
Access Point IP: 192.168.0.245
Net Mask: 255.255.255.0
#Gateway should be same as local ethernet IP
Gateway: 192.168.0.1

Now connect any client pc to your wifi and open any site. It should be redirect on login page. Login the usename: guest password:guest  and test internet.
If there is any issue check log file or drop your comment.
Posted by at

8 comments:

  1. UnknownAugust 8, 2012 at 7:02 AM

    where do i add exactly (top, bottom)
    Listen 443
    Listen 80
    in /etc/apache2/ports.conf?

    ReplyDelete
    Replies
    1. it recessAugust 12, 2012 at 10:09 PM

      Hi Yabo
      you just add Listen port after the NameVirtualHost *:80 Line.
      If you have any issue just drop comment here.

      Delete
  2. it recessAugust 12, 2012 at 10:07 PM

    This comment has been removed by the author.

    ReplyDelete
  3. Marius SimionNovember 28, 2012 at 1:13 PM

    what about adding user/pass? what about administration of hotspot? creating user/time plans?

    ReplyDelete
    Replies
    1. UnknownDecember 18, 2012 at 12:39 AM

      For Managing Users and User Time Plans, you have to install another web interface because CovvaChilli not giving these features. You can install and configure daloRadius with CoovaChilli. On daloRadius Web Interface you can manage these features.

      If you want to test without daloRadius, you have create user name password manually in your database for CoovaChilli. Let me know if you want anything..

      Delete
  4. UnknownOctober 19, 2013 at 4:49 AM

    Thanks but i want user web access details like user1 accessed www.facebook.com , www.google.com then what to do

    ReplyDelete
    Replies
    1. haroonMarch 25, 2014 at 6:53 AM

      You mean that you want to allow and block some website to a particular user If I am understanding you correctly. For this you want to install web interface separately where you can configure the time duration as well as website permissions for a particular user.

      Delete
  5. UnknownJuly 22, 2016 at 2:20 AM

    Hi, I am trying to setup a server on aws for managing wifi network users. can you confirm if its possible to manage users of different networks using same aws server. PLease advice.

    ReplyDelete

Subscribe to: Post Comments (Atom)