RADIUSdesk

Trace: openvpn_bridges_prep_openvpn openvpn_bridges openvpn_bridges_prep_coova

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
user_guide:openvpn_bridges_prep_coova [2016/09/26 08:13] – created adminuser_guide:openvpn_bridges_prep_coova [2016/10/06 06:18] (current) – [Making things permanent] admin
Line 1: Line 1:
-====== OpenVPN Bridges =Prepare Coova Chilli ======+====== OpenVPN Bridges ====== 
 +=====  Prepare Coova Chilli ===== 
 +  
 +===== Building and Installing Coova Chilli ===== 
 +  * Download the latest release of Coova Chilli. (Version 1.3.1.4 at the time of this writing) 
 +  * [[https://github.com/coova/coova-chilli/releases|Coova Chilli Releases]] 
 +<code bash> 
 +wget  https://github.com/coova/coova-chilli/archive/1.3.1.4.tar.gz 
 +</code> 
 +  * Extract the source and edit the **debian/control** file to remove the dependency on the **haserl** package. 
 +<code bash> 
 +tar -xzvf 1.3.1.4.tar.gz 
 +vi coova-chilli-1.3.1.4/debian/control 
 +#Look for this line 
 +Depends: iptables, haserl 
 +#Remove haserl so that it looks like this: 
 +Depends: iptables 
 +#Save your changes 
 +</code> 
 +  * Install the packages that is required for building **debs**. 
 +<code bash> 
 +sudo apt-get update 
 +sudo apt-get install build-essential linux-headers-server libssl-dev 
 +sudo apt install devscripts debhelper gengetopt libtool automake 
 +</code> 
 +  * Build and install the package: 
 +<code bash> 
 +cd coova-chilli-1.3.1.4/ 
 +debuild -i -us -uc -b 
 +cd .. 
 +sudo dpkg --install coova-chilli_1.3.0_amd64.deb 
 +</code> 
 + 
 +--------- 
 + 
 +===== Configuring Coova Chilli ===== 
 +==== Enable CoovaChilli ==== 
 +  * Edit the following file 
 +<code bash> 
 +    sudo vi /etc/default/chilli 
 +</code> 
 +  * Change it to look like this 
 +<code bash> 
 +    START_CHILLI=1 
 +    CONFFILE="/etc/chilli.conf" 
 +    HS_USER="chilli" 
 +</code> 
 +  * Save the file. 
 + 
 +==== Create the main config file ==== 
 +  * Create a file called **/etc/chilli/config** and use the following as reference: 
 +<file bash /etc/chilli/config> 
 +HS_WANIF=eth1            # WAN Interface toward the Internet 
 +HS_DNS1=4.4.4.4 
 +HS_DNS2=8.8.8.8 
 +HS_RADIUS=198.27.111.78 
 +HS_RADIUS2=198.27.111.78 
 +HS_RADSECRET=testing123    # Set to be your RADIUS shared secret 
 +HS_UAMSECRET=greatsecret     # Set to be your UAM secret 
 +HS_UAMALIASNAME=chilli 
 +HS_UAMSERVER=$HS_UAMLISTEN 
 +HS_UAMFORMAT=http://198.27.111.78/cake2/rd_cake/dynamic_details/chilli_browser_detect/ 
 +HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html 
 +HS_MODE=hotspot 
 +HS_TYPE=coovachilli 
 +HS_WWWDIR=/etc/chilli/www 
 +HS_WWWBIN=/etc/chilli/wwwsh 
 +HS_PROVIDER=Coova 
 +HS_PROVIDER_LINK=http://coova.github.io/ 
 +HS_LOC_NAME="My HotSpot"           # WISPr Location Name and used in portal 
 +</file> 
 +  * Create the VLAN config directories 
 +<code bash> 
 +sudo su 
 +cd /etc/chilli 
 +./newmulti.sh br0.101 
 +./newmulti.sh br0.102 
 +./newmulti.sh br0.103 
 +</code> 
 +  * Create the three VLAN configs 
 +<file bash /etc/chilli/br0.101/config> 
 +HS_LANIF=br0.101            # WAN Interface toward the Internet 
 +HS_NETWORK=10.101.0.0      # HotSpot Network (must include HS_UAMLISTEN) 
 +HS_NETMASK=255.255.0.0   # HotSpot Network Netmask 
 +HS_UAMLISTEN=10.101.0.1  # HotSpot IP Address (on subscriber network) 
 +HS_UAMPORT=3990            # HotSpot UAM Port (on subscriber network) 
 +HS_UAMUIPORT=4990          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal) 
 + 
 +HS_DYNIP=10.101.1.1 
 +HS_DYNIP_MASK=255.255.0.0 
 +HS_STATIP=10.101.0.1 
 +HS_STATIP_MASK=255.255.255.0 
 +# HS_DNS_DOMAIN= 
 + 
 +HS_NASID=rd-vlan101 
 +HS_SSID=rd-vlan101-ssid 
 +</file> 
 + 
 +-------------------- 
 + 
 +<file bash /etc/chilli/br0.102/config> 
 +HS_LANIF=br0.102            # WAN Interface toward the Internet 
 +HS_NETWORK=10.102.0.0      # HotSpot Network (must include HS_UAMLISTEN) 
 +HS_NETMASK=255.255.0.0   # HotSpot Network Netmask 
 +HS_UAMLISTEN=10.102.0.1  # HotSpot IP Address (on subscriber network) 
 +HS_UAMPORT=3991            # HotSpot UAM Port (on subscriber network) 
 +HS_UAMUIPORT=4991          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal) 
 + 
 +HS_DYNIP=10.102.1.1 
 +HS_DYNIP_MASK=255.255.0.0 
 +HS_STATIP=10.102.0.1 
 +HS_STATIP_MASK=255.255.255.0 
 +# HS_DNS_DOMAIN= 
 + 
 +HS_NASID=rd-vlan102 
 +HS_SSID=rd-vlan102-ssid 
 + 
 +</file> 
 + 
 +--------------- 
 + 
 +<file bash /etc/chilli/br0.103/config> 
 +HS_LANIF=br0.103            # WAN Interface toward the Internet 
 +HS_NETWORK=10.103.0.0      # HotSpot Network (must include HS_UAMLISTEN) 
 +HS_NETMASK=255.255.0.0   # HotSpot Network Netmask 
 +HS_UAMLISTEN=10.103.0.1  # HotSpot IP Address (on subscriber network) 
 +HS_UAMPORT=3992            # HotSpot UAM Port (on subscriber network) 
 +HS_UAMUIPORT=4992          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal) 
 + 
 +HS_DYNIP=10.103.1.1 
 +HS_DYNIP_MASK=255.255.0.0 
 +HS_STATIP=10.103.0.1 
 +HS_STATIP_MASK=255.255.255.0 
 +# HS_DNS_DOMAIN= 
 + 
 +HS_NASID=rd-vlan103 
 +HS_SSID=rd-vlan103-ssid 
 + 
 +</file> 
 + 
 +-------------------- 
 + 
 +===== Add NAT Support ===== 
 +  * By default CoovaChilli does not do NAT between the two interfaces. We have to add NAT support during start-up in order to have a working system.  
 +<WRAP center round alert 90%> 
 +Failing to do this step will leave you with a broken system.  
 +</WRAP> 
 +  * Edit the **/etc/init.d/chilli** file and add the following: 
 +<code bash> 
 +test ${HS_ADMINTERVAL:-0} -gt 0 && { 
 +    (crontab -l 2>&- | grep -v $0 
 +        echo "*/$HS_ADMINTERVAL * * * * $0 radconfig" 
 +        ) | crontab - 2>&
 +
 +  
 +#NAT mod 
 +iptables -F POSTROUTING -t nat 
 +iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE 
 +#END NAT mod 
 +  
 +ifconfig $HS_LANIF 0.0.0.0 
 +</code> 
 + 
 +------------ 
 + 
 +===== Test it out ===== 
 +  * Restart CoovaChilli for the latest changes to be effected. 
 +<code bash> 
 +sudo /etc/init.d/chilli stop 
 +sudo /etc/init.d/chilli start 
 +</code> 
 + 
 +------ 
 + 
 +===== Making things permanent ===== 
 +  * Ensure that CoovaChilli will start up after reboots. 
 +  * If your server only has one interface card, add this line to the **/etc/rc.local** file: 
 +<code bash> 
 +#Add the startup of OpenVPN 
 +/usr/sbin/service openvpn start 
 + 
 +#Start up Chill 
 +/etc/init.d/chilli start 
 + 
 +exit 0 
 + 
 +</code> 
 +  * If your server has two interface cards, issue the following command: 
 +<code bash> 
 +sudo update-rc.d chilli start 99 2 3 4 5 . stop 20 0 1 6 . 
 +</code> 
 +  * Reboot the system and make sure CoovaChilli started up fine 
 + 
 + 
 + 
 + 
  
Last modified: 2016/09/26 08:13