Differences

This shows you the differences between two versions of the page.

--- technical:openvpn-bridges-prep-coova [2023/10/21 06:16]
admin created
+++ technical:openvpn-bridges-prep-coova [2024/01/16 10:46] (current)
admin [Test it out]
@@ Line 1: / Line 1: @@
 ====== OpenVPN Bridges ======
+===== Enable Packet forwarding for IPv4 =====
+  * The machine running CoovaChilli will act as a router and thus needs to be configured as such.
+  * This means that the IP packets needs to be **forwarded** from one interface to the other.
+  * Edit the **/etc/sysctl.conf**.
+  * Find and uncomment **net.ipv4.ip_forward=1** line.
 ===== Building and Installing Coova Chilli =====
   * The version of CoovaChilli is 1.6 as of this writing.
@@ Line 52: / Line 58: @@
 Processing triggers for man-db (2.9.1-1) ...
 </code>
+===== Configuring Coova Chilli =====
+==== Enable CoovaChilli ====
+  * Edit the following file
+<code bash>
+sudo vi /etc/default/chilli
+</code>
+  * Change it to look like this
+<code bash>
+START_CHILLI=1
+CONFFILE="/etc/chilli.conf"
+HS_USER="chilli"
+</code>
+  * Save the file.
+==== Create the main config file ====
+  * Create a file called **/etc/chilli/config** and use the following as reference:
+<file bash /etc/chilli/config>
+HS_WANIF=eth0            # WAN Interface toward the Internet
+HS_DNS1=4.4.4.4
+HS_DNS2=8.8.8.8
+HS_RADIUS=164.160.89.129
+HS_RADIUS2=164.160.89.129
+HS_RADSECRET=testing123    # Set to be your RADIUS shared secret
+HS_UAMSECRET=greatsecret     # Set to be your UAM secret
+HS_UAMALIASNAME=chilli
+HS_UAMSERVER=$HS_UAMLISTEN
+HS_UAMFORMAT=https://cloud.radiusdesk.com/cake4/rd_cake/dynamic-details/chilli-browser-detect/
+HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
+HS_MODE=hotspot
+HS_TYPE=coovachilli
+HS_WWWDIR=/etc/chilli/www
+HS_WWWBIN=/etc/chilli/wwwsh
+HS_PROVIDER=Coova
+HS_PROVIDER_LINK=http://coova.github.io/
+HS_LOC_NAME="My HotSpot"           # WISPr Location Name and used in portal
+HS_UAMUISSL=on
+HS_SSLKEYFILE=/etc/chilli/key.pem
+HS_SSLCERTFILE=/etc/chilli/cert.pem
+HS_UAMALIASNAME=uam
+HS_DNS_DOMAIN=mesh-manager.com
+HS_UAMUIPORT=4990
+</file>
+  * Make sure you include the **key.pem** and **cert.pem** in order for SSL to work correct.
+  * You can use these from the MESHdesk firmware
+  * https://github.com/RADIUSdesk/openwrt-meshdesk/tree/main/MESHdesk/files/MESHdesk/captive_portals
+  * Create the VLAN config directories
+<code>
+#Here you will need **ifconfig** to be installed
+sudo su
+cd /etc/chilli
+./newmulti.sh br0.101
+./newmulti.sh br0.102
+  * Create the three VLAN configs
+./newmulti.sh br0.103
+</code>
+  * Create the three VLAN configs
+<file bash /etc/chilli/br0.101/config>
+HS_LANIF=br0.101            # WAN Interface toward the Internet
+HS_NETWORK=10.101.0.0      # HotSpot Network (must include HS_UAMLISTEN)
+HS_NETMASK=255.255.0.0   # HotSpot Network Netmask
+HS_UAMLISTEN=10.101.0.1  # HotSpot IP Address (on subscriber network)
+HS_UAMPORT=3990            # HotSpot UAM Port (on subscriber network)
+HS_UAMUIPORT=4990          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
+HS_DYNIP=10.101.1.1
+HS_DYNIP_MASK=255.255.0.0
+HS_STATIP=10.101.0.1
+HS_STATIP_MASK=255.255.255.0
+# HS_DNS_DOMAIN=
+HS_NASID=rd-vlan101
+HS_SSID=rd-vlan101-ssid
+</file>
+<file bash /etc/chilli/br0.102/config>
+HS_LANIF=br0.102            # WAN Interface toward the Internet
+HS_NETWORK=10.102.0.0      # HotSpot Network (must include HS_UAMLISTEN)
+HS_NETMASK=255.255.0.0   # HotSpot Network Netmask
+HS_UAMLISTEN=10.102.0.1  # HotSpot IP Address (on subscriber network)
+HS_UAMPORT=3991            # HotSpot UAM Port (on subscriber network)
+HS_UAMUIPORT=4991          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
+HS_DYNIP=10.102.1.1
+HS_DYNIP_MASK=255.255.0.0
+HS_STATIP=10.102.0.1
+HS_STATIP_MASK=255.255.255.0
+# HS_DNS_DOMAIN=
+HS_NASID=rd-vlan102
+HS_SSID=rd-vlan102-ssid
+</file>
+<file bash /etc/chilli/br0.103/config>
+HS_LANIF=br0.103            # WAN Interface toward the Internet
+HS_NETWORK=10.103.0.0      # HotSpot Network (must include HS_UAMLISTEN)
+HS_NETMASK=255.255.0.0   # HotSpot Network Netmask
+HS_UAMLISTEN=10.103.0.1  # HotSpot IP Address (on subscriber network)
+HS_UAMPORT=3992            # HotSpot UAM Port (on subscriber network)
+HS_UAMUIPORT=4992          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
+HS_DYNIP=10.103.1.1
+HS_DYNIP_MASK=255.255.0.0
+HS_STATIP=10.103.0.1
+HS_STATIP_MASK=255.255.255.0
+# HS_DNS_DOMAIN=
+HS_NASID=rd-vlan103
+HS_SSID=rd-vlan103-ssid
+</file>
+===== Add NAT Support =====
+  * By default CoovaChilli does not do NAT between the two interfaces. We have to add NAT support during start-up in order to have a working system.
+<WRAP center round alert 90%>
+Failing to do this step will leave you with a broken system.
+</WRAP>
+  * Edit the /etc/init.d/chilli file and add the following:
+<code bash>
+test ${HS_ADMINTERVAL:-0} -gt 0 && {
+    (crontab -l 2>&- | grep -v $0
+        echo "*/$HS_ADMINTERVAL * * * * $0 radconfig"
+        ) | crontab - 2>&-
+}
+#NAT mod
+iptables -F POSTROUTING -t nat
+iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
+# ---HEADS-UP--
+#NOTE The $HS_WANIF dit not populate for some unknown reason so I had to do
+#iptables -I POSTROUTING -t nat -o eth0 -j MASQUERADE
+#END NAT mod
+ifconfig $HS_LANIF 0.0.0.0
+</code>
+===== Test it out =====
+  * Restart CoovaChilli for the latest changes to be effected.
+<code bash>
+#This is required
+systemctl disable chilli
+#Now issue the following
+sudo systemctl stop chilli
+sudo systemctl status chilli
+sudo systemctl start chilli
+</code>
+  * Confirm it started fine
+<code bash>
+sudo systemctl status chilli
+.......
+● chilli.service - LSB: Start CoovaChilli daemon at boot time
+   Loaded: loaded (/etc/init.d/chilli; generated)
+   Active: active (running) since Sat 2022-06-11 03:05:26 UTC; 2s ago
+     Docs: man:systemd-sysv-generator(8)
+  Process: 7619 ExecStart=/etc/init.d/chilli start (code=exited, status=0/SUCCES
+    Tasks: 1 (limit: 1108)
+   CGroup: /system.slice/chilli.service
+           └─7706 /usr/sbin/chilli -c /etc/chilli.conf
+Dec 21 03:05:26 osboxes systemd[1]: Started LSB: Start CoovaChilli daemon at boo
+Dec 21 03:05:26 osboxes chilli[7706]: PID 7706 saving options to /var/run/chilli
+Dec 21 03:05:26 osboxes chilli[7706]: PID 7706 loading binary options file /var/
+Dec 21 03:05:26 osboxes chilli[7706]: Loading modules
+Dec 21 03:05:26 osboxes chilli[7706]: CoovaChilli 1.4. Copyright 2002-2005 Mondr
+Dec 21 03:05:26 osboxes chilli[7706]: TX queue length set to 100
+Dec 21 03:05:26 osboxes coova-chilli[7713]: PID 7713 loading binary options file
+Dec 21 03:05:26 osboxes coova-chilli[7713]: Loading modules
+Dec 21 03:05:26 osboxes coova-chilli[7713]: USER root(0/0), GROUP root(0/0) CHIL
+Dec 21 03:05:26 osboxes coova-chilli[7713]: Running /etc/chilli/up.sh (0/0)
+.......
+</code>
+  * Reboot the system and make sure CoovaChilli started up fine
+===== Startup sequence =====
+  * We need to make sure that CoovaChilli starts at the right time.
+  * The right time will be:
+        * First we configure the bridges.
+        * Then we start up OpenVPN tunnels.
+        * Then we start up CoovaChilli.
+  * Disable the normal startup sequence of CoovaChilli
+<code bash>
+systemctl disable chilli
+</code>
+  * Edit the **/etc/rc.local** file and add the following below the startup of OpenVPN
+<code bash>
+#Add the startup of OpenVPN
+systemctl start openvpn@server_vlan_101
+systemctl start openvpn@server_vlan_102
+systemctl start openvpn@server_vlan_103
+#Add the startup of CoovaChilli
+systemctl start chilli
+exit 0
+</code>
+  * Reboot the system and make sure everything is up and running after the reboot.
+===== System Checks =====
+  * To confirm the bridges are up along with the OpenVPN tunnels
+<code bash>
+root@localhost:/home/system# brctl show
+bridge name	bridge id		STP enabled	interfaces
+br0.101		8000.002222ffffff	no		eth1.101
+							tap0
+br0.102		8000.002222ffffff	no		eth1.102
+							tap1
+br0.103		8000.002222ffffff	no		eth1.103
+							tap2
+</code>
+  * To check if CoovaChilli started up fine:
+<code bash>
+ifconfig
+....
+tun0: flags=81<UP,POINTOPOINT,RUNNING>  mtu 1500
+        inet 10.101.0.1  netmask 255.255.0.0  destination 10.101.0.1
+        inet6 fe80::70ad:961c:836d:ea9  prefixlen 64  scopeid 0x20<link>
+        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
+        RX packets 0  bytes 0 (0.0 B)
+        RX errors 0  dropped 0  overruns 0  frame 0
+        TX packets 10  bytes 592 (592.0 B)
+        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
+tun1: flags=81<UP,POINTOPOINT,RUNNING>  mtu 1500
+        inet 10.1.0.1  netmask 255.255.255.0  destination 10.1.0.1
+        inet6 fe80::dfa6:b905:30f9:8478  prefixlen 64  scopeid 0x20<link>
+        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
+        RX packets 0  bytes 0 (0.0 B)
+        RX errors 0  dropped 0  overruns 0  frame 0
+        TX packets 10  bytes 592 (592.0 B)
+        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
+tun2: flags=81<UP,POINTOPOINT,RUNNING>  mtu 1500
+        inet 10.1.0.1  netmask 255.255.255.0  destination 10.1.0.1
+        inet6 fe80::c5e:ff84:c088:a947  prefixlen 64  scopeid 0x20<link>
+        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
+        RX packets 0  bytes 0 (0.0 B)
+        RX errors 0  dropped 0  overruns 0  frame 0
+        TX packets 10  bytes 592 (592.0 B)
+        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
+....
+</code>

RADIUSdesk

Page Tools

Site Tools

User Tools

Differences