RADIUSdesk

logo
Trace: nft-adv-block nft-block

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
technical:openvpn-bridges-prep-coova [2023/10/23 18:21]
admin [Building and Installing Coova Chilli] 		technical:openvpn-bridges-prep-coova [2024/01/16 10:46] (current)
admin [Test it out]
Line 75: Line 75:
   * Create a file called **/etc/chilli/config** and use the following as reference:   * Create a file called **/etc/chilli/config** and use the following as reference:
 <file bash /etc/chilli/config> <file bash /etc/chilli/config>
-HS_WANIF=eth1            # WAN Interface toward the Internet+HS_WANIF=eth0            # WAN Interface toward the Internet
 HS_DNS1=4.4.4.4 HS_DNS1=4.4.4.4
 HS_DNS2=8.8.8.8 HS_DNS2=8.8.8.8
-HS_RADIUS=198.27.111.78 +HS_RADIUS=164.160.89.129 
-HS_RADIUS2=198.27.111.78+HS_RADIUS2=164.160.89.129
 HS_RADSECRET=testing123    # Set to be your RADIUS shared secret HS_RADSECRET=testing123    # Set to be your RADIUS shared secret
 HS_UAMSECRET=greatsecret     # Set to be your UAM secret HS_UAMSECRET=greatsecret     # Set to be your UAM secret
 HS_UAMALIASNAME=chilli HS_UAMALIASNAME=chilli
 HS_UAMSERVER=$HS_UAMLISTEN HS_UAMSERVER=$HS_UAMLISTEN
-HS_UAMFORMAT=http://198.27.111.78/cake2/rd_cake/dynamic_details/chilli_browser_detect/+HS_UAMFORMAT=https://cloud.radiusdesk.com/cake4/rd_cake/dynamic-details/chilli-browser-detect/
 HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
 HS_MODE=hotspot HS_MODE=hotspot
Line 93: Line 93:
 HS_PROVIDER_LINK=http://coova.github.io/ HS_PROVIDER_LINK=http://coova.github.io/
 HS_LOC_NAME="My HotSpot"           # WISPr Location Name and used in portal HS_LOC_NAME="My HotSpot"           # WISPr Location Name and used in portal
 +HS_UAMUISSL=on
 +HS_SSLKEYFILE=/etc/chilli/key.pem
 +HS_SSLCERTFILE=/etc/chilli/cert.pem
 +HS_UAMALIASNAME=uam
 +HS_DNS_DOMAIN=mesh-manager.com
 +HS_UAMUIPORT=4990
  
 </file> </file>
 +  * Make sure you include the **key.pem** and **cert.pem** in order for SSL to work correct.
 +  * You can use these from the MESHdesk firmware
 +  * https://github.com/RADIUSdesk/openwrt-meshdesk/tree/main/MESHdesk/files/MESHdesk/captive_portals
   * Create the VLAN config directories   * Create the VLAN config directories
 <code> <code>
Line 123: Line 132:
 HS_SSID=rd-vlan101-ssid HS_SSID=rd-vlan101-ssid
 </file> </file>
 +
 +<file bash /etc/chilli/br0.102/config>
 +HS_LANIF=br0.102            # WAN Interface toward the Internet
 +HS_NETWORK=10.102.0.0      # HotSpot Network (must include HS_UAMLISTEN)
 +HS_NETMASK=255.255.0.0   # HotSpot Network Netmask
 +HS_UAMLISTEN=10.102.0.1  # HotSpot IP Address (on subscriber network)
 +HS_UAMPORT=3991            # HotSpot UAM Port (on subscriber network)
 +HS_UAMUIPORT=4991          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
 + 
 +HS_DYNIP=10.102.1.1
 +HS_DYNIP_MASK=255.255.0.0
 +HS_STATIP=10.102.0.1
 +HS_STATIP_MASK=255.255.255.0
 +# HS_DNS_DOMAIN=
 + 
 +HS_NASID=rd-vlan102
 +HS_SSID=rd-vlan102-ssid
 +</file>
 +
 +<file bash /etc/chilli/br0.103/config>
 +HS_LANIF=br0.103            # WAN Interface toward the Internet
 +HS_NETWORK=10.103.0.0      # HotSpot Network (must include HS_UAMLISTEN)
 +HS_NETMASK=255.255.0.0   # HotSpot Network Netmask
 +HS_UAMLISTEN=10.103.0.1  # HotSpot IP Address (on subscriber network)
 +HS_UAMPORT=3992            # HotSpot UAM Port (on subscriber network)
 +HS_UAMUIPORT=4992          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
 + 
 +HS_DYNIP=10.103.1.1
 +HS_DYNIP_MASK=255.255.0.0
 +HS_STATIP=10.103.0.1
 +HS_STATIP_MASK=255.255.255.0
 +# HS_DNS_DOMAIN=
 + 
 +HS_NASID=rd-vlan103
 +HS_SSID=rd-vlan103-ssid
 +</file>
 +
 +===== Add NAT Support =====
 +  * By default CoovaChilli does not do NAT between the two interfaces. We have to add NAT support during start-up in order to have a working system.
 +<WRAP center round alert 90%>
 +Failing to do this step will leave you with a broken system.
 +</WRAP>
 +  * Edit the /etc/init.d/chilli file and add the following:
 +<code bash>
 +test ${HS_ADMINTERVAL:-0} -gt 0 && {
 +    (crontab -l 2>&- | grep -v $0
 +        echo "*/$HS_ADMINTERVAL * * * * $0 radconfig"
 +        ) | crontab - 2>&-
 +}
 + 
 +#NAT mod
 +iptables -F POSTROUTING -t nat
 +iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
 +# ---HEADS-UP--
 +#NOTE The $HS_WANIF dit not populate for some unknown reason so I had to do
 +#iptables -I POSTROUTING -t nat -o eth0 -j MASQUERADE
 +#END NAT mod
 + 
 +ifconfig $HS_LANIF 0.0.0.0
 +</code>
 +===== Test it out =====
 +  * Restart CoovaChilli for the latest changes to be effected.
 +<code bash>
 +#This is required 
 +systemctl disable chilli
 +#Now issue the following
 +sudo systemctl stop chilli
 +sudo systemctl status chilli
 +sudo systemctl start chilli
 +</code>
 +
 +  * Confirm it started fine
 +<code bash>
 +sudo systemctl status chilli
 + 
 +.......
 +● chilli.service - LSB: Start CoovaChilli daemon at boot time
 +   Loaded: loaded (/etc/init.d/chilli; generated)
 +   Active: active (running) since Sat 2022-06-11 03:05:26 UTC; 2s ago
 +     Docs: man:systemd-sysv-generator(8)
 +  Process: 7619 ExecStart=/etc/init.d/chilli start (code=exited, status=0/SUCCES
 +    Tasks: 1 (limit: 1108)
 +   CGroup: /system.slice/chilli.service
 +           └─7706 /usr/sbin/chilli -c /etc/chilli.conf
 + 
 +Dec 21 03:05:26 osboxes systemd[1]: Started LSB: Start CoovaChilli daemon at boo
 +Dec 21 03:05:26 osboxes chilli[7706]: PID 7706 saving options to /var/run/chilli
 +Dec 21 03:05:26 osboxes chilli[7706]: PID 7706 loading binary options file /var/
 +Dec 21 03:05:26 osboxes chilli[7706]: Loading modules
 +Dec 21 03:05:26 osboxes chilli[7706]: CoovaChilli 1.4. Copyright 2002-2005 Mondr
 +Dec 21 03:05:26 osboxes chilli[7706]: TX queue length set to 100
 +Dec 21 03:05:26 osboxes coova-chilli[7713]: PID 7713 loading binary options file
 +Dec 21 03:05:26 osboxes coova-chilli[7713]: Loading modules
 +Dec 21 03:05:26 osboxes coova-chilli[7713]: USER root(0/0), GROUP root(0/0) CHIL
 +Dec 21 03:05:26 osboxes coova-chilli[7713]: Running /etc/chilli/up.sh (0/0)
 +.......
 +</code>
 +  * Reboot the system and make sure CoovaChilli started up fine
 +
 +===== Startup sequence =====
 +  * We need to make sure that CoovaChilli starts at the right time.
 +  * The right time will be:
 +        * First we configure the bridges.
 +        * Then we start up OpenVPN tunnels.
 +        * Then we start up CoovaChilli.
 +  * Disable the normal startup sequence of CoovaChilli
 +<code bash>
 +systemctl disable chilli
 +</code>
 +  * Edit the **/etc/rc.local** file and add the following below the startup of OpenVPN
 +<code bash>
 +#Add the startup of OpenVPN
 +systemctl start openvpn@server_vlan_101
 +systemctl start openvpn@server_vlan_102
 +systemctl start openvpn@server_vlan_103
 +
 +#Add the startup of CoovaChilli
 +systemctl start chilli
 +
 +exit 0
 +</code>
 +  * Reboot the system and make sure everything is up and running after the reboot.
 +
 +===== System Checks =====
 +  * To confirm the bridges are up along with the OpenVPN tunnels
 +<code bash>
 +root@localhost:/home/system# brctl show
 +bridge name bridge id STP enabled interfaces
 +br0.101 8000.002222ffffff no eth1.101
 + tap0
 +br0.102 8000.002222ffffff no eth1.102
 + tap1
 +br0.103 8000.002222ffffff no eth1.103
 + tap2
 +</code>
 +  * To check if CoovaChilli started up fine:
 +<code bash>
 +ifconfig
 +
 +....
 +tun0: flags=81<UP,POINTOPOINT,RUNNING>  mtu 1500
 +        inet 10.101.0.1  netmask 255.255.0.0  destination 10.101.0.1
 +        inet6 fe80::70ad:961c:836d:ea9  prefixlen 64  scopeid 0x20<link>
 +        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
 +        RX packets 0  bytes 0 (0.0 B)
 +        RX errors 0  dropped 0  overruns 0  frame 0
 +        TX packets 10  bytes 592 (592.0 B)
 +        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 +
 +tun1: flags=81<UP,POINTOPOINT,RUNNING>  mtu 1500
 +        inet 10.1.0.1  netmask 255.255.255.0  destination 10.1.0.1
 +        inet6 fe80::dfa6:b905:30f9:8478  prefixlen 64  scopeid 0x20<link>
 +        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
 +        RX packets 0  bytes 0 (0.0 B)
 +        RX errors 0  dropped 0  overruns 0  frame 0
 +        TX packets 10  bytes 592 (592.0 B)
 +        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 +
 +tun2: flags=81<UP,POINTOPOINT,RUNNING>  mtu 1500
 +        inet 10.1.0.1  netmask 255.255.255.0  destination 10.1.0.1
 +        inet6 fe80::c5e:ff84:c088:a947  prefixlen 64  scopeid 0x20<link>
 +        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
 +        RX packets 0  bytes 0 (0.0 B)
 +        RX errors 0  dropped 0  overruns 0  frame 0
 +        TX packets 10  bytes 592 (592.0 B)
 +        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 +
 +....
 +
 +</code>
 +
 +
 +
 +
 +
  
Last modified: 2023/10/23 18:21