Thursday, 11 February 2016

INSTALL HOTSPOT YFI (part 2)

Note : 

Source of the original article : 
http://sourceforge.net/apps/trac/hotcakes/wiki/yfi_setup_cake
I have edited some parts according to my experience
This post continued from previous post

Configuring FreeRADIUS
  • Before you compile the souce code of FreeRADIUS, ensure the following packages are installed:
sudo apt-get install build-essential libmysqlclient15-dev libperl-dev \
libxml-simple-perl libmail-sendmail-perl libssl-dev
  • Download FreeRADIUS source code. (http://freeradius.org/download.html )
wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.12.tar.gz
tar -xzvf freeradius-server-2.1.12.tar.gz
cd freeradius-server-2.1.12
./configure | tee config_out.txt
make
sudo make install
sudo ldconfig
  • Test to see if Free Radius works by issuing the following command:
sudo /usr/local/sbin/radiusd -X
  • This will start Free Radius in debug mode ( To stop it -> Ctrl+c). 
  • FreeRADIUS has a startup script. The following will ensure automatic startup between reboots.
sudo cp /usr/local/sbin/rc.radiusd /etc/init.d/radiusd
sudo update-rc.d radiusd start 80 2 3 4 5 . stop 20 0 1 6 .

Setup FreeRADIUS

  • The following commands will set-up FreeRADIUS to work together with YFi Hotspot Manager.
sudo mv /usr/local/etc/raddb /usr/local/etc/raddb.orig
sudo cp /var/www/c2/yfi_cake/setup/radius/raddb.tar.gz /usr/local/etc/
cd /usr/local/etc/
sudo tar -xzvf raddb.tar.gz
sudo chown root.www-data /usr/local/etc/raddb/proxy.conf
sudo chmod 664 /usr/local/etc/raddb/proxy.conf
sudo chmod 644 /usr/local/etc/raddb/dictionary
sudo ldconfig

Activate and change chillispot dictionary

  • FreeRADIUS includes various dictionaries from different vendors. These dictionaries defines attributes for the vendor's NAS devices. 
  • Dictionaries can be included or excluded by editing the /usr/local/share/freeradius/dictionary file. The latest version of FreeRADIUS all ready includes the chillispot dictionary by default. 
  • YFi Hotspot Manager defines special Voucher attributes. To enable these, add the following to the /usr/local/share/freeradius/dictionary.chillispot file. (Yfi Attributes and Yfi Counters)
ATTRIBUTE       ChilliSpot-Version                      8       string
ATTRIBUTE       ChilliSpot-OriginalURL                  9       string
#YFi Specific Attributes
ATTRIBUTE       Yfi-Voucher                            40     string
ATTRIBUTE       Yfi-MAC-Reset                          41     string
ATTRIBUTE           Yfi-Data                           42     string
ATTRIBUTE           Yfi-Time                          43     string
#YFi Various Counters
ATTRIBUTE       Max-Daily-Session               50      integer
ATTRIBUTE       Max-Monthly-Session             51      integer
ATTRIBUTE       Max-Weekly-Session              52      integer
ATTRIBUTE       Max-All-Session                 53      integer
ATTRIBUTE       ChilliSpot-Max-Daily-Octets               60      integer
ATTRIBUTE       ChilliSpot-Max-Monthly-Octets             61      integer
ATTRIBUTE       ChilliSpot-Max-Weekly-Octets              62      integer
ATTRIBUTE       ChilliSpot-Max-All-Octets                 63      integer
# Configuration management parameters (ChilliSpot Only)
ATTRIBUTE       ChilliSpot-UAM-Allowed                  100     string

Remove virtual.example.com

Edit /usr/local/etc/raddb/proxy.conf Change this part:
# Sample virtual home server.
home_server virtual.example.com {
    virtual_server = virtual.example.com
}
To:
# Sample virtual home server.
#home_server virtual.example.com {
#    virtual_server = virtual.example.com
#}

Additional changes

  • If you deviated from the standard, the following files may need changes
  • /usr/local/etc/raddb/sql.conf - This defines the database conecction detail.
  • /usr/local/etc/raddb/rlm_perl_modules/conf/settings.conf - This defines the database settings and counters used by the FreeRADIUS YFi Hotspot Manager Perl module.

Final testing

  • As a final test issue the following command and ensure no errors are present.
sudo /usr/local/sbin/radiusd -X
  • If there are no errors start the FreeRADIUS service through the startup script
sudo /etc/init.d/radiusd start

Install CoovaChilli

wget http://ap.coova.org/chilli/coova-chilli_1.0.14-1_i386.deb
dpkg -i coova-chilli_1.0.14-1_i386.deb    
  • Now look either the /etc/chilli/defaults. Copy this file to config (in the same directory).
cp /etc/chilli/defaults /etc/chilli/config
  • edit file config.
# HS_WANIF=eth0            # WAN Interface toward the Internet
HS_LANIF=eth1              # Subscriber Interface for client devices
HS_NETWORK=10.1.0.0        # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0   # HotSpot Network Netmask
HS_UAMLISTEN=10.1.0.1      # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990            # HotSpot Port (on subscriber network)
#   HotSpot settings for simple Captive Portal
HS_NASID=nas01
HS_UAMSECRET=greatsecret
HS_RADIUS=127.0.0.1
HS_RADIUS2=127.0.0.1
HS_RADSECRET=testing123
HS_UAMALLOW=coova.org
HS_NASIP=10.1.0.1   # To explicitly set NAS-IP-Address
HS_UAMFORMAT=http://10.1.0.1/coova_json/hs_land.php
HS_UAMHOMEPAGE=http://10.1.0.1/coova_json/splash.php
HS_UAMSERVICE=https://coova.org/app/uam/auth
HS_MODE=hotspot
HS_TYPE=chillispot
HS_WWWDIR=/etc/chilli/www
HS_WWWBIN=/etc/chilli/wwwsh
HS_PROVIDER=Coova
HS_PROVIDER_LINK=http://www.coova.org/
HS_LOC_NAME="My HotSpot"           # WISPr Location Name and used in portal
  • Edit file ” /etc/default/chilli ” change value = 1
START_CHILLI=1
CONFFILE="/usr/local/etc/chilli.conf"
  • add the following line to the end of file /etc/chilli/up.sh
 # may not have been populated the first time; run again
    [ -e "/var/run/chilli.iptables" ] && sh /var/run/chilli.iptables 2>/dev/null
    # force-add the final rule necessary to fix routing tables
    iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
  • it’s time to try start chilli
/etc/init.d/chilli start

User Login Page

  • copy folder coova_json to directory "/var/www"
cp -R /var/www/c2/yfi_cake/setup/coova_json /var/www
  • check in the file /var/www/coova_json/uam.php, make sure $uamsecret=greatsecret. and in the file  var/www/coova_json/login.php, change value $port=3990.
  • Until this step, your server hotspot  are ready to use. Restart the computer, try to make connection with the laptop user. while browsing, if it appears yfi hotspot login page, it means the server hotspot yfi successfully work. Make sure, to input the correct  username  and password in the login page user, if all goes normally, the login page will automatically redirect to the destination site.

Install pptpd

  • This is optional, but I recommend because there are some part can missing if you not install this. In source article said WARNING: DO NOT SKIP THIS STEP - EVEN IF YOU DO NOT INTEND TO USE pptp!!!!!

Setup Instructions

  • Install the pptpd service
sudo apt-get install pptpd
  • Edit the config file of the server ( sudo vi /etc/pptpd.conf) and change the bottom part:
# (Recommended)
localip 10.20.30.1
#remoteip 10.20.30.2-10.20.30.254
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
  • This will cause the server to create a virtual interface with IP 10.20.30.1. 
  • Poin to point virtual connections can be set-up from the NAS devices, using this IP when you specify the RADIUS server's IP. 
  • Make the file where the clients to the pptpd program gets defiend writable by the user running Apache.
sudo chown root.www-data /etc/ppp/chap-secrets
sudo chmod 664 /etc/ppp/chap-secrets
  • Restart the pptpd program to apply the changes
sudo /etc/init.d/pptpd restart


Cron Scripts

  • YFi Hotspot Manager require a few scripts to run periodically in order to maintain a healthy and working system. 
  • This section will discuss each of the Cron scripts involved and how to configure the server to run them via the Cron system. 
  • Most of the scripts are CakePHP shell scripts. This makes it easy to interact with the MySQL database used by FreeRADIUS.
  • To activate the cron scripts execute the following command, which will add YFi Hotspot Manager's crons scripts to the Cron system
sudo cp /var/www/c2/yfi_cake/setup/cron/yfi /etc/cron.d/
  • If you want to change the default intervals at which the scripts gets executed, just edit the /etc/cron.d/yfi file.

Location of cron scripts

  • It may happen that the CakePHP application (yfi_cake) is not installed in the default place as per this instructions. Should this be the case please update the /etc/cron.d/yfi file accordingly to reflect the correct paths. 
    If you fail to comply to this, you will end up with a mis-configured, ill behaving YFi Hotspot Manager.

Congratulations! Your YFi Hotspot Manager setup is complete.