Thursday, 11 February 2016

Mikrotik and EasyHotspot, as Hotspot Billing System


router mikrotik and radius server easyhotspot
In the previous post, we already know about the mikrotik hotspot. And the next experiments, mikrotik hotspot added a EasyHotspot as radius server. Can be seen in the picture. In this experiment, Chillispot and login page, on EasyHotspot, not used and should be removed. Mikrotik will replace the function of Chillispot and login page. Actual merger mikrotik with radius server, I've created, in a project by PT xxx. But I had forgotten what a hotspot billing system used. And it is not archived.

Mikrotik.
See previous post about making mikrotik hotspot. http://myconfigure.blogspot.com/2013/05/configure-mikrotik-as-hotspot_9254.html.  If all is ok, proceed with the following steps. Radius - then click the plus sign (+) to add. 
mikrotik - radius

Open dialog box will appear. Enter the IP address of the Radius server (EasyHotspot), secret, for example : testing123, port, and check the hotspot service. Then click OK.
mikrotik - new radius server settings


Back to Radius open dialog. Click Incoming. Check Accept, Port is 3799. Then OK.
mikrotik - radius port incoming

Create an IP interface towards the radius server. From Winbox, click IP - Addresses
mikrotik - IP address

In the new dialog box, input IP address, and select ether3 as interface to radius server. Then click OK.

mikrotik - IP address settings

Then in the hotspot dialog box, click server profiles tab. Click twice hsprof1. Then the new dialog box will appear. Click radius tab. Select use radius, and accounting. Then click OK.

mikrotik - hotspot server profiles - settings

Back to hotspot dialog box, click Walled Garden IP List tab. Click plus sign (+),  then another dialog box will appear.  Enter IP address to blank box dst. address. Check Action Accept, then click OK. Look at picture below.
mikrotik - walled garden

Click IP – Firewall. And in the firewall dialog box, click NAT tab. Click plus (+) to add new rules firewall.
mikrotik - IP firewall

The New NAT rule dialog box will appear. In src.address blank box, enter IP address ( IP address radius server). Chain is srcnat. Then click tab action.  And select masquerade, for action. And then OK.
mikrotik - IP firewall nat settings
mikrotik - IP firewall nat settings 2

Easyhotspot / Radius server
Already been discussed, see previous post. The difference is, we only need to use one interface.
If the previous post, there are 4 stages for installation. Now there are only 3 stages, ie,
1.    Install apache, PHP, & Mysql
2.    Install Easyhotspot web.
3.    Install Freeradius 2.1.12

Install Apache, PHP & Mysql
Begin by configuring Ethernet. Remember only one interface, which needs to be configured.
vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.11.2
NETMASK=255.255.255.252
GATEWAY=192.168.11.1
IPV4_FAILURE_FATAL=yes

And after restart network, the Internet should be connected. Then proceed with the installation php, mysql, apache, and other support files.
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
yum repolist
yum  --enablerepo=epel,remi,remi-test  install mc vim unzip zip gcc gcc-c++ make git svn nano tar
yum  --enablerepo=epel  install mysql-server php httpd php-mysql php-xml php-gd php-pear php-db
yum  --enablerepo=epel,remi-test  install  patch mod_ssl openssl dnsmasq
chkconfig --level 235 mysqld on
chkconfig --level 235 ip6tables off
chkconfig --level 235 postfix off
chkconfig --level 235 dnsmasq on
chkconfig --level 235 httpd on

Check in /etc/php.ini, make sure several lines of configuration is suitable.
          short_open_tag = On
          date.timezone = Asia/Makassar

Edit /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
#-A INPUT -p tcp -j ACCEPT
#-A INPUT -p udp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 1811 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 1812 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 1813 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Don't forget to save and restart.
service iptables restart
reboot

Install EasyHotspot Web
See the previous post. http://myconfigure.blogspot.com/2013/03/easyhotspot-in-centos-64.html.  Remember, no need to install the login page.

Install Freeradius 2.1.12
Like the previous post, and then there is little extra.
Edit /etc/raddb/client.conf. add at the end of the line,
            client 192.168.11.1 {
                        secret          = testing123
            shortname       = nas01
}

Finish. Try to create a voucher on EasyHotspot. then use of the client computer. If successfully logged in, it means the configuration is successfully done. Look at Hotspot dialog box, click Active tab.  Current users will be seen, and there is a sign R, on the left side, meaning the user from radius server.
But there are still drawbacks, users cannot be disconnected from EasyHotspot. It will be explained in thenext post
mikrotik - hotspot active users