Beruflich Dokumente
Kultur Dokumente
1. Introduction
This document should be used when you want to get a Hotcakes/ChilliSpot 802.11 hotspot up and running as soon as possible. It is kept terse and to the point. Please refer to the other documents on Hotcakes in order to gain better knowledge of the setup once you have it up and running. The document will be divided into parts. Once you completed a part, and are sure it works as intended, you can continue to the next one.
1.1. Feedback
Feedback is most certainly welcome for this document. Send your additions, comments and criticisms to the following email address : <dirkvanderwalt at gmail dot com>.
Please refer to the following diagram to see how everything should t together.
Once you collected the above ingredients, you can jump right in.
2. Watch Out!
When I tested this document against Ubuntu I run into various problems. I would also like to thank all those who gave feedback on previous versions of this document, since this helped to conrm some issues. The problems are listed at the beginning of the document in order for you to avoid it right from the start.
perl: func_stop_accounting = "(null)" Cant load /usr/lib/perl/5.8/auto/POSIX/POSIX.so for module POSIX: /usr/lib/perl/5.8/auto/
The perl module of Free Radius was not able to nd other Perl modules. After I removed libltdl3-dev, the problem was cleared.
Warning
Before you continue, issue to following command just to be sure.
apt-get remove libltdl3-dev
If you dont know how to install these packages on Ubuntu, please visit the InstallingSoftware (https://help.ubuntu.com/community/InstallingSoftware) page for more information.
Warning
The package php5-mysql did not install correct on several of my machines.
To x this, run
sudo dpkg-reconfigure php5-mysql
There are a few tweaks Apache and php need before CakePHP will work correct. Make sure you add the following to the /etc/apache2/apache2.conf le:
<Directory /var/www/cake> AllowOverride All </Directory>
mini HOWTO set up Hotcakes Edit the following line in the /etc/php5/apache2/php.ini le: Change
output_buffering = Off
To
output_buffering = 4096
You should now be able to get to the hotcakes page, but still need to setup the database.
Warning
Be sure to change the admin password! To change it, log in as role Admin and go to Settings -> Admin Password.
Warning
Hotcakes needs version 1.1.4 or above of Free Radius. Version 1.1.6 is recommended. Version 1.1.7 can cause problems.
I know you might be tempted by just installing the version that comes standard with Ubuntu, but then you are in for a half baked solution. This half baked solution will not be able to do proper book keeping of quotas for time or data (bytes).
Note: As a technical note, I experienced problems with data quotas even with the latest Free Radius. Thus, this guide will show you how to use a custom Perl script to do proper book-keeping in conjunction with the latest compiled version of Free Radius.
mini HOWTO set up Hotcakes If you dont know how to install these packages on Ubuntu, please visit the InstallingSoftware (https://help.ubuntu.com/community/InstallingSoftware) page for more information. You can download the latest version of Free Radius Here (http://www.freeradius.org/getting.html) (version 1.1.7 as of this writing)
tar -xzvf freeradius-1.1.6.tar.gz cd freeradius-1.1.6 ./configure make sudo make install
This will install Free Radius in the /usr/local directory. You can test to see if Free Radius works by issuing the following command:
sudo /usr/local/sbin/radiusd -X
This will start Free Radius in debug mode ( To stop it -> Ctrl+c).
mini HOWTO set up Hotcakes You can change these settings by going to the following page as the Admin Settings -> Paths & Misc. Table 3. Please verify the following Item path_to_dictionary_les main_dictionary_le location_of_radscenario radius_proxy_le Value /usr/local/share/freeradius/ /usr/local/etc/raddb/dictionary /var/www/cake/hotcakes/webroot/les/radscenario_wip /usr/local/etc/raddb/proxy.conf
Tip: When you deviate from this standard install, you may have to tweak the radscenario_wip le a bit. It is a Perl script.
This brings us to the last section, which will set up ChilliSpot. After that is completed, we will have a working hotspot.
10
Alternatively CoovaChilli (http://coova.org/wiki/index.php/CoovaChilli) is available which includes a few enhancements. The plan was to document the use of CoovaChilli instead of ChilliSpot here, but Ive decided against it. I would rather create a recipe in the Cookbook dedicated to CoovaChilli, since it has lots of enhancements. It has been reported that the original ChilliSpots cong le does work perfect with CoovaChilli. Grab the latest release of ChilliSpot and do the following:
tar -xzvf chillispot-1.1.0.tar.gz cd chillispot-1.1.0 ./configure make sudo make install
Im not going to repeat documentation. This HOWTO Here (https://help.ubuntu.com/community/forum/server/apache2/SSL) will supply all required information to congure your SSL enabled website.
11
3. The ssl virtual host le now have to specify these les we have just created.
Replace
SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.pem
With
SSLEngine On SSLProtocol +all SSLCiphersuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificatefile /etc/ssl/certs/my.apache.hostname.example.org.cert SSLCertificatekeyfile /etc/ssl/private/my.apache.hostname.example.org.key
There are some important les which you will nd inside the doc directory situated below the chillispot-1.1.0 directory created when you extract the chillispot-1.1.0.tar.gz le. Copy the hotspotlogin.cgi le to the directory dened for CGI scripts in Apache.
sudu mkdir /usr/lib/cgi-bin sudo cp /(where_you_extracted_chillispot_to)/doc/hotspotlogin.cgi /usr/lib/cgi-bin/ sudo chmod +x /usr/lib/cgi-bin/hotspotlogin.cgi
12
mini HOWTO set up Hotcakes Be sure the following two lines in /usr/lib/cgi-bin/hotspotlogin.cgi are congured. Please change the secret value to something difcult.
# Shared secret used to encrypt challenge with. Prevents dictionary attacks. # You should change this to your own shared secret. $uamsecret = "ht2eb8ej6s4et3rg1ulp"; # Uncomment the following line if you want to use ordinary user-password # for radius authentication. Must be used together with $uamsecret. $userpassword=1;
You also need to secure your 802.11 hotspot from the outside world. There is a sample rewall script rewall.iptables which you can use. Please look inside it to ensure it is according to your setup. (your network interfaces may differ from it) You may also want to add extra rules to open certain incoming ports.
sudo cp /(where_you_extracted_chillispot_to)/doc/firewall.iptables /etc/init.d/ sudo ln -s /etc/init.d/firewall.iptables /etc/rcS.d/S40firewall.iptables
This will ensure that the rewall is up and running during startup.
13
Be sure you check and specify the following list of items inside this le
Table 4. Important parameters to specify or verify Parameter uamserver uamhomepage uamsecret uamallowed radiusserver1 radiusserver2 radiussecret dhcpif Comment https://192.168.182.1/cgi-bin/hotspotlogin.cgi http://192.168.182.1/cake/hotcakes/welcome/login_page.html (same as value specied in hotspotlogin.cgi) Specify the DNS servers dened on your machine 127.0.0.1 127.0.0.1 testing123 eth1 (the network interface NOT on the Internet)
It is important to verify what the DNS servers are that your machine uses. Go to System->Administration->Networking to specify or verify them. ChilliSpot will specify them (if not exclusively specied in /etc/chilli.conf) to clients requesting DHCP IP addresses. You need to allow trafc through to these DNS servers even BEFORE a client machine is authenticated in order to resolve domain names to IP address numbers. This is why they need to be specied in the uamallowed list. The uamhomepage is typically where you will inform clients about your mega, ultra, supa cool hotspot. Please edit this le to suit your needs. This is the rst page they will be greeted with - rst impressions :).
14
USA
15
You may want to start Free Radius and ChilliSpot in the foreground rst to make sure it works as intended. This is also handy when you troubleshoot. When things does not seem to work as they should, it is better to see which component may not work as expected. The way to do this is to start ChilliSpot and Free Radius in the foreground and in debug mode.
Tip: Remember to make sure ChilliSpot and Free Radius are NOT already running before you start them in debug mode. (sudo /etc/init.d/freeradius stop AND sudo /etc/init.d/chillispot stop)
Open two terminals and issue the following commands in them. To start Free Radius
sudo /usr/sbin/radiusd -X
To start ChilliSpot
sudo /usr/local/sbin/chilli --debug --fg
You can now try and connect through the Access Point (with its own DHCP server turned off). You should see how ChilliSpot hands out an IP Address to the client machine, (a 192.168.182.x address)
16
mini HOWTO set up Hotcakes Try and go onto the Internet trough a browser (remember NO proxy - direct connection to the Internet). You should be redirected to the welcome page (http://192.168.182.1/cake/hotcakes/welcome/login_page.html). There is a link to the login page http://192.168.182.1:3990/prelogin. Log in with a username / password combination dened in Hotcakes You should now see how Free Radius does its magick and gives ChilliSpot the feedback that you are allowed to go in. ChilliSpot will open the network gate for you, and you should be able to go into the Internet. Check how the web pages served by Hotcakes reect this in almost real time. (You may want to log off and on again from the client machine)
2. Please verify the following conguration items inside the /var/www/cake/hotcakes/webroot/welcome/lib/cong.php le.
// Set this to the base url of your login website. // for example: "https://wireless_login.mysite.com/" define(BASE_URL, https://192.168.182.1/cake/hotcakes/welcome/go/); // Shared secret used to encrypt challenge with. Prevents dictionary // attacks. You should change this to your own shared secret. // NOTE: This should match chilli.confs uamsecret. define(UAMSECRET, ht2eb8ej6s4et3rg1ulp);
If you used values other than default, you may have to tweak it in this le.
17
mini HOWTO set up Hotcakes Please change the secret value to something difcult. This has to be the same as the value specied in etc/chilli.conf. 3. You may want to change the logo displayed on the login page. This is the wireless_logo.png le under /var/www/cake/hotcakes/webroot/welcome/go/. 4. This login page is now available in four languages. You can alter the language with the following setting.
// With which language shall I talk to you? // available: en, de, pt_BR, af $lg = en;
You are encouraged to ask you customers to click on the Bookmark link on the login page. This will make it easy for them to get back to the login page if they closed the pop-up window by accident. The tweaks which Ive added use Ajax to periodically fetch the latest stats about the users connection and display them in the pop-up page.
18
3. Edit the /etc/bind/named.conf.options le to contain the DNS servers of your ISP under the forwarders section.
forwarders { # Replace the address below with the address of your providers DNS server 123.123.123.123; };
Add content to hotcakes.com.db. You can localize it so the users do not have to enter the English words for the actions. Replace hotcakes.com with your domain name. Do not forget the . after the domain name! Also, replace ns1 with the name of your DNS server
hotcakes.com. IN SOA ns1.hotcakes.com. admin.hotcakes.com. ( 2007031001 28800 3600 604800 38400 ) hotcakes.com. IN NS ns1.hotcakes.com. ns1 IN A 192.168.182.1 login IN A 192.168.182.1 info IN A 192.168.182.1 exit IN A 192.168.182.1
6. Just point your ChilliSpot machines to this DNS server. If the machine you run ChilliSpot on are using THIS DNS server as THEIR DNS server, you may not need to change the chilli.conf le. If not you can either change it so the machine self uses this DNS server as its DNS server, or you can specify it in chilli.conf as the value for dns1 and dns2.
Tip: Remember the uamallowed value also may have to change.
19
mini HOWTO set up Hotcakes 7. You also need to modify the value of domain in chilli.conf to be the same as the domain you created the DNS zone for.
# TAG: domain # Domain name # Will be suggested to the client. # Normally you do not need to uncomment this tag. domain hotcakes.com
8. Finally you need to create an intelligent landing page. This page will see how it was called and redirect the client according to how it was called. If the page was called by info, the client will be redirected to login to their info page. If the page was called by exit they will be logged off the 802.11 hotspot A sample landing page is in /var/www/cake/hotcakes/db/index.php. Copy this to the /var/www directory of the server specied in your DNS zone le. You may have to ne tune it to suit your conguration.
Our client gets redirected to the index page of the web server. The web servers index page check what was requested and redirects accordingly.
Note: If you have system which makes use of a transparent proxy you must also ensure it can also resolve a name like exit to an IP address. I had to manually add this to the /etc/hosts le on a OpenWRT Access Point. I also had to ne tune the /etc/tinyprox/tinyproxy.conf le. YMMV!
20
21
mini HOWTO set up Hotcakes 5. If your install is not under /var/www/cake please edit the hotcakes/app_controller.php le to reect the current location. (value of $locale_location) 6. You may want to add menu entries for this language.
/var/www/cake/hotcakes/webroot/files/menu_cashier.php /var/www/cake/hotcakes/views/layouts/default.thtml /var/www/cake/hotcakes/views/layouts/client.thtml /var/www/cake/hotcakes/webroot/files/menu.php
22