WISP Coova phpMyPrepaid: Difference between revisions
No edit summary |
|||
Line 1: | Line 1: | ||
[[Category: WISP in a box]] | [[Category: WISP in a box]] | ||
Previous information here that concerned the less-technical details, specifications and aspects of the bigger picture have been transferred to this page. | |||
==Setup Ingredients== | ==Setup Ingredients== | ||
Line 126: | Line 38: | ||
[[Image:Updated-WISPiab-ISP.PNG|thumb|left| Diagram of initial WISPiab-billing setup using Coova, myPhpPrepaid.]] | [[Image:Updated-WISPiab-ISP.PNG|thumb|left| Diagram of initial WISPiab-billing setup using Coova, myPhpPrepaid.]] | ||
At the moment the intention of this setup is to mainly test billing support, and is more of a wifi-hotspot setup. | At the moment the intention of this setup is to mainly test billing support, and is more of a wifi-hotspot setup. Over time it will be modified to adapt to a wireless mesh network environment. The gateway server has an external network interface (e.g, eth0) that is connected to the Internet, and an internal network interface (e.g, eth3), connected to the Coova Linksys Router (internal network). In this case the external network interface gets its IP address automatically (DHCP). The internal network interface is assigned a static ip address (e.g, 192.168.5.1), therefore the Coova WAN interface is also set to static (e.g, 192.168.5.4). All instructions below are provided with the assumption that this is a fresh install of Ubuntu. Performing these steps on an existing installation does not guarantee proper functionality. | ||
This is still work in progress, and is new work for me, so all information stated here may be not be of the highest accuracy. However, I | |||
will try my best to keep the information here as accurate as possible. | will try my best to keep the information here as accurate as possible. | ||
Line 302: | Line 214: | ||
</script> | </script> | ||
</pre> | </pre> | ||
Revision as of 16:05, 6 August 2008
Previous information here that concerned the less-technical details, specifications and aspects of the bigger picture have been transferred to this page.
Setup Ingredients
The tools used to setup this testbed:
- Coova WISP-in-a-box Wireless Africa wiki, URL
- phpMyPrepaid Wireless Africa wiki, URL
- FreeRADIUS
- MySQL
- Ubuntu Hardy Server - This is the distro that was used for the gateway server. In future, it is intended to have this setup (when finalized) integrated into Inveneo Hub Server Linux.
Setup Recipe
At the moment the intention of this setup is to mainly test billing support, and is more of a wifi-hotspot setup. Over time it will be modified to adapt to a wireless mesh network environment. The gateway server has an external network interface (e.g, eth0) that is connected to the Internet, and an internal network interface (e.g, eth3), connected to the Coova Linksys Router (internal network). In this case the external network interface gets its IP address automatically (DHCP). The internal network interface is assigned a static ip address (e.g, 192.168.5.1), therefore the Coova WAN interface is also set to static (e.g, 192.168.5.4). All instructions below are provided with the assumption that this is a fresh install of Ubuntu. Performing these steps on an existing installation does not guarantee proper functionality.
This is still work in progress, and is new work for me, so all information stated here may be not be of the highest accuracy. However, I will try my best to keep the information here as accurate as possible.
Coova
- Setup coova on Linksys router - Howto guide on Coova website
- Configure Coova WAN settings. (the following points are with assumption that the gateway server settings described here are being used)
- On Coova administration web portal : Network->WAN.
- Under WAN Configuration, set Connection Type to Static IP.
- Under IP Settings, set IP address, Netmask and Default Gateway settings (e.g, 192.168.5.4, 255.255.255.0, 192.168.5.1 in this example).
- Under DNS Servers, add Gateway server internal network interface IP address (e.g 192.168.5.1).
- Leave the Dyanmic DNS Settings as is. Save changes.
- Configure Coova Wireless Network. Click on Network->Wireless.
- Under Wireless Configuration, ensure Wireless Network is set to Enabled and Mode is set to Access Point. Configure Wireless Network to however it suits you. Save changes.
- For the purposes of testing in this case, Wireless Network is not encrypted, with minimal access configuration (ESSID - wifibox, ESSID Broadcast - Show, Channel - Auto, Encryption Type - Disabled).
- Setup coova to act as a Chillispot-type hotspot, with auto-configuration disabled. (Setup may be tested later on with WifiDog instead of Chillispot).
- Click on the Hotspot tab. Under HotSpot Configurations
- Set Hotspot type to ChilliSpot UAM
- Set Hotspot Mode to Wireless Only
- Choose if you prefer to Deny or Allow LAN access through the hotspot.
- Under ChilliSpot Configurations
- Set Auto Configuration to Disabled
- Fill in UAM Hostname, UAM Secret, NAS Identifer information. Save changes. In this case:
- Click on the Hotspot tab. Under HotSpot Configurations
UAM Hostname : 192.168.5.1 UAM Secret : yoursecret NAS Identifier : wifibox
- Click on Access Lists under the HotSpot tab.
- Walled-Garden Hosts...
- Walled-Garden Domains... Save Changes.
- Leave Hotspot->DHCP settings as is.
- Click on RADIUS under the HotSpot tab. Fill in the details under RADIUS Configurations. In this case:
- Click on Access Lists under the HotSpot tab.
Primary RADIUS Server : 192.168.5.1 Secondary RADIUS Server : 192.168.5.1 RADIUS Auth Port : 1812 RADIUS Acct Port : 1813 Shared secret : yoursecret
- For testing in this case, we leave MAC Address Authentication as Disabled.
- Under the Optional RADIUS Configurations :
- Set RADIUS Admin Username to phpmyprepaid.
- Set RADIUS Admin Password to a password of your choice.
- Leave the rest of the settings in this section as is. Save Changes.
- Note that the RADIUS Admin Username and Password and Shared secret settings are to be inserted into FreeRADIUS configuration on Gateway server.
- Click on Advanced under the HotSpot tab. Fill in the details under Advanced ChilliSpot Configurations. In this scenario:
Internal UAM Port : 3990 HotSpot Services Provider : yourhotspot HotSpot Services Provider URL : http://192.168.5.1/cgi-bin/hotspotlogin.cgi UAM URL Format : http://192.168.5.1/cgi-bin/hotspotlogin.cgi (I'm not too sure but this value should not really matter if the full URL has been filled in for the hotspot provider url) UAM HomePage (splash page) : http://10.1.0.1:3990/www/coova.html Local Content Directory : /etc/chilli/www
Gateway server
- Install Ubuntu Server (Hardy), with minimum MySQL, FreeRADIUS, Apache webserver. DO NOT Install the DNS Server. This is because I have decided to use dnsmasq instead, as I found it much easier to setup for any user who is not familiar with bind9. Bind9 is the default DNS server that is included with Ubuntu distributions.
- Install Webmin. Webmin is a great tool with a web-based frontend to administer many important settings under Linux (Startup/Shutdown Scripts, DNS, DHCP, Firewall, NAT; also supports plugins for other tools). (an apparently better alternative is ispconfig, but I've not tested this tool yet.)
- Setup up network configuration for both network interfaces. [Todo: Should check out the dnsmasq webmin module..]
- Configure NAT using iptables (can be done using the Webmin interface).
- Click on Networking -> Linux Firewall on the left panel of the Webmin interface.
- On the Linux Firewall page, at the top left, there is a list box next to the Showing IPtable: button. Click on this list box and ensure Network address translation (nat) is selected.
- Click on Showing IPtable: The page will reload with NAT iptable configuration.
- Under the section Packets after routing (POSTROUTING), click on the Add Rule button. The page reloads with the Add Rule page.
- In the Chain and action details section, you may fill the Rule comment section with a description of your choice (e.g., Internet access for intranet). Choose Masquerade option in the Action to take field. Leave other fields as is.
- In the Condition details, select outgoing interface to the external interface (eth0 for the purpose of this document.) Leave other details as is.
- Click 'the 'Create button.
- This page will reload the general Linux Firewall page. You should see a rule under the postrouting section to the following effect:
Action: Masquerade; Condition:If output interface is eth0
- Click on Apply Configuration.
- Next to the Activate at boot button, select the Yes option. Then click 'Activate at boot.
- Enable IP forwarding. (In this case we are using IPv4. For IPv6, replace "ipv4" in all the settings below with "ipv6".
- Open terminal and type the following command in terminal:
echo 1 > /proc/sys/net/ipv4/ip_forward
- Open the file /etc/sysctl.conf with superuser privileges.
sudo nano /etc/sysctl.conf
If nano is not installed, you can typesudo apt-get install nano
- Look for the the term net.ipv4.ip_forward in this file. If it is commented uncomment it. Edit this line as necessary to ensure that it looks like
net.ipv4.ip_forward=1
- Open terminal and type the following command in terminal:
- Install and setup dnsmasq and ipmasq by typing from terminal
sudo apt-get install dnsmasq ipmasq
sudo /etc/init.d/dnsmasq restart
dpkg-reconfigure ipmasq
This will load a window that requests some configuration steps. Select Yes to the first screen (recompute firewall). Select OK to the second screen. Select After network services have been started on the next screen (when should ipmasq be started) and press OK. Reboot.
- Setup FreeRADIUS and MySQL. Note: I have had a lot of hassle trying to smoothly set up FreeRADIUS. A lot of issues can be expected during this part of the setup.
- Ensure that the FreeRADIUS MySQL plugin is installed:
apt-get install freeradius-mysql
- Ensure that the FreeRADIUS MySQL plugin is installed:
- Configure NAT using iptables (can be done using the Webmin interface).
More to follow within the next few days.
Problems / Errors
Coova
Spoofed source packets
- Coova (1.0-beta7): chilli started in debug mode (chilli -fd)
- When client attempting to access any URL, coova debug message -
chilli.c: 2566: 0 (Debug) Client MAC=XX-XX-XX-XX-XX-XX assigned IP a.b.c.d chilli.c: 2747: 0 (Debug) Received packet with spoofed source! chilli.c: 2747: 0 (Debug) Received packet with spoofed source! ..
- Reason: Sometimes if the chilli daemon stops, the connected client A, which up until now had the IP address a.b.c.d, may renew its IP address and receive a new address w.x.y.z from LAN DHCP service (instead of coova-chilli's DHCP service). If the chilli daemon is restarted again, it might not renew client A's IP address to a.b.c.d (or an address in the range of a.b.c.X). The above debug indicates that the chilli daemon thinks it has assigned the relevant IP address, but is confused when it receives packets with a different IP source.
- Solution: Stop chilli daemon, release client's IP address, restart chilli daemon, re-connect client and it should renew its IP address correctly.
Leaky bucket
chilli.c: 2939: 0 (Debug) Successful UAM login from username=user123 IP=x.x.x.x chilli.c: 2942: 0 (Debug) Received login from UAM chilli.c: 110: 0 (Debug) Leaky bucket timediff: 0, bucketup: 0, bucketdown: 0, up: 656, down: 0 chilli.c: 110: 0 (Debug) Leaky bucket timediff: 0, bucketup: 656, bucketdown: 0, up: 0, down: 1500 chilli.c: 110: 0 (Debug) Leaky bucket timediff: 0, bucketup: 656, bucketdown: 1500, up: 0, down: 1500 chilli.c: 110: 0 (Debug) Leaky bucket timediff: 0, bucketup: 656, bucketdown: 3000, up: 0, down: 1171 chilli.c: 110: 0 (Debug) Leaky bucket timediff: 0, bucketup: 656, bucketdown: 4171, up: 66, down: 0 chilli.c: 110: 0 (Debug) Leaky bucket timediff: 0, bucketup: 722, bucketdown: 4171, up: 66, down: 0 chilli.c: 110: 0 (Debug) Leaky bucket timediff: 0, bucketup: 788, bucketdown: 4171, up: 66, down: 0 chilli.c: 110: 0 (Debug) Leaky bucket timediff: 0, bucketup: 854, bucketdown: 4171, up: 698, down: 0 chilli.c: 110: 0 (Debug) Leaky bucket timediff: 0, bucketup: 1552, bucketdown: 4171, up: 0, down: 52 chilli.c: 110: 0 (Debug) Leaky bucket timediff: 0, bucketup: 1552, bucketdown: 4223, up: 0, down: 1500 chilli.c: 110: 0 (Debug) Leaky bucket timediff: 0, bucketup: 1552, bucketdown: 5723, up: 0, down: 1500 chilli.c: 110: 0 (Debug) Leaky bucket timediff: 0, bucketup: 1552, bucketdown: 7223, up: 0, down: 1500 chilli.c: 110: 0 (Debug) Leaky bucket timediff: 0, bucketup: 1552, bucketdown: 8723, up: 66, down: 0 ...
- Errors received when coova-chilli running in debug mode
- Web browsing seems fine, but can this affect binary file downloads? ..Downloaded a 5MB quicktime video, which did not seem affected..
phpMyPrepaid
Monitoring bandwidth usage
- phpMyPrepaid does not seem to be accurately measuring bandwidth usage. After downloading a 5MB file, phpMyPrepaid reports usage of 0.92 Mo (phpMyPrepaid addresses in octets)...
- Reason: phpMyPrepaid configuration has the RADIUS Download/Upload database values switched.
- Solution: Fix this value in config.inc.php in the include directory of the phpMyPrepaid www folder.
Unknown attribute "Max-All-Session"
- When logging in from client using time-based account created using phpMyPrepaid, freeradius server gives the following error and rejects this user:
... radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'odiznn' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'odiznn' ORDER BY id rlm_sql: Failed to create the pair: Unknown attribute "Max-All-Session" rlm_sql (sql): Error getting data from database rlm_sql (sql): SQL query error; rejecting user ...
- Only seems to happen with this type of account..
- Reason: Attribute Max-All-Session needs to defined an sql module in radiusd.conf (the freeradius configuration file).
- Solution: See http://wiki.freeradius.org/Rlm_sqlcounter. Add the sql module as described on this page.
Installation Problems: PHP not executing
phpMyPrepaid uses shorthand PHP tags: <? instead of <?php. Shorthand open tags need to be enabled in the php.ini file (/etc/php5/apache2/php.ini on Ubuntu).
Webmin
Webmin HTML frame issues
- Does not operate within HTML frames. Re-directs to its own url as soon as it detects that it is within a frame.
- Solution: Comment out the following: (/* at begin and */ at end of the code below) in /usr/share/webmin/session_login.cgi and /usr/share/webmin/pam_login.cgi ).
if (window != window.top) { window.top.location = window.location; } </script>