Antoine's Research

From WirelessAfrica
Revision as of 12:01, 13 November 2008 by Antoine (talk | contribs)



TESTBED

Test Bed

 2x Inveneo          (CSIR's)
 2x Linksys WRT54GL  (Antoine's)
 8x Meraki routers   (CSIR's)
 2x Accton routers   (Antoine's)


PREPARE DEVELOPMENT ENVIRONMENT

1. Check out sources

  • Check out meraka trunk
 TODO - we need a name for this code so that we can create a public source repo for it!
  • One of:
    • Check out: OpenWRT Kamikaze
 $ cd ~
 $ svn checkout https://svn.openwrt.org/openwrt/trunk/ kamikaze/
 $ cd kamikaze/
 $ ./scripts/feeds update -a                 # Checkout the extra packages
 $ ./scripts/feeds install <name_1> <name_2> # Creates the symlinks for the packages you like to install
 $ make menuconfig                           # Select your target, packages and other options. Only select the packages you need.
 $ make world
    • Symink to existing OpenWRT
 TODO
  • Do: Check out SVN version of coova-chilli
 cd package ; svn co http://dev.coova.org/svn/coova-ap/packages/kamikaze/coova-chilli ; cd ..

2. Configure OpenWRT

  • Read:
 http://wiki.openwrt.org/OpenWrtDocs/Packages
  • Run:
 ./scripts/feeds install libnetsnmp
  • Select packages:
 Base->pthread
 Administration->meraka-widgets
 libnetsnmp
 coova-chilli
 ./scripts/feeds install batmand
 ./scripts/feeds install batmand-adv
  • Edit: package/opkg/files/opkg.conf
 src packages http://l-cube.artifactual.org.za/~antoine/firmware/packages/mipsel

3. Build Everything

  • Run:
 make
 TODO


INSTALLATION AND CONFIGURATION FOR LINKSYS WRT54G(L)

0. prepare router

  • Handy:
 nvram set boot_wait=on
 nvram commit
 wget http://l-cube.artifactual.org.za/~antoine/firmware/openwrt-brcm-2.4-squashfs.trx -O - | mtd -e linux -r write - linux
 opkg update
 opkg install snmpd ; ln -s ../init.d/snmpd S70snmpd

1. flash router

  • Run:
 wget http://l-cube.artifactual.org.za/~antoine/firmware/openwrt-brcm-2.4-squashfs.trx -O - | mtd -e linux -r write - linux

2.a. configure portal interface (when using wireless port for dev - DEPRECATE)

 uci delete network.lan.type
 uci set wireless.cfg03c014.network=wifi
  • Append: /etc/config/network
 config 'interface' 'wifi'
         option 'ifname' 'wl0'
  • Run:
 uci set dhcp.lan.ignore=1
 uci set wireless.wl0.disabled=0 
 uci set network.wifi.ifname=wl0
 uci set network.wifi.proto=static
 uci set network.wifi.ipaddr=0.0.0.0
 uci commit
 reboot
  • Test:
 echo 1 > /proc/sys/net/ipv4/ip_forward
 iptables -I POSTROUTING -t nat -o eth0.0 -j MASQUERADE
  • Append: TODO
 echo "echo 1 > /proc/sys/net/ipv4/ip_forward" >> ???
 echo "iptables -I POSTROUTING -t nat -o eth0.0 -j MASQUERADE" >> ???

2.b. Configure router for B.A.T.M.A.N. (using lan port for dev)

  • Read:
 https://dev.open-mesh.net/svn/batman/trunk/batman-adv-kernelland/batman-core/README
 http://open-mesh.net/batman/doc/RoutingVodoo
 http://www.blogin.it/check-batman.html
 http://trac2.assembla.com/nightwing/browser/trunk/etc/config/batman
 http://trac2.assembla.com/nightwing/browser/trunk/etc/config/batman_mode
  • Run: (configure LAN interface)
 uci delete network.lan.type
 uci delete network.lan.gateway
 uci delete network.lan.dns
 uci set network.lan.ipaddr=192.168.1.1
 uci commit
  • Run: (temmporarily disable firewall so we can get in to the WAN interface from my own lan side)
 iptables --flush
  • Run: (OPTIONAL: configure WAN interface for a gateway mesh-node)
 uci set network.wan.proto=static
 uci set network.wan.ipaddr=192.168.20.200
 uci set network.wan.netmask=255.255.255.0
 uci set network.wan.dns=192.168.20.5
 uci set network.wan.gateway=192.168.20.1
 uci commit
  • Run: (bring up WIFI interface)
 uci set network.wifi=interface
 uci set network.wifi.ifname=wl0
 uci set wireless.wl0.disabled=0
 uci set wireless.wl0.channel=5
 uci set wireless.cfg03c014.network=wifi
 uci set wireless.cfg03c014.mode=adhoc              # TODO - wtf is it with the numbers ?
 uci set wireless.cfg03c014.ssid=batman
 uci commit 
 reboot
  • Append: /etc/opkg.conf (for some reason libpthread has gone missing from master)
 src packages http://l-cube.artifactual.org.za/~antoine/firmware/packages/mipsel
  • One of:
    • Run: (install BATMAN)
 opkg update
 opkg install kmod-batgat                           # gateway only
 opkg install batmand batmand-adv                   # TODO - how do we get the stable branch to install ?
    • Run:
 http://downloads.open-mesh.net/batman/stable/mipsel-kamikaze/batmand_0.3-current_mipsel-kk-elf-32-lsb-static.tgz
  • Test: (on gateway mesh-node)
 # ifconfig wl0 10.0.10.1 netmask 255.255.0.0
 # insmod batgat
 # /etc/init.d/firewall stop
 # iptables --flush
 # iptables -t nat --flush
 # iptables -I FORWARD -j ACCEPT
 # iptables -t nat -A POSTROUTING -o eth0.1 -j MASQUERADE
 # batmand -g 100mbit -d 3 wl0
 iptables -t nat -A POSTROUTING -o eth0.1 -j MASQUERADE
 batmand -g 100mbit wl0
  • Test: (on normal mesh-node)
 # ifconfig wl0 10.0.11.1 netmask 255.255.0.0
 # /etc/init.d/firewall stop        (rm /etc/rc.d/S45firewall)
 # iptables --flush
 # iptables -t nat --flush
 # iptables -I FORWARD -j ACCEPT
 # iptables -t nat -A POSTROUTING --source 192.168.0.0/24 -o gate0 -j MASQUERADE
 # batmand -r 3 -d 3 wl0
 iptables -t nat -A POSTROUTING --source 192.168.0.0/24 -o gate0 -j MASQUERADE
 batmand -r 3 wl0
 ifconfig eth0.0 0.0.0.0    # for portal
 /etc/init.d/chilli start   # for portal
  • Configure: (gateway mesh-node)
 rm /etc/rc.d/S45firewall
 uci set network.wifi.proto=static
 uci set network.wifi.ipaddr=10.0.10.1
 uci set network.wifi.netmask=255.255.0.0
  • Configure: (normal mesh-node)
 rm /etc/rc.d/S45firewall
 uci set network.wifi.proto=static
 uci set network.wifi.ipaddr=10.0.11.1
 uci set network.wifi.netmask=255.255.0.0
 uci set network.lan.dns=192.168.20.5             # TODO - LOSE

3. configure portal (coova-chilli)

  • Read:
 !!! http://hotcakes.wiki.sourceforge.net/Coova+Chilli+JSON+Interface
 !!! https://help.ubuntu.com/community/WifiDocs/CoovaChilli
 http://daloradius.wiki.sourceforge.net/Chillispot+Integration
 http://coova.org/wiki/index.php/CoovaChilli/JSON
 http://coova.org/wordpress/index.php/2007/08/15/any-page-a-login-page/
  • Run:
 opkg update
 opkg install kmod-tun
 opkg install http://l-cube.artifactual.org.za/~antoine/firmware/packages/mipsel/coova-chilli_1.0.12-1_mipsel.ipk
  • AUTO * Edit: /etc/chilli/defaults
 HS_WANIF=eth0.0    (gate0  for batman)
 HS_LANIF=wl0       (eth0.0 for batman)
 (HS_NETWORK=192.168.0.1/24 for batman)
 (HS_UAMLISTEN=192.168.0.1  for batman)
 HS_DNS1=10.1.0.1   (192.168.20.5)
 HS_RADIUS=192.168.20.225                           
 HS_RADIUS2=192.168.20.225    
 HS_ADMUSR=chillispot
 HS_ADMPWD=thechillispotsecret                      
 HS_RADSECRET=theradiussecret 
 HS_UAMSECRET=theuamsecret    
 HS_UAMALLOW=10.1.0.0/24,192.168.20.0/24   (192.168.0.0/24, 192.168.20.0/24)
 HS_UAMSERVER=10.1.0.1                     (192.168.0.1)
 HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html  # redirects to HS_UAMFORMAT
 HS_UAMFORMAT=http://\$HS_UAMSERVER:\$HS_UAMPORT/www/index.html    # does JSON login
 HS_UAMSERVICE=http://192.168.20.225/cgi-bin/uam.pl                # Generates pap-password - Needs perl
  • AUTO * Edit: meraka-portal/files/www/cgi-bin/uam.pl
 $uamsecret = "theaumsecret";
  • AUTO * Edit: /etc/chilli/www/ChilliLibrary.js:296
 var logonUrl = chilliController.urlRoot() + 'logon?username=' + escape(username) + '&response='  + resp.response;
  • Do on node:
 scp -r antoine@l-cube.artifactual.org.za:~/Projects/meraka/trunk/package/meraka-portal/files/* /
  • Do on dashboard-server:
 scp -r antoine@l-cube.artifactual.org.za:~/Projects/meraka/trunk/package/meraka-portal/files/www/cgi-bin/* /usr/lib/cgi-bin
  • Test:
 reboot
 #echo 1 > /proc/sys/net/ipv4/ip_forward
 #iptables -I POSTROUTING -t nat -o eth0.0 -j MASQUERADE
 ifconfig eth0.0 0.0.0.0 # (BATMAN)
 /etc/init.d/chilli start
 http://192.168.0.1:3990/json/status?lang=en
  • Run:
  /etc/rc.d ; ln -s ../init.d/chilli S70chilli

== 3b. Integrate coova-chilli + B.A.T.M.A.N.

  • Do:
 uci set network.lan.ipaddr=0.0.0.0
 uci set network.wifi.proto=static
 uci set network.wifi.ipaddr=10.0.11.1
 uci set network.wifi.netmask=255.255.0.0
 uci commit

4. install meraka-*

  • Run:
  make package/meraka-widgets-compile V=99
  make package/index
  # scp ./build_dir/mipsel/meraka-widgets-0.1/village-bus-* root@192.168.20.200:/www/cgi-bin/
 opkg remove meraka-widgets  
 opkg install http://l-cube.artifactual.org.za/~antoine/firmware/packages/mipsel/meraka-widgets_0.1-1_mipsel.ipk   
 clear;opkg remove meraka-widgets;opkg install http://l-cube.artifactual.org.za/~antoine/firmware/packages/mipsel/meraka-widgets_0.1-1_mipsel.ipk


INSTALLATION AND CONFIGURATION FOR MERAKI

0. FLASHING MERAKI

  • Useful:
 screwdriver
 soldering iron
 A max232 and a handful of capacitors
 hammer (sledge)
  • Read:
 http://sodoityourself.com/max232-serial-level-converter
 http://www.nslu2-linux.org/wiki/HowTo/TelnetIntoRedBoot
 http://wiki.openwrt.org/OpenWrtDocs/Hardware/Meraki/Mini


INSTALLATION AND CONFIGURATION FOR GATEWAY SERVER (Inveneo)

0. Get OS install image onto a USB Stick

  • xubuntu:
 . unetbootin
 . root (hd1,0)
 . kernel /casper/vmlinuz file=preseed/xubuntu.seed boot=casper
 . initrd /casper/initrd.gz
 . boot
  • Puppy:
 . kernel /vmlinuz
 . initrd /initrd.gz
 . boot

1. Depends

  • Starting with xubuntu-8.10-rc desktop edition
 apt-get install ssh                                      (for openssh-server)
 apt-get install rrdtool snmp                             (needed for: phpMyPrepaid)
 apt-get install mysql-server mysql-client mysql-common   (needed for: phpMyPrepaid)
 apt-get install apache2                                  (needed for: phpMyPrepaid)
 apt-get install php5 php5-snmp php5-gd php5-mysql        (needed for: phpMyPrepaid)
 apt-get install freeradius freeradius-mysql
 apt-get install dnsmasq                                  (for dns/dhcp and tftp)
 wget http://ap.coova.org/chilli/coova-chilli_1.0.12-1_i386.deb
 dpkg -i ./coova-chilli_1.0.12-1_i386.deb 
  • Without php-myprepaid
 apt-get install freeradius


2. Configure Billing

  • Read: man rlm_counter
       http://projects.asn.pl/freemods/wiki/rlm_backcounter
       http://www.warungdigital.com/freeradius-disconnected-user-when-time-limit-exceed.htm
  • Edit: /etc/freeradius/modules/counter
 # check-name sets the maximum value of the counter & read from user db
 # count-attribute sets the counter increment
 counter prepaid {
         filename = ${db_dir}/db.prepaid
         counter-name = Prepaid-Session-Time
         check-name = Max-Prepaid-Session
         count-attribute = Acct-Session-Time
         key = User-Name
         reset = never
         reply-name = Session-Timeout
         cache-size = 1000
 }
  • Edit: /etc/freeradius/radiusd.conf
 line 709 uncomment: daily
 line 710 add:       prepaid
  • Edit: /etc/freeradius/sites-enabled/default
 line 166: uncomment daily
 line 167: add prepaid
 line 320: uncomment daily
 line 321: add prepaid
  • Edit: /etc/freeradius/users.chilli -> Add to prepaid users:
 Max-Prepaid-Session=360


3. Customer Management - dashboard server

  • Read:
 !!! http://wiki.freeradius.org/Status
 http://wiki.freeradius.org/SNMP_HOWTO
 http://www.w3.org/TR/css3-layout/
  • Do:
 ln -s /etc/freeradius/sites-available/status /etc/freeradius/sites-enabled/status
  • Status:
 echo "Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 31" | radclient localhost:18120 status adminsecret
 /var/log/freeradius/radutmp,   /var/log/freeradius/radwtmp
 radwho, radlast


4a. configure flatfile authentication (freeradius - running on dashboard server -> ubuntu JEOS)

  • Read:
 !!! http://coova.org/wiki/index.php/CoovaChilli/RADIUS
 http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#How_do_I_get_radius_to_pick_up_changes_in_the_raddb.2Fusers_file.3F
  • Run:
 apt-get install freeradius
  • Edit: /etc/freeradius/radiusd.conf:113
 pidfile = /var/run/freeradius/freeradius.pid
  • Edit: /etc/freeradius/clients.conf
 client 192.168.20.0/24 {
   secret     = theradiussecret
   shortname  = meshportal
   #nastype    = other
 }
  • Edit: /etc/freeradius/users
 $INCLUDE users.chilli
 DEFAULT Auth-Type := Reject
         Reply-Message = "Login attempt failed.",
         Fall-Through = No
  • Create: /etc/freeradius/users.chilli
 chillispot     ClearText-Password := "thechillispotsecret"
 joe            ClearText-Password := "smith"
 guest          ClearText-Password := "guest"
                Session-Timeout = 300,
                Idle-Timeout = 60,
                WISPr-Bandwidth-Max-Up = 64000,
                WISPr-Bandwidth-Max-Down = 32000
 prepaid        ClearText-Password := "prepaid", Max-Prepaid-Session := 3600
                Reply-Message := "%{Session-Timeout} left %{User-Name}."
  • Test:
 radiusd -X
 radtest chillispot chillispot 192.168.20.225 10 theradiussecret
 /etc/init.d/freeradius start
 kill -1 `cat /var/run/freeradius/freeradius.pid`
  • Edit: /etc/group (Permissions)
 freerad:x:124:www-data
  • Run: (Permissions)
 chmod -R g+w /etc/freeradius
  • Run:
 copy over our custom radius users files&dir


4b. configure mysql authentication (freeradius - running on dashboard server -> ubuntu JEOS)

  • Install:
 apt-get install libmysqlclient-dev
  • Edit: /etc/freeradius/users (disable flat file user entries)
 . comment out users.chilli include and DEFAULT rule
  • Edit: /etc/freeradius/sql.conf
 database = "mysql"
 server = "localhost"
 login = "radius"
 password = "radpass"
 radius_db = "radius"
  • Edit: /etc/freeradius/sites-enabled/default
 authorize:152 -> sql
 accounting:344 -> sql
 session:369 -> sql
 post-auth:396 -> sql
  • Edit: village-bus-radius/Makefile
 .set correct mysql username and password
  • Run: (create radius tables for mysql)
 make mysql
  • Run: (populate radius tables for mysql with defaults & test data)
 make mysql-populate