Antoine's Research
TESTBED
2x Inveneo (CSIR's) 2x Linksys WRT54GL (Antoine's) 8x Meraki routers (CSIR's) 2x Accton routers (Antoine's)
PREPARE DEVELOPMENT ENVIRONMENT
1. Check out sources
- Check out meraka trunk
TODO - we need a name for this code so that we can create a public source repo for it!
- One of:
- Check out: OpenWRT Kamikaze
$ cd ~ $ svn checkout https://svn.openwrt.org/openwrt/trunk/ kamikaze/ $ cd kamikaze/ $ ./scripts/feeds update -a # Checkout the extra packages $ ./scripts/feeds install <name_1> <name_2> # Creates the symlinks for the packages you like to install $ make menuconfig # Select your target, packages and other options. Only select the packages you need. $ make world
- Symink to existing OpenWRT
TODO
- Do: Check out SVN version of coova-chilli
cd package ; svn co http://dev.coova.org/svn/coova-ap/packages/kamikaze/coova-chilli ; cd ..
2. Configure OpenWRT
- Read:
http://wiki.openwrt.org/OpenWrtDocs/Packages
- Run:
./scripts/feeds install libnetsnmp
- Select packages:
Base->pthread Administration->meraka-widgets libnetsnmp coova-chilli ./scripts/feeds install batmand ./scripts/feeds install batmand-adv
- Edit: package/opkg/files/opkg.conf
src packages http://l-cube.artifactual.org.za/~antoine/firmware/packages/mipsel
3. Build Everything
- Run:
make TODO
INSTALLATION AND CONFIGURATION FOR LINKSYS WRT54G(L)
0. prepare router
- Handy:
nvram set boot_wait=on nvram commit wget http://l-cube.artifactual.org.za/~antoine/firmware/openwrt-brcm-2.4-squashfs.trx -O - | mtd -e linux -r write - linux opkg update opkg install snmpd ; ln -s ../init.d/snmpd S70snmpd
1. flash router
- Run:
wget http://l-cube.artifactual.org.za/~antoine/firmware/openwrt-brcm-2.4-squashfs.trx -O - | mtd -e linux -r write - linux
2.a. configure portal interface (when using wireless port for dev - DEPRECATE)
uci delete network.lan.type uci set wireless.cfg03c014.network=wifi
- Append: /etc/config/network
config 'interface' 'wifi' option 'ifname' 'wl0'
- Run:
uci set dhcp.lan.ignore=1 uci set wireless.wl0.disabled=0 uci set network.wifi.ifname=wl0 uci set network.wifi.proto=static uci set network.wifi.ipaddr=0.0.0.0 uci commit reboot
- Test:
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -I POSTROUTING -t nat -o eth0.0 -j MASQUERADE
- Append: TODO
echo "echo 1 > /proc/sys/net/ipv4/ip_forward" >> ??? echo "iptables -I POSTROUTING -t nat -o eth0.0 -j MASQUERADE" >> ???
2.b. Configure router for B.A.T.M.A.N. (using lan port for dev)
- Read:
https://dev.open-mesh.net/svn/batman/trunk/batman-adv-kernelland/batman-core/README http://open-mesh.net/batman/doc/RoutingVodoo http://www.blogin.it/check-batman.html http://trac2.assembla.com/nightwing/browser/trunk/etc/config/batman http://trac2.assembla.com/nightwing/browser/trunk/etc/config/batman_mode
- Run: (configure LAN interface)
uci delete network.lan.type uci delete network.lan.gateway uci delete network.lan.dns uci set network.lan.ipaddr=192.168.1.1 uci commit
- Run: (temmporarily disable firewall so we can get in to the WAN interface from my own lan side)
iptables --flush
- Run: (OPTIONAL: configure WAN interface for a gateway mesh-node)
uci set network.wan.proto=static uci set network.wan.ipaddr=192.168.20.200 uci set network.wan.netmask=255.255.255.0 uci set network.wan.dns=192.168.20.5 uci set network.wan.gateway=192.168.20.1 uci commit
- Run: (bring up WIFI interface)
uci set network.wifi=interface uci set network.wifi.ifname=wl0 uci set wireless.wl0.disabled=0 uci set wireless.wl0.channel=5 uci set wireless.cfg03c014.network=wifi uci set wireless.cfg03c014.mode=adhoc # TODO - wtf is it with the numbers ? uci set wireless.cfg03c014.ssid=batman uci commit reboot
- Append: /etc/opkg.conf (for some reason libpthread has gone missing from master)
src packages http://l-cube.artifactual.org.za/~antoine/firmware/packages/mipsel
- One of:
- Run: (install BATMAN)
opkg update opkg install kmod-batgat # gateway only opkg install batmand batmand-adv # TODO - how do we get the stable branch to install ?
- Run:
http://downloads.open-mesh.net/batman/stable/mipsel-kamikaze/batmand_0.3-current_mipsel-kk-elf-32-lsb-static.tgz
- Test: (on gateway mesh-node)
# ifconfig wl0 10.0.10.1 netmask 255.255.0.0 # insmod batgat # /etc/init.d/firewall stop # iptables --flush # iptables -t nat --flush # iptables -I FORWARD -j ACCEPT # iptables -t nat -A POSTROUTING -o eth0.1 -j MASQUERADE # batmand -g 100mbit -d 3 wl0 iptables -t nat -A POSTROUTING -o eth0.1 -j MASQUERADE batmand -g 100mbit wl0
- Test: (on normal mesh-node)
# ifconfig wl0 10.0.11.1 netmask 255.255.0.0 # /etc/init.d/firewall stop (rm /etc/rc.d/S45firewall) # iptables --flush # iptables -t nat --flush # iptables -I FORWARD -j ACCEPT # iptables -t nat -A POSTROUTING --source 192.168.0.0/24 -o gate0 -j MASQUERADE # batmand -r 3 -d 3 wl0 iptables -t nat -A POSTROUTING --source 192.168.0.0/24 -o gate0 -j MASQUERADE batmand -r 3 wl0 ifconfig eth0.0 0.0.0.0 # for portal /etc/init.d/chilli start # for portal
- Configure: (gateway mesh-node)
rm /etc/rc.d/S45firewall uci set network.wifi.proto=static uci set network.wifi.ipaddr=10.0.10.1 uci set network.wifi.netmask=255.255.0.0
- Configure: (normal mesh-node)
rm /etc/rc.d/S45firewall uci set network.wifi.proto=static uci set network.wifi.ipaddr=10.0.11.1 uci set network.wifi.netmask=255.255.0.0 uci set network.lan.dns=192.168.20.5 # TODO - LOSE
3. configure portal (coova-chilli)
- Read:
!!! http://hotcakes.wiki.sourceforge.net/Coova+Chilli+JSON+Interface !!! https://help.ubuntu.com/community/WifiDocs/CoovaChilli http://daloradius.wiki.sourceforge.net/Chillispot+Integration http://coova.org/wiki/index.php/CoovaChilli/JSON http://coova.org/wordpress/index.php/2007/08/15/any-page-a-login-page/
- Run:
opkg update opkg install kmod-tun opkg install http://l-cube.artifactual.org.za/~antoine/firmware/packages/mipsel/coova-chilli_1.0.12-1_mipsel.ipk
- AUTO * Edit: /etc/chilli/defaults
HS_WANIF=eth0.0 (gate0 for batman) HS_LANIF=wl0 (eth0.0 for batman) (HS_NETWORK=192.168.0.1/24 for batman) (HS_UAMLISTEN=192.168.0.1 for batman) HS_DNS1=10.1.0.1 (192.168.20.5) HS_RADIUS=192.168.20.225 HS_RADIUS2=192.168.20.225 HS_ADMUSR=chillispot HS_ADMPWD=thechillispotsecret HS_RADSECRET=theradiussecret HS_UAMSECRET=theuamsecret HS_UAMALLOW=10.1.0.0/24,192.168.20.0/24 (192.168.0.0/24, 192.168.20.0/24) HS_UAMSERVER=10.1.0.1 (192.168.0.1) HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html # redirects to HS_UAMFORMAT HS_UAMFORMAT=http://\$HS_UAMSERVER:\$HS_UAMPORT/www/index.html # does JSON login HS_UAMSERVICE=http://192.168.20.225/cgi-bin/uam.pl # Generates pap-password - Needs perl
- AUTO * Edit: meraka-portal/files/www/cgi-bin/uam.pl
$uamsecret = "theaumsecret";
- AUTO * Edit: /etc/chilli/www/ChilliLibrary.js:296
var logonUrl = chilliController.urlRoot() + 'logon?username=' + escape(username) + '&response=' + resp.response;
- Do on node:
scp -r antoine@l-cube.artifactual.org.za:~/Projects/meraka/trunk/package/meraka-portal/files/* /
- Do on dashboard-server:
scp -r antoine@l-cube.artifactual.org.za:~/Projects/meraka/trunk/package/meraka-portal/files/www/cgi-bin/* /usr/lib/cgi-bin
- Test:
reboot #echo 1 > /proc/sys/net/ipv4/ip_forward #iptables -I POSTROUTING -t nat -o eth0.0 -j MASQUERADE ifconfig eth0.0 0.0.0.0 # (BATMAN) /etc/init.d/chilli start http://192.168.0.1:3990/json/status?lang=en
- Run:
/etc/rc.d ; ln -s ../init.d/chilli S70chilli
== 3b. Integrate coova-chilli + B.A.T.M.A.N.
- Do:
uci set network.lan.ipaddr=0.0.0.0 uci set network.wifi.proto=static uci set network.wifi.ipaddr=10.0.11.1 uci set network.wifi.netmask=255.255.0.0 uci commit
4. install meraka-*
- Run:
make package/meraka-widgets-compile V=99 make package/index # scp ./build_dir/mipsel/meraka-widgets-0.1/village-bus-* root@192.168.20.200:/www/cgi-bin/ opkg remove meraka-widgets opkg install http://l-cube.artifactual.org.za/~antoine/firmware/packages/mipsel/meraka-widgets_0.1-1_mipsel.ipk clear;opkg remove meraka-widgets;opkg install http://l-cube.artifactual.org.za/~antoine/firmware/packages/mipsel/meraka-widgets_0.1-1_mipsel.ipk
INSTALLATION AND CONFIGURATION FOR MERAKI
0. FLASHING MERAKI
- Useful:
screwdriver soldering iron A max232 and a handful of capacitors hammer (sledge)
- Read:
http://sodoityourself.com/max232-serial-level-converter http://www.nslu2-linux.org/wiki/HowTo/TelnetIntoRedBoot http://wiki.openwrt.org/OpenWrtDocs/Hardware/Meraki/Mini
INSTALLATION AND CONFIGURATION FOR GATEWAY SERVER (Inveneo)
0. Get OS install image onto a USB Stick
- xubuntu:
. unetbootin . root (hd1,0) . kernel /casper/vmlinuz file=preseed/xubuntu.seed boot=casper . initrd /casper/initrd.gz . boot
- Puppy:
. kernel /vmlinuz . initrd /initrd.gz . boot
1. Depends
- Starting with xubuntu-8.10-rc desktop edition
apt-get install ssh (for openssh-server) apt-get install rrdtool snmp (needed for: phpMyPrepaid) apt-get install mysql-server mysql-client mysql-common (needed for: phpMyPrepaid) apt-get install apache2 (needed for: phpMyPrepaid) apt-get install php5 php5-snmp php5-gd php5-mysql (needed for: phpMyPrepaid) apt-get install freeradius freeradius-mysql apt-get install dnsmasq (for dns/dhcp and tftp) wget http://ap.coova.org/chilli/coova-chilli_1.0.12-1_i386.deb dpkg -i ./coova-chilli_1.0.12-1_i386.deb
- Without php-myprepaid
apt-get install freeradius
2. Configure Billing
- Read: man rlm_counter
http://projects.asn.pl/freemods/wiki/rlm_backcounter http://www.warungdigital.com/freeradius-disconnected-user-when-time-limit-exceed.htm
- Edit: /etc/freeradius/modules/counter
# check-name sets the maximum value of the counter & read from user db # count-attribute sets the counter increment counter prepaid { filename = ${db_dir}/db.prepaid counter-name = Prepaid-Session-Time check-name = Max-Prepaid-Session count-attribute = Acct-Session-Time key = User-Name reset = never reply-name = Session-Timeout cache-size = 1000 }
- Edit: /etc/freeradius/radiusd.conf
line 709 uncomment: daily line 710 add: prepaid
- Edit: /etc/freeradius/sites-enabled/default
line 166: uncomment daily line 167: add prepaid line 320: uncomment daily line 321: add prepaid
- Edit: /etc/freeradius/users.chilli -> Add to prepaid users:
Max-Prepaid-Session=360
3. Customer Management - dashboard server
- Read:
!!! http://wiki.freeradius.org/Status http://wiki.freeradius.org/SNMP_HOWTO http://www.w3.org/TR/css3-layout/
- Do:
ln -s /etc/freeradius/sites-available/status /etc/freeradius/sites-enabled/status
- Status:
echo "Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 31" | radclient localhost:18120 status adminsecret /var/log/freeradius/radutmp, /var/log/freeradius/radwtmp radwho, radlast
4a. configure flatfile authentication (freeradius - running on dashboard server -> ubuntu JEOS)
- Read:
!!! http://coova.org/wiki/index.php/CoovaChilli/RADIUS http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#How_do_I_get_radius_to_pick_up_changes_in_the_raddb.2Fusers_file.3F
- Run:
apt-get install freeradius
- Edit: /etc/freeradius/radiusd.conf:113
pidfile = /var/run/freeradius/freeradius.pid
- Edit: /etc/freeradius/clients.conf
client 192.168.20.0/24 { secret = theradiussecret shortname = meshportal #nastype = other }
- Edit: /etc/freeradius/users
$INCLUDE users.chilli DEFAULT Auth-Type := Reject Reply-Message = "Login attempt failed.", Fall-Through = No
- Create: /etc/freeradius/users.chilli
chillispot ClearText-Password := "thechillispotsecret" joe ClearText-Password := "smith" guest ClearText-Password := "guest" Session-Timeout = 300, Idle-Timeout = 60, WISPr-Bandwidth-Max-Up = 64000, WISPr-Bandwidth-Max-Down = 32000 prepaid ClearText-Password := "prepaid", Max-Prepaid-Session := 3600 Reply-Message := "%{Session-Timeout} left %{User-Name}."
- Test:
radiusd -X radtest chillispot chillispot 192.168.20.225 10 theradiussecret /etc/init.d/freeradius start kill -1 `cat /var/run/freeradius/freeradius.pid`
- Edit: /etc/group (Permissions)
freerad:x:124:www-data
- Run: (Permissions)
chmod -R g+w /etc/freeradius
- Run:
copy over our custom radius users files&dir
4b. configure mysql authentication (freeradius - running on dashboard server -> ubuntu JEOS)
- Install:
apt-get install libmysqlclient-dev
- Edit: /etc/freeradius/users (disable flat file user entries)
. comment out users.chilli include and DEFAULT rule
- Edit: /etc/freeradius/sql.conf
database = "mysql" server = "localhost" login = "radius" password = "radpass" radius_db = "radius"
- Edit: /etc/freeradius/sites-enabled/default
authorize:152 -> sql accounting:344 -> sql session:369 -> sql post-auth:396 -> sql
- Edit: village-bus-radius/Makefile
.set correct mysql username and password
- Run: (create radius tables for mysql)
make mysql
- Run: (populate radius tables for mysql with defaults & test data)
make mysql-populate