Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- f11:technik:raspberrypi:hotspotdm3kb:raspbcoovai [2014/12/05 08:00]
dm3kb angelegt
+++ f11:technik:raspberrypi:hotspotdm3kb:raspbcoovai [2019/09/29 12:03] (aktuell)
@@ Zeile 1: / Zeile 1: @@
+Install Coova-Chilly from the deb file (Coova Chilli Debian pakage)
+[[f11:technik:raspberrypi:hotspotdm3kb:raspbcoovac|compiled]] previoisly .\\
+\\
+Use dpkg -i to install the package, after choosing default (keep current installed version) the error message is O.K. as coova-chilli is not \\ properly configured yet.\\
+\\
+<code>
+root@raspberrypi:/usr/src# dpkg -i coova-chilli_1.3.0_armhf.deb
+Selecting previously unselected package coova-chilli.
+(Reading database ... 73892 files and directories currently installed.)
+Unpacking coova-chilli (from coova-chilli_1.3.0_armhf.deb) ...
+Setting up coova-chilli (1.3.0) ...
+Configuration file `/etc/init.d/chilli'
+ ==> File on system created by you or by a script.
+ ==> File also in package provided by package maintainer.
+   What would you like to do about it ?  Your options are:
+    Y or I  : install the package maintainer's version
+    N or O  : keep your currently-installed version
+      D     : show the differences between the versions
+      Z     : start a shell to examine the situation
+ The default action is to keep your current version.
+*** chilli (Y/I/N/O/D/Z) [default=N] ? N
+Starting chilli: SIOCSIFADDR: No such device
+eth1: ERROR while getting interface flags: No such device
+</code>
+**Note:** The error above is accepeted as the configuration is not valid at this time, you can ignore the message\\
+==Configure Coova-Chilli==
+CoovaChilly needs some configuration in the file: /etc/default/chilli
+<code>
+root@raspberrypi:/usr/src# vi /etc/default/chilli
+</code>
+Change first line from 0 to 1 to force start of chilli:\\
+<code>
+START_CHILLI=1
+CONFFILE="/etc/chilli.conf"
+HS_USER="chilli"
+</code>
+==Delete automatic generated main configuration file==
+<code>
+rm /etc/chilli/main.conf
+</code>
+==Edit Coova-Chilli main configuration file==
+<code>
+vi /etc/chilli/defaults
+</code>
+Change the settings like below.\\
+\\
+**NOTE: the settings in the first block need to match the settings done in "/etc/network/interface" file!!!**
+<code>
+HS_WANIF=wlan0            # WAN Interface toward the Internet
+HS_LANIF=eth0              # Subscriber Interface for client devices
+HS_NETWORK=10.1.0.0        # HotSpot Network (must include HS_UAMLISTEN)
+HS_NETMASK=255.255.255.0   # HotSpot Network Netmask
+HS_UAMLISTEN=10.1.1.1      # HotSpot IP Address (on subscriber network)
+HS_UAMPORT=3990            # HotSpot UAM Port (on subscriber network)
+HS_UAMUIPORT=4990          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
+HS_COAPORT=3779            # CoovaChilli Port for forced disconnect
+# OpenDNS Servers
+HS_DNS1=192.168.2.1
+HS_DNS2=8.8.8.8
+#HS_DNS1=208.67.222.222
+#HS_DNS2=208.67.220.220
+###
+#   HotSpot settings for simple Captive Portal
+#
+HS_NASID=nas01
+HS_RADIUS=localhost
+HS_RADIUS2=localhost
+HS_UAMALLOW=10.1.1.0/24
+HS_RADSECRET=Raspi            # Set to be your RADIUS shared secret
+HS_UAMSECRET=change-me123     # Set to be your UAM secret, secures the communication between coova-chilli and miniportal
+HS_UAMALIASNAME=chilli
+HS_LOC_NAME="Your-Hotspot"    # WISPr Location Name and used in portal
+</code>
+==Firewall Set-Up==
+\\
+CoovaChilli is preconfigured but needs adaption in file:  /etc/chilli/up.sh\\
+<code>
+root@raspberrypi# vi /etc/chilli/up.sh
+</code>
+Modify the End of the file to match the output below:\\
+<code>
+<SNIP>
+        [ "$HS_LOCAL_DNS" = "on" ] && \
+            ipt -I PREROUTING -t nat -i $TUNTAP -p udp --dport 53 -j DNAT --to-destination $ADDR
+    fi
+fi
+    # log new connections from TUN Interface (New, not in original script!!!!)
+    ipt -I FORWARD -i $TUNTAP  -o $HS_WANIF -m state --state NEW -j LOG --log-prefix='[ChillyNCon]'
+# site specific stuff optional
+[ -e /etc/chilli/ipup.sh ] && . /etc/chilli/ipup.shA
+# End of Original Script!!!!
+######################################
+# Masquerade for Coova-Chilli, minimum to add for an operating Coova-Chilly
+iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
+# Accept HTTPS only from local IP4 Network
+iptables -A INPUT -i $HS_WANIF -p tcp -s 192.168.6.0/24 --dport 443 -m state NEW,ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o $HS_WANIF -p tcp --sport 443 -m state ESTABLISHED -j ACCEPT
+# Accept SSH only from local IP4 Network
+iptables -A INPUT -i $HS_WANIF -p tcp -s 192.168.6.0/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o $HS_WANIF -p tcp --sport 22 -m state ESTABLISHED -j ACCEPT
+</code>
+Note: Ensure that "**LOG --log-prefix='[ChillyNCon]'**" is matching the one configured in: \\
+[[f11:technik:raspberrypi:hotspotdm3kb:raspbchlang#Syslog Config|Syslog Config]]
+Haserl Set-Up\\
+\\
+Set Haserl path  for Coova-Chilly in file: /etc/chilli/wwwsh\\
+<code>
+root@raspberrypi# vi /etc/chilli/wwwsh
+</code>
+Replace the line:
+<code>
+haserl=$(which haserl 2>/dev/null)
+</code>
+With this one below:
+<code>
+haserl=/usr/local/bin/haserl
+</code>
 === Create fake chillyspot config file for EASY-Hotspot ===
 Save and then copy defaults to config in the same folder or create a link with ls