Install CoovaChilli + FreeRadius on Ubuntu 12.04.2 LTS i386

    CoovaChilli is an open-source captive portal system for linux that I personally use to run a free wireless access system around my area. The reason I use coovachilli instead of, oh I don’t know, nocatspash, is that with CoovaChilli I can not only limit speed per each connection, but I am also able to log IP and MAC Address’s to prevent abuse. So, lets go install coovachilli.

To start, you need a Fresh Ubuntu 12.04.2 LTS i386 server install on a server with 2 physical network ports. (or VLANS, but that won’t be covered in this)

So, first off open up /etc/network/interfaces and make sure that you have one NIC with a static IP. This is the IP coovachilli will run off of as a server. Here is what I used:

 
auto lo
iface lo inet loopback

# Web In Connection
auto eth0
iface eth0 inet dhcp

# Web OUT Connection, used vi coovachilli
auto eth1
iface eth1 inet static
    address 10.0.1.0
    netmask 255.255.255.0

The next thing you need to do is enable packet forwarding and NAT between the interfaces, so I added the following code:

    post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward

And in the end, I ended up with this:

auto lo
iface lo inet loopback

# Web In Connection
auto eth0
iface eth0 inet dhcp

# Web OUT Connection, used vi coovachilli
auto eth1
iface eth1 inet static
    address 10.1.1.0
    netmask 255.255.255.0

    # Used to open up packet forwarding, and set up NAT
    post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward

And thats it for interface setup.

To make sure packet forwarding is enabled, I also enable it from /etc/sysctrl.conf. To do that, you just need to run this command

sed --in-place=.old 's/^#\(net.ipv4.ip_forward=1\)/\1/' /etc/sysctl.conf

Now to install freeradius, as I use a radius server for user authentication with coovachilli. We will also install some library’s used by coovachilli.

apt-get update
apt-get upgrade
apt-get install freeradius freeradius-utils libtool libssl-dev libcurl4-openssl-dev

Now we need to set it up. open up /etc/freeradius/clients.conf and change the secret from “testing123” to a secure password that you will remember.

Now for adding users to freeradius. What I do is I delete the file /etc/freeradius/users and just create a new file, and start fresh. Here is the format used for user accounts:

useraccountname Cleartext-Password := "userpass1"
    Simultaneous-Use = 999999,
    Idle-Timeout = 86400,
    Acct-Interim-Interval = 120,
    WISPr-Bandwidth-Max-Down = 1236000,
    WISPr-Bandwidth-Max-Up = 600000

so as you can guess useraccountname is the name of the user, and userpass1 is the password for that account. For the rest of the stuff

  • Simultaneous-Use = How many times the same account can be logged in at once.
  • Idle-Timeout = How long it will wait to logout the user after idling, in seconds.
  • Acct-Interm-Interval = the number of seconds between each interim update in seconds for a specific session.
  • WISPr-Bandwidth-Max-Down = The max allowed download speed, in bits (not kilobits)
  • WISPr-Bandwidth-Max-Up = The max allowed upload speed, in bits

So with this, create as many users as you want to use. If you don’t want to limit a users speed, or timeout, then just don’t add those lines to that user and it won’t apply.

Next up is testing. restart the freeradius service, and then test the account you made to make sure it authenticates. So, for our above example, we would do the following:

service freeradius restart
radtest useraccountname userpass1 localhost 0 SecretCode

Where SecretCode is the secret we changed in freeradius earlier in this tutorial. If everything worked, you should get some output like this:

Sending Access-Request of id 35 to 127.0.0.1 port 1812
User-Name = "useraccountname"
User-Password = "userpass1"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=35, length=56
Idle-Timeout = 86400
Acct-Interim-Interval = 120
WISPr-Bandwidth-Max-Down = 1236000
WISPr-Bandwidth-Max-Up = 600000

This means the user was authenticated successfully, and freeradius is now setup!

Now for the fun part, coovachilli. So, download the precompiled package and install it.

wget -c http://ap.coova.org/chilli/coova-chilli_1.3.0_i386.deb
dpkg -i coova*.deb

Now that its installed, we need to configure it before we enable it. To do this, copy the defaults to the config file

cd /etc/chilli
cp ./defaults ./config

From here, edit /etc/chilli/config to whatever you have setup. Just make sure to uncomment HS_WANIF=eth0 so it knows where to look for the WAN interface, and you place the freeradius secret in HS_RADSECRET otherwise it won’t be able to authenticate users.

Now you can enable coovachilli by opening /etc/defaults/chilli and set boot to 1

From here, do a restart and coovachilli should be running! If not, stop the service, and use the following to start coovachilli in debug mode to see what is going on.

chilli --fg --debug

PERSONAL NOTE
I personally have never used the default coovachilli portal program, so if you plan on using it, this tutorial may not work with the configuration part, but it will get you a working coovachilli install.

Hope this helps some of you out there!

16 thoughts on “Install CoovaChilli + FreeRadius on Ubuntu 12.04.2 LTS i386

  1. Lieven

    Hi there, got a similar setup working but on the openwrt.
    Now, I was moving the setup to a virutal machine using 1.3 instead of 1.2.9 coova-chilli.

    In order to get chilli running, I had to enable it first in the default file and do a restart to get the config files created. (main.conf, hs.conf)
    Only then, the debugging could start 🙂

    thanks for posting your install sequence. much appreciated.

    Reply
  2. rigel

    I followed this step however after logging in coova chilli my laptop is still doesnt have an internet. My setup is

    Router — Switch — PC — LAPTOP

    I sucessfully logged on but still my Laptop doesnt have an internet.

    My PC has an internet and directly connected to the switch.

    Reply
  3. Gonzalo

    Hi,

    Once I have installed Coovachilli, how do I know if it is working fine? Do you know if can an SMS authentication be used?

    Cheers,
    Gonzalo

    Reply
    1. Chris B - Admin Post author

      Hello,
      You will need to test authenticating to the radius server through coovachilli to test it.

      If you want to use SMS authentication, it can be done as long as your coovachilli front end supports it.

      Reply
  4. Glenn Manghi

    Hello everyone! I just want to ask if coovachili is capable of opening the browser automatically during the on-connect process in the wifi and complete the connection process by logging in to the portal.

    Note: the device will ask the user to complete the process of connecting to wifi by opening a browser automatically that triggered by the device/connection and redirecting to the portal.

    Thank,
    gln

    Reply
    1. Chris B - Admin Post author

      Hello Glenn,
      Yes, as Coovachilli can be used as a portal engine, it will redirect users to an authentication portal before they are able to access the internet. If this is not a desired function, it can be disabled by modifying the whitelisted sites variable in the configuration.

      Reply
  5. Bryan

    I am trying to get chillispot working to where it uses freeRADIUS and openLDAP. I get a accept-accept from radius when using radtest, so I imagine that’s working. After I authenticate to the wireless AP, I don’t get a prompt to log in through CoovaChilli. There isn’t actually anywhere to go (I’m just using my laptop for this for a lab) and have eth0 pointed to the router, so I try to browse to the default webpage apache hosts. It just sits there and the connection eventually times out. If I try to browse to coova.html in /etc/chilli/www/ it times out trying to get to /etc/chilli/www/undefined. I put my config file changes below

    HS_LANIF=eth0
    HS_NETWORK=192.168.5.0
    HS_NETMASK=255.255.255.0
    HS_UAMLISTEN=192.168.5.50 (IP of interface pointed at router)
    HS_UAMPORT=3990
    HS_UAMUIPORT=4990

    HS_RADSECRET= mysecret

    Reply
  6. zam89

    Hi, I’ve followed the tutorial but i came this problem during login.
    After I try to login, I got this error and nothing was load on the browser :

    “`
    redir.c: 2103: 0 (Debug) The path: www/login.chi
    redir.c: 2398: 0 (Debug) Serving file login.chi
    redir.c: 3632: 0 (Debug) Running: /etc/chilli/wwwsh /etc/chilli/www/login.chi
    Segmentation fault (core dumped)
    chilli.c: 379: 0 (Debug) caught 17 via selfpipe
    chilli.c: 310: 0 (Debug) child 2886 terminated
    chilli.c: 135: 0 (Debug) Freed child process 2886 [[redir]]
    “`

    Reply
  7. vusumzi

    shoud i set noe eth 1 to the address i have put on the network interface. also i get Starting chilli: start-stop-daemon: unable to start /usr/sbin/chilli (No such file or directory)
    chilli.

    Reply
  8. lucian

    Hi

    I would like to get coovachilli working on proxmox. After running chili –fg –debug, I get this error:
    main-opt.c: 605: 0 (Debug) DHCP Listen: 192.168.20.1
    main-opt.c: 606: 0 (Debug) UAM Listen: 192.168.20.1
    garden.c: 414: 0 (Debug) Uamallowed IP address #0:1024: proto=0 host=192.168.20.1 port=4990
    garden.c: 443: 0 (Debug) Uamallowed http://www.coova.org
    garden.c: 414: 0 (Debug) Uamallowed IP address #1:1024: proto=0 host=174.129.195.118 port=0
    garden.c: 443: 0 (Debug) Uamallowed 192.168.20.1
    garden.c: 414: 0 (Debug) Uamallowed IP address #2:1024: proto=0 host=192.168.20.1 port=0
    garden.c: 443: 0 (Debug) Uamallowed 192.168.20.1
    garden.c: 387: 0 (Debug) Uamallowed already exists #2:1024: proto=0 host=192.168.20.1 port=0
    options.c: 443: 0 (Debug) PID 23384 saving options to /var/run/chilli.23383.cfg.bin
    options.c: 411: 0 (Debug) Loading modules
    options.c: 652: 0 (Debug) PID 23383 reloaded binary options file
    chilli.c: 7141: 0 (Debug) clock realtime sec 1422341595 nsec 493779275
    chilli.c: 7146: 0 (Debug) clock monotonic sec 1638804 nsec 81327346
    tun.c: 551: 2 (No such file or directory) open() failed
    net.c: 121: 19 (No such device) ioctl(SIOCSIFADDR) failed
    tun.c: 1108: 0 (Debug) Running /etc/chilli/up.sh
    ippool.c: 338: 0 (Debug) Hashlog 9 509 512
    net.c: 210: 13 (Permission denied) setsockopt(s=4, level=1, optname=1, optlen=4) failed
    chilli.c: 7190: 0 (Debug) Failed to create dhcp listener on eth20
    options.c: 411: 0 (Debug) Loading modules
    main-script.c: 76: 0 (Debug) USER root(0/0), GROUP root(0/0) CHILLI[UID 106, GID 111]
    main-script.c: 94: 0 (Debug) Running /etc/chilli/up.sh (0/0)
    basename: missing operand
    Try `basename –help’ for more information.
    /etc/chilli/up.sh: 3: /etc/chilli/ipup.sh: UAM: not found

    I opened /etc/chilli/up.sh and line 3 does not get anything back from $DEV.

    Question is. Is it at all possible to run coovachilli on proxmox. I have the similar issues with NAT and IP forwarding. My second interface stops when I start chilli.

    Thanks,
    Lucian

    Reply
  9. Pratheek P

    Hi ,
    I want help to do this .My requirement is , i want to access WiFi through like one Facebook page . Is it possible to do through coovachilli ? Please help me….

    Thanks
    Pratheek

    Reply
  10. Ark74

    Hi!

    Thank you so much for documenting your process, we all can learn from it, at least to do it the way you do.

    I have a question, i’m using the JSON interface for the login/authentication process, in your experience is there a chance to enable an anonymous user test button.

    Reply
  11. Mike Brickle

    I have followed all the steps but I get following error

    [email protected]:~# service chilli start
    Starting chilli: start-stop-daemon: unable to start /usr/sbin/chilli (No such file or directory)
    chilli.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *