Introduction
Installing CoovaChilli
sudo apt-get install build-essential libssl-dev libjson-c-dev gengetopt
sudo apt install devscripts debhelper
# If you downloaded with wget
tar -xzvf 1.5.tar.gz
# If you downloaded with the browser
tar -xzvf coova-chilli-1.5.tar.gz
cd coova-chilli-1.5/
vi debian/control
#Look for this part
#------
#Depends:
# ${shlibs:Depends},
# iptables,
# haserl,
# adduser,
#------
#------ CHANGE TO THIS (remove haserl as a dependency)
#------
#Depends:
# ${shlibs:Depends},
# iptables,
# adduser,
#-----
debuild -i -us -uc -b
cd ..
sudo dpkg --install coova-chilli_1.4_amd64.deb
sudo dpkg --install coova-chilli_1.4_amd64.deb
[sudo] password for system:
Selecting previously unselected package coova-chilli.
(Reading database ... 119514 files and directories currently installed.)
Preparing to unpack coova-chilli_1.4_amd64.deb ...
Unpacking coova-chilli (1.4) ...
Setting up coova-chilli (1.4) ...
Chilli default off. Look at /etc/default/chilli
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for systemd (237-3ubuntu10.33) ...
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Configuring CoovaChilli
Enable CoovaChilli
sudo vi /etc/default/chilli
START_CHILLI=1
CONFFILE="/etc/chilli.conf"
HS_USER="chilli"
#First enable the service so it will start up during boot
sudo systemctl enable chilli
# Feedback code should be...
# chilli.service is not a native service, redirecting to systemd-sysv-install.
# Executing: /lib/systemd/systemd-sysv-install enable chilli
sudo systemctl start chilli
sudo systemctl status chilli
● chilli.service - LSB: Start CoovaChilli daemon at boot time
Loaded: loaded (/etc/init.d/chilli; generated)
Active: active (exited) since Fri 2019-12-20 20:07:51 UTC; 1s ago
Docs: man:systemd-sysv-generator(8)
Process: 14452 ExecStop=/etc/init.d/chilli stop (code=exited, status=0/SUCCESS)
Process: 14491 ExecStart=/etc/init.d/chilli start (code=exited, status=0/SUCCESS)
Dec 20 20:07:51 osboxes chilli[14580]: TX queue length set to 100
Dec 20 20:07:51 osboxes coova-chilli[14585]: PID 14585 loading binary options file /var/run/chilli.14580.cfg.bin
Dec 20 20:07:51 osboxes coova-chilli[14585]: Loading modules
Dec 20 20:07:51 osboxes coova-chilli[14585]: USER root(0/0), GROUP root(0/0) CHILLI[UID 113, GID 116]
Dec 20 20:07:51 osboxes coova-chilli[14585]: Running /etc/chilli/up.sh (0/0)
Dec 20 20:07:51 osboxes chilli[14580]: No such device: ioctl(SIOCSIFFLAGS) failed on eth1
Dec 20 20:07:51 osboxes chilli[14580]: No such device: ioctl(SIOCSIFFLAGS) failed
Dec 20 20:07:51 osboxes chilli[14580]: No such device: ioctl(SIOCSIFADDR) failed
Dec 20 20:07:51 osboxes chilli[14580]: No such device: ioctl(d=2, request=35111) failed
Dec 20 20:07:51 osboxes chilli[14580]: Failed to create dhcp listener on eth1
Modify the configuration file
ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:fe:57:09 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.111/24 brd 192.168.1.255 scope global dynamic enp0s3
valid_lft 256221sec preferred_lft 256221sec
inet6 fe80::a00:27ff:fefe:5709/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:8c:d3:32 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a00:27ff:fe8c:d332/64 scope link
File | Comment |
config | start as a copy of defaults and is edited to override specific variables defined in defaults 新增的config文件,将跳过defaults里对应的变量 |
defaults | To avoid the splash screen we have to remove one line from this file |
up.sh | Custom firewall rules for start-up |
down.sh | Custom firewall rule clean-up during shut-down. |
HS_WANIF=enp0s3 # WE ALSO Need to specify this
HS_LANIF=enp0s8 # Subscriber Interface for client devices(把这个LAN口叫订阅者接口)
HS_NETWORK=10.1.0.0 # HotSpot Network (must include HS_UAMLISTEN)(这个订阅者接口对应的网络是热点网络)
HS_NETMASK=255.255.0.0 # HotSpot Network Netmask
HS_UAMLISTEN=10.1.0.1 # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990 # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
HS_NASID=localhost
HS_RADIUS=localhost
HS_RADIUS2=localhost
HS_RADSECRET=testing123 # Set to be your RADIUS shared secret
HS_UAMSECRET=greatsecret # Set to be your UAM secret
HS_UAMALIASNAME=chilli
HS_SSID="Struisbaai"
HS_NASIP=127.0.0.1 # To explicitly set NAS-IP-Address
HS_UAMSERVER=$HS_UAMLISTEN
HS_UAMFORMAT=http://\$HS_UAMLISTEN/cake3/rd_cake/dynamic-details/chilli-browser-detect/
HS_MACAUTH=on # To turn on MAC Authentication
HS_TCP_PORTS="80 23 8000"
HS_MODE=hotspot
HS_TYPE=chillispot
HS_WWWDIR=/etc/chilli/www
HS_WWWBIN=/etc/chilli/wwwsh
HS_PROVIDER=Coova
HS_PROVIDER_LINK=http://www.coova.org/
HS_LOC_NAME="My HotSpot" # WISPr Location Name and used in portal
HS_COAPORT=3799
#Please specify the DNS servers of your choice here
#Here we specified out own DSL router and as a fallback one of the Google servers
HS_DNS1=192.168.1.1
HS_DNS2=8.8.8.8
# Same principal goes for HS_UAMHOMEPAGE.
#HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
apt install -y haserl
up.sh使用默认的
down.sh使用默认的
安装完毕后,配置SNAT。
iptables -F POSTROUTING -t nat
iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
Test it out
sudo systemctl stop chilli
sudo systemctl status chilli
sudo systemctl start chilli
sudo systemctl status chilli
.......
● chilli.service - LSB: Start CoovaChilli daemon at boot time
Loaded: loaded (/etc/init.d/chilli; generated)
Active: active (running) since Sat 2019-12-21 03:05:26 UTC; 2s ago
Docs: man:systemd-sysv-generator(8)
Process: 7619 ExecStart=/etc/init.d/chilli start (code=exited, status=0/SUCCES
Tasks: 1 (limit: 1108)
CGroup: /system.slice/chilli.service
└─7706 /usr/sbin/chilli -c /etc/chilli.conf
Dec 21 03:05:26 osboxes systemd[1]: Started LSB: Start CoovaChilli daemon at boo
Dec 21 03:05:26 osboxes chilli[7706]: PID 7706 saving options to /var/run/chilli
Dec 21 03:05:26 osboxes chilli[7706]: PID 7706 loading binary options file /var/
Dec 21 03:05:26 osboxes chilli[7706]: Loading modules
Dec 21 03:05:26 osboxes chilli[7706]: CoovaChilli 1.4. Copyright 2002-2005 Mondr
Dec 21 03:05:26 osboxes chilli[7706]: TX queue length set to 100
Dec 21 03:05:26 osboxes coova-chilli[7713]: PID 7713 loading binary options file
Dec 21 03:05:26 osboxes coova-chilli[7713]: Loading modules
Dec 21 03:05:26 osboxes coova-chilli[7713]: USER root(0/0), GROUP root(0/0) CHIL
Dec 21 03:05:26 osboxes coova-chilli[7713]: Running /etc/chilli/up.sh (0/0)
.......
Troubleshooting tips
Are you getting an IP address
sudo chilli_query list
08-00-27-54-A5-85 10.1.0.3 dnat 157706717100000002 0 08-00-27-54-A5-85 0/0 0/0 0/0 0/0 0 0 0/0 0/0 -
08-00-27-8C-D3-32 10.1.0.2 dnat 157706713900000001 0 08-00-27-8C-D3-32 0/0 0/0 0/0 0/0 0 0 0/0 0/0 -
Forcing the login page to display
Test the routing
#Show the current list
sudo chilli_query list
08-00-27-54-A5-85 10.1.0.3 dnat 157706717100000002 0 08-00-27-54-A5-85 0/0 0/0 0/0 0/0 0 0 0/0 0/0 http://detectportal.firefox.com/success.txt
08-00-27-8C-D3-32 10.1.0.2 dnat 157706713900000001 0 08-00-27-8C-D3-32 0/0 0/0 0/0 0/0 0 0 0/0 0/0 -
#Authorize the client we want to test
sudo chilli_query authorize ip 10.1.0.3
#Note how 'dnat' now changed to 'pass' and the 5th field changed from 0 to 1
system@osboxes:~$ sudo chilli_query list
08-00-27-54-A5-85 10.1.0.3 pass 157706717100000002 1 08-00-27-54-A5-85 6/0 0/0 7073/0 3253/0 0 0 0%/0 0%/0 http://detectportal.firefox.com/success.txt
08-00-27-8C-D3-32 10.1.0.2 dnat 157706713900000001 0 08-00-27-8C-D3-32 0/0 0/0 0/0 0/0 0 0 0/0 0/0 -
sudo chilli_query logoff ip 10.1.0.3
#'pass' changed again back to 'dnat'
system@osboxes:~$ sudo chilli_query list
08-00-27-54-A5-85 10.1.0.3 dnat 157706939200000002 0 08-00-27-54-A5-85 0/0 0/0 460326/0 146821/0 0 0 0/0 0/0 http://detectportal.firefox.com/success.txt
08-00-27-8C-D3-32 10.1.0.2 dnat 157706713900000001 0 08-00-27-8C-D3-32 0/0 0/0 0/0 0/0 0 0 0/0 0/0 -
Test the DNS
ping www.radiusdesk.com
PING radiusdesk.com (164.160.91.12) 56(84) bytes of data.
^C
--- radiusdesk.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1025ms
Chilli程序的FAQ
Conclusion