CoovaChilli is an open-source captive portal system for linux that I personally use to run a free wireless access system around my area. The reason I use coovachilli instead of, oh I don’t know, nocatspash, is that with CoovaChilli I can not only limit speed per each connection, but I am also able to log IP and MAC Address’s to prevent abuse. So, lets go install coovachilli.
To start, you need a Fresh Ubuntu 12.04.2 LTS i386 server install on a server with 2 physical network ports. (or VLANS, but that won’t be covered in this)
So, first off open up /etc/network/interfaces and make sure that you have one NIC with a static IP. This is the IP coovachilli will run off of as a server. Here is what I used:
auto lo
iface lo inet loopback
# Web In Connection
auto eth0
iface eth0 inet dhcp
# Web OUT Connection, used vi coovachilli
auto eth1
iface eth1 inet static
address 10.0.1.0
netmask 255.255.255.0
The next thing you need to do is enable packet forwarding and NAT between the interfaces, so I added the following code:
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
And in the end, I ended up with this:
auto lo
iface lo inet loopback
# Web In Connection
auto eth0
iface eth0 inet dhcp
# Web OUT Connection, used vi coovachilli
auto eth1
iface eth1 inet static
address 10.1.1.0
netmask 255.255.255.0
# Used to open up packet forwarding, and set up NAT
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
And thats it for interface setup.
To make sure packet forwarding is enabled, I also enable it from /etc/sysctrl.conf. To do that, you just need to run this command
sed –in-place=.old ‘s/^#\(net.ipv4.ip_forward=1\)/\1/’ /etc/sysctl.conf
Now to install freeradius, as I use a radius server for user authentication with coovachilli. We will also install some library’s used by coovachilli.
apt-get update
apt-get upgrade
apt-get install freeradius freeradius-utils libtool libssl-dev libcurl4-openssl-dev
Now we need to set it up. open up /etc/freeradius/clients.conf and change the secret from “testing123” to a secure password that you will remember.
Now for adding users to freeradius. What I do is I delete the file /etc/freeradius/users and just create a new file, and start fresh. Here is the format used for user accounts:
useraccountname Cleartext-Password := “userpass1”
Simultaneous-Use = 999999,
Idle-Timeout = 86400,
Acct-Interim-Interval = 120,
WISPr-Bandwidth-Max-Down = 1236000,
WISPr-Bandwidth-Max-Up = 600000
so as you can guess useraccountname is the name of the user, and userpass1 is the password for that account. For the rest of the stuff
- Simultaneous-Use = How many times the same account can be logged in at once.
- Idle-Timeout = How long it will wait to logout the user after idling, in seconds.
- Acct-Interm-Interval = the number of seconds between each interim update in seconds for a specific session.
- WISPr-Bandwidth-Max-Down = The max allowed download speed, in bits (not kilobits)
- WISPr-Bandwidth-Max-Up = The max allowed upload speed, in bits
So with this, create as many users as you want to use. If you don’t want to limit a users speed, or timeout, then just don’t add those lines to that user and it won’t apply.
Next up is testing. restart the freeradius service, and then test the account you made to make sure it authenticates. So, for our above example, we would do the following:
service freeradius restart
radtest useraccountname userpass1 localhost 0 SecretCode
Where SecretCode is the secret we changed in freeradius earlier in this tutorial. If everything worked, you should get some output like this:
Sending Access-Request of id 35 to 127.0.0.1 port 1812
User-Name = “useraccountname”
User-Password = “userpass1”
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=35, length=56
Idle-Timeout = 86400
Acct-Interim-Interval = 120
WISPr-Bandwidth-Max-Down = 1236000
WISPr-Bandwidth-Max-Up = 600000
This means the user was authenticated successfully, and freeradius is now setup!
Now for the fun part, coovachilli. So, download the precompiled package and install it.
wget -c http://ap.coova.org/chilli/coova-chilli_1.3.0_i386.deb
dpkg -i coova*.deb
Now that its installed, we need to configure it before we enable it. To do this, copy the defaults to the config file
cd /etc/chilli
cp ./defaults ./config
From here, edit /etc/chilli/config to whatever you have setup. Just make sure to uncomment HS_WANIF=eth0 so it knows where to look for the WAN interface, and you place the freeradius secret in HS_RADSECRET otherwise it won’t be able to authenticate users.
Now you can enable coovachilli by opening /etc/defaults/chilli and set boot to 1
From here, do a restart and coovachilli should be running! If not, stop the service, and use the following to start coovachilli in debug mode to see what is going on.
chilli –fg –debug
PERSONAL NOTE
I personally have never used the default coovachilli portal program, so if you plan on using it, this tutorial may not work with the configuration part, but it will get you a working coovachilli install.
Hope this helps some of you out there!
Hi there, got a similar setup working but on the openwrt.
Now, I was moving the setup to a virutal machine using 1.3 instead of 1.2.9 coova-chilli.
In order to get chilli running, I had to enable it first in the default file and do a restart to get the config files created. (main.conf, hs.conf)
Only then, the debugging could start 🙂
thanks for posting your install sequence. much appreciated.
No problem, glad you found it helpful!
I followed this step however after logging in coova chilli my laptop is still doesnt have an internet. My setup is
Router — Switch — PC — LAPTOP
I sucessfully logged on but still my Laptop doesnt have an internet.
My PC has an internet and directly connected to the switch.
What version of ubuntu are you running on the coovachilli PC? Also, are you using the latest coovachilli sources?
Hi,
Once I have installed Coovachilli, how do I know if it is working fine? Do you know if can an SMS authentication be used?
Cheers,
Gonzalo
Hello,
You will need to test authenticating to the radius server through coovachilli to test it.
If you want to use SMS authentication, it can be done as long as your coovachilli front end supports it.
Hello everyone! I just want to ask if coovachili is capable of opening the browser automatically during the on-connect process in the wifi and complete the connection process by logging in to the portal.
Note: the device will ask the user to complete the process of connecting to wifi by opening a browser automatically that triggered by the device/connection and redirecting to the portal.
Thank,
gln
Hello Glenn,
Yes, as Coovachilli can be used as a portal engine, it will redirect users to an authentication portal before they are able to access the internet. If this is not a desired function, it can be disabled by modifying the whitelisted sites variable in the configuration.
I am trying to get chillispot working to where it uses freeRADIUS and openLDAP. I get a accept-accept from radius when using radtest, so I imagine that’s working. After I authenticate to the wireless AP, I don’t get a prompt to log in through CoovaChilli. There isn’t actually anywhere to go (I’m just using my laptop for this for a lab) and have eth0 pointed to the router, so I try to browse to the default webpage apache hosts. It just sits there and the connection eventually times out. If I try to browse to coova.html in /etc/chilli/www/ it times out trying to get to /etc/chilli/www/undefined. I put my config file changes below
HS_LANIF=eth0
HS_NETWORK=192.168.5.0
HS_NETMASK=255.255.255.0
HS_UAMLISTEN=192.168.5.50 (IP of interface pointed at router)
HS_UAMPORT=3990
HS_UAMUIPORT=4990
HS_RADSECRET= mysecret
Try running coovachilli in debug mode, normally when issues like this happen its small things like iptables or routing.
Hi, I’ve followed the tutorial but i came this problem during login.
After I try to login, I got this error and nothing was load on the browser :
“`
redir.c: 2103: 0 (Debug) The path: www/login.chi
redir.c: 2398: 0 (Debug) Serving file login.chi
redir.c: 3632: 0 (Debug) Running: /etc/chilli/wwwsh /etc/chilli/www/login.chi
Segmentation fault (core dumped)
chilli.c: 379: 0 (Debug) caught 17 via selfpipe
chilli.c: 310: 0 (Debug) child 2886 terminated
chilli.c: 135: 0 (Debug) Freed child process 2886 [[redir]]
“`
shoud i set noe eth 1 to the address i have put on the network interface. also i get Starting chilli: start-stop-daemon: unable to start /usr/sbin/chilli (No such file or directory)
chilli.
Hi
I would like to get coovachilli working on proxmox. After running chili –fg –debug, I get this error:
main-opt.c: 605: 0 (Debug) DHCP Listen: 192.168.20.1
main-opt.c: 606: 0 (Debug) UAM Listen: 192.168.20.1
garden.c: 414: 0 (Debug) Uamallowed IP address #0:1024: proto=0 host=192.168.20.1 port=4990
garden.c: 443: 0 (Debug) Uamallowed http://www.coova.org
garden.c: 414: 0 (Debug) Uamallowed IP address #1:1024: proto=0 host=174.129.195.118 port=0
garden.c: 443: 0 (Debug) Uamallowed 192.168.20.1
garden.c: 414: 0 (Debug) Uamallowed IP address #2:1024: proto=0 host=192.168.20.1 port=0
garden.c: 443: 0 (Debug) Uamallowed 192.168.20.1
garden.c: 387: 0 (Debug) Uamallowed already exists #2:1024: proto=0 host=192.168.20.1 port=0
options.c: 443: 0 (Debug) PID 23384 saving options to /var/run/chilli.23383.cfg.bin
options.c: 411: 0 (Debug) Loading modules
options.c: 652: 0 (Debug) PID 23383 reloaded binary options file
chilli.c: 7141: 0 (Debug) clock realtime sec 1422341595 nsec 493779275
chilli.c: 7146: 0 (Debug) clock monotonic sec 1638804 nsec 81327346
tun.c: 551: 2 (No such file or directory) open() failed
net.c: 121: 19 (No such device) ioctl(SIOCSIFADDR) failed
tun.c: 1108: 0 (Debug) Running /etc/chilli/up.sh
ippool.c: 338: 0 (Debug) Hashlog 9 509 512
net.c: 210: 13 (Permission denied) setsockopt(s=4, level=1, optname=1, optlen=4) failed
chilli.c: 7190: 0 (Debug) Failed to create dhcp listener on eth20
options.c: 411: 0 (Debug) Loading modules
main-script.c: 76: 0 (Debug) USER root(0/0), GROUP root(0/0) CHILLI[UID 106, GID 111]
main-script.c: 94: 0 (Debug) Running /etc/chilli/up.sh (0/0)
basename: missing operand
Try `basename –help’ for more information.
/etc/chilli/up.sh: 3: /etc/chilli/ipup.sh: UAM: not found
I opened /etc/chilli/up.sh and line 3 does not get anything back from $DEV.
Question is. Is it at all possible to run coovachilli on proxmox. I have the similar issues with NAT and IP forwarding. My second interface stops when I start chilli.
Thanks,
Lucian
Hi ,
I want help to do this .My requirement is , i want to access WiFi through like one Facebook page . Is it possible to do through coovachilli ? Please help me….
Thanks
Pratheek
Hi!
Thank you so much for documenting your process, we all can learn from it, at least to do it the way you do.
I have a question, i’m using the JSON interface for the login/authentication process, in your experience is there a chance to enable an anonymous user test button.
I have followed all the steps but I get following error
root@plus:~# service chilli start
Starting chilli: start-stop-daemon: unable to start /usr/sbin/chilli (No such file or directory)
chilli.