konfigurasi captive portal

7/22/2019 Konfigurasi Captive Portal

1/12

Konfigurasi Captive portal : Ubuntu Server + Freeradius 2.0.x + coovachilli + Daloradius

O.S : Linux Mint 15-Cinnamon (32bit)

Paket yang diinstal :

1. LAMP server2. Basic Ubuntu Server3. DNS Server4. OpenSSH server5. Print Server6. Samba file server7. Webmin

Topologi

internet ---- modem --------ubuntu server ------- switch ------- AP dan/atau LAN

Step 1.

Agar nyaman masuk sebagai super user dahulu :~$ sudo su

Update repository linux# apt-get update

Install tasksel# apt-get install tasksel

Install paket diatas.# taksel

Aktifnkan ip forwarding# nano /etc/sysctl.conf

Step 2.

Install freeradius 2.x# apt-get install freeradius freeradius-mysql

Jika ada pertanyaan yes saja ^_^

#net.ipv4.ip_forward=1

ganti jadi:

net.ipv4.ip_forward=1


2/12

Stop freeradius# /etc/init.d/freeradius stop

Jalankan dalam mode debug# freeradiusX

Jika ready dst, atau tidak ada error maka bisa dilanjut, tekan ctrl + c untuk berhenti dari

mode debug

Masukkan database ke mysql# mysqlu rootp

Masukkan password mysql : ******

Masukkan skema dari freeradius#mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql

masukkan password root mysql

#mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql

masukkan password root mysql

Sinkronkan Freeradius dengan databasenya# nano /etc/freeradius/sql.conf

Setup password freeradius server client# nano /etc/freeradius/clients.conf

mysql> create database radius;

mysql> grant all privileges on radius.* to radius@localhost identified by radiussecret;

mysql> flush privileges;

mysql> quit

cari baris dibawah ini jika tidak sama di ganti

server = "localhost"

login = "radius"

password = "radiussecret"

kemudian masih dalam file ini, hapus tanda pound pada baris:

# readclient = yes

menjadi

readclient = yes


3/12

Ganti autorisasi freeradius ke sql# nano /etc/freeradius/sites-available/default

# nano /etc/freeradius/radius.conf

Test freeradius dengan memasukkan username dan password

cari baris

secret = testing123

ganti menjadi

secret = radiussecret

pada section authorize (didalam authorize{ }), cari baris

files tambahkan tanda # menjadi

# files

cari baris

# sql, hapus tanda commentnya menjadi

sql

cari lagi baris sql pada section accounting dan session, jika ada tanda comment (#)

hilangkansave dan exit

Hilangkan

# $INCLUDE sql.conf

Menjadi

$INCLUDE sql.conf

# mysql -u root -p

masukkan password root dari mysql

mysql> use radius;

mysql> insert into radcheck (UserName, Attribute, Value) values ('guest', 'password',

'guest');

untuk melihat hasil inputan lakukan perintah dibawah

mysql> select * from radcheck;

mysql> exit


4/12

Restart Freeradius dan test freeradiusnya.# /etc/init.d/freeradius restart

# radtest guest guest localhost 0 radiussecret

Jika berhasil akan keluar result seperti ini

rad_recv : Acess-Accept packet from ..

Step 3. Setup Coovachilli

Download coovachilli# wget http://coova-chilli.s3.amazonaws.com/coova-chilli_1.3.0_i386.deb

Install coovachilli# dpkg -i coova-chilli_1.0.13-1_i386.deb

Copy default konfigurasi chilli untuk di custom# cp /etc/chilli/default /etc/chilli/config

Buat folder hotspot# mkdir /var/www/hotspot

# cd /var/www/hotspot

# cp /etc/chilli/www/* /var/www/hotspot

# mkdir /var/www/hotspot/images

# cp /var/www/hotspot/coova.jpg /var/www/hotspot/images/

Buat folder UAM# mkdir /var/www/hotspot/uam

# cd /var/www/hotspot/uam

# wget http://ap.coova.org/uam/

# wget http://ap.coova.org/js/chilli.js

Ganti host address local# sed -i 's/ap.coova.org\/js\/chilli.js/192.168.0.1\/uam\/chilli.js/g'

/var/www/hotspot/uam/index.html

Edit library dari chilli untuk menggunakan ip tadi# sed -i 's/192.168.182.1/192.168.0.1/g' /etc/chilli/www/ChilliLibrary.js

# sed -i 's/192.168.182.1/192.168.0.1/g' /var/www/hotspot/ChilliLibrary.js


5/12

untuk mengaktifkan coovachilli edit: START_CHILLI menjadi 1# nano /etc/default/chilli

Edit file configurasi chilli# nano /etc/chilli/config

Mengubah isi paramenternya

Edit firewall chilli# nano /etc/chilli/up.sh

START_CHILLI=1

CONFFILE="/etc/chilli.conf"

HS_WANIF=eth0

HS_LANIF=eth1 # Subscriber Interface for client devices

HS_NETWORK=192.168.0.0 # HotSpot Network (must include HS_UAMLISTEN)

HS_NETMASK=255.255.255.0 # HotSpot Network Netmask

HS_UAMLISTEN=192.168.0.1 # HotSpot IP Address (on subscriber network)

HS_UAMPORT=3990 # HotSpot Port (on subscriber network)

HS_NASID=nas01

HS_UAMSECRET=uamsecret

HS_RADIUS=127.0.0.1

HS_RADIUS2=127.0.0.1

HS_RADSECRET=radiussecret

HS_UAMALLOW=www.amikom.com,192.168.0.0/24

HS_UAMSERVER=192.168.0.1

HS_UAMFORMAT=http://\$HS_UAMSERVER/uam/index.php

HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html

tambahkan di baris paling bawah

# may not have been populated the first time; run again

[ -e "/var/run/chilli.iptables" ] && sh /var/run/chilli.iptables 2>/dev/null

# force-add the final rule necessary to fix routing tables

iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE


6/12

Step 4. Install SSL

Install SSL#apt-get install libapache2-mod-auth-mysql

buat folder ssl# mkdir /etc/apache2/ssl

Install certificate# apt-get install ssl-cert

Lihat nama host untuk di masukkan nanti pada saat pembuatan certificate# hostnamef

Hasilnya

portal.com

Generate ssl-cert nya# openssl genrsa -des3 -out server.key 1024

Generating RSA private key, 1024 bit long modulus

.........................................................++++++

........++++++

e is 65537 (0x10001)

Enter PEM pass phrase:123456Verifying password - Enter PEM pass phrase:123456

# openssl req -new -key server.key -out server.csr

Country Name (2 letter code) [GB]:

State or Province Name (full name) [Berkshire]:

Locality Name (eg, city) [Newbury]:

Organization Name (eg, company) [My Company Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:portal.com

Email Address []:[email protected]

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:


7/12

# cp server.key server.key.org

# openssl rsa -in server.key.org -out server.key

# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Membuat .pem dari file .crt dan .key

# cat server.crt server.key > server.pem

Edit hosts nya# nano /etc/hosts

Enable module ssl# a2ensite default-ssl# /etc/init.d/apache2 force-reload

127.0.0.1 localhost

192.168.0.1 portal.com


8/12

Create Virtual host untuk hotspot# nano /etc/apache2/sites-available/hotspot

Isinya kurang lebih seperti ini

Enable virtual hostnya# a2ensite hotspot

Edit listen portnya,seperti ini# nano /etc/apache2/ports.conf

NameVirtualHost 192.168.0.1:443

ServerAdmin [email protected]

DocumentRoot "/var/www/hotspot"

ServerName "192.168.0.1"

Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all

Alias "/dialupadmin/" "/usr/share/freeradius-dialupadmin/htdocs/"

Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all

AllowOverride None

Options ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all


9/12

Jangan lupa edit defaultnya# nano /etc/apache2/sites-available/default

NameVirtualHost *:80

Create login page untuk hotspotnya# mkdir -p /var/www/hotspot/

# cd /var/www/hotspot/# wget http://www.truesoft.co.th/wifi/uam.tgz

# tar -xzvf uam.tgz

Permasalahan / kasus :

Client mendapatkan ip, saat akan mengakses internet akan di alihkan oleh coova chilliakan tetapi login page tidak muncul.

Screeshoot di bawah.

Listen *:443

Listen *:80

#

# Listen 443

#


10/12


11/12

Service apache restart

Debug chilli


12/12

konfigurasi captive portal

Documents