Thursday, January 17, 2013

OpenWRT + BATMAN + CoovaChilli


Objective

Build a captive portal on a wireless mesh network

Wireless clients can roam around the mesh network



Requirements

OpenWRT compatible router
OpenWRT
B.A.T.M.A.N.
CoovaChilli
FreeRadius



Topology
pastedGraphic.pdf


OpenWRT

Installation

  • Download appropriate OpenWRT image from http://downloads.openwrt.org/snapshots/trunk/ 
  • Connect your computer to the router
  • Turn on the router
  • Follow the router’s manual on upgrading its firmware but instead of using the manufacturer’s upgraded firmware, use the downloaded OpenWRT image


Configuration

For the configuration, we just need to set a password for the root user account

  • Using Telnet, login to the router. A router with a newly installed OpenWRT has a default IP address of 192.168.1.1. Your telnet command should be
telnet 192.168.1.1

  • Once logged in type passwd then Enter and provide a password for the root user account
  • Logout by typing exit then press Enter


Testing

First we test if OpenWRT can access the Internet

  • Connect the WAN port of the router to the Internet
  • Login to the router using ssh (use root and the password you just set during configuration respectively)
  • Now do a ping test to see if the router is indeed connected to the Internet


Now We’ll test the wireless interface of the router

  • Still logged in to the router, edit /etc/config/wireless
  • Delete the line that says “option disabled 1”
  • Optionally set the SSID (This is the line that says option ssid ‘OpenWRT’. Change OpenWRT to your chosen SSID)
  • Save and close the file
  • Type wifi and press Enter to reload wifi configuration
  • Connect to the router through its wireless interface. You should be able to access the Internet



B.A.T.M.A.N.

Installation

  • Login to the router
  • Connect the router to the Internet
  • Execute the following
opkg update
opkg install kmod-batman-adv


Configuration

  • Create a file /tmp/batman_config.sh and set the content with the following

#!/bin/sh

### Node-specific settings
export HOSTNAME="ROUTERNAME" 
export IP="192.168.1.1" 
export LAN_IFNAME="eth0 bat0"

### Network-specific settings should be consistent across all nodes with in the mesh network
export PUBLIC_ESSID="OMNISPOT" 
export NETMASK="255.255.255.0" 
export DNS="" 
export GATEWAY="" 
export MESH0_BSSID="CA:CA:CA:CA:CA:00" 
export MESH0_ESSID="mesh0" 
export MESH0_CHANNEL="3" 

wifi detect >>/etc/config/wireless

( for i in `seq 0 9` ; do echo "delete wireless.@wifi-iface[]" ; done ) | uci batch -q

uci import -m batman-adv </dev/null

echo " 
set system.@system[0].hostname=$HOSTNAME

set batman-adv.bat0=mesh
set batman-adv.bat0.interfaces='mesh0'
set batman-adv.bat0.gw_mode='off'

set network.lan.ipaddr=$IP
set network.lan.netmask=$NETMASK
set network.lan.dns='$DNS'
set network.lan.gateway=$GATEWAY
set network.lan.ifname='$LAN_IFNAME'

set network.bat0=interface
set network.bat0.ifname=bat0
set network.bat0.proto=none
set network.bat0.mtu=1500
set network.mesh0=interface
set network.mesh0.proto=none
set network.mesh0.mtu=1528

set wireless.radio0=wifi-device
set wireless.radio0.channel=$MESH0_CHANNEL
set wireless.radio0.disabled=0
set wireless.radio0.phy=phy0
set wireless.radio0.macaddr=

add wireless wifi-iface
set wireless.@wifi-iface[-1].device=radio0
set wireless.@wifi-iface[-1].encryption=none
set wireless.@wifi-iface[-1].network=lan
set wireless.@wifi-iface[-1].mode=ap
set wireless.@wifi-iface[-1].ssid='$PUBLIC_ESSID'

add wireless wifi-iface
set wireless.@wifi-iface[-1].device=radio0 
set wireless.@wifi-iface[-1].encryption=none
set wireless.@wifi-iface[-1].network=mesh0
set wireless.@wifi-iface[-1].mode=adhoc 
set wireless.@wifi-iface[-1].bssid=$MESH0_BSSID
set wireless.@wifi-iface[-1].ssid='$MESH0_ESSID'
set wireless.@wifi-iface[-1].mcast_rate=11000 

set dhcp.lan.ignore=1

commit" \
| uci batch


  • Set the values of the node-specific settings for each router


Name
Description
HOSTNAME
Would-be hostname of the router
IP
Would-be IP address of the router
LAN_IFNAME
LAN interface name of the router and bat0 (B.A.T.M.A.N. interface)


  • Set the network specific-settings. These should be the same for all nodes in the mesh network


Name
Description
PUBLIC_ESSID
The SSID of the wireless network where clients will connect to
NETMASK
Network mask of the mesh network
DNS
The DNS setting 
GATEWAY
Internet gateway address
MESH0_BSSID
A common MAC address to enable the nodes of the mesh network to identify each other and communicate
MESH0_ESSID
The SSID for the mesh network
MESH0_CHANNEL
The channel to use for wireless communication


  • Save and close the file /tmp/batman_config.sh
  • Run the batman configuration script

sh /tmp/batman_config.sh

  • Restart the router

Do this for all the routers involve 


Testing

  • Turn on all the routers
  • Log in to one of the routers
  • You should be able to ping the other router



CoovaChilli

Installation

  • Login to the router
  • Connect the router to the Internet
  • Execute the following
opkg update
opkg install coova-chilli


Configuration

  • Execute the following on your computer

tar -xzvf coova-chilli-1.3.0.tar.gz
cd coova-chilli-1.3.0/miniportal
ls *.in | sed 's/\(.*\)\.in/\1/' | xargs -I {} mv {}.in {}

  • Substitute the markers @SBINDIR@ and @ETCCHILLI@ with “/usr/sbin” and “/etc/chilli” respectively
  • Copy the content of miniportal folder to the router

scp * root@192.168.1.1:/etc/chilli/www/

  • Logon to the router
  • Open /etc/chilli/defaults and edit the following settings


Key
Recommended Value
Remarks
HS_WANIF
eth1 or eth0.2
  • The WAN interface
  • Uncomment this and set the value to the name of the WAN of the router
  • Use ifconfig to give you a hint
HS_LANIF
bat0
  • The LAN interface
  • bat0 is the name of the mesh network interface


  • Choose either of the two for authentication

RADIUS Authentication

    • For radius authentication, provide the IP address of the RADIUS server as value for key HS_RADIUS in /etc/chilli/defaults


Local File Authentication

    • For local file authentication, uncomment the line HS_LOCALUSERS in /etc/chilli/defaults
    • Create the file /etc/chilli/localusers and add the username and password in the following format

username:password:

Replace the marker username and password for the actual username and password. Use one line for each entry

  • Restart the router


Testing

  • Use a tablet or a PC to connect to the mesh network
  • Open a browser and type in a URL



Conclusion

After you have installed and configured everything, you should have a captive portal working on a wireless mesh network. All DHCP request are handled by the gateway running CoovaChilli. And Internet access is controlled by CoovaChilli.

1 comment: