Objective
Build a captive portal on a wireless mesh network
Wireless clients can roam around the mesh network
Requirements
OpenWRT compatible router
OpenWRT
B.A.T.M.A.N.
CoovaChilli
FreeRadius
Topology
OpenWRT
Installation
- Download appropriate OpenWRT image from http://downloads.openwrt.org/snapshots/trunk/
- Connect your computer to the router
- Turn on the router
- Follow the router’s manual on upgrading its firmware but instead of using the manufacturer’s upgraded firmware, use the downloaded OpenWRT image
Configuration
For the configuration, we just need to set a password for the root user account
- Using Telnet, login to the router. A router with a newly installed OpenWRT has a default IP address of 192.168.1.1. Your telnet command should be
telnet 192.168.1.1
- Once logged in type passwd then Enter and provide a password for the root user account
- Logout by typing exit then press Enter
Testing
First we test if OpenWRT can access the Internet
- Connect the WAN port of the router to the Internet
- Login to the router using ssh (use root and the password you just set during configuration respectively)
- Now do a ping test to see if the router is indeed connected to the Internet
Now We’ll test the wireless interface of the router
- Still logged in to the router, edit /etc/config/wireless
- Delete the line that says “option disabled 1”
- Optionally set the SSID (This is the line that says option ssid ‘OpenWRT’. Change OpenWRT to your chosen SSID)
- Save and close the file
- Type wifi and press Enter to reload wifi configuration
- Connect to the router through its wireless interface. You should be able to access the Internet
B.A.T.M.A.N.
Installation
- Login to the router
- Connect the router to the Internet
- Execute the following
opkg update
opkg install kmod-batman-adv
Configuration
- Create a file /tmp/batman_config.sh and set the content with the following
#!/bin/sh
### Node-specific settings
export HOSTNAME="ROUTERNAME"
export IP="192.168.1.1"
export LAN_IFNAME="eth0 bat0"
### Network-specific settings should be consistent across all nodes with in the mesh network
export PUBLIC_ESSID="OMNISPOT"
export NETMASK="255.255.255.0"
export DNS=""
export GATEWAY=""
export MESH0_BSSID="CA:CA:CA:CA:CA:00"
export MESH0_ESSID="mesh0"
export MESH0_CHANNEL="3"
wifi detect >>/etc/config/wireless
( for i in `seq 0 9` ; do echo "delete wireless.@wifi-iface[]" ; done ) | uci batch -q
uci import -m batman-adv </dev/null
echo "
set system.@system[0].hostname=$HOSTNAME
set batman-adv.bat0=mesh
set batman-adv.bat0.interfaces='mesh0'
set batman-adv.bat0.gw_mode='off'
set network.lan.ipaddr=$IP
set network.lan.netmask=$NETMASK
set network.lan.dns='$DNS'
set network.lan.gateway=$GATEWAY
set network.lan.ifname='$LAN_IFNAME'
set network.bat0=interface
set network.bat0.ifname=bat0
set network.bat0.proto=none
set network.bat0.mtu=1500
set network.mesh0=interface
set network.mesh0.proto=none
set network.mesh0.mtu=1528
set wireless.radio0=wifi-device
set wireless.radio0.channel=$MESH0_CHANNEL
set wireless.radio0.disabled=0
set wireless.radio0.phy=phy0
set wireless.radio0.macaddr=
add wireless wifi-iface
set wireless.@wifi-iface[-1].device=radio0
set wireless.@wifi-iface[-1].encryption=none
set wireless.@wifi-iface[-1].network=lan
set wireless.@wifi-iface[-1].mode=ap
set wireless.@wifi-iface[-1].ssid='$PUBLIC_ESSID'
add wireless wifi-iface
set wireless.@wifi-iface[-1].device=radio0
set wireless.@wifi-iface[-1].encryption=none
set wireless.@wifi-iface[-1].network=mesh0
set wireless.@wifi-iface[-1].mode=adhoc
set wireless.@wifi-iface[-1].bssid=$MESH0_BSSID
set wireless.@wifi-iface[-1].ssid='$MESH0_ESSID'
set wireless.@wifi-iface[-1].mcast_rate=11000
set dhcp.lan.ignore=1
commit" \
| uci batch
- Set the values of the node-specific settings for each router
Name
|
Description
|
HOSTNAME
|
Would-be hostname of the router
|
IP
|
Would-be IP address of the router
|
LAN_IFNAME
|
LAN interface name of the router and bat0 (B.A.T.M.A.N. interface)
|
- Set the network specific-settings. These should be the same for all nodes in the mesh network
Name
|
Description
|
PUBLIC_ESSID
|
The SSID of the wireless network where clients will connect to
|
NETMASK
|
Network mask of the mesh network
|
DNS
|
The DNS setting
|
GATEWAY
|
Internet gateway address
|
MESH0_BSSID
|
A common MAC address to enable the nodes of the mesh network to identify each other and communicate
|
MESH0_ESSID
|
The SSID for the mesh network
|
MESH0_CHANNEL
|
The channel to use for wireless communication
|
- Save and close the file /tmp/batman_config.sh
- Run the batman configuration script
sh /tmp/batman_config.sh
Do this for all the routers involve
Testing
- Turn on all the routers
- Log in to one of the routers
- You should be able to ping the other router
CoovaChilli
Installation
- Login to the router
- Connect the router to the Internet
- Execute the following
opkg update
opkg install coova-chilli
Configuration
- Execute the following on your computer
tar -xzvf coova-chilli-1.3.0.tar.gz
cd coova-chilli-1.3.0/miniportal
ls *.in | sed 's/\(.*\)\.in/\1/' | xargs -I {} mv {}.in {}
- Substitute the markers @SBINDIR@ and @ETCCHILLI@ with “/usr/sbin” and “/etc/chilli” respectively
- Copy the content of miniportal folder to the router
- Logon to the router
- Open /etc/chilli/defaults and edit the following settings
Key
|
Recommended Value
|
Remarks
|
HS_WANIF
|
eth1 or eth0.2
|
- The WAN interface
- Uncomment this and set the value to the name of the WAN of the router
- Use ifconfig to give you a hint
|
HS_LANIF
|
bat0
|
- The LAN interface
- bat0 is the name of the mesh network interface
|
- Choose either of the two for authentication
RADIUS Authentication
- For radius authentication, provide the IP address of the RADIUS server as value for key HS_RADIUS in /etc/chilli/defaults
Local File Authentication
- For local file authentication, uncomment the line HS_LOCALUSERS in /etc/chilli/defaults
- Create the file /etc/chilli/localusers and add the username and password in the following format
username:password:
Replace the marker username and password for the actual username and password. Use one line for each entry
Testing
- Use a tablet or a PC to connect to the mesh network
- Open a browser and type in a URL
Conclusion
After you have installed and configured everything, you should have a captive portal working on a wireless mesh network. All DHCP request are handled by the gateway running CoovaChilli. And Internet access is controlled by CoovaChilli.