Note: This howto has been tested and works for Ubuntu 8.04 Hardy Heron server editions for other vesions of ubuntu see WifiDocs/ChillispotHotspot

Chillispot is software which provides authentication and restricted network access to clients. Its primary use is in wireless (WiFi) networks.

For instance, suppose you are managing a wireless network in a hotel: the access points are connected via the wired LAN to a server which works as a gateway, firewall, DNS server, etc. Now you want the same server (either because it’s desirable or because it’s required by your nation’s law) to require authentication from all clients, possibly without messing around with the configuration of the access points. And maybe you even want users to be able to browse some sites (i.e. an internal web server or the hotel web site) without the need to authenticate themselves. Chillispot lets you manage all of this, and some more.

Please take a look at the Chillispot.info web site to see how the software works. In a few words, hillispot creates a virtual private network (192.168.182.0/24, but you can change this default setting) which it uses to dialogate with the clients and to decide who and how to let to see the outside network. Chillispot manages the allocation of dynamic IP addresses to clients, so you don’t need other DHCP tools.

Requirements

The following software is required for this installation:

• Chillispot
• FreeRadius
• Apache
• MySQL Read the rest of this entry »

This article discusses setting up up an integrated IPSec/L2TP VPN using Radius and integrating it with Microsoft Windows clients.

Introduction and Planning

The software installed is going to be based on Debian packages as far as it is possible.

If we need to rely on a product not within Debian, then it’s source code will be retrieved and rebuilt.

Also sometimes the Debian packages are available, but have a compilation feature switched off (usually SSL support).

Where necessary that Debian package will need to be recompiled too.

Overall Setup

The goal of this article is to set up a Linux based VPN server compatible with MS-Windows IPSec/L2TP clients, where users are authenticated against a RADIUS server.

Each main service in this document should have it’s own IP address assigned to it. That way services can be moved to different hosts in the future.

While the VPN server uses the ppp daemon as part of it’s solution, a separate IP needs to be allocated to that.

It is the point where the VPN tunnels terminate and route into the network.

For this document, the IP addresses assigned to the services follows.

Note that these will need to change based on your real-world rollout.

  Base Operating System:	10.10.0.216
  MySQL Database Server:	10.10.0.217
  FreeRADIUS Server:		10.10.0.218
  IPSec VPN Server:		10.10.0.219
  ppp Device:			10.10.0.220 Read the rest of this entry »

I decide to create hotspot from my server to allow other connect to Internet for free. I used “Captive portal” solution based on these applications:

• CoovaChilli
• FreeRadius
• MySQL
• daloRADIUS

When somebody wants to connect to Internet using my wifi, the first page he can see is the register/login page (whatever page he wants to visit).
After registration/login he is able to connect to Internet.

So let’s see how I did it.

Let’s have one server with two network interfaces – first (eth0) goes to Internet, the second one (eth1) is the wifi for “unknown” clients.

Intermet —eth0-dhcp-Hot Spot Server-eth1-192.168.10.1———((((- ))))———–Client Read the rest of this entry »

This tutorial explains how you can set up a FreeRadius (1.1.7) server with Wifi authentication and accounting in conjunction with MySQL & web management with Daloradius on Ubuntu 8.04 LTS Server Edition This howto should work for a novice. Production deployment is also possible with minor tweaking. But as usual I do not guarantee anything & take no responsibilities if something goes wrong.

(For a basic how-to refer to the doc http://www.howtoforge.com/wifi-authentication-accounting-with-freeradius-on-centos5.)

Following steps are involved:

1. Building Ubuntu 8.04 .debs (for eap/ttls support)
2. Installing the binary packages
3. Configuring the FR with MySQL
4. Setting up web management with Daloradius

Step 1- Building Ubuntu 8.04. packages

Note: Those who don’t need openssl/tls/ttls (certificates etc..) just fetch the FR packages from ubuntu repos with apt-get & skip to step 3.

Before building the FreeRadius Ubuntu 8.04 package we have to apt-get some packages, necessary for the build process.

sudo su -

apt-get install   debhelper  libltdl3-dev libpam0g-dev \
libmysqlclient15-dev build-essential libgdbm-dev \
libldap2-dev libsasl2-dev libiodbc2-dev libkrb5-dev snmp \
autotools-dev dpatch  libperl-dev libtool dpkg-dev libpq-dev \
libsnmp-dev libssl-dev Read the rest of this entry »

Here’s a *near* step-by-step guide to setup FreeRADIUS with MySQL backed authentication done on Ubuntu 9.10 (Karmic).  Start by installing the necessary deb files:

# apt-get install freeradius freeradius-mysql

Add the following lines to the /etc/freeradius/users file:

abc     Cleartext-Password := “123″

Stop freeradius service just in case:

/etc/init.d/freeradius stop

Now test using the radtest client:

# radtest abc 123 localhost 1812 testing123
Sending Access-Request of id 149 to 127.0.0.1 port 1812
User-Name = “abc”
User-Password = “123″
NAS-IP-Address = 208.67.219.132
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=149, length=20

Ensure that the response is “Access-Accept”.  The following should be displayed at the server console:

rad_recv: Access-Request packet from host 127.0.0.1 port 33425, id=149, length=55 Read the rest of this entry »