Post on 10-Feb-2018
transcript
7/22/2019 Konfigurasi Captive Portal
1/12
Konfigurasi Captive portal : Ubuntu Server + Freeradius 2.0.x + coovachilli + Daloradius
O.S : Linux Mint 15-Cinnamon (32bit)
Paket yang diinstal :
1. LAMP server2. Basic Ubuntu Server3. DNS Server4. OpenSSH server5. Print Server6. Samba file server7. Webmin
Topologi
internet ---- modem --------ubuntu server ------- switch ------- AP dan/atau LAN
Step 1.
Agar nyaman masuk sebagai super user dahulu :~$ sudo su
Update repository linux# apt-get update
Install tasksel# apt-get install tasksel
Install paket diatas.# taksel
Aktifnkan ip forwarding# nano /etc/sysctl.conf
Step 2.
Install freeradius 2.x# apt-get install freeradius freeradius-mysql
Jika ada pertanyaan yes saja ^_^
#net.ipv4.ip_forward=1
ganti jadi:
net.ipv4.ip_forward=1
7/22/2019 Konfigurasi Captive Portal
2/12
Stop freeradius# /etc/init.d/freeradius stop
Jalankan dalam mode debug# freeradiusX
Jika ready dst, atau tidak ada error maka bisa dilanjut, tekan ctrl + c untuk berhenti dari
mode debug
Masukkan database ke mysql# mysqlu rootp
Masukkan password mysql : ******
Masukkan skema dari freeradius#mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
masukkan password root mysql
#mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql
masukkan password root mysql
Sinkronkan Freeradius dengan databasenya# nano /etc/freeradius/sql.conf
Setup password freeradius server client# nano /etc/freeradius/clients.conf
mysql> create database radius;
mysql> grant all privileges on radius.* to radius@localhost identified by radiussecret;
mysql> flush privileges;
mysql> quit
cari baris dibawah ini jika tidak sama di ganti
server = "localhost"
login = "radius"
password = "radiussecret"
kemudian masih dalam file ini, hapus tanda pound pada baris:
# readclient = yes
menjadi
readclient = yes
7/22/2019 Konfigurasi Captive Portal
3/12
Ganti autorisasi freeradius ke sql# nano /etc/freeradius/sites-available/default
# nano /etc/freeradius/radius.conf
Test freeradius dengan memasukkan username dan password
cari baris
secret = testing123
ganti menjadi
secret = radiussecret
pada section authorize (didalam authorize{ }), cari baris
files tambahkan tanda # menjadi
# files
cari baris
# sql, hapus tanda commentnya menjadi
sql
cari lagi baris sql pada section accounting dan session, jika ada tanda comment (#)
hilangkansave dan exit
Hilangkan
# $INCLUDE sql.conf
Menjadi
$INCLUDE sql.conf
# mysql -u root -p
masukkan password root dari mysql
mysql> use radius;
mysql> insert into radcheck (UserName, Attribute, Value) values ('guest', 'password',
'guest');
untuk melihat hasil inputan lakukan perintah dibawah
mysql> select * from radcheck;
mysql> exit
7/22/2019 Konfigurasi Captive Portal
4/12
Restart Freeradius dan test freeradiusnya.# /etc/init.d/freeradius restart
# radtest guest guest localhost 0 radiussecret
Jika berhasil akan keluar result seperti ini
rad_recv : Acess-Accept packet from ..
Step 3. Setup Coovachilli
Download coovachilli# wget http://coova-chilli.s3.amazonaws.com/coova-chilli_1.3.0_i386.deb
Install coovachilli# dpkg -i coova-chilli_1.0.13-1_i386.deb
Copy default konfigurasi chilli untuk di custom# cp /etc/chilli/default /etc/chilli/config
Buat folder hotspot# mkdir /var/www/hotspot
# cd /var/www/hotspot
# cp /etc/chilli/www/* /var/www/hotspot
# mkdir /var/www/hotspot/images
# cp /var/www/hotspot/coova.jpg /var/www/hotspot/images/
Buat folder UAM# mkdir /var/www/hotspot/uam
# cd /var/www/hotspot/uam
# wget http://ap.coova.org/uam/
# wget http://ap.coova.org/js/chilli.js
Ganti host address local# sed -i 's/ap.coova.org\/js\/chilli.js/192.168.0.1\/uam\/chilli.js/g'
/var/www/hotspot/uam/index.html
Edit library dari chilli untuk menggunakan ip tadi# sed -i 's/192.168.182.1/192.168.0.1/g' /etc/chilli/www/ChilliLibrary.js
# sed -i 's/192.168.182.1/192.168.0.1/g' /var/www/hotspot/ChilliLibrary.js
7/22/2019 Konfigurasi Captive Portal
5/12
untuk mengaktifkan coovachilli edit: START_CHILLI menjadi 1# nano /etc/default/chilli
Edit file configurasi chilli# nano /etc/chilli/config
Mengubah isi paramenternya
Edit firewall chilli# nano /etc/chilli/up.sh
START_CHILLI=1
CONFFILE="/etc/chilli.conf"
HS_WANIF=eth0
HS_LANIF=eth1 # Subscriber Interface for client devices
HS_NETWORK=192.168.0.0 # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0 # HotSpot Network Netmask
HS_UAMLISTEN=192.168.0.1 # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990 # HotSpot Port (on subscriber network)
HS_NASID=nas01
HS_UAMSECRET=uamsecret
HS_RADIUS=127.0.0.1
HS_RADIUS2=127.0.0.1
HS_RADSECRET=radiussecret
HS_UAMALLOW=www.amikom.com,192.168.0.0/24
HS_UAMSERVER=192.168.0.1
HS_UAMFORMAT=http://\$HS_UAMSERVER/uam/index.php
HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
tambahkan di baris paling bawah
# may not have been populated the first time; run again
[ -e "/var/run/chilli.iptables" ] && sh /var/run/chilli.iptables 2>/dev/null
# force-add the final rule necessary to fix routing tables
iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
7/22/2019 Konfigurasi Captive Portal
6/12
Step 4. Install SSL
Install SSL#apt-get install libapache2-mod-auth-mysql
buat folder ssl# mkdir /etc/apache2/ssl
Install certificate# apt-get install ssl-cert
Lihat nama host untuk di masukkan nanti pada saat pembuatan certificate# hostnamef
Hasilnya
portal.com
Generate ssl-cert nya# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.........................................................++++++
........++++++
e is 65537 (0x10001)
Enter PEM pass phrase:123456Verifying password - Enter PEM pass phrase:123456
# openssl req -new -key server.key -out server.csr
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:portal.com
Email Address []:portal@gmail.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
7/22/2019 Konfigurasi Captive Portal
7/12
# cp server.key server.key.org
# openssl rsa -in server.key.org -out server.key
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Membuat .pem dari file .crt dan .key
# cat server.crt server.key > server.pem
Edit hosts nya# nano /etc/hosts
Enable module ssl# a2ensite default-ssl# /etc/init.d/apache2 force-reload
127.0.0.1 localhost
192.168.0.1 portal.com
7/22/2019 Konfigurasi Captive Portal
8/12
Create Virtual host untuk hotspot# nano /etc/apache2/sites-available/hotspot
Isinya kurang lebih seperti ini
Enable virtual hostnya# a2ensite hotspot
Edit listen portnya,seperti ini# nano /etc/apache2/ports.conf
NameVirtualHost 192.168.0.1:443
ServerAdmin webmaster@domain.org
DocumentRoot "/var/www/hotspot"
ServerName "192.168.0.1"
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
Alias "/dialupadmin/" "/usr/share/freeradius-dialupadmin/htdocs/"
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
7/22/2019 Konfigurasi Captive Portal
9/12
Jangan lupa edit defaultnya# nano /etc/apache2/sites-available/default
NameVirtualHost *:80
Create login page untuk hotspotnya# mkdir -p /var/www/hotspot/
# cd /var/www/hotspot/# wget http://www.truesoft.co.th/wifi/uam.tgz
# tar -xzvf uam.tgz
Permasalahan / kasus :
Client mendapatkan ip, saat akan mengakses internet akan di alihkan oleh coova chilliakan tetapi login page tidak muncul.
Screeshoot di bawah.
Listen *:443
Listen *:80
#
# Listen 443
#
7/22/2019 Konfigurasi Captive Portal
10/12
7/22/2019 Konfigurasi Captive Portal
11/12
Service apache restart
Debug chilli
7/22/2019 Konfigurasi Captive Portal
12/12