Debian Wi-Fi hotspot using CoovaChilli, FreeRadius, MySQL and daloRADIUS

I decide to create hotspot from my server to allow other connect to Internet for free. I used “Captive portal” solution based on these applications:

When somebody wants to connect to Internet using my wifi, the first page he can see is the register/login page (whatever page he wants to visit).
After registration/login he is able to connect to Internet.

So let’s see how I did it.

Let’s have one server with two network interfaces – first (eth0) goes to Internet, the second one (eth1) is the wifi for “unknown” clients.

Install basic software:

aptitude install mysql-server phpmyadmin freeradius freeradius-utils freeradius-mysql apache2 php-pear php-db a2enmod ssl a2ensite default-ssl service apache2 restart cd /tmp && wget '' tar xvzf daloradius-0.9-8.tar.gz mv /tmp/daloradius-0.9-8 /var/www/daloradius chown -R www-data:www-data /var/www/daloradius cp -r /var/www/daloradius/contrib/chilli/portal2/* /var/www/ rm /var/www/index.html

Because my machine is 64 bit I need to build CoovaChilli package myself:

aptitude --assume-yes install dpkg-dev debhelper libssl-dev cd /tmp wget -c tar xzf coova-chilli*.tar.gz cd coova-chilli* dpkg-buildpackage -rfakeroot

Install CoovaChilli:

cd .. dpkg -i coova-chilli_*_amd64.deb

Configure FreeRadius

Change /etc/freeradius/clients.conf:

client {  secret     = mysecret }

Change /etc/freeradius/sql.conf:

        server = "localhost"         login = "root"         password = "xxxx"

Uncomment in /etc/freeradius/sites-available/default:

authorize {           sql }   accounting {          sql }

Uncomment in /etc/freeradius/radiusd.conf:

       $INCLUDE sql.conf

Configure MySQL database for FreeRadius

mysql -u root --password=xxxx mysql> CREATE DATABASE radius; mysql> exit   mysql -u root --password=xxxx radius < /var/www/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql

daloRADIUS configuration

Modify this file /var/www/daloradius/library/daloradius.conf.php

$configValues['CONFIG_DB_PASS'] = 'xxxx'; $configValues['CONFIG_MAINT_TEST_USER_RADIUSSECRET'] = 'mysecret'; $configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'radusergroup';

You also need to modify following configuration files to setup sign in web pages /var/www/signup-*/library/daloradius.conf.php:

$configValues['CONFIG_DB_PASS'] = 'xxxx'; $configValues['CONFIG_DB_NAME'] = 'radius'; $configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'radusergroup'; $configValues['CONFIG_SIGNUP_SUCCESS_MSG_LOGIN_LINK'] = "
Click here"
. " to return to the Login page and start your surfing


Chnage lines in /var/www/signup*/index.php to (changed 'User-Password' -> 'Cleartext-Password' and '==' -> ':='):

  $sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_RADCHECK']." (id, Username, Attribute, op, Value) ".                                         " VALUES (0, '$username', 'Cleartext-Password', ':=', '$password')";

Another file need to be modified to communicate with CoovaChilli is/var/www/hotspotlogin/hotspotlogin.php

$uamsecret = "uamsecret";

Now you should be able to reach daloRADIUS installation on

username: administrator password: radius


We should not forget to enable packet forwarding and setup NAT:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward sed --in-place=.old 's/^#\(net.ipv4.ip_forward=1\)/\1/' /etc/sysctl.conf sysctl -p

CoovaChilli configuration

Let's start with /etc/chilli/defaults:

HS_NETWORK= HS_UAMLISTEN=   HS_RADSECRET=mysecret HS_UAMSECRET=uamsecret HS_UAMFORMAT=https://\$HS_UAMLISTEN/hotspotlogin/hotspotlogin.php HS_UAMHOMEPAGE=https://\$HS_UAMLISTEN

Then don't forget to enable CoovaChilli to start in /etc/default/chilli


Maybe you need to execute chilli and radius server with some debug options to see "errors" during client connection:

chilli --fg --debug freeradius -X

Few links we created:

  • - sign up page (if you don't have username/password)
  • - use for login to your portal
  • - daloradius admin page
  • - phpmyadmin page (useful for sql database)

This how-to describe simple configuration of CoovaChilli so there are many things to configure. I didn't mentioned anything about security - so it's up to you to tweak it yourself.

You can find additional info on this web page:

Engoy... ;-)

Share this

Related Posts

Next Post »