G-4100 802.11g Wireless Hot Spot Gateway with Printer

- Coffee shops and restaurants deploying a zero-configuration WLAN so that users do not need to change any settings

- Providing Hotspot service with minimal maintenance cost and no administration effort

- System integrators providing quick and easy deployment of Internet access and E-mail service in coffee shops, restaurants, and hotels

- Wireless ISP providing instant Plug-and-Play WLAN access controller for Hot-spot service.

- Hot-spot service providers looking for a one-stop-shop Internet service with embedded billing mechanism and printer

Benefits

Hot-spot Service IP Plug-and-Play User Authentication and Accounting Flexible embedded Billing Profile Walled Garden Advertisement URL Link Portal Page Re-direction Login Page Re-direction Outgoing SMTP Server Re-direction Web-based User Authentication by SSL security Wireless LAN Security 64/128 bit WEP Wi-Fi Protected Access ( WPA ) MAC Address Filtering VPN pass-through SSL Login and Administration Block Intra-BSS Traffic ( Layer 2 Isolation ) Network NAT ( RFC 1631 ) DHCP Client / Server / Relay DDNS PPPoE Client PPTP Client Network Time Protocol Advanced Applications Embedded User Database LAN Device Management LAN Device Status Monitoring Syslog Default printer ( SP-200 ) support Block Intra-BSS Traffic Power over Ethernet Standard Compliant Detachable Antenna System Management Web GUI Firmware Upgrade (WebGUI, TFTP) SMC >> http://mariklikdisini.com/blog/index.php/tutorial/membangun-wi-fi-hotspot.html

WIFI HOTSPOT

A How To for DD-WRT, FreeRadius and Chillispot.

Creating a Wi-Fi Internet hotspot service from scratch can seem like a daunting task. I had many sleepless nights trying to get to grips with FreeRadius, DD-WRT, Chillispot etc. I hope that this How To helps you to avoid some of the problems I encountered along the way.

Regards Sean Bracken

********Warning ********

Following these instructions may invalidate your Linksys warranty. You do so at your own risk. These instructions assume that you have an understanding of Linux, PHP MySQL and Apache. If you brick your AP you might get it back by holding down the reset pin for 20 seconds, unplug the power while still holding down the reset button for another 20 seconds and then plugging the power back in while still keeping the reset button held in for a further 20 seconds. This should bring it back to the defaults of whatever firmware you have installed. You should be able to login to 192.168.1.1

*******End of Warning********

Feel free to copy or use this information in any way you like.

What you will need:-

a) DD-WRT
Download the latest version here http://dd-wrt.com

b) FreeRadius
Download the latest version here http://freeradius.org/

c) phpMyPrepaid
Download the latest version here http://sourceforge.net


d) Linsys WRT54GL AP

e) You will also need PHP, Apache, MySQL amd MySql Delopment Modules,(These need to be setup first.) some patience, plenty of coffee and cigarettes.

Step 1 DD-WRT/Chillispot Configuration

Configure the WRT-54G with the standard Linksys software and the use the upgrade firmware module to install the dd-wrt package on the AP.
*******IMPORTANT******* Use your cable connection to do the upgrade. NOT the wireless connection.
Reboot the AP and login to your new firmare.
Set Dynamic configuration DHCP
Disable DHCP (Chillispot will manage DHCP for your clients.)
Change the Local IP of the AP to 192.168.10.1.
Set your gateway and DNS addresses.
Update changes and log back in to the new IP address.

Go to the administration page.
Enable Chillispot
Enter the IP address of your Radius server.
Enter the DNS.
Enter the redirect URL eg HTTPS://123.123.123.123/cgi-bin/hotspotlogin.cgi/ (MAke sure that the address ends in / and is https.)
Enter a shared key. (This can be anything you like, but keep a note of it you will need it later.)
Set DHCP Interface to Lan+Wlan
Enter a NAS id (Your name for your AP)
Enter a UAM secret (This is the password that Chilli will use to talk to hotspotlogin.cgi)
Save your settings and reboot the AP. Please give the AP about 10 minutes to reboot and initialise all the new services.

Step 2 FreeRadius Configuration.

Untar the FreeRadius tar file and enter its directory.
Type ./configure --with-experimental-modules
make
login as root and type make install
When this is finished copy the radiusd.conf file that you downloaded earlier to /usr/local/etc/raddb/
You should not need to edit radiusd.conf
Edit /usr/local/etc/raddb/sql.conf and in the SQL section make these changes.

# Database type
# Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
# rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds
driver = "rlm_sql_mysql"

# Connect info

server = "localhost"

login = "yourlogin"

password = "your password"

# Database table configuration
radius_db = "radius"


Edit the /usr/local/etc/raddb/clients.conf file and enter the details of your NAS (AP)

client xxx.xxx.xxx.xxx { (This is the address of your NAS or WRT54G )
secret = xxxxxxx (The secret you entered in the Chilli Config)
shortname = private-network-9 (This can be any name)
nastype = other
( If you want to set up several AP's with one secret the IP address above should be 0.0.0.0/0 )
}


Step 3 hotspotlogin.cgi
Copy hotspotlogin.cgi from http://chillispot.org to /var/www/cgi-bin

Edit the file and change the secret to the UAM secret that you entered in the Chillispot configuration on the WRT54G.

You can also use a php script. It is not as secure as the cgi script but easier to personalise. If you want a copy email me at sean@swarmhotspots.com

Step 4 phpMyPrepaid and MySQL

Extract the phpMyPrepaid file to a directory on your webserver eg /var/www/html/myprepaid
Create a MySQL database called radius and create a user and password for it. Use a script called db_mysql.db that you will find in the phpMyPrepaid download to create the database tables.
Edit the dbconnect.php file in the phpMyPrepaid directory and enter the username and password for your MySQL radius database. IMPORTANT Save this file behind your web directory or your passwords will be easy to hack.
Edit config.inc.php and change the line that points to dbconnect to wherever you have saved dbconnect.php
In your web browser got to http://yoursite.com/whereveryouputphpmyprepaid/ and create some tickets. Check your database to see if the users have been setup in radcheck. Launch FreeRadius as root with this command radiusd -xxyx -l stdout. Pick a user and password from your database and try to login from a wireless client. If you can then it is time for step 5. If not go back to step 1 and check everything.

Step 5 Have a cup of coffee and unwind. If all is well you have finished. I'll keep an eye on this post and do my best to help anyone with problems.

I have setup a free Radius test area for people that have no access to a Radius server. You can use this service to test your Chillispot configuration. The address is http://swarmhotspots.com/Chilli-Test-Area

I would welcome any feedback from this article and will do all I can to help any of you with problems.

sean@swarmhotspots.com

linksys as ethernet bridge

So how do you do it ? Here's the list of steps - you should be doing these steps (except step 1) from a PC attached to the wrt54g (e.g. PC-2 in my setup). Physically attaching a PC to the wrt54g is required only for this initial set up phase, because we need to login and set up the various options. Note that this doesn't require any changes to your main router's configuration, so it's quite safe with regard to not messing up your current networks' setup.

1. Download the "wrt54g alchemy firmware" (google this, or go here) version 6rc5 from the internet (it is the only one compatible with the new models wrt54g V2.2 & wrt54gs V1.1).
2. Upload the firmware to the wrt54g via the "Administration->Firmware Upgrade" option in the router's web interface.
3. Reset the device (press reset button until power led flashes - this could take 20 seconds or more). In the following steps, leave all settings which are not mentioned in the description at their default (only change the ones specifically mentioned in the step).

Note: We will use addresses that end in 128-255 for the wrt54g router and it's attached PCs. To make sure there is no overlap in the addresses assigned by the two routers, we have to make sure that your main router only assign addresses below 128 to its own clients. For example, if your main router address is 192.168.0.1, its DHCP address range could be 192.168.0.50 - 192.168.0.120. Another important note regarding the main router: some routers allow you to disable the broadcast of the SSID, but for this setup to work properly the SSID broadcast MUST BE ENABLED (which is usually the default behavior).

4a. In "Setup::Basic setup" screen, set Internet Connection Type to "Auotomatic Configuration - DHCP".
4b. Set the local IP to 192.168.0.129, assuming your main router is 192.168.0.x (in general, if your main router is a.b.c.d set the wrt54g to a.b.c.129).
4c. Set the Subnet Mask to 255.255.255.128.
4d. Set the "Gateway" to the IP address of your main router (e.g. 192.168.0.1).
4e. Set the DHCP Server to Enabled, and starting IP Address to something above 129 (e.g. 140).
4f. Save the settings on this page. You should reboot the attached PC, since the subnet mask has changed. Note: from now on you have to use the new local IP you set in step 4b (e.g. http:// 192.168.0.129) to connect to the router from your PC.

5. In "Setup::Advanced Routing" screen, make sure operating mode is "Gateway".

6. In "Wireless::Basic Settings" screen, set Wireless mode to "Client", wireless network mode to "mixed", and SSID to your main wireless router's SSID.

7. In "Wireless::Security" screen, set yor WEP/WPA settings which match the main wireless router. You should now be connected to the main wireless router. Note: if you have MAC filtering set up on the main router (which allows only specific clients to connect), then obviously you have to add the client router to the list of allowed clients.
To verify that you've established a connection to the main router, you can check the "Status::Router" screen, which should show an IP Address assigned by the main router (which would end with a number below 128), and the "Status::Wireless" page should show the AP Signal strength together with the mac address of the main router. Also you should now be able to ping the main router and even log in to it (using h ttp://192.168.0.1) from the PC attached to the client router (the wrt54g).

8. In "Security::Firewall" screen, disable firewall protection, as this subnet is already behind your main router's firewall. Also make sure that "Block Anonymous Internet Requests" is unchecked.

9. In "Administration::Management" screen, you can leave all settings at their default. You may want to enable remote management and Telnet or SSHD, especially if you want to be able to log in to the wrt54g from a computer which is not directly attached to it.

10. To enable PCs attached to the main router to be able connect to PCs attached to the wrt54g: Login into the wrt54g using telnel or ssh by running the command "telnet 192.168.0.129" and use same root/passwd as for the web interface. Then type this command (copy it exactly):

# echo 1 > /proc/sys/net/ipv4/conf/`route | grep default | awk '{print $NF}'`/proxy_arp

Now you should be able to ping/telnet to any PC attached to the wrt54g from any PC attached to the main router. Btw, this assumes that the subnet mask of the main router is the default 255.255.255.0.

Important note about the last step : The last step (which is an optional step) allows PCs attached to the main router to be able to connect to PCs attached to the client router, by specyfing the IP of the destination PC, for example "telnet 192.168.0.150". But they are still on two different subnets which do not share their broadcast messages, therefore when browsing PCs on the local network you will not automatically see the PCs attached to the other router. But you can always connect to them by explicitly specyfing the IP. Btw, this step was added after the initial posting of this HOWTO and solves a lot of the issues people discussed later in this thread, so don't worry if you read posts in this thread about problems with communicating between PCs attached to different routers. Also note that this proxy_arp setting is not saved in the WRT54G non-volatile memory like all the other settings, so when the router is rebooted (like after a power outage), it will be cleared and you will need to repeat step 10 to set the proxy_arp back on.

--------------------------------------------------------

So in summary, you don't need two wrt54g routers, nor do you need WDS capable routers. A single wrt54g (with the right firmware) can operate as a "client" of any other wireless router, and create a bridge so any device connected to it will be able to access your network and the internet. The above works great for me, even with 3-4 PCs attached to the wrt54g (verified that it works).

LevelOne/ Level1 Network Product and Solution

Design and tech by Germany , manufactured in taiwan.. 1 of the best and reliable product.

FreeNAS Server

Another open source NAS Server (Network-Attached Storage). The software, which is based on FreeBSD, Samba, and PHP

ISO

LiveCD 0.7RC1 i386

RC 1

2009-06-20

Download

VMware

0.69

stable

Thanks to Danmero.

2009-01-27

Download

Manual install
http://www.freenas.org/downloads/docs/user-docs/FreeNAS-SUG.pdf
http://www.freenas.org/index.php?option=com_versions&Itemid=58#Documentation