YFi Hotspot Manager Wiki
Brought to you by:
dvdwalt
Menu
▾
▴
yfi_setup_nas_PicoStation2
Anonymous
PicoStation2
Introduction
Ubiquity is a supplier of WiFi equipment who is gaining popularity by the hour
This page will discuss how to configure CoovaChilli on their PicoStation2 product.
Warning
-
This procedure involves flashing Third Party Software (OpenWrt) into the PicoStation2. This may damage the device and void the warranty.
-
Some of the PicoStation2 devices seems to have a hardware bug, where it does not boot in a proper state after a power failure or soft reboot.
-
Please check with your supplier before buying large quantities and later regretting it.
-
This issue has been reported on the Ubiquity forums. ( http://www.ubnt.com/forum/showthread.php?t=10522 )
- This document is very new - there will be changes and improvements to it.
Flashing OpenWrt on the PicoStation2
This can initially be done two ways. Once the device runs OpenWrt, you can only use the tftp method.
Getting the OpenWrt firmware
- OpenWrt is a totally free Open Source firmware which runs on many different hardware.
- Unlike DDWrt which you have to pay for to get firmware that is compiled to run on certain hardware (The PicoStation2 included), OpenWrt can be compiled yourself and modified to your liking.
- The folks at OpenWrt saved us the hassle of compiling firmware for the PicoStation2 by supplying a ready to flash firmware which we can download.
- You can grab the openwrt-atheros-ubnt2-pico2-squashfs.bin file from this URL http://downloads.openwrt.org/kamikaze/8.09.1/atheros/
- Ensure you are using the latest releas of Kamikaze. As of this writing, it is at version 8.09.1
AirOS
- The PicoStation2 comes installed with Ubiquity firmware called AirOS.
- Connect the PicoStation2 through the supplied POE injector to an existing network. (Ensure that this network does not have a host on the IP 192.168.1.20.)
- Ensure the PicoStation2 is cleared to factory defaults. A reset micro switch is next to the RJ45 Socket on the PicoStation2 unit.
- Change the IP address of the workstation to which you downloaded the OpenWrt firmware to be on the same subnet as the PicoStation2 (EG 192.168.1.100)
- See if you can connect to the PicoStation2 by pointing your browser to: http://192.168.1.20
- Flash the OpenWrt firmware onto the PicoStation2. When you select the firmware file, the web interface will warn you that you are about to install non-standard firmware and will give more detail on the build of the OpenWrt firmware. Click OK to continue.
- The flash process will take approximately 4 minutes. During that time the LEDs on the PicoStation2 will flash different colours and also different levels as it completes the flashing process.
- When it is complete only the bottom LED (Power) will be lit, with the one just above it (Network traffic) flickering indication network activity.
- Power cycle the PicoStation2 by removing the LAN cable and plugging it back again.
- Wait for about a minute and try and ping the !Picostation2 on the IP 192.168.1.1. Please not that this IP is different from the default PicoStation2 firmware's IP which is 192.168.1.20.
- Create a root password on the device.
- Telnet the device IP.
- Set the root password.
- Reboot the device, this will start a sshd server. You can log in via ssh with the password supplied in the previous step.
TFTP
Background
Ubiquity makes use of the RedBoot bootloader. This is a proper boot loader and very powerful.
It was initially developed by RedHat.
Using RedBoot makes it virtually impossible to brick your router.
It can be initialized in a way which will start a tftp server on a specified IP address.
This allows us then to dump firmware on the device using a tftp client.
You can do the initial flash or upgrades and reverting back with this method.
Procedure
- This is taken from a page on the Internet: http://www.cs.uic.edu/bin/view/Bits/OpenWrt
- Power cycle the unit and immediately hold the reset button for ~10 seconds until the LEDs glow alternately.
-
TFTP openwrt-atheros-ubnt2-pico2-squashfs.bin to 192.168.1.20 (default IP of the Ubiquity device)
tftp 192.168.1.20 tftp> binary tftp> rexmt 1 tftp> trace tftp> put openwrt-atheros-ubnt2-pico2-squashfs.bin
-
Wait for the image to load on the device.
- This will usually take at least 5 to 10 minutes.
- Once finished, the LEDs should stop glowing alternatively red and orange.
- Once finished, you should be able to get a ping response from 192.168.1.1.
- Create a root password on the device.
- Telnet the device IP.
- Set the root password.
- Reboot the device, this will start a sshd server. You can log in via ssh with the password supplied in the previous step.
Reconfigure the PicoStation2
Default Configuration
- Ethernet and Wireless are bridged
- Start-up scripts creates a bridge called br-lan.
- The IP address of the device gets assigned to the br-lan interface.
- Members of br-lan are eth0 and ath0.
CoovaChilli Configuration
- Remove bridge between eth0 and ath0 interfaces.
- Assign the device's IP address to eth0.
- Assign ath0 VAP (Virtual Access Point) to CoovaChilli.
- This will create a tunnel interface on ath0.
- This tunnel will do NAT on the traffic between eth0 and ath0.
- The Chilli program will be the gatekeeper, deciding which traffic will flow between eth0 and ath0.
Procedure
-
Comment out the bridge option in /etc/config/network.
config interface lan option ifname eth0 # option type bridge option proto static option ipaddr 192.168.1.1 option netmask 255.255.255.0 option gateway 192.168.1.200 option dns 192.168.1.200 -
Activate the wireless in /etc/config/wireless.
# REMOVE THIS LINE TO ENABLE WIFI: #option disabled 1 -
Comment out the line which causes the wireless interface to be added to br-lan in /etc/config/wireless
# option network lan
-
Reboot the unit.
- Ssh into the unit and ensure the IP address of 192.168.1.1 is now assigned to eth0.
Install CoovaChilli
- OpenWrt feature a package management system much like the apt package management in Debian based GNU/Linux systems.
- OpenWrt's package manager is called opkg and configured through the /etc/opkg.conf file.
-
If you go through a proxy server to get to the packages you will have to specify the proxy before opkg will be able to install or list available packages.
-
Add the following line to opkg.conf:
option http_proxy http://proxy.co.za:3128/
-
-
Run the following command to pull a list of the latest packages
opkg update
-
Install the following packages, using opkg install. The dependencies should install automatically.
opkg install coova-chilli
Configure CoovaChilli
We need to configure CoovaChilli' to fit in with the YFi Hotspot Manager Server.
In this section we will assume the YFi Hotspot Manager Server has an IP of 192.168.1.11.
-
Start out by copying /etc/chilli/defaults to /etc/chilli/config
cp /etc/chilli/defaults /etc/chhilli/config
-
Edit the config file and take care to specify the following important variables:
Variable
Value
Comment
HS_LANIF
ath0
This is the first Virtual Access Point Interface
HS_UAMPORT
3990
Watch out for this one, CoovaAP uses 3660. Must also be the same in /var/www/coova_json/uam.php on YFi server
HS_UAMSECRET
greatsecret
Should be the same as specified in /var/www/coova_json/uam.php and /var/www/coova_json/login.php on YFi server
HS_RADIUS
192.168.1.11
Point to RADIUS server running on YFi Hotspot Manager Server
HS_RADIUS2
192.168.1.11
Point to RADIUS server running on YFi Hotspot Manager Server
HS_RADSECRET
Secret
Shared secret between device and RADIUS server
HS_UAMALLOW
www.mydomain.com
Servers which can be acccesed without authentication first
HS_UAMSERVER
192.168.1.11
The server which will be used for UAM requests
HS_UAMHOMEPAGE
http://\$HS_UAMSERVER/coova_json/splash.php
Splash page before log-in
HS_UAMFORMAT
http://\$HS_UAMSERVER/coova_json/hs_land.php
The log-in page
Startup Script
-
The CoovaChilli package that is installed miss a start-up script.
-
You can use the following as a sample.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
#!/bin/sh /etc/rc.common # ============================================ # == Coova Chilli Startup Script ============= # == Hardware: Ubiquity PicoStation2 ========= # == Version: 0.1 ============================ # == Date: 2009-10-22 ======================== # == Author: Dirk van der Walt =============== # ============================================ START=80 STOP=85 . /etc/chilli/functions start() { echo start # commands to launch application /sbin/modprobe tun > /dev/null 2>&1 echo 1 > /proc/sys/net/ipv4/ip_forward writeconfig radiusconfig iptables -F POSTROUTING -t nat iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE ifconfig $HS_LANIF 0.0.0.0 checkrunning } stop() { echo stop killall chilli # commands to kill application } checkrunning(){ check=`/bin/pidof chilli` if [ -z $check ] then echo "Chilli not running" chilli else echo "Chilli runnig PID: "$check fi } -
Create a file called '/etc/init.d/coova' with the above contents.
-
Change it so it can start up upon reboot.
chmod 755 /etc/init.d/coova /etc/init.d/coova enable
-
Disable the dnsmasq service
/etc/init.d/dnsmasq disable
Test everything
- Reboot the unit and see if the Access Point interface hands you a 10.1.0.x IP address.
- Try to connect to the Internet ( Using your browser without a proxy open any www (port 80) web page.
- You should see a splash screen and after a few seconds be redirected to the log-in page.