yfi_setup_nas_coovaAP_VPN

Coova AP through pptp tunnel

Introduction

• Coova Chilli offers firmware that you can flush certain APs (Access Points) with which will turn it into a Hotspot.

• You can configure this AP to also be a pptp client. This makes it ideal in situations where the RADIUS server contacted by Coova Chilli requires a known IP.

• This section will discuss how to configure the Coova Chilli AP for this scenario.

---

Key Facts

• Important points to remember.

• The Firmware's UAM Port is by default on 3660, but when you compile the CoovaChilli package yourself it is on 3990.

UAM Port
3660

COA Port
3799

---

Prerequisites

• It is assumed that you already have an AP flushed with CoovaAP firmware.

• You can grab the firmware here: Download CoovaAP Firmware

---

Add a NAS device to YFi Hotspot Manager

• Start by adding a new NAS device. ( Realms & Providers -> Nas Devices ).
• On the right-hand side of the Nas Devices tab, choose Add VPN connected NAS.
• The dialog box which pops up will automaticaaly populate the next IP address for you. Supply the rest and click Save.
• To view the detail of the pptp client, click on the newly added NAS device, select Edit Selected on the right-hand side. The info will be under the Optional Info sub-tab of the selected devices tab.

---

Define the pptp client in CoovaAP

• Log on to the CoovaAP, select Network -> pptp.
• You may have to install the pptp client package so ensure that you have an Internet connection
• See the following screenshot making use of a pptpd server with IP 196.200.200.200 and DNS name yfi.co.za and the info of the VPN connected NAS defined with YFi Hotspot Manager.
• The IP 196.200.200.200 will be the public routable IP of the server where YFi Hotspot Manager, pptpd and FreeRADIUS is installed.
• The Server IP specified itn the PPTP Client Detail (10.20.30.1) in YFi Hotspot Manager is for information and troubleshooting purposes.(It will be the other side of the point to point connction that gets set up between the CoovaAP and the YFi Server.)

• You can verify that the tunnel is up by rebooting the CoovaAP and then navigate to the Status -> PPTP page.

---

Additional changes to CoovaAP

Background

• The CoovaChilli Acces Controller has a feature that allows one to send it a Packet Of Disconnect (POD) if you fancy to disconnect a specific individual.
• The default setup on CoovaAP disables it by default.
• The default setup on CoovaAP does not report the pptp interface as to one connecting the FreeRADIUS server when reporting accounting info.
• To overcome this two problems we need to tweak two places.

• Connect to the coovaAP through ssh and do the following:

• Edit /etc/chilli/config and add the following line:

  HS_NASIP=`ifconfig ppp0 2>/dev/null|grep 'inet addr'|awk -F: '{print $2}'|awk '{print $1}'`
  

• This will cause CoovaChilli Access Controller to report the correct IP when connected via pptp.

• Edit /etc/chilli/functions to include the coaport option - See the following exert

  # Application walled garden entries:
  [ "$HS_USE_MAP" = "on" ] && addconfig1 "uamdomain .google.com"
  
  (cat <<EOF
  

  THIS FILE IS AUTOMATICALLY GENERATED

  coaport="3799"
  cmdsocket $CMDSOCK
  pidfile $PIDFILE
  net $HS_NETWORK/$HS_NETMASK
  uamlisten $HS_UAMLISTEN
  uamport $HS_UAMPORT

• This will enable the POD functionallity allowing disconnection requests only from the FreeRADIUS server which the CoovaChilli Access Controller is making use of.

---

Conclusion

• This ends the pptp specific setup on the CoovaAP. The rest of the configuration is the same as the CoovaAP configuration.