Ironwifi coovachilli captive portal GL-AR300M

Hi there,
I am trying to setup a cloud captive portal solution with local coovachilli running on GL-AR300M. Cloud portal I am testing with is ironwifi. Ironwifi has generated config and script files as attached, saying to run the script and claim that it “should work”…
At the moment I’ve got the GL-AR300M working well with my desirable firewall rules. Currently all subnets, lan/wan zones and interfaces are as per default the way factory has shipped it. I am worried by running this script provided by ironwifi it will break what’s been working. For a start, I see that they’ve assumed certain IP subnets and interfaces that seem incorrect to me.
Can someone help look through these scripts and config file to confirm they are ok to go? scripts and configs are below.
Failing above, what is my alternative - another way to enable a simple straight forward captive portal on GL-AR300M?

Thank you


Script file: (PS: where it says URL were originally actual URLs, masked)

#!/bin/sh /etc/rc.common

- init script for chilli -

START=60
STOP=90

NAME=chilli
RUN_D=/var/run
CMDSOCK=$RUN_D/$NAME.sock
PIDFILE=$RUN_D/$NAME.pid

option_cb() { [ -n “$2” ] && echo “HS_$(echo $1|tr ‘a-z’ ‘A-Z’)="$2"” | sed ‘s/$/\$/g’; }
config_load hotspot > /etc/chilli/config

. /etc/chilli/functions

start() {
case ${hs_type:-$HS_TYPE} in
facebook)
HS_PROVIDER=Coova
HS_UAMSERVER=“URL”
HS_UAMHOMEPAGE=“URL”
HS_UAMFORMAT=“URL”
HS_UAMSERVICE=“URL”
HS_UAMDOMAINS=${HS_UAMDOMAINS:+“$HS_UAMDOMAINS,.URL”}
HS_UAMDOMAINS=${HS_UAMDOMAINS:-“.URLt”}
HS_RADIUS=“URL”
HS_RADIUS2=“URL”
HS_RADAUTH=“1812”
HS_RADACCT=“1813”
HS_RADCONF=“off”
HS_UAMSECRET=
;;
internal)
HS_PROVIDER=Coova
HS_USELOCALUSERS=“on”
HS_MACAUTHMODE=“local”

HS_UAMSERVER=“URL”

        HS_UAMSERVER=$HS_UAMLISTEN
        HS_UAMHOMEPAGE="http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html"
        HS_RADCONF="off"
        HS_LOCAL="on"
        HS_UAMUIPORT=3442

(grep -v $HS_UAMSERVER /etc/hosts; echo “$HS_UAMLISTEN $HS_UAMSERVER”)>/tmp/hosts

grep $HS_UAMSERVER /tmp/hosts >/dev/null && mv /tmp/hosts /etc/hosts

        case ${hs_reg_proto:-$HS_REG_PROTO} in
            http) HS_LOCAL_PROTO="http";  HS_LOCAL_PORT="3442" ;;
            *)    HS_LOCAL_PROTO="https"; HS_LOCAL_PORT="3443" ;;
        esac
        case ${hs_reg_mode:-$HS_REG_MODE} in
            tos) page="tos" ;;
            *) page="login" ;;
        esac
        HS_UAMFORMAT="$HS_LOCAL_PROTO://\$HS_UAMSERVER:$HS_LOCAL_PORT/www/$page.chi"
        ;;
    *chilli*)
        ;;
    *)
        echo "Not running hotspot"
        exit
        ;;
esac

HS_SSID=$(wl status|grep ‘^SSID:’|awk ‘{print $2}’|sed s/"//g)

HS_NASMAC=$(grep perm_etheraddr /proc/net/wl0|awk ‘{print toupper($2)}’|sed s/:/-/g|head -n1)

HS_WANIF=$(nvram get wan_ifname)

HS_NASIP=${HS_WANIF:+$(ifconfig $HS_WANIF 2>/dev/null|grep ‘inet addr’|awk -F: ‘{print $2}’|awk ‘{print $1}’)}

HS_DNS_DOMAIN=${HS_DNS_DOMAIN:-cap.coova.org}
HS_DNS1=${HS_DNS1:-$HS_UAMLISTEN}
HS_DNS2=${HS_DNS2:-$HS_NASIP}
HS_NASID=${HS_NASID:-$HS_NASMAC}
HS_MACAUTHMODE=${HS_MACAUTHMODE:-local}
HS_USELOCALUSERS=${HS_USELOCALUSERS:-off}
HS_PROXY_TYPE=${HS_PROXY_TYPE:-none}
HS_RADCONF_URL=${HS_RADCONF_URL:-URL}
HS_CFRAME_URL=${HS_CFRAME_URL:-URL}
HS_CFRAME_SZ=${HS_CFRAME_SZ:-100}
HS_DEFSESSIONTIMEOUT=${HS_DEFSESSIONTIMEOUT:-0}
HS_DEFIDLETIMEOUT=${HS_DEFIDLETIMEOUT:-0}
HS_DEFINTERIMINTERVAL=${HS_DEFINTERIMINTERVAL:-300}
HS_LAN_ACCESS=${HS_LAN_ACCESS:-deny}
HS_CFRAME_POS=${HS_CFRAME_POS:-top}
HS_PROVIDER=${HS_PROVIDER:-Coova}
HS_PROVIDER_LINK=${HS_PROVIDER_LINK:-URL}
HS_LOC_NAME=${HS_LOC_NAME:-My HotSpot}
HS_LOC_NETWORK=${HS_LOC_NETWORK:-Coova}
HS_OPENIDAUTH=${HS_OPENIDAUTH:-off}
HS_ANYIP=${HS_ANYIP:-off}

[ -z "$HS_LANIF" ] && {
    [ -e /tmp/device.hotspot ] && {
        stop
    }
    HS_LANIF=$(wlanconfig ath create wlandev wifi0 wlanmode ap)
    for i in 0 1 2 3 4; do ifconfig ath$i mtu 1500; done 2>/dev/null
    echo $HS_LANIF > /tmp/device.hotspot
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    iwconfig $HS_LANIF essid ${HS_SSID:-Coova} 2>/dev/null
}

writeconfig
radiusconfig

(crontab -l 2>&- | grep -v $0

echo “*/10 * * * * $0 checkrunning”

test ${HS_ADMINTERVAL:-0} -gt 0 && echo “*/$HS_ADMINTERVAL * * * * $0 radconfig”

test ${HS_CHECKARP:-0} -gt 0 && echo “*/$HS_CHECKARP * * * * $0 arping”

) | crontab - 2>&-

[ -d $RUN_D ] || mkdir -p $RUN_D

/sbin/insmod tun >&- 2>&-
/usr/sbin/chilli

}

stop() {
[ -f $PIDFILE ] && kill $(cat $PIDFILE)

crontab -l 2>&- | grep -v $0 | crontab -

rm -f $PIDFILE $LKFILE $CMDSOCK 2>/dev/null
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
wlanconfig $(cat /tmp/device.hotspot) destroy
rm /tmp/device.hotspot

}


Config file:

HS_WANIF=eth1 # WAN Interface toward the Internet
HS_LANIF=wlan0 # Subscriber Interface for client devices
HS_NETWORK=192.168.15.0 # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0 # HotSpot Network Netmask
HS_UAMLISTEN=192.168.15.1 # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990 # HotSpot UAM “UI” Port (on subscriber network, for embedded portal)

HS_DNS1=8.8.8.8
HS_DNS2=8.8.4.4

HS_NASID=nas01
HS_RADIUS=35.197.133.220
HS_RADIUS2=35.197.133.220
HS_RADSECRET=“pVPNyw5M9HEYYYToXiI3” # Set to be your RADIUS shared secret
HS_RADAUTH=7227
HS_RADACCT=7228

HS_UAMALLOW=URL
HS_UAMSECRET=“pVPNyw5M9EYUYToXiI3” # Set to be your UAM secret
HS_UAMALIASNAME=chilli

HS_UAMSERVER=$HS_UAMLISTEN
HS_UAMFORMAT=URL
HS_UAMHOMEPAGE=URL

HS_ANYIP=on # Allow any IP address on subscriber LAN
HS_MODE=hotspot
HS_TYPE=chillispot
HS_WWWDIR=/etc/chilli/www
HS_WWWBIN=/etc/chilli/wwwsh

HS_PROVIDER=Coova
HS_PROVIDER_LINK=URL
HS_LOC_NAME=“My HotSpot” # WISPr Location Name and used in portal


I did a few custom hotspot systems using coova-chilli. So, first of all, be warned: Correct config of coova is almost Black Magic. To start the steep learning curve, you should first do a coova install on a standard LINUX system. When you master this one, you will be challenged by openwrts firewall, which I always disable when running coova, and openwrt configation using uci, which I also disable, and use standard config files instead, very similar to LINUX config.

If you want a simple straightforward captive portal you should try Nodogsplash.
I would recommend reflashing with standard OpenWrt/LEDE:
https://downloads.lede-project.org/releases/17.01.4/targets/ar71xx/generic/lede-17.01.4-ar71xx-generic-gl-ar300m-squashfs-sysupgrade.bin

You can then install an up to date NodogSplash package.

Thanks for your comment on the Black Magic :sweat_smile: that is a reason I feel nervous when I read their config file. I will do more research and circle back on this later.

Thank you for your recommendation. Do you know if I can use Nodogsplash with external cloud platform like ironwifi or purplewifi etc so i can manage a large number of devices across different places from a centralised console? I’d like to keep the gating function on AP simple, i.e. just see some T&C and proceed, but need more sophistication in the large scale management aspect.

For a commercial system, you should check, whether nodogsplash supports (free-)radius. To limit connection speed, amount of download traffic etc.
I am available as freelancer for the firmware. Have a look at wifibus.com.mx, as example.

Nodogsplash is a captive portal engine not a full suite. It comes with its own Forward Authentication Service which allows any api to be used for user management either local or remote.
So if your management solution of choice has an API then it can most likely be used to build your own custom solution.

We supply firmware for the AR300Mx for a dedicated captive portal with cloud storage. You can read details on our web site: