(RADIATOR) CoovaAP and Radiator

[Mike McCauley]

Hi All,

we have just finished successfully testing the CoovaAP hotspot against 
Radiator. CoovaAP is a very interesting open source product, and we offer 
this brief report for those who are interested in hotspots and captive 
portals, especially with RADIUS authentication:


CoovaAP is a self contained RADIUS capable Wireless Access Point and captive
portal. It consists of new firmware for a Linksys WRT54G wireless access
point, which replaces the standard Linksys firmware with the open source Linux
based OpenWRT and CoovaChilli software. CoovaChilli is the captive portal
software that runs under OpenWRT, and which can be configured to force
wireless users to authenticate via RADIUS before they can get access to the
internet. It includes easy web configuration, ssh access and more.

CoovaAP and installation instructions are available from http://coova.org/
CoovaChilli project has taken over from the original ChilliSpot project, which
is now defunct.

The Linksys WRT54G is an inexpensive 802.11b/g wireless access point and
router. On the back are 4 ethernet ports labelled 1 to 4: (CoovaAP calls these
the LAN ports), and another ethernet port labelled 'Internet' (CoovaAP calls
this the WAN).

CoovaAP is extensively configurable to cover many types of requirements.  We
tested CoovaAP 1.0-beta.7d with Radiator by configuring it as an 'Internal
Hotspot'. In this configuration, end user wireless clients can connect to the
open wireless network. When they first attempt to access an internet page,
CoovaAP redirects them to a login web page. The user enters a username
and password, which is passed to an internal CoovaChilli server, which in turn
authenticates against an external Radiator RADIUS server connected on the WAN
side the CoovaAP. If the authentication succeeds, the user then gets access to
the internet on the WAN side of the AP (the WAN port was connected to a
network that had Internet access through a gateway)

In this configuration, the CoovaChilli software runs within the CoovaAP access
point, and CoovaChilli connects authenticate from the external RADIUS
server. It is possible to configure it to authenticate to an external
CoovaChilli server, which in turn may configure via RADIUS or some other
way. Many other options are possible, but we will not discuss them.

CoovaAP was configured to have a static IP address on the WAN side, and was
configured to authenticate from a RADIUS server address which was on the WAN
side. The Wireless side was configured to do DHCP address allocation for
wireless clients. LAN side access was disabled.

The result was a simple, secure internet access hotspot which only permitted
access by users who appeared in the Radiator user database.

The Radiator configuration is very simple. CoovaAP has no special
authentication requirements. It does CHAP authentication. We used the
goodies/simple.cfg like this:
perl radiusd -config goodies/simple.cfg


-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.