Owning Authpuppy server - The DD-WRT side
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AuthPuppy |
New
|
Undecided
|
Unassigned |
Bug Description
First, i labeled it as a bug, but in fact, this is the only way for me to published it to many more peoples here.
Having Authpuppy server working with DD-WRT is pretty simple. But if there one of the basic facts missing, nothing will work and there will no easy way out.
It is not the more secured plan but it is certainly one of the most effective as i experienced until now. As i see it now i didn't expect to write as many lines as there is now, but each lines mean something to be explained.
So how it is done ...
First : The Authpuppy server configuration.
For the purpose of this example, i'll use wifi network cards and i'll use the acronym "WNC" to talk about it. Yes there are WLAN# and ETH# words used for these instances but it may be confusing sometimes, so i'll go on with WNC. Everything is made under Ubuntu, as long as Debian is painful and far from being ready to work with these long time used WNC whatever the brand is.
I'll use the acronym "AP" to talk about Access Points, gateway, routers running DD-WRT firmwares. And i'll use the acronym "ASE" to talk about a proprietary authpuppy server, meaning a server that someone owned.
As much we have nodes, as much we have AP. As much we have nodes, as much we have WNC. I assumed that the ASE is up and running. We have to add new nodes to finish the work and having this same ASE accessible and fully running.
First, each newer node will have a separated unique gw id. Gw id is the most important part of the ASE node's configuration A gw id is used to make a link with a WNC. Assuming that a WNC is already connect and recognizable by the OS (Ubuntu), in the OS Network Configuration we have to get and copy the mac address of the given WNC. A mac address is a unique hardware signature, it is made of hexadecimal numbers separated with ":" (for example 00:1E:2I:25:5D:9C is a unique mac address).
Now, this mac address will be the Gw id of the newly made node. For example, one of my WNC is a Ubiquiti Wifistation-ext usb network card. This card is part of my actual pc server , and i use it for a specific node. In the network configuration of Ubuntu, i got his mac address from the "network config". I copy it and paste it in the gw id part of my first node. Filling up the necessary fields of this newly made node is easy, it is not necessary to explain it here.
For the moment that's all we need to do in the Authpuppy server configuration.
=====>>But i'll get back later with a further OS Network configuration of the WNC
Second : The AP configuration.
As i said before this sample is based on DD-WRT firmware. These firmwares are mostly free, and in the www.dd-wrt.com website , there is a router database section where we can download a firmware specifically made for our own AP. Everything's explain on this site on how to flash a router with these specifics firmwares.
Getting in the DD-WRT firmware configuration, there's is a service tab, leading to the Hotspot tab, and finally to the wifidog configuration section of our AP. You'll noticed that there is also a gw id item among those parts of this section. The same Gwid used in the APS node config will be used in this field. For all the other fields here's what we'll have :
Web Server Name : Any words can be written here as long as they do not have special characters.
Port : 2060
Max Users : 10
Check Interval (in sec.) : 60
Client Timeout : 5
Trusted MAC List : Leave this field empty (blank).
====>> AuthServer Hostname : Very important. This will be explained later for the moment leave it empty.
AuthServer SSL Available : Disabled
AuthServer HTTP Port : 80
AuthServer Path : /
HTTP Server Authentication Support : Disabled
HTML Message File for Wifidog : Leave this field empty (blank)
Firewall Ruleset : Leave this fields empty.
(This sample configuration above may change on how must be the purpose of your needs)
Third : The OS configuration.
Remember the "further OS Network configuration" noticed above as something to be configured. That's where we are now. Each node stand for a single network. A network is designed by having is own local ip address, a gateway address (who is in fact the local ip address of the AP), and a broadcast address (that's not necessary to understand here). Again i'll explained it with an example.
My first AP have a 192.168.10.1 gateway address, and a subnet mask defined has 255.255.255.0 (that's the default subnet mask by the way). Network knowledge are necessary to understand this part. So, knowing that my AP have these addresses, we already know that the network address of this AP will be 192.168.10.0. My gateway will be able to have a maximum range of 253 hosts (PC, Smartphone, laptop, etc) from 192.168.10.2 to 192.168.10.254. These lines were written in a pure knowledge purpose, it is not necessary to understand all these concepts.
What's important to know, is that my WNC will be link to this specific AP. And as necessary his mac adress is, explained above, it need also a single network address. So all the communications between my AP and my WNC wil be made on a single local address. For this example, i'll use 192.168.10.125 standing for this "communication channel" between my AP and my SERVER. (Notice that on some router we have to make sure that local ip reservation must be made but it remain a simple notice here).
In my OS (Ubuntu here) i have to change the network configuration of my WNC, to manually assigned a local ip address. In my case, it is 192.168.10.125. As long as my WNC will be used to have a link between my AP and my server, this address will always be the same for this WNC. In the network configuration of my WNC, i'll change the automatic option, by manual option, and i'll use these parameters :
Network address : 192.168.10.125
Subnet mask : 255.255.255.0
Gateway address : 192.168.10.1 (the adress of my ap)
DNS adress : 192.168.10.1
Now my network card is configured and ready to be used by my APS. One thing remain :
====>> AuthServer Hostname as i mention earlier.
In the wifidog configuration of my ap, i have to assigned the AuthServer Hostname as : 192.168.10.125. That was the remaining point of the wifidog configuration of my AP.
From now on, my AP will established a link with my authpuppy server first node. I forgot to mention that my AP must have a SSID (in the wifi configuration parameters of DD-WRT and the security must be set to none). This SSID will be used for the customers to link to my hotspot.
Finally every nodes stand for a network. I have two nodes on my server. The first, as i take it for example here, is made for a 192.168.10.0/24 network while the other stands for 192.168.20.0/24. The third one who is on progress now will stand for a 10.0.100.0/8 network (a classfull "A" network). Each node have his own network card link to his own AP. The process to made them up and running is as it is explained before.
I'll get back later with Ubiquiti devices.
est ce que en fait ce message est la doc que je t'ai demandé ?
tu peux me l'envoyer directement stp, on corrigera et postera ça sur le wiki
mais il y a une petite erreur dans ta compréhension
terminologie authpuppy :
- 1 node, c'est un point d'accès avec wifidog installé dessus et par défaut
son ID (GWID dans wifidog.conf) c'est son adresse mac.
tu n'a pas besoin de modifier quoi que ce soit dans wifidog.conf pour que
le gwid soit reconnu. si tu met la valeur par défaut, wifidog va
communiquer l ádresse mac du node à authpuppy, et autpuppy l'enregistrera
dans la fenetre de configuration du node (dans manage node)
- carte reseau WiFi, c'est un client. un usager qui se connecte sur un
point d'accès. Donc 1 carte réseau WiFi ce n'est pas un node
pour le reste, pas trop le temps de lire, mais je ne peux pas accéder à ton
serveur depuis 2 semaines.
Fais fonctionner ça et on progressera, ensuite je testerai les images que
tu m'as envoyé. je pourrais même t'en faire si t'es patient
Cordialement
Jackson JOSEPH-EUGENE
Coordinateur technique et des bénévoles Ile Sans Fil
2012/8/27 Andrei <email address hidden>
> Public bug reported:
>
> First, i labeled it as a bug, but in fact, this is the only way for me
> to published it to many more peoples here.
>
> Having Authpuppy server working with DD-WRT is pretty simple. But if
> there one of the basic facts missing, nothing will work and there will
> no easy way out.
>
> It is not the more secured plan but it is certainly one of the most
> effective as i experienced until now. As i see it now i didn't expect to
> write as many lines as there is now, but each lines mean something to be
> explained.
>
> So how it is done ...
>
> First : The Authpuppy server configuration.
>
> For the purpose of this example, i'll use wifi network cards and i'll
> use the acronym "WNC" to talk about it. Yes there are WLAN# and ETH#
> words used for these instances but it may be confusing sometimes, so
> i'll go on with WNC. Everything is made under Ubuntu, as long as Debian
> is painful and far from being ready to work with these long time used
> WNC whatever the brand is.
>
> I'll use the acronym "AP" to talk about Access Points, gateway, routers
> running DD-WRT firmwares. And i'll use the acronym "ASE" to talk about a
> proprietary authpuppy server, meaning a server that someone owned.
>
> As much we have nodes, as much we have AP. As much we have nodes, as
> much we have WNC. I assumed that the ASE is up and running. We have to
> add new nodes to finish the work and having this same ASE accessible and
> fully running.
>
> First, each newer node will have a separated unique gw id. Gw id is the
> most important part of the ASE node's configuration A gw id is used to
> make a link with a WNC. Assuming that a WNC is already connect and
> recognizable by the OS (Ubuntu), in the OS Network Configuration we have
> to get and copy the mac address of the given WNC. A mac address is a
> unique hardware signature, it is made of hexadecimal numbers separated
> with ":" (for example 00:1E:2I:25:5D:9C is a unique mac address).
>
> Now, this mac address will be the Gw id of the newly made node. For
> example, one of my...