Easyhotspot 0.

2 Install Guide
This document version is 0.1 and is intended for Easyhotspot version 0.2 though it should be fine
for other versions.
Date: 19
th
August 2009
This document copyright is reative ommons Attribution!"hare Ali#e 2.0 $%: England & 'ales
(icence.
Author and Attribution: (incoln )hipps*
+pen ,utual (td
---.openmutual.net
'ith special than#s to .afee/ul .ahman A-an -ho has developed Easyhotspot.
Table of Contents
1 0nstall +rder......................................................................................................................................1
1.1 "oft-are (ist.............................................................................................................................1
1.2 )hysical net-or# interface cards..............................................................................................1
1.1 Apache2....................................................................................................................................2
1.1.1 hilli ! Avoiding use of "elf!signed certificates...............................................................2
1.2 ,y"3(.....................................................................................................................................2
1.4 5ree.adius................................................................................................................................4
1.4.1 0nitial .adius Database setup............................................................................................4
1.4.2 Easyhotspot Database additions........................................................................................6
1.4.1 .adius Database users.......................................................................................................6
1.4.2 5reeradius Dictionary issues 7hilli"pot attributes8.........................................................9
1.4.4 Defining hilli"pot as a 5ree.adius lient......................................................................9
1.4.6 Telling 5ree.adius to use "3(.........................................................................................:
1.4.9 5ree.adius "3( counter.conf settings needed..................................................................:
1.4.: 5ree.adius doesn;t start < using Debug mode..................................................................9
1.6 hill"pot ! onfiguration.......................................................................................................10
1.6.1 hilli ! 5i=es to allo- disconnections from Easyhotspot >$0.......................................10
1.9 )reliminary lient Testing......................................................................................................11
1.: Easyhotspot "etup...................................................................................................................11
1.:.1 Easyhotspot )atches........................................................................................................11
1.:.2 +btaining and opying Easyhotspot...............................................................................11
1.:.1 ,andatory onfiguration "ettings..................................................................................12
1.:.2 +ther onfiguration "ettings..........................................................................................12
2 +ther ?otes.....................................................................................................................................12
2.1 $sing Easyhotspot to edit the @etc@chilli.conf file...................................................................12
2.2 (anguage.................................................................................................................................14
1 )atches............................................................................................................................................14
1.1 ,issing limits in radgroupchec# and radgroupreply..............................................................14
1.2 )ostpaid 0nvoice )rinting fails due to null stop time..............................................................19
1.1 +nline $sers not listed in Easyhotspot >$0...........................................................................19
1.1.1 .emoving phantom online users 7stuc# radacct records8...............................................19
1.2 hilli Disconnect via Easyhotspot >$0..................................................................................1:
1.4 Easyhotspot incorrect editing of @etc@chilli.conf.....................................................................19
1.6 Aouchers displaying Euro symbol as B mar#..........................................................................19
1.9 Easyhotspot postpaid decimal handling..................................................................................19
1.9.1 Decimals ! 5ile hanges +vervie-................................................................................20
1.: ompany Ta= ode < onfiguration option...........................................................................21
1.9 Typo in (anguage )arameters ! durationCammount...............................................................21
1.10 Typo in onfig )arameters ! D0((0")+TC+50>C50(E.................................................21
1.11 Easyhotspot not setting Acct!0nterim!0nterval......................................................................21
1.12 '0")r band-idths do not use bits per second values..........................................................22
1.11 .adius reply message EFour ma=imum never usage time has been reachedG is confusing. 21
2 +ther $seful "oft-are....................................................................................................................21
2.1 ,onitoring 0") Hand-idth A)s...........................................................................................21
2.1.1 0nstalling vnstat for 0") A) monitoring.......................................................................21
2.1.2 0nstalling vn"tat )D) frontend........................................................................................22
2.1.1 0nterpreting vn"tat results...............................................................................................22
2.1.2 Additional monitoring -ith band-idthd.........................................................................24
2.2 5ire-alling..............................................................................................................................24
4 ?otes on using Easyhotspot............................................................................................................24
4.1 Altering postpaid settings........................................................................................................24
4.2 Hilling )lans............................................................................................................................24
6 T+D+.............................................................................................................................................26
6.1 Avoiding persistent ,y"3( onnections...............................................................................26
6.2 Account Edit and Add interface feedbac# /uir#s....................................................................26
6.1 .adacct records persist forever...............................................................................................26
6.2 Ta=ation handling....................................................................................................................26
1 Install Order
1. )hysical net-or# interface card7s8
2. 0nstall the +perating "ystem. +bviously prefer >?$@(inu= distribution
1. Apache2 7-ith ""( or not8
2. ,ys/l 7if not already -or#ing8
4. 5ree.adius and default .adius database 7-ithout Easyhotspot additions8
6. hillispot
9. 0nitial lient Testing
:. Easyhotspot database
9. Easyhotspot patches
10. Easyhotspot configuration and acceptance testing.
1.1 Software List
The follo-ing is the reference soft-are that 0 used. The main issue -ould be -ith 5ree.adius.
There is a dramatic difference bet-een version 1.I and 2.I in the -ay that 5ree.adius organises
configuation files. Fou need hilli"pot 1.0 to get the hilli"pot!,a=!TotalC+ctets chec#s.
/usr/sbin/freeradius -v FreeRADIUS v2.1.0
/usr/sbin/chilli version Chilliso! 1.0
/usr/sbin/aache2 -v Aache/2.2.11 "Ubun!u#
/usr/sbin/$%s&ld version 'er (.0.)(-0ubun!u10.2
h version *+* (.2.,--ubun!u..2 /i!h Suhosin-*a!ch 0.0.,.2
"cli# and 1end 2n3ine v2.2.0.
2as%ho!so! 0.2 revie/
4% reference 5S de!ails Ubun!u Server 0.0. runnin3 6ernel 2.,.27-1(-
server
1.2 Physical network interface cards
Fou need a machine -ith a minimum of t-o ethernet cards. >iven ho- cheap ethernet cards are and
ho- -ell (inu= supports these chipsets then this shouldn;t be a problem.
At the end of installing the hilli"pot then you -ill also end up -ith a virtual and a tunnel* here is
an e=ample of a typical machine -ith the relevant ?et-or# )orts*
0) Address ?ame omments
192.16:.1:2.1 tun0 reated automatically by hilli"pot
$sually eth0 To 0nternet router
0) Address ?ame omments
Dynamic
unnumbered e.g. eth1 0nstalled and set according to your machine and as set in the
@etc@chilli.conf in the dhcpif parameter. an be A?F physically
installed ethernet port.
0n my test machine 0 have 1 ethernet cards* eth0 for the E+fficeG or administration* eth1 for 0nternet
and eth2 for '050 but this isn;t essential. .emember that you can;t run another DD) server on the
machine. 0 am running $buntu 9.02 server edition on a ompa/ Evo -ith a )2 1.6 >hJ bought on
Ebay 72
nd
hand8 -ith a 10 >ig hard dis# found in the rubbish and 412 ,egabytes of memory and
200 ,eg of s-ap. 'ith this machine the typical memory use is 44K and )$ is lo- so probably
could do -ith more memory if you plan to run a >?+,E des#top on the server.
1.3 Apache2
'e -ill not cover ho- to do this and there should be nothing special you need to do to ma#e it
-or# other than that you may not have ""( -or#ing due to no installed certificate.
"o you can either generate a self!signed certificate and enable ""( or Lust patch the hotspotlogin.cgi
to avoid mandating the need for ""( as described belo-.
1.3.1 Chilli - Avoiding use of Self-signed certificates
Fou need to do this after you have installed the hill"pot soft-are. 0f you -ant to avoid using a
self!signed certificates 7-hich can cause many bro-sers to pop!up a confusing messages8 and you
thin# it unli#ely that anyone can snoop the (A? traffic bet-een the '050 router and the
Easyhotspot machine then you need to do t-o steps*
a8 edit the /etc/chilli.conf and alter the uamhomepage and the uamserver parameters to not refer
to https:@@ style locations.
b8 edit the /cgi-bin/hotspotlogin.cgi file -hich chec#s for if a ""( connection is used to
communicate -ith it and around line 42 comment out that chec# so that it no- says something li#e*
8if "9":2;'"+<<*S# => e!c e!c e!c
and add a line in the same place that is al-ays false e.g.
if "1==0# ?
-hich loo#s stupid in that it -ill al-ays be false but it means you can easily fi= it if you brea# it by
commenting out your line and uncommented the original line.
1.4 MySQL
This must be installed as normal. Fou should #no- the root administrator pass-ord or a username
-ith enough privileges to add ne- databases and users.
WARNING: P!A"! "!# A $%"& R''# PA""W'R(. A ne- ,ys/l install -ill have a
blan# root pass-ord 7this is root for ,y"3( not root for your >?$@(inu=8
+pen a console and do*
$%s&lad$in -u roo! ass/ord @ne/ ass/ord@
e.g.
$%s&lad$in -u roo! ass/ord @A%BB%@
The Easyhotspot database is actually the same as the .adius server database so adding this database
-ill be addressed at a later stage after the .adius is installed. The Easyhotspot needs a database user
that is able to update the .adius database as Easyhotspot inserts user and pass-ord records into this
database. The Easyhotspot database tables are actually a bit of a mess in their naming and should
have used table prefi=es to allo- you to easily pic# out the default radius and the Easyhotspot e=tra
tables. )erhaps in a future release -e can split these apart.
1.5 Freeadi!s
This is installed as normal but you need to customise it to specify*
1. a client 7-hich is actually the hilli"pot soft-are8
2. to use "3(
1. -hich database
2. "3( counters
1.5.1 Initial Radius Database setu
The first thing to do is setup the database used by 5ree.adius. ?ever use the Easyhotspot.s/l file
that maybe provided to do this as it is a table dump and it -ill not be fully compatible to the precise
.adius soft-are you are using.
"tep 18 reate a .adius database. $sually called EradiusG but could be called anything e.g.
easyhotspot.
0n a console do*
$%s&lad$in -u roo! -ass/ord crea!e radius
if you -anted to create a database called radius. )ut in the correct pass-ord -here it says
pass-ord e.g.*
$%s&lad$in -u roo! -A%BB% crea!e radius
"tep 28 Fou can no- s#ip to the ne=t section and use the scheme that 0 have created that has the
.adius tables or you can no- populate the .adius database -ith the default 5reeradius provided
schema*
$%s&l -uroo! -ass/ord da!abase Csche$afile
replace pass-ord -ith the right pass-ord and the database -ith the database name e.g.*
cd /e!c/freeradius/s&l/$%s&l/
$%s&l -uroo! -A%BB% radius Csche$a.s&l
Fou should not need to add the nas.s/l or ippool.s/l as these are not used. Fou -ill no- have the
follo-ing tables*
radacc!D
radchec6
rad3rouchec6
rad3roudrel%D
rados!au!hD
radrel%D
raduser3rou
These are all ,y0"A, -hereas Easyhotspot is mainly uses 0nnoDH as it runs transactions. +nce
that is done then you can no- add the contents of the Easyhotspot that are only related to
Easyhotspot and the vie-s that it needs.
1.5.! "as#hotsot Database additions
Easyhotspot doesn;t have its o-n database but uses tables in -hatever .adius database you have
added plus has a fe- of its o-n tables and more importantly it has 1 vie-s that it sets up.
To this end 0 have created a reference s/l schema -hich you can use. The schema names 0 have
created are in 1 files 7using MradiusM as a database name8*
ehsE/i!hradE0.2-.s&l
contains all of the tables including the .adius tables and vie-s
and test data 7admin@admin1218. $se this if you didn;t -ant to
do .adius "etup "tep 28 above.
ehsEnoradE 0.2-.s&l
contains only the Easyhotspot tables and vie-s and test voucher
data and admins 7admin@admin1218. $se this if you have an
e=isting -or#ing .adius database or you did do .adius "etup
"tep 28 above.
ehsEnoradda!aE 0.2-.s&l
contains only the Easyhotspot tables and vie-s and admin
accounts data 7admin@admin1218. $se this if you have an
e=isting -or#ing .adius database or you did do .adius "etup
"tep 28 above but do not -ant the trial data due the
ehsCnoradC0.2p1.s/l failing to -or#. Fou -ill be able to logon
but -ill have no test data. Add this manually.
)ic# the file you -ant above update your database -ith the ne- file e.g.*
$%s&l -uroo! -A%BB% radius C ehsEnoradE 0.2-.s&l
+bviously =yJJy is my root pass-ord and the MradiusM is my suggested database but that could be
anything. Delete any residual "3( files from your -or#ing area as they may contain pass-ords. >et
copies of these schema from the developer -eb site.
1.5.3 Radius Database users
There are t-o users*
5ree.adius needs to -rite to the radacct and radpostauth tables
Easyhotspot needs to -rite to its o-n tables plus radchec#* radgroupchec#* radreply*
radgroupreply
0t is up to you if you -ant to have one all po-erful user or t-o ,ys/l user accounts.
5ree.adius server* login* pass-ord* radiusCdb @etc@freeradius@s/l.conf
Easyhotspot database* username and pass-ord system@application@config@database.php
+bviously the 5ree.adius radiusCdb must be the same as Easyhotspot database setting.
reate a file -ith the follo-ing mys/l commands substituting the radiusNlocalhost and
easyhotspotNlocalhost and the database name to suite your site*
CR2A<2 US2R @radius@F@localhos!@G
S2< *ASSH5RD F5R @radius@F@localhos!@ = *ASSH5RD"@a ass/ord@#G
CR2A<2 US2R @eas%ho!so!@F@localhos!@G
S2< *ASSH5RD F5R @@eas%ho!so!@F@localhos!@ = *ASSH5RD"@ano!her ass/ord@#G
IRA;< S2J2C< 5; radius.K !o @radius@F@localhos!@G
IRA;< S2J2C< 5; radius.K !o @eas%ho!so!@F@localhos!@G
IRA;< AJJ 5; radius.radacc! !o @radius@F@localhos!@G
IRA;< AJJ 5; radius.rados!au!h !o @radius@F@localhos!@G
IRA;< AJJ 5; radius.K !o @eas%ho!so!@F@localhos!@G
.un this -ith mys/l on the mys/l database 7-here users are stored8 e.g.*
$%s&l -uroo! -A%BB% $%s&l Caccoun!s.s&l
-here obviously =yJJy is my root pass-ord and the mys/l is the specially named mys/l database
that mys/l #eeps all its userdata.
1.5.$ %reeradius Dictionar# issues &ChilliSot attributes'
The default dictionary for 5ree.adius doesn;t #no- about hilli"pot attributes that came out in
version 1.0 of hillispot*
)hilli"pot-$a*-Input-'ctets ,a=imum number of octets the user is allo-ed to
transmit. After this limit has been reached the user -ill be disconnected.
)hilli"pot-$a*-'utput-'ctets ,a=imum number of octets the user is allo-ed to
receive. After this limit has been reached the user -ill be disconnected.
)hilli"pot-$a*-#otal-'ctets ,a=imum number of octets the user is allo-ed to transfer
7sum of octets transmitted and received8. After this limit has been reached the user -ill
be disconnected.
The fi= is easy. Edit /etc/freeradius/dictionar+ and add in a line*
:I;CJUD2 /usr/share/freeradius/dic!ionar%.chilliso!
0n Easyhotspot -e only use )hilli"pot-$a*-#otal-'ctets but note that you -ill also still need the
various radreply* radgroupchec# and radgroupreply patch in the Easyhotspot to get this into the
radgroupchec# and radgroupreply tables to advise 5ree.adius about the details of specific billing
plans.
1.5.5 Defining ChilliSot as a %reeRadius Client
This is a ,A?DAT+.F step. 0t tells 5ree.adius that hilli"pot is a valid user of 5ree.adius. 0f
you do not do this then hilli"pot cannot use 5ree.adius to authenticate.
Edit @etc@freeradius@clients.conf and in the client localhost O section ma#e sure you have*
iaddr = 12).0.0.1
secre! = Csa$e as radiussecre! in /e!c/chilli.confL
nas!%e = o!her
1.5.( Telling %reeRadius to use S)*
'e obviously need to use "3(. To do this. Edit /etc/freeradius/radiusd.conf and pretty much
ignore everything e=cept around about line 620 in the modules section uncomment or ma#e sure
that you have*
:I;CJUD2 s&l.conf
and then further do-n ma#e sure you have*
:I;CJUD2 s&l/$%s&l/coun!er.conf
Then further around line 910 in the instantiate section ma#e sure you have*
chilliso!E$aAEb%!es
norese!coun!er
-hich are our counters -hich -e define in the ne=t section.
Then in /etc/freeradius/sites-enabled/default in the authorise section after it has the M(oo# in an
"3( database...M it has an Ms/lM entry that may be commented out so uncomment it and add the ne-
counters so that it is no-*
s&l
chilliso!E$aAEb%!es
norese!coun!er
and then later in /etc/freeradius/sites-enabled/default in the accounting section uncomment the
s/l about line 121*
s&l
and then later in /etc/freeradius/sites-enabled/default in the session section uncomment the s/l
about line 190*
s&l
and then finally in /etc/freeradius/sites-enabled/default in the post-auth section uncomment the
s/l about line 190*
s&l
That should be it. ?o- update the counter.conf in the ne=t section.
1.5.+ %reeRadius S)* counter.conf settings needed
To match the radchec# and radgroupchec#s -e use then you also need to add t-o matching
counter.conf chec#s as follo-s. Edit the @etc@freeradius@s/l@mys/l@counter.conf file and in that at the
end 7unless the counter is already defined in that8* add the follo-ing*
s&lcoun!er norese!coun!er ?
coun!er-na$e = Session-<i$eou!
chec6-na$e = Session-<i$eou!
rel%-na$e = Session-<i$eou!
s&l$od-ins! = s&l
6e% = User-;a$e
rese! = never
&uer% = MS2J2C< SU4"Acc!session!i$e# FR54 radacc! H+2R2 User;a$e=@N?N6O@M
O
s&lcoun!er chilliso!E$aAEb%!es ?
coun!er-na$e = ChilliSo!-4aA-<o!al-5c!e!s
chec6-na$e = ChilliSo!-4aA-<o!al-5c!e!s
rel%-na$e = ChilliSo!-4aA-<o!al-5c!e!s
s&l$od-ins! = s&l
6e% = User-;a$e
rese! = never
&uer% = MS2J2C< SU4"Acc!Inu!5c!e!s# P SU4"Acc!5u!u!5c!e!s# FR54 radacc! H+2R2
User;a$e=@N?N6O@M
O
,a#e sure that you have set radiusd.conf MinstantiateM section the @etc@freeradius@sites!
enabled@default in the authorise section also has this set right as per the previous section to enable
5ree.adius and "3(.
The logic is that initially authorisation is done by "3( then chillispotCma=Cbytes then
noresetcounter in turn. Fou can this add e=tra counter chec#s. .emember that is the user does logon
then this chec# is ?EAE. done again. 0f you -ant a chec# done on a logged in user then it has to be
done at the hilli"pot -hich is told -hat to do in MreplyM attributes ?+T the chec# attributes.
1.5., %reeRadius doesn-t start . using Debug /ode
This is pretty /uiet -hen it fails in a module. 0f you open a bro-ser and do not redirect to the
-elcome page then the issue is probably part of the 5ree.adius configuration. To run 5ree.adius in
debug mode* from root use*
/e!c/ini!.d/freeradius s!o
/usr/sbin/freeradius -Q
and then chec# the errors or try your logon or -hatever you -ere doing.
1." #hillSpot $ #onfi%!ration
This all -or#s via a single configuration file*
/e!c/chilli.conf
of -hich you do not need to alter much. The follo-ing parameters are the typical ones you change*
radiusserver1 129.0.0.1 $sually unless you have a lot
more complicated setup than one
machine
radiuserver2 129.0.0.1 $sually unless you have a lot
more complicated setup than one
machine
radiussecret Four radius secret This is the same as secret in the
@etc@freeradius@clients.conf in the
Mclient localhost OPM section.
dhcpif ethI The physical port you -ant to use
that connects to the '050 router
uamserver http:@@192.16:.1:2.1@cgi!bin@hotspotlogin.cgi $sually this.
uamhomepage http:@@192.16:.1:2.1@-elcome.html $sually this.
uamsecret "ame secret that is in the hotspotlogin.cgi "ee the hotspotlogin.cgi changes
uamallo-ed 192.16:.1:2.0@22* 192.16:. "et this to the local tunnel
allocation and the D?" server
range that the DD) result has in
it.
coaport 1999 $D) port 7see .5 14968 needed
to disconnect users.
1.(.1 Chilli - %i0es to allo1 disconnections fro/ "as#hotsot 23I
Hy default the chillspot -on;t disconnect users unless you do a fe- little t-ea#s. Edit
@etc@init.d@chillispot and loo# for the DAE,+?CA.>" and ma#e sure it is set to*
DA245;EARIS=M--coaor! -)00 --conf /e!c/chilli.confM
Edit @etc@chilli.conf and add the follo-ing line at the end of file*
coaor! -)00
.estart hillispot -ith /etc/init.d/chillispot restart and then do a sudo netstat -anp , grep chilli
to ma#e sure that the t-o e=pected port are -or#ing i.e. The ne- 1999 and the original 1990. Fou
-ill also need to add the hilli disconnect patch to the Easyhotspot code to correctly call this port
from the -eb >$0. This patch is detailed later in this document.
1.& Preli'inary #lient (estin%
Hefore you start testing and installing Easyhotspot then you should have the follo-ing netstat
results. 0f you do a sudo netstat -anp 7as root to get the process names8 then you -ill see many
ports in use but you must see these at least*
tcp 0.0.0.0::0 apache2
tcp 0.0.0.0:221 Apache2 7assuming ""( enabled8
tcp 0.0.0.0:1106 mys/l
tcp 192.16:.1:2.1:1990 chilli
udp 0.0.0.0:69 dnsmas/
udp 0.0.0.0:1:12 freeradius
udp 0.0.0.0:1:11 freeradius
udp 0.0.0.0:1:12 freeradius
udp 0.0.0.0:1999 hilli 7see note belo-8
?ote on the 1999 port < you must edit the /etc/init.d/chillispot script to get this to -or#. "ee later
details.
The basic flo- for a client is*
a8 lient ) is setup for DD) and either connects via '050 or is plugged into the appropriate port
on the Easyhotspot machine
b8 The lient ) does a DD) re/uest 7or then DD( Discover8 from 0.0.0.0 to 244.244.244.244
on $D) port 69 as normal
c8 This is pic#ed up by the dnsmas- process that is part of hilli"pot but if chillispot has not
started then you -ill never see a DD) reply if you loo# on the '050 ethernet port.
"o if you use 'ireshar# and loo# on the '050 ethernet port and see DD) re/uests coming into the
machine and your fire-all is not sho-ing any dropped 7using dmesg8 and you never see a DD)
reply then chec# that both the dnsmas/ is listening and that the chillispot process is running and
listening on port 1990 on the e=pected 0) of 192.16:.1:2.1
netstat !anp Q grep 1990 should have
tcp 0 192.16:.1:2.1:1990 0.0.0.0:R (0"TE? SpidT@chilli
or something li#e that.
0f all -or#s then the flo- is*
5rom lient 5rom hill "erver
DD) Discover !T DD) +ffer
DD) .e/uest !T DD) Ac#
or for an e=isting returning client -here it already #no-s an 0) address*
5rom lient 5rom hill "erver
DD) .e/uest !T DD) Ac#
'hen the hilli fails to run then you probably have something -rong -ith your @etc@chilli.conf file
configuration e.g. you have ambitiously uncommented too much U. ?ote that the .adius need not be
correctly -or#ing to get the DD) -or#ing. .adius handles the logons not the DD) and initial
redirection -eb page.
'hat happens ne=t B
Assuming that the lient ) has an 0) address successful then -hen you open a bro-ser on the
client and try to connect to a -eb page then the hilli -ill reply bac# -ith a redirect message of
DTT)@1.0 102 ,oved Temporarily and provide a location -hich is the uamhomepage setting from
the @etc@chilli.conf file e.g. http:@@192.16:.1:2.1@-elcome.html or actually -hatever you provided.
Fou can ma#e that -eb page as fancy as you li#e but you must provide at least one lin# to *
http:@@192.16:.1:2.1:1990@prelogin
else your clients -ill never #no- ho- to logon U Do not use https:@@ in your lin# to the port 1990 as
the hilli"pot doesn;t understand ""( on port 1990 and that -ill fail -ith an error message li#e the
connection -as interrupted.
0f chilli is -or#ing on port 1990 then it -ill redirect you again to the uamserver location 7from the
chilli.conf file e.g. https:@@192.16:.1:2.1@cgi!bin@hotspotlogin.cgi8 but it -ill provide lots of e=tra
bits in that uamserver $.(. 0f you try to connect to the uamserver directly -ithout all the e=tra bits
in the $.( that the hilli"pot has added then it -ill complain -ith M(ogin must be performed
through hilli"pot daemonM
+ur basic testing is pretty much finished no- and nothing more can be done unless you have
installed the Easyhotspot soft-are. Hefore you do that though you must chec# as much as possible
of the shared secrets bet-een all the parts. Fou must verify that these are correct manually*
)hilli.conf $."# /! "A$! A"
radiussecret secret in the @etc@freeradius@clients.conf in the Mclient localhost OPM section
uamsecret uamsecret in @cgi!bin@hotspotlogin.cgi
A manual -ay of testing if the radius is -or#ing is to use a shell and enter in*
radtest a a 129.0.0.1 1 myradiussecret
and if the myradiussecret is -rong then it -ill fail telling you that 7shared secret is incorrect8. The
MaM andMaM may not e=ist. 0f you had already installed Easyhotspot then there is a default username
of MaM and a pass-ord of MaM. 0f not then proceed -ith the Easyhotspot sections belo-.
Even if you have the uamsecret or the radiussecret -rong then you -ill get as far as the hilli"pot
logon screen and -ill be able to enter your username@pass-ord but then after a fe- seconds chilli
tries your username@pass-ord but it fails but it -on;t advise you -hich is -rong.
0f you are at the logon page then you are nearly finished and you can proceed to installing or testing
the Easyhotspot soft-are. This is /uite separate from the .adius and hilli"pot in that the
Easyhotspot is only ever run to alter the accounts in the .adius database. 0f you have not got the
DD) and are at the hilli"pot logon page then don;t bother starting to install the Easyhotspot. >et
those first t-o bits fi=ed first.
1.) *asyhotspot Set!p
?o- that you have a -or#ing Apache* ,y"3(* .adius* and hilli"pot you can safely add the
Easyhotspot soft-are. This setup needs doing in this order*
1. )atch the release of Easyhotspot if you -ish*
2. opy or 0nstall to correct location on 'eb "erver*
1. Edit configuration files to suit your personal site*
2. Testing
1.,.1 "as#hotsot 4atches
0nitial testing -as -ith version 0.2 and though the soft-are loo#s great a number of issues arose out
of that*
Easyhotspot database unable to be created properly for ne-er .adius servers*
hec#ing for ?$((s in data*
"ome minor language string errors 7in English8*
,issing company business registration 7legally mandatory in some countries8*
Hugs in setting ma=imum session and byte counts*
5ormatting of numbers 7ma=imum decimal places and separators8*
+ther minor bugs and enhancements
A list of these patches can be obtained from the developer and you do not really need them to get
started but the more important ones are listed later in this document. 'hy does there appear to be so
many little patches B. Easy < 0;ve have spent 10 years testing soft-are and 0 can pretty much brea#
anything and 0 love testing +pen "ource soft-are. 0f you use 0.2 V the patches or -ait for 0.1 of
Easyhotspot then you can be pretty confident that Easyhotspot is very robust.
1.,.! Obtaining and Co#ing "as#hotsot
The Easyhotspot version 0.2 previe- or above is available from the developers -eb site at this lin#
http:@@rafee/ul.com@easyhotspot!0.2!previe-.Jip 7the "ourceforge has the old version8.
0t is a W0) file so you -ill need the unJip if you are unJipping on a (inu= machine 7gunJip -on;t
do8. There is a Jip and unJip program available e.g.
a!-3e! ins!all Bi
a!-3e! ins!all unBi
0n the 0.2 version W0) file you -ill find t-o directory trees* a C,A+"I and the desired
easyhotspot!lastest 7note the possible spelling mista#e8.
"o do-nload the W0) file and then do*
unBi eas%ho!so!-0.2-revie/.Bi
c -r eas%ho!so!-las!es! /var/////eas%ho!so!
or -hatever path you -ant to use. 0t is fine to unJip it straight into your default 'eb directory at this
time e.g.@var@--- though in the future if Easyhotspot becomes a distro pac#aged it may reside in
@usr@share@ and then you -ould put in a softlin# from your -eb documents location or use a
Apache2 virtual directory. The laJy -ay is a copy as above. The developer has -rapped the scripts
so that they can;t be directly accessed so you do not need to protect the directory -ith a .htaccess
file < though you might any-ay on a public site or any-here that people have too much time on
their hands.
1.,.3 5andator# Configuration Settings
Fou must set the follo-ing Easyhotspot configuration settings to get you going -ith the minimum
effort*
0n /eas+hotspot/s+stem/application/config/config.php and set the baseCurl to something
meaningful. This is -here the Easyhotspot administration interface redirects you to no matter ho-
you access it so it can be the same $.( as -hat you use to access your -eb server -ith the e.g.
http:@@192.16:.4.1@easyhotspot
0n /eas+hotspot/s+stem/application/config/database.php and set the username* pass-ord and
database to the correct values -hich you have already defined previously.
0f this is done and the ,y"3( is -or#ing then you can connect to your -eb server and path and
you -ill get the Easyhotspot logon page.
0f you have the default administration settings then use the username of admin and a pass-ord of
admin121 to get you going. hange this once you have logged on.
1.,.$ Other Configuration Settings
+bviously you ideally need to change some other parameters but these are not needed to get you
started. These are*
0n /eas+hotspot/s+stem/application/config/eas+hotspot.php set the companyCname*
companyCaddress* companyCaddress2* companyCaddress1* companyCphone* currencyCsymbol as a
minimum.
0f you have added the ompany Ta= ode patch then enter in the compan+0ta*0code details as
your legal adviser specifies e.g. your AAT * 0AA* >"T or other ta= code that you are legally obliged
to add to all invoices.
0f you have added the Access 0nstructions patch then add the access0instructions -ith the suitable
te=t.
0f you have added the number format patch then add the decimal0places* decimal0separator *
thousands0separator* and admin0price0input settings.
! Other 6otes
2.1 +sin% *asyhotspot to edit the ,etc,chilli.conf file
Though 0 provide a patch to help fi= -hat it does* ideally don;t use Easyhotspot but edit the
@etc.chilli.conf file manually.
2.2 Lan%!a%e
The language strings are located under...
system@application@language@SlanguageT@easyhotspotClang.php
e.g. system@application@language@english@easyhotspotClang.php
The language is set in* s+stem/application/config/config.php as the 1config23language34 setting. 0f
you -ant create a ne- translation then copy the e=isting English 7ideally8 easyhotspotClang.php to
your language director .g.*
system@application@language@latin@easyhotspotClang.php
and set the system@application@config@config.php as the XconfigY;language;Z [ ;latin;\
?ote that not everything is translated and in some cases English is used in the interface but it is
nearly all done by the developer.
3 4atches
+nly coding patches that cause problems are listed here. The companyCta=Ccode changes 0 am
suggesting affects too many files to easily list so please contact the developer for a updated archive.
Easyhotspot -ill still -or# -ithout the companyCta=Ccode H$T it -on;t -or# e=actly right -ithout
the follo-ing patches 0 list belo-.
3.1 Missin% li'its in rad%ro!pcheck and rad%ro!preply
The Easyhotspot 0.2 code doesn;t add the hilli"pot!,a=!Total!+ctets nor "ession!Timeout into
the radgroupchec# or radgroupreply table. Therefore though you can create an s/lcounter setting
-ith this* it is never verified and neither does hilli"pot logout an e=isting logged in user.
The current settings are*
Hilling )lan Type Table Attribute +p Aalue
<i$e rad3rouchec6 4aA-All-Session R= Sour li$i! in seconds
<i$e rad3rouchec6 Si$ul!aneous-Use R= Al/a%s 1
*ac6e! rad3rouchec6 4aA-All-4T R= Sour li$i! in b%!es
*ac6e! rad3rouchec6 Si$ul!aneous-Use R= Al/a%s 1
The additional settings needed are*
Hilling )lan
Type
Table Attribute +p Aalue
*ac6e! rad3rouchec6 ChilliSo!-4aA-
<o!al-5c!e!s
R= Sour li$i! in b%!es "used
b% FreeRadius s&lcoun!er
*ac6e! rad3rourel% ChilliSo!-4aA-
<o!al-5c!e!s
R= Sour li$i! in b%!es "for
!he ChilliSo!#
<i$e rad3rouchec6 Session-<i$eou! R= Sour session !i$e li$i!
in seconds "used b%
FreeRadius s&lcoun!er
Hilling )lan
Type
Table Attribute +p Aalue
<i$e rad3rourel% Session-<i$eou! R= Sour session !i$e li$i!
in seconds "used b%
Chilliso!
A?D you must also remove the ,a=!All!,H setting as it is not supported in the radgroupchec#
table as -e have configured it. 0f the system is all setup right then -ith ,a=!All!,H set you cannot
logon because the rlmCs/l 7in .adius8 reLects the ,a=!All!,H -ith an 0nvalid octet string message.
Do- does this -or# B.
1. Easyhotspot inserts the configuration data into the database. 0t does this independant of
5ree.adius or hilli"pot i.e. Fou Lust need ,y"3(.
2. 'hen you are on a -or#ing system then the database is read by 5ree.adius -henever there
is a logon attempt. 5ree.adius loo#s into the radchec# 7 or radgroupchec#8 initially based on
the s/lcounters 7as defined in @s/l@mys/l@counter.conf8 and chec#s if any of those counters
fail.
1. 0f they do then the user doesn;t get to logon at all. 0f they are all fine then it retrieves the
results of the radreply or radgroupreply and sends those bac# to the hilli"pot.
2. 5ree.adius is no- ?EAE. used again for authentication chec#s of any #ind but it -ill
process Accounting messages and update radacct -ith the session details but it never does
anything -ith that. 'e have used Acct!0nterim!0nterval 7see patch later8 to ma#e sure that
5ree.adius radacct is updated fairly regularly by hilli"pot.
4. hilli"pot understands many radreply or radgroupreply attributes but the most important
ones that matter are*
hilli"pot!,a=!Total!+ctets 7and the in and out octets8
Acct!0nterim!0nterval
'0")r!Hand-idth!,a=!$p and '0")r!Hand-idth!,a=!Do-n
"ession!Timeout
0dle!Timeout
7and -e also plan to add '0")r!"ession!Terminate!Time 8
"o once a user logs on then if 5ree.adius passes then based on chec#s then they are logged on by
hilli"pot and .adius is ?EAE. used again for logoff. This is -hy you need to insert the
follo-ing*
ChilliSo!-4aA-<o!al-5c!e!s
Session-<i$eou!
into both the radgroupchec# and radgroupreply else if you only have it in radgroupchec# then the
hilli"pot never stops an e=isting logged on user. All this is changed in*
s%s!e$/alica!ion/$odels/billin3lan$odel.h
The edits are too long to detail here. "ee the developer for ne- version of the file though you
should probably understand the fi= that is done. Hasically for the entries of ,a=!All!,H then
change this to hilli"pot!,a=!Total!+ctets and insert it into both radgroupchec# and radgroupreply
and for the "ession!Timeout then remove ,a=!All!"ession and use "ession!Timeout and insert it
into both radgroupchec# and radgroupreply. This is only for voucher customers and is not needed
to be done for postpaid customers so -e only update the radgroupchec# and radgroupreply not the
radchec# or radreply 7that the postpaid customers use though a similar logic applies to that too if -e
add limits to them8.
)lease also set the counter.conf correctly in the 0nstall "ection of the 5ree.adius at the start of this
document.
3.2 Postpaid -n.oice Printin% fails d!e to n!ll stop ti'e
Edit the system@application@models@invoicemodel.php and around line 6: Lust before the Xthis!Tdb!
Tinsert add a line*
if ":accEusa3eU@s!o@V == null# ? :accEusa3eU@s!o@V = :accEusa3eU@s!ar!@V G O
-hat this does is if an accounting record has been poorly created -ith a null stop time then the
invoice printing fails.
3.3 /nline +sers not listed in *asyhotspot 0+-
There are multiple problems -ith this in the "3( command. 'hat it is trying to do is rather
complicated but the best shortest ,y"3( command 0 have found that correctly pic#s up -hat it
-ants to do is *
selec! userna$eD 4AQ"acc!s!ar!!i$e# as s!ar!D 4AQ"acc!s!o!i$e# as s!oD
su$"acc!session!i$e# as !i$eD su$"acc!ou!u!oc!es!s P acc!inu!oc!es!s# as
ac6e! fro$ radacc! 3rou b% userna$e havin3 "s!ar! L s!o# or "s!o IS ;UJJ#
'hy this needs to be done is that a username can have multiple starts and stops and so you -ill not
Lust get one record per username -ith a ?$(( but you may get many records -ith ?$(( usually
due to your radius server being rebooted. 'e only -ant to display the start time of the most recent
record but not if it -as a record that -as disconnected thus the need for the ,AI7acctstarttime8 and
,AI7acctstoptime8 and the chec# to see if the start is greater than the stop. These values that the
select produces actually come from different records in the database.
Then the final MhavingM chec# is -hen you have a single entry in the radacct for a logged on user. 0n
that case there is only one radacct record and it has a start and a stop that is ?$((. Fou can;t
compare these so -e chec# if the stop is ?$((. 0t never is -hen you have multiple radacct records.
"o that pretty much traps all the -eird possibilities that the .adius server can put into the radacct
table.
'e actually ignore the acctstoptime in the )D) 'eb >$0 7though potentially a vie- could be
created that sho-ed the M(ast (ogged out timeM though the select needs it to filter the results -ith
the MhavingM command. The aggregate functions on the acctstoptime and pac#ets are self
e=planitory e=cept to note that the database records -ith an acctstoptime in them are al-ays Jeros.
18 Edit the system@application@models@onlineusermodel.php and loo# for the db!
T/uery7select...8 and loo# at the select and locate*
selec! userna$eD acc!s!ar!s!i$e ......
28 opy and paste in the ne- select command as above.
3.3.1 Re/oving hanto/ online users &stuc7 radacct records'
The Easyhotspot needs a cleanup administration feature that removes stuc# accounting records left
in the radacct table if there is no voucher for that. .ight no- the accounting records hang around
forever.
This can happen if you change attributes and reboot the server 7actually reboot 5ree.adius8 and do
other odd things. Fou can end up -ith radacct entries that never go a-ay as MonlineM users.
'ith a postpaid account then this is cleared up -hen they ne=t logon but -ith a voucher that has
e=pired 7time or pac#ets8 or you have deleted it then -hat you must do is very simple.
reate a postpaid account that has the same name 7any pass-ord that is easy8 as the orphan
entry and then logon from a -eb bro-ser and then disconnect that ne- session 7via logout
or manual discconnect8.
Then delete you temporary postpaid account.
The radacct is no- cleaned up.
3.4 #hilli 1isconnect .ia *asyhotspot 0+-
18 Add the follo-ing to the easyhotspot.php config file*
:confi3U@radiusco$$and@V = Wradclien! -& -d /e!c/freeradiusXG
:confi3U@radiussecre!@V = W%our radius secre!XG
:confi3U@radiusserver@V = W12).0.0.1R-)00XG
28 Edit system@application@controllers@onlineuser.php and ma#e the call in function disconnect78
freeradiusEdisconnec!user":!his-Luri-Lse3$en!"-#D :!his-Lconfi3-
Li!e$"@radiusco$$and@#D:!his-Lconfi3-Li!e$"@radiusserver@#D:!his-Lconfi3-
Li!e$"@radiussecre!@##G
?+TE to change the segment from 2 to 1 else it -ill never -or#.
18 Edit system@application@freeradiusChelper.php and ma#e the system call*
:resul! = s%s!e$"@echo MUser-;a$e=Y@@.:userna$e.@Y@M Z @. :radiusco$$and.@ @.
:radiusserver.@ disconnec! @ .:radiussecre!#G
0t is #ind of obvious -hat it is doing as it is sending the shell command. 0f you are having problems
-ith the user still logged on then try the command from a bash shell -ithout the E/G for /uiet
s-itch e.g.
echo MUser-;a$e=@%uc6!,,@M Z radclien! -d /e!c/freeradius 12).0.0.1R-)00
disconnec! $%radsecre!
7all on one line8.
And then also close this file -ith the php close*
[L
as the developer has not added that. 0 have got around e=tra content messing up )D) by passing the
E!/G to the radclient command so it is /uiet.
0f that doesn;t -or# -ith a short disconnect message then something is not right e.g. the hilli.conf
and chilli have not got the settings right to get the 1999 port -or#ing 7the coaport8.
?ote that the radclient ,$"T have the !d setting as it uses @etc@radiusd or something as a default
configuration path and -on;t find the freeradius location and it ,$"T have the !/ else the system
call sends data bac# to the 'eb bro-ser that messes -ith the >$0.
0f you -ant to debug the radchec# then you can remove the !/ in the XconfigY;radiuscommand;Z and
on a disconnect then you -ill see a disconnect message splatted onto your -eb bro-ser -ith result
of 21 7if the user -as actually connected8 or 22 7if the user session -as not actually -or#ing8 and
then you -ill see a )D) error message 7-hich you can ignore8.
0f you get nothing then your radchec# parameters are bro#en in some -ay. $se a shell and identify
if it is actually -or# as e=pected and that there is a server on the coaport.
3.5 *asyhotspot incorrect editin% of ,etc,chilli.conf
This patch comes in t-o parts and as it is /uite cumbersome to describe here unessential have sent
this to the developer. The files you change are*
system@application@libraries@EasyhotspotCchillispot.php
system@application@vie-s@admin@chilli@chilliCvie-.php
and basically add coaport and fi= the brea#s in the first file and in the second put in isset78 ternary
chec#s to display default data if it is not set.
3." 2o!chers displayin% *!ro sy'3ol as 4 'ark.
This patch is a partial fi= for the moment until -e can trac# do-n the correct setting for dompdf
font handling in that 0 have added a ne- config setting of currencyCsymbolCpdf and in
system@application@vie-s@voucher@voucherCprint.php 0 have used this instead of currencyCsymbol.
"et the currencyCsymbolCpdf to be the currency as plain A"00 te=t e.g. E$.+ rather than using a
html entity.
T+D+: orrectly use the right symbol by setting the font and also allo- via change to set the paper
siJe.
3.& *asyhotspot postpaid deci'al handlin%
This patch has numerous fi=es related to invoice calculations. Easyhotspot 0.2 doesn;t actually
display any decimals at all 7uses numberCformat -ith hard!coded 0 for decimals8. 'e;ll address
ta=ation in a later version of Easyhotspot so right no- assume all payments are ta= inclusive and
there are no pre!ta= displayed.
0f you need to display pre!ta= and ta=es paid or have compounding ta=es 7e.g. anada8 then contact
the developer or me for details and in the meantime you should Lust consider the EvoucherG to be a
stoc# item -ith a variable price 7e.g. li#e loose fruit8 and use your e=isting till to calculate the ta=
rates and proper invoice for this sale item rather than relying on Easyhotspot to be a legally
compliant billing system.
0n addition to the e=isting currency symbol configuration code there is no- these that are used -ith
the php numberCformat78 function. 0 have avoided using locale. )erhaps in the future*
deci$alElaces = Ca nu$berL e.3. 2
deci$alEseara!or = @D@ or @.@ /hich chan3es er coun!r% conven!ion
!housandsEseara!or = @D@D @ @ or .@.@
ad$inEriceEinu! = @conver!ed@G
These are used through out the code. 0n addition if the adminCpriceCinput is set to EconvertedG then
the prices that are entered by the admin for vouchers are preprocessed by stripping the
XC)+"TY;price;Z of any thousandsCseparator and then substituting the decimalCseparator -ith a
period 7.8 symbol used in floating point data. Thus a European pricing input e.g. 1*60 for 1 Euro and
60 cents ends up as 1.60
'here a country uses decimal places in the currency e.g.* dollar* Euro or "terling then you need at
least 2 decimal places of resolution -hen you display your final bill. Fou can calculate the bill to
any decimal place resolution that you li#e but it should be rounded to the nearest legal money value
-hen it is displayed to the customer according to the usual rules of rounding e.g. ban#ers rounding
or floor or for Australia and ?e- Wealand a method called "-edish .ounding.
At this time -e D+ ?+T .+$?D according to a legal convention but the mathematics of
truncating floating numbers 7-hich is round half up 0 thin#8. 0ts not perfect and a ne- patch is being
-or#ed on to correctly round and handle ta=es. 0t doesn;t affect your database* Lust the displayed
results.
+verall this numberCformat patch is too large to display here and doesn;t affect your Easyhotspot
testing. "ee the developer for more details.
3.+.1 Deci/als - %ile Changes Overvie1
5ile omment
system@application@vie-s@admin@billingplan@
billingplanCvie-.php
$se all 2 parameters for numberCformat.
system@application@vie-s@invoices@invoiceC
detail.php
$se all 2 parameters for numberCformat.
system@application@vie-s@invoices@invoiceC
print.php
$se currencyCsymbolCpdf and all 2 parameters for
numberCformat.
system@application@vie-s@invoices@invoiceC
vie-.php
$se all 2 parameters for numberCformat.
system@application@vie-s@postpaid@postpaid
Cbill.php
$se all 2 parameters for numberCformat.
system@application@vie-s@postpaid@postpaid
CprintCbill.php
$se all 2 parameters for numberCformat.
system@application@vie-s@postpaid@postpaid
Csearch.php
$se all 2 parameters for numberCformat.
system@application@vie-s@postpaid@postpaid
Cvie-.php
$se all 2 parameters for numberCformat.
system@application@vie-s@voucher@voucherC
print.php
$se currencyCsymbolCpdf and all 2 parameters for
numberCformat.
system@application@models@ 0f adminCpriceCinput is set to EconvertedG then parse
billingplanmodel.php XC)+"TY;price;Z -ith thousandsCseparator and
decimalCseparator.
3.) #o'pany (a5 #ode 6 #onfi%!ration option
0 have added a ne- configuration option of
;companyCta=Ccode; [ ;IIIIIIIII; e.g. the ta= registration number.
'hich is printed on every invoice. 0n many countries it is mandatory to display this and it is illegal
to issue any invoice or receipt -ithout such a number.
?ote that at this time -e do not calculate ta=es inside Easyhotspot 7and truthfully it -ould ma#e it
harder to administer8. )lease use your e=isting teller till to do this by creating an appropriate "%$
for the types of vouchers or payments.
+verall this patch is too large to display here and doesn;t affect your Easyhotspot testing. "ee the
developer for more details.
3.7 (ypo in Lan%!a%e Para'eters $ d!ration8a''o!nt
The durationCammount parameter is clearly spelt -rong and should be durationCamount. This is
used in*
easyhotspotClang.php files for all languages*
invoiceCdetail.php
invoiceCprint.php
postpaidCbill.php
postpaidCprintCbill.php
To change you need to set the language files first and then edit each of the other files in turn. 0t is
not service affecting so not a high priority to change.
3.19 (ypo in #onfi% Para'eters $ #:-LL-SP/(8#/F-08F-L*
The D0((0")+TC+50>C50(E parameter has that little typo in it should be
D0((0")+TC+?50>C50(E. This is only used in*
s%s!e$/alica!ion/libraries/2as%ho!so!Echilliso!.h
so edit the easyhotspot.php configuration file and that one above.
3.11 *asyhotspot not settin% Acct$-nteri'$-nter.al
There are t-o fi=es needed here\ by default Easyhotspot 0.2 uses a table called EusergroupG -hereas
by default most .adius installations in their @etc@freeradius@s/l.conf -ill have the usergroupCtable as
EradusergroupG.
0f you do this change then you should delete all prepaid and vouchers plans prior to doing this
change as the radacct table is never correctly updated 7or manually e=port@import8.
0deally -e should e=pose the table names to the configuration file but pending that then -here
EusergroupG appears in*
s%s!e$/alica!ion/$odels/billin3lan$odel.h abou! line 1(1 and 1()
s%s!e$/alica!ion/$odels/voucher$odel.h abou! line 2(
then change this to radusergroup.
The Acct!0nterim!0nterval is then set in either the radreply for postpaid users or radgroupreply for
vouchers.
The patch is /uite large but basically there are no- t-o ne- configuration parameters*
confi3U@os!aidEacc!Ein!eri$Ein!erval@V = @,00@G
confi3U@voucherEacc!Ein!eri$Ein!erval@V = @,0@G
"ee the developer for the patch.
3.12 ;-SPr 3andwidths do not !se 3its per second .al!es
There are a fe- fi=es needed. 0f you add a voucher or billingplan user then the '0")r band-idth up
and do-n values they get given are not in bps but in #ilobits per second and also the 62#bps value
is totally -rong at E620G. The value that the database must get given should be in bps.
The code tries to get this right e.g. billingplanmodel.php multiplies the )+"T value it gets given by
1000 to get a bps value but 0 thin# it is safer to #eep it as bps every-here because later the code
doesn;t divide the database values by 1000. "o it is a bit of a mess. 0f -e only ever po#e into the
database the ra- bps values that the '0")r needs then -e -on;t get messed up.
Thus 0 propose that -e only ever display and use bits per second every-here this band-idth limit is
set.
The values that have to be there have to be e.g. ;62000; [T ;62 #bps; not 62. Edit the*
system@application@vie-s@admin@billingplan@billingplanCvie-.php about line 40 and 42*
system@application@vie-s@postpaid@postpaidCedit.php about line 12 and 1:*
system@application@vie-s@admin@postplan@postplanCvie-.php about line 11 and 14.
and alter the string as you see fit. 0 am suggesting the follo-ing to the developer*
16000 16 %bps 12000 12 %bps 2:000 2: %bps 62000 62 %bps
96000 96 %bps 12:000 12: %bps 192000 192 %bps 246000 246 %bps
412000 412%bps 1022000 1 ,bps 202:000 2 ,bps
And so remove the R1000 from the band-idth calculations at*
system@application@models@postpaidmodel.php about line 99 and 106
system@application@models@billingplanmodel.php about line 99 and ::
There are still a fe- places -hereby the value is set but editing the voucher or pre!paid plan doesn;t
display the current value but this is a lo- priority to fi=.
"ee the developer for the patch.
3.13 adi!s reply 'essa%e <=o!r 'a5i'!' ne.er !sa%e ti'e has
3een reached> is conf!sin%
This comes bac# from .adius 7rlmCs/lcounter8 -hen you e=ceed the hilli"pot!,a=!Total!+ctets
70 guess if you have reply!name [ hilli"pot!,a=!Total!+ctets in the s/lcounter
7s/l@mys/l@counter.conf8 and then try and login -ith that account. 0 thin# you can change this
message in .adius but 0 couldn;t find out -here so 0 did it in hotspotlogin.cgi. Edit hotspotlogin.cgi
and around line 191 Lust after if 7Xresult [[ 28 O -here it prints the failure message then add in*
if ":rel% => /\Sour $aAi$u$ never usa3e !i$e has been reached:/ # ?
:rel% = WSour credi! has eAired.XG
O
or a similar -ording as you see fit. 0f anyone #no-s ho- to change this in 5ree.adius then please
email the developer or me.
$ Other 3seful Soft1are
4.1 Monitorin% -SP ?andwidth #APs
"ometimes your 0") may A) your band-idth to a contract limit. This certainly is true if you use
A"AT 7%u Hand or similar "atellite or similar8 0nternet access in remote locations.
'ith only one ) you can easily monitor your o-n personal band-idth use 7on single 'indo-s )
0 use ?etmeter ! http:@@---.metal!machine.de@readerror@ 8 and you can only blame yourself if you
e=ceed this A) but if you have customers using your '050 then you must closely monitor this to
ma#e sure that*
you are correctly pricing your access for your customers to remover your costs*
are not issuing too many tic#ets 7that is you are not e=cessively overboo#ing your
band-idth A)8*
or if you can better set your band-idth limits 7to use the band-idth8*
or if you really need to move to a different tariff -ith your 0").
To chec# this 0 use a program called vnstat and there is a separate -eb interface called vn"tat P5P
6rontend. 0 also thin# that Easyhotspot could reuse some of the vn"tat )D) 7or vn"tat "A>8 front
end code and add this as a feature in Easyhotspot but it is not urgent.
The version 0 am describing is vnstat 1.6!1 built for $buntu and is nicely pac#aged already plus the
vnstat )D) front end version 1.2.1 that is do-nloaded from ---.s/-ee#.com
$.1.1 Installing vnstat for IS4 CA4 /onitoring
0nstall vnstat as per normal 7apt!get or use your pac#age manager8.
+n the first da+ of use you need to do*
vns!a! -u -i e!hQ
-here ethI is your 0") facing ethernet port. That;s it. 0f you have other (A?s that you -ant to
-atch e.g. the '050 or a private +ffice (A? then do that for each e.g. on my test system 0 have
three (A?s*
vns!a! -u -i e!h0
vns!a! -u -i e!h1
vns!a! -u -i e!h2
-here eth0 is my +ffice* eth1 is the 0") and eth2 is the '050 facing.
$.1.! Installing vnStat 484 frontend
0n addition to the vnstat there is a nice front end. This simply calls the vnstat application and
displays the result in graphs. 0t uses >D to dra- the graphs.
To install this then do-nload it from the ---.s/-ee#.com -eb site and unpac# it to a suitable
location on your -eb server. e.g. /var/777/vnstat
Again you might -ant to protect this -ith a .htaccess to stop people observing your stats.
Edit the config.php that comes -ith it*
5ind the XifaceClist
and set that to a suitable list of ports you -ant to display in the order +ou 7ant them listed e.g.
:ifaceElis! = arra%"@e!h1@D@e!h0@D@e!h2@#G
Then locate further do-n -here the XifaceCtitles are and for each add a XifaceCtitle e.g.*
:ifaceE!i!leU@e!h0@V =@5ffice JA;@G
:ifaceE!i!leU@e!h1@V =@In!erne!@G
:ifaceE!i!leU@e!h2@V =@HIFI *h%sical JA;@G
$.1.3 Interreting vnStat results
Anstat installs a cron file 7@etc@crond@d@vnstat8 that causes it to run every 4 minutes.
Hy loo#ing at the various in and out traffic you can identify -hich part is generating the traffic. The
0") ethernet 0? is the sum of the +ffice and '050 ethernet +$T and the 0") ethernet +$T is the
sum of the +ffice and '050 ethernet 0?. Any e=cess in the 0") 0? and +$T -ill usually be the
(inu= machine itself do-nloading ne- pac#ages or remote 0nternet connections terminating on the
(inu= machine e.g. ""D connections.
Anstat -ill not allo- you to identify the type of traffic or 0)s < to do that you need to do pac#et
inspection and that is much more comple= and only needs to be done if you are getting problems.
As far as your 0") is concerned* your traffic is all the same and once you hit the A) then they
either start billing you more or cut your access. Anstat helps you avoid this problem not identify
-ho to blame.
0f you only issue enough vouchers that have pac#et volumes that add up to your band-idth A)
7e.g. you issue 100 vouchers per month each -ith 100 ,egabytes thus a 10 >igabyte total8 then you
should not have problems unless something has managed to use your '050 -ithout using a voucher
e.g. your personal +ffice (A? 7-hich vnstat can monitor8* someone -ho is accessing the
Easyhotspot machine remotely 7-ithout using .adius@hilli < -hich you could trace by adding
logging to iptables for connections terminating on the Easyhotspot machine8.
0f you really also need to -atch -hich 0) addresses are using traffic then a suitable program is
called band-idthd -hich 0;ll also describe.
$.1.$ Additional /onitoring 1ith band1idthd
This comes in t-o versions* a band-idthd that doesn;t use a database and a )ostgres/l based
version. 0;ll describe the normal version as fe- sites -ould have installed postgres/l.
0nstall the pac#age and then edit the /etc/band7idthd/band7idthd.conf file and set the subnet to
0.0.0.0@0 and the dev to EethIG -here the I is your 0") facing ethernet port e.g. eth1.
Add a soft lin# to your -eb location e.g.
cd /var////
ln -s /var/lib/band!hd/h!docs band/id!hd
ideally add a .htaccess to that directory to protect it from non!administrators from -atching it.
'hat this no- gives you is a more detailed list of the traffic usage on the 0") port. 0t is not too
details but may help you Lust that little e=tra -ithout resorting to using 'ireshar# or EtherApe or
some other more sophisticated monitoring tool.
,ost people should find that vnstat is fine for monitoring 0") Hand-idth A) on a regular basis.
4.2 Firewallin%
This is very complicated and 0 can;t tell you -hat to use e=cept that you do need to have something.
The iptables in (inu= is very good but it is /uite ra- so the -ay that 0 handle this is -ith a program
called f-builder.
,ore later on this in a separate document.
5 6otes on using "as#hotsot
To login point your bro-ser at the e=pected $.( e.g. on the server itself you can use
129.0.0.1@easyhotspot or use -hatever path you stored Easyhotspot.
Fou -ill be met -ith a logon page. Enter in the default username of admin and the pass-ord of
admin121
5.1 Alterin% postpaid settin%s
'hen you set this then it applies to all ?E' postpaid users that are defined. The fields in the price
per ,H or price per minute are ?+T locale adLusted. Enter them in as floating point.
5.2 ?illin% Plans
Fou cannot edit a billing plan. This is used for vouchers. To create a different plan then simply add
the ne- details and then generate vouchers -ith that plan.
That;s all for no-.
( TODO
".1 A.oidin% persistent MySQL #onnections
Easyhotspot uses persistent connections 7see its database.php config file8. 0f you brea# Easyhotspot
ST ,y"3( -ith too many connections then this can Lam ,y"3( from accepting connections from
.adius -hich pretty much ma#es your server useless. 'e need to turn this off.
".2 Acco!nt *dit and Add interface feed3ack @!irks
'hen you are editing cashier or admin@superadmin records then if you enter in data -rong then it
puts you bac# onto the same edit form page but fails to indicate -hich field has failed its chec#s and
it also thro-s you at the admin cashier vie- page.
0f you had actually entered in the data correctly then it -ould have closed the screen fine and
correctly updated the database.
"o you;ll Lust have to guess -hich field is bad. Fou must put in a valid email e.g. =Ny.J
not Lust =Ny
Fou can;t also easily delete the admin records. To delete admin records 7e.g. if you are cleaning up a
database8 then use a ,y"3( editor and remove the record in faCuser and faCuserCprofile -here the
id are the same.
".3 adacct records persist fore.er
The radacct records need t-o cleanups:
the logic used to see if a username is connected using the radacct record displays records that -ere
in place -hen the radisus process -as #illed as al-ays connected even though you have done a
disconnect. The fi= is to manually touch the acctstoptime 7using the acctstarttime8.
)lus once the billing has been done for postpaid accounts then the radacct entries for that need to be
removed.
".4 (a5ation handlin%.
?othing fancy here but ideally a brea#do-n of pre!ta= results. ,ore of this in a separate document.
E?D.