Differences

This shows you the differences between two versions of the page.

--- en:dpi:dpi_options:use_cases:wifi_hotspot_session_management:start [2024/08/07 16:13] – created elena.krasnobryzh
+++ en:dpi:dpi_options:use_cases:wifi_hotspot_session_management:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
@@ Line 1: / Line 1: @@
-{{indexmenu_n>6}}
-====== Configuring GUI, SSG, and WiFi HotSpot with Session Management Enabled ======
-===== Network Topology =====
-  - Connect the equipment according to the network topology.\\ {{ :dpi:dpi_options:use_cases:img1.jpg?nolink&700 |}}
-===== Authorization Sequence =====
-  - The subscriber connects to the WiFi network
-  - A welcome page appears informing the subscriber to open a browser and identify themselves
-  - The subscriber opens a browser, and upon navigating to any URL, they are redirected to the identification page
-  - The subscriber enters their phone number and requests an access code
-  - The access code is sent to the phone number via SMS
-  - The subscriber enters the received access code
-  - Session cookies are recorded on the subscriber's device for a specified period, and the subscriber is redirected to the requested URL
-===== Setting Up Virtual Machines (VM) =====
-  - Create two virtual machines with the following minimum specifications:
-    * VM ''dpiui_vm'' – 1 CPU, 2GB RAM, 50GB hard disk, Guest OS CentOS 7, NIC 1
-    * VM ''cp_wifi_vm'' – 1 CPU, 1GB RAM, 30GB hard disk, Guest OS CentOS 7, NIC
-  - Install the latest version of CentOS 7 (build-2009 at the time of writing) on both virtual machines. Choose minimal installation during setup.\\ After OS installation, open the console and install packages on both VMs: first <code bash>yum install epel-release</code> and then: <code bash>yum install nano tcpdump openssh-server openssh-clients</code>
-  - Disable SELinux on both VMs:
-    * Edit the file ''/etc/sysconfig/selinux''
-    * Set the parameter ''SELINUX=disabled'' and reboot the VM
-===== Installing and Configuring dpiui_vm =====
-  - Install DPIUI on ''dpiui_vm'' following the [[en:dpi:dpi_components:dpiui:install_and_update:install:start|instructions]]
-  - Configure the network on both VMs and SSG:<code bash>BOOTPROTO=static
-ONBOOT=yes
-IPADDR=10.0.0.x
-NETMASK=255.255.255.0
-GATEWAY=10.0.0.1
-DNS1=10.0.0.2</code> ''IPADDR'' — specify for each host according to the scheme (or use your own addressing).
-  - Log in to the GUI and add both VMs and SSG in the "EQUIPMENT" section, following the [[en:dpi:dpi_components:dpiui:user_guide:admin_section:equipment_management:start|instructions]]:
-===== Installing and Configuring cp_wifi_vm =====
-  - Install the ''wifi_hotspot'' package on the ''cp_wifi_vm'' VM following the [[en:dpi:dpi_components:module_wi-fi_hotspot:start|instructions]]:
-  - Edit the configuration file for Hotspot:<code bash>nano /var/www/html/wifi_hotspot/backend/.env</code> Change/add only these lines:
-    - **''AAA_HOTSPOT_IP – 10.0.0.4''**\\ NAS server address, IPv4/IPv6, if unknown — 0.0.0.0
-    - **''AAA_HOTSPOT_PORT – 0''**\\ NAS server port, number, if unknown — 0
-    - **''AAA_HOTSPOT_ID – 2''**\\ Network access point ID, integer between 0 and 1000, must be filled in for public WiFi access points, corresponds to the access point ID in field 1 from the access point export
-    - **''AAA_EXPORT_ENABLED=1''**\\ Enable AAA export
-    - **''AUTH_CODE_LENGTH=4''**\\ Change the number of characters in the SMS authorization code
-If the parameter ''AUTH_CODE_LENGTH'' is set, then in the file ''/var/www/html/wifi_hotspot/frontend/env.js'' set the value:<code bash>AppEnv.AuthCodePlaceHolder = "0000";</code>
-Finally, run the command:<code bash>php /var/www/html/wifi_hotspot/backend/artisan queue:restart</code>
-===== Installing and Configuring dhcp-isc on cp_wifi_vm =====
-  - Install the ''dhcp-isc'' package: <code bash>yum install dhcp expect</code>
-  - Configure the static ARP scripts and the ''dhcpd.conf'' configuration file:
-    * First, the ''dhcpd'' configuration file: <code bash>nano /etc/dhcp/dhcpd.conf</code> Set your values for ''option domain-name'' and ''option ntp-servers''!<code bash>ddns-update-style none;
-authoritative;
-db-time-format local;
-log-facility local7;
-subnet 100.64.0.0 netmask 255.255.252.0 {
-  range 100.64.0.3 100.64.3.254;
-  default-lease-time 600;
-  max-lease-time 600;
-  option subnet-mask 255.255.252.0;
-  option broadcast-address 100.64.3.255;
-  option routers 100.64.0.1;
-  option ntp-servers <ntp-server>;
-  option domain-name-servers 10.0.0.2;
-  option domain-name "name.local";
-  on commit {
-      set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
-      set ClientMac = concat (
-      suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
-      suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
-      suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
-      suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
-      suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
-      suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2));
-      log(concat("Request: IP: ", ClientIP, " Mac: ", ClientMac));
- execute("/usr/local/etc/dhcpd/clients_add_drop.sh", "add", ClientIP, ClientMac);}
-  on release {
-      set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
-      set ClientMac = concat (
-      suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
-      suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
-      suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
-      suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
-      suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
-      suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2));
-      log(concat("Release: IP: ", ClientIP, " Mac: ", ClientMac));
-      execute("/usr/local/etc/dhcpd/clients_add_drop.sh", "drop_rls", ClientIP, ClientMac);}
-  on expiry {
-      set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
-      log(concat("Timeout: IP: ", ClientIP));
-      execute("/usr/local/etc/dhcpd/clients_add_drop.sh", "drop_exp", ClientIP);}
-}
-subnet 10.0.0.0 netmask 255.255.255.0 {
-}</code> Create directories and change their permissions:<code bash>mkdir /usr/local/etc/dhcpd/ && chown dhcpd:dhcpd /usr/local/etc/dhcpd/
-touch /usr/local/etc/dhcpd/clients_add_drop_mysql.sh && touch /usr/local/etc/dhcpd/clients_add_drop.sh
-&& chown dpiacc:dpiacc /usr/local/etc/dhcpd/*
-chmod 755 /usr/local/etc/dhcpd/
-chmod 755 /usr/local/etc/dhcpd/*</code> Then copy the following script to ''/usr/local/etc/dhcpd/clients_add_drop.sh'':<code bash>#!/usr/bin/expect -f
-set METHOD [lindex $argv 0]
-set IP_ADDR [lindex $argv 1]
-set MAC_ADDR [lindex $argv 2]
-set MAC_ADDR [string toupper $MAC_ADDR]
-#Client interface on MikroTik:
-set INT_CLIENT "vWifi"
-set status 0
-#Record dhcp-lease (start and end) in the Hotspot database
-spawn /usr/local/etc/dhcpd/./clients_add_drop_mysql.sh "$METHOD" "$IP_ADDR" "$MAC_ADDR"
-expect "end_mysql";
-#Connecting to the router
-spawn ssh -i /usr/local/etc/dhcpd/.ssh/id_rsa admin+t@100.64.0.1 -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev
-/null
-#Adding a static ARP record to the router
-expect {
-   "*$ " {
-      set timeout 15
-      if { $METHOD == "add" } {
-         send "ip arp add interface=$INT_CLIENT address=$IP_ADDR mac-address=$MAC_ADDR\r"
-         expect {
-            "*failure*" { set status 2 }
-            "*dynamic*" { set status 2 }
-            "*duplicate*" { set status 2 }
-            "*invalid*" { set status 2 }
-            "*success*" { set status 0 }
-            "*already*" { set status 0 }
-            "*input does not match*" { set status 2 }
-         }
-      }
-      if { $METHOD == "drop_rls" } {
-         send "ip arp remove [find address~\"$IP_ADDR\"]\r"
-         expect {
-            "*failure*" { set status 2 }
-            "*invalid*" { set status 2 }
-            "*not such item*" { set status 2 }
-            "*success*" { set status 0 }
-         }
-      }
-      if { $METHOD == "drop_exp" } {
-         send "ip arp remove [find address~\"$IP_ADDR\"]\r"
-         expect {
-            "*failure*" { set status 2 }
-            "*invalid*" { set status 2 }
-            "*not such item*" { set status 2 }
-            "*success*" { set status 0 }
-         }
-      }
-   }
-}
-exit $status</code> and ''/usr/local/etc/dhcpd/clients_add_drop_mysql.sh'':<code bash>#!/bin/bash
-#Expecting external IP
-EXTIP=10.0.0.3
-if [ $1 == 'add' ]; then
-   echo "Connecting to Hotspot database"
-   mysql -u hotspot -ppassword -h $EXTIP -D hotspot -e "SELECT * FROM radcheck WHERE attribute = 'Calling-Station-Id' AND value='$3'" | grep $3
-   if [ $? -eq 1 ]; then
-      mysql -u hotspot -ppassword -h $EXTIP -D hotspot -e "INSERT INTO radcheck (username, attribute, op, value) VALUES ('$3', 'Calling-Station-Id', '==', '$3')"
-      echo "Inserted $3 MAC address to Hotspot"
-   else
-      mysql -u hotspot -ppassword -h $EXTIP -D hotspot -e "UPDATE radcheck SET username='$3',attribute='Calling-Station-Id',op='==',value='$3' WHERE attribute='Calling-Station-Id' AND value='$3'"
-      echo "Updated $3 MAC address in Hotspot"
-   fi
-else
-   echo "Connecting to Hotspot database"
-   mysql -u hotspot -ppassword -h $EXTIP -D hotspot -e "DELETE FROM radcheck WHERE attribute = 'Calling-Station-Id' AND value='$3'"
-   echo "Removed $3 MAC address from Hotspot"
-fi
-echo "end_mysql"</code> Enable DHCP at startup:<code bash>systemctl enable dhcpd.service</code>
-Finally, generate the key on the ''cp_wifi_vm'' host and copy it to the router:<code bash>ssh-keygen -q -t rsa -N '' -f /usr/local/etc/dhcpd/.ssh/id_rsa && ssh-copy-id -i /usr/local/etc/dhcpd/.ssh/id_rsa.pub admin+t@100.64.0.1</code>

Profile

Settings

Differences