RtRwNet = FreeBSD 5.1 + Chillispot + FreeRadius + TUN + PF + Dialup_admin + MySQL + Apache 2.0.4_mod_ssl

Jancuk login to RtRwNet1. Latar belakang
Teorinya seh, yang namnya MAC Address itu sifatnya unik, artinya ya gak ada yang kembar, ndes. Mirip IMEI di ponsel (walaupun belakangan nge-”flash” ponsel dan mengganti IMEI juga guwampang buwanget). Dalam kenyataannya merubah MAC itu suwangat
muwdah swekale. Tool MAC Spoofing gratisan berserak kayak sampak di Bojong Gede. Di sisi lain pengusaha AP kelas ekonomi lemah kayak RtRwNet rata rata hanya mengandalkan MAC untuk filter ke Access Point nya. Siapapun bisa merubah MAC perangkat WiFi milik para “ndololit” agar bisa “allowed” connect ke AP yang nggak 100% free. Maka ada ide harus ada form user dan login sebelum bisa “kemana mana”. Walaupun MAC dah lewat tapi sebelum login, yah harus gigit jari dulu. Tulisan ini nanti akan membahas itu, cuk. Semua yang saya tulis ini adalah hasil kerja langsung team saya, bukan hasil terjemahkan buku “londo”, qe3. Servernyapun real team, server.dhegleng.or.id, yang sedang kamu akses ini, )

2. Install
Konfigurasi ini berjalan di atas server yang sudah ada Apache2_mod_ssl, atau OpenSSL. sudah ada DNS server, mail server, PHP dan persyaratan lainnya. Jadi ini tidak dibahas.

2.1. Interface Card
Paling tidak harus ada minimum 2 NIC (Network Interface Card), 1 yang terhubung ke internet, 1 lagi terhubung ke jaringan lokal.

proxy# ifconfig
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 222.124.1.238 netmask 0xfffffff8 broadcast 222.124.1.239
inet6 fe80::2a0:24ff:feda:5a6d%xl0 prefixlen 64 scopeid 0×1
inet 203.130.193.46 netmask 0xfffffff8 broadcast 203.130.193.47
ether 00:a0:24:da:5a:6d
media: Ethernet 10baseT/UTP (10baseT/UTP <half-duplex>)
xl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=3<RXCSUM,TXCSUM>
inet 0.0.0.0 netmask 0xff000000 broadcast 0.255.255.255
inet6 fe80::201:2ff:fe60:1d35%xl1 prefixlen 64 scopeid 0×2
ether 00:01:02:60:1d:35
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0×4
inet 127.0.0.1 netmask 0xff000000
proxy#
Interface yang ke jaringan lokal tidak dikonfigurasi, tapi harus aktif.

2.2. Kernel dicompile ulang
Tak usah kawatir, ngompil kernel itu guwampang buwanget. Kernel harus support modul TUN/TAP dan Paket Filter di level kernel. yah ecek eceknya “virtual interface” lah. Soalnya klo gak pakai cara gini, wireless card kamu harus di tancap di server, selain reseh ya bayangain kalau AP nya muacem muacem jenis dan merk nya. Klo yang punya AP Lynksys masih beruntung karena ada modul OpenWRT.

Mari kompail kernelmu:
proxy# cd /usr/src/sys/i386/conf
proxy# cp GENERIC KERNEL_20070812
Lalu edit KERNEL_20070812, yakinkan baris baris ini ada:

device tun
device bpf (barkeley paket filter, di OpenBSD pf)

options IPFILTER
options IPFILTER_LOG
options RANDOM_IP_ID
options IPDIVERT
options PFIL_HOOKS

Klo sudah lakukan ini:

proxy# config KERNEL_20070812
akan nampak respon begini,
Don’t forget to do a ‘make depend’
Kernel build directory is ../../compile/KERNEL_20070812
proxy# cd ../../compile/KERNEL_20070812
proxy# make depend
proxy# make
proxy# make install
tambahkan baris baris ini di /etc/rc.conf
pf_enable=”Yes”
pf_logd=”Yes”
pf_conf=”/usr/local/etc/pf.conf”
proxy# reboot
Wis ndes, urusan kernel rampung. Login lagi ke server, lanjutkan pekerjaan.
Untuk lebih jelasnya isi kernel lihat di sini

proxy# uname -a

FreeBSD proxy.dhegleng.or.id 5.1-RELEASE FreeBSD 5.1-RELEASE #0: Sun Aug 12 23:14:29 WIT 2007 admin@proxy.dhegleng.or.id:/usr/src/sys/i386/compile/KERNEL_20070812 i386

Nah, loh. kernelmu dah ganti baru, jadi “KERNEL_20070812″

2.3. Install BSD Paket Filter
proxy# cd /usr/ports/security/pf
proxy# make install clean
proxy# /usr/local/etc/rc.d/pf.sh start
proxy# ifconfig
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 222.124.1.238 netmask 0xfffffff8 broadcast 222.124.1.239
inet6 fe80::2a0:24ff:feda:5a6d%xl0 prefixlen 64 scopeid 0×1
inet 203.130.193.46 netmask 0xfffffff8 broadcast 203.130.193.47
ether 00:a0:24:da:5a:6d
media: Ethernet 10baseT/UTP (10baseT/UTP <half-duplex>)
xl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=3<RXCSUM,TXCSUM>
inet 0.0.0.0 netmask 0xff000000 broadcast 0.255.255.255
inet6 fe80::201:2ff:fe60:1d35%xl1 prefixlen 64 scopeid 0×2
ether 00:01:02:60:1d:35
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0×4
inet 127.0.0.1 netmask 0xff000000
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.1 –> 192.168.10.1 netmask 0xffffff00
inet6 fe80::2a0:24ff:feda:5a6d%tun0 prefixlen 64 scopeid 0×5
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208
pfsync0: flags=41<UP,RUNNING> mtu 1896

proxy#
Nah, modul kernel tun dan pf dah oeskeh, ndes.
Untuk lebih jelasnya /usr/local/etc/pf.conf bisa lihat di sini
Dan /usr/local/etc/rc.d/pf.sh bisa lihat di sini

2.4. Install Chillispot ((hot) Spot Lombok), qe3
proxy# cd /usr/ports/net-mgmt/chillispot
proxy# make install clean
Cek Apache mode ssl, cekMySQL, cek Free FreeRadius.
Ok, tunggu sampai selesai compile dan install, ini ongtomatis. Port paket akan mengecek mesin, mana mana komponen yang belum ada akan diinstall langsung.

proxy# cp /usr/local/share/chillispot/hotspotlogin.cgi /usr/local/www/cgi-bin/
proxy# ee /usr/local/www/cgi-bin/hotspotlogin.cgi
edit semua text (text loh, bukan variable) yang berbung “Chillispot” ganti dengan “RtRwNet”. Bukan kurang ajar sama yang bikin Chillispot, tapi semata mata biar akrab dengan login RtRwNet, karena platformnya memang untuk tujuan itu.

proxy# chomd +x /usr/local/www/cgi-bin/hotspotlogin.cgi
maksudnya biar bisa dieksekusi (eih kek terpidana ajah ya)

proxy# cp /usr/local/share/chillispot/chilli.conf /usr/local/etc/chilli.conf

Siapkan dulu file file ini, nanti dibutuhkan freeradius (mungkin masih sodaranya Radius Prawiro kale), atau dalam ilmu kedokteran Os Radius itu sama dengan “tulang ibu jari”, ngaco, qe3
proxy# mkdir -p /usr/local/etc/raddb/
proxy# cp /usr/local/share/chillispot/dictionary.chillispot /usr/local/etc/raddb/
proxy# cp /usr/local/share/chillispot/freeradius.users /usr/local/etc/raddb/

kopi contoh pf.conf untuk konfigurasi chillispot, pf.conf bawaannya juga ada

proxy# cp /usr/local/share/chillispot/pf.conf.sample /usr/local/etc/pf.conf
proxy# ee /usr/local/etc/pf.conf

ganti interface nya:

int_if = “xl1″
ext_if = “xl0″
chilli_if = “tun0″
priv_nets = “{ 127.0.0.0/8, 192.168.10.0/24 }” # tergantung nektwork nggonmu, ndes.

2.5 Install FreeRadius
bikin user radius daemon:
proxy# pw adduser radiusd -d “/noexistent” -s “/bin/nologin”

install freeradius:

proxy# cd /usr/ports/net/freeradius
proxy# make install clean

bikin database freeradius di MySQL:

proxy# mysql -u root -p

> create database freeradius;
> grant all privileges on freeradius.* to ‘radiusd’@’localhost’ identified by ‘passwordmucuk’;
> flush privileges;
> quit;
bikin skema tabel di databases freeradius:
proxy# mysql -u radiusd -p < /usr/local/share/examples/freeradius/db_mysql.sql

klo error ya pakai root ajah ndes, bikinya kek gini:

proxy# mysql -u root -p < /usr/local/share/examples/freeradius/db_mysql.sql
tapi jangan lupa lagi:
proxy# mysql -u root -p
> grant all privileges on freeradius.* to ‘radiusd’@’localhost’
> flush privileges;
> quit;

Ok, kita lanjutkan:

proxy# cd /usr/local/etc/raddb
proxy# cp acct_users.sample acct_users
proxy# cp clients.conf.sample clients.conf
proxy# cp dictionary.sample dictionary
proxy# cp eap.conf.sample eap.conf
proxy# cp hints.sample hints
proxy# cp huntgroups.sample huntgroups
proxy# cp preproxy_users.sample preproxy_users
proxy# cp proxy.conf.sample proxy.conf
proxy# cp radiusd.conf.sample radiusd.conf
proxy# cp snmp.conf.sample snmp.conf
proxy# cp sql.conf.sample sql.conf
proxy# cp users.sample users

Dah, yok kita “setel-setel” sedikit biar klop:
proxy# ee dictionary
tambahkan dictionary.chillispot yang tadi dah dikopikan:
$INCLUDE dictionary.chillispot
jangan pakai TAB, pake spasi aja, klo pake TAB kadang gak mau, ndes. rewel pancen, qe3
proxy# ee /usr/local/etc/raddb/clients.conf
ganti
secret = s3cr3t
dengan
secret = <passwordmu dewekcuk>;

proxy# ee /usr/local/etc/raddb/radiusd.conf

ganti ‘user = nobody’ ke ‘user = radiusd’ , pastikan uncomment
ganti ‘group = nobody’ ke ‘group = radiusd’ , pastikan uncomment
ganti ‘proxy_requests = yes’ ke ‘proxy_requests = no’ dan pastikan uncomment

teruskan lagi, ndes. pastikan file file ini exist dan oke. koyoke makin seru neh.

proxy# mkdir -p mkdir /var/log/radacct
proxy# touch /var/log/radius.log
proxy# touch /var/log/radutmp
proxy# touch /var/log/radwtmp
proxy# chmod 700 /var/log/radacct
proxy# chmod 644 /var/log/radius.log
proxy# chmod 600 /var/log/radutmp
proxy# chmod 644 /var/log/radwtmp
proxy# chown radiusd:radiusd /var/log/radacct
proxy# chown radiusd:radiusd /var/log/radius.log
proxy# chown radiusd:radiusd /var/log/radutmp
proxy# chown radiusd:radiusd /var/log/radwtmp
Oke, bernafas dulu. Soale asma, jeh…
hosss hosss hosss, wes
lanjutkan lagi, ini agak panjang dan njilemt:
proxy# ee /usr/local/etc/raddb/sql.conf
di dalam “sql {”
server = “localhost”
login = “radiusd”
password = “password radiusd neng database mau cuk, yg ada ‘identfied by’ mau iku loh”

cari baris ini dan uncomment
#sql_user_name = “%{Stripped-User-Name:-%{User-Name:-DEFAULT}}”

cari baris ini dan comment:
sql_user_name = “%{User-Name}”

proxy# ee /usr/local/etc/raddb/radiusd.conf
cari baris di bawahnya “Authorize {”
uncomment:
#sql
cari baris di bawahnya “Authenticate {”
comment
unix
cari baris di bawanya “preacct {”
comment
files
cari baris di bawahnya “accounting {”
uncomment
#sql
cari baris di bawahnya “session {”
uncomment
#sql
comment
radutmp
wis simpan, esc – enter – enter

Kita bikin user pertama kali, cara manual untuk test, ndes

proxy# mysql -u radiusd -p
mysql> insert into radcheck (Username, Attribute, Value) VALUES (’jancuk’, ‘Password’, ‘jancuk12345′);
Query OK, 1 row affected (0.00 sec)

mysql> select * from radcheck;
+—-+———–+———–+—–+——————-+
| id | UserName | Attribute | op | Value |
+—-+———–+———–+—–+——————-+
| 1 | jancuk | Password | == | jancuk12345 |
+—-+———–+———–+—–+——————-+
1 row in set (0.00 sec)

mysql> insert into usergroup (UserName, GroupName, Priority) VALUES (’jancuk’, ‘RtRwNet’, 1);
Query OK, 1 row affected (0.00 sec)

mysql> select * from usergroup;
+———-+————+———-+
| UserName | GroupName | priority |
+———-+————+———-+
| jancuk | RtRwNet | 1 |
+———-+————+———-+
1 row in set (0.01 sec)

mysql> insert into radgroupcheck (GroupName, Attribute, Value) VALUES (’RtRwNet’, ‘Auth-Type’, ‘Local’);
Query OK, 1 row affected (0.00 sec)

mysql> select * from radgroupcheck;
+—-+———–+———–+—-+——-+
| id | GroupName | Attribute | op | Value |
+—-+———–+———–+—-+——-+
| 1 | RtRwNet | Auth-Type | == | Local |
+—-+———–+———–+—-+——-+
1 row in set (0.00 sec)
mysql> insert into radreply (UserName, Attribute, Value) VALUES (’jancuk’, ‘Class’, ‘0708765432′);
Query OK, 1 row affected (0.01 sec)

mysql> select * from radreply;
+—-+———-+———–+—-+————+
| id | UserName | Attribute | op | Value |
+—-+———-+———–+—-+————+
| 1 | jancuk | Class | = | 0708765432 |
+—-+———-+———–+—-+————+
1 row in set (0.00 sec)

mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES (’RtRwNet’, ‘Session-Timeout’, ‘43200′);
Query OK, 1 row affected (0.00 sec)

mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES (’RtRwNet’, ‘Idle-Timeout’, ‘600′);
Query OK, 1 row affected (0.00 sec)

mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES (’RtRwNet’, ‘Acct-Interim-Interval’, ‘60′);
Query OK, 1 row affected (0.01 sec)

mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES (’RtRwNet’, ‘WISPr-Redirection-URL’, ‘http://wlan.dhegleng.or.id’);
Query OK, 1 row affected (0.00 sec)

mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES (’RtRwNet’, ‘WISPr-Bandwidth-Max-Up’, ‘128000′);
Query OK, 1 row affected (0.01 sec)

mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES (’RtRwNet’, ‘WISPr-Bandwidth-Max-Down’, ‘512000′);
Query OK, 1 row affected (0.01 sec)

mysql> select * from radgroupreply;
+—-+———–+————————–+—-+————————–+
| id | GroupName | Attribute | op | Value |
+—-+———–+————————–+—-+————————–+
| 1 | RtRwNet | Session-Timeout | = | 43200 |
| 2 | RtRwNet | Idle-Timeout | = | 600 |
| 3 | RtRwNet | Acct-Interim-Interval | = | 60 |
| 4 | RtRwNet | WISPr-Redirection-URL | = | http://wlan.dhegleng.or.id |
| 5 | RtRwNet | WISPr-Bandwidth-Max-Up | = | 128000 |
| 6 | RtRwNet | WISPr-Bandwidth-Max-Down | = | 512000 |
+—-+———–+————————–+—-+————————–+
6 rows in set (0.00 sec)

Oke kita test cu, jo lali radisud nya di running dulu:
Test:
/usr/local/bin/radtest jancuk jancuk12345 localhost 1812 <passwordmucuksu>

Sending Access-Request of id 250 to 127.0.0.1 port 1812
User-Name = “jancuk”
User-Password = “jancuk12345″
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=250,
length=106
Class = 0×30373032333435363738
Session-Timeout = 3600
Idle-Timeout = 600
Acct-Interim-Interval = 60
WISPr-Redirection-URL = “http://wlan.dhegleng.or.id”
WISPr-Bandwidth-Max-Up = 128000
WISPr-Bandwidth-Max-Down = 512000

Dah oke freeradiusmu, nanti dilanjutkan adderuser nya via dialup_admin.

2.6. DialupAdmin
Dialup-admin adalah interface berbasis php (php3), yang memang khusus untuk mengontrol freeradius. Sudah cukup lama memang, tapi masih handal. Belakangan penggantinya PHPMyPrepaid, sama juga untuk freeradius, namun lebih lengkap, sekaligus lebih bikin paniang kapalo. Yok mulai lagi,

Download dialup_admin di http://sourceforge.net/project/showfiles.php?group_id=24332

proxy# mv dialup_admin-1.62.tar.gz /usr/local
proxy# cd /usr/local
proxy# tar zxvf dialup_admin-1.62.tar.gz
proxy# mv dialup_admin-1.62 dialup_admin
proxy# mkdir -p /usr/local/www/dialup_admin
proxy# ln -s /usr/local/dialup_admin/htdocs /usr/local/www/dialup_admin/htdocs

terus edit httpd.conf mu
proxy# ee /usr/local/etc/apache2/httpd.conf
yakinkan baris baris ini ada:

LoadModule php4_module libexec/libphp4.so
AddModule mod_php4.c
AddType application/x-httpd-php .php
AddType application/x-httpd-php .php3

dan yakinkan baris baris ini ada juga

<directory>
Options Indexes
AllowOverride AuthConfig
<directory>

proxy# ee /usr/local/dialup_admin/.htaccess
isinya:

AuthUserFile /usr/local/dialup_admin/htdocs/.htpasswd
AuthGroupFile /dev/null
AuthName “Restricted Area”
AuthType Basic
<limit GET POST>
require valid-user
</limit>

proxy# cd /usr/local/dialup_admin/htdocs/
proxy# htpasswd -c .htpasswd admim passwordmuck

kemudian edit configurasi admin.conf
proxy# ee /usr/local/dialup_admin/conf/admin.conf

sesuaikan dengan parameter parameter lainnya, lebih gambangnya lihat ini saja sama persis kecuali password ip dan nama domain.

2.7. Contoh konfigurasi sudah jalan lainnya
/usr/local/etc/rc.d/radiusd.sh
/usr/local/etc/rc.d/chillispot.sh
/etc/rc.conf
/usr/local/etc/php/extensions.ini
/usr/local/dialup_admin/conf/username.mappings
/usr/local/dialup_admin/conf/user_edit.attrs

Wis, ndes. tetap pada moto: Mudeng yo sokor gak mudeng yo kokor2
Selanjutnya adder user tinggal main di dialup_admin http://222.124.1.238/ (tentu saja ip nya diganti IP mu, ndes)

Delok screenshotnya lengkap di sini.

Screenshoot di bawah ini, lebih spesifik:

liat group RtRwNet via dial-up admin

user dah ditambahkan via dial-up admin:

siapa yang lagi online, liat di dial-up admin:

property user jancuk via dial-up admin:

setup di client, ongtomatis:

ketika pertama kali komputermu konek ke ajringan RtRWNet:

form login:

form setelah berhasil login:

access statistik via dial-up admin:

user property jancuk:

uam user jancuk:

siapa siapa konek via AP airPOINT-PROTOTAL (801.11b saja, AP kuno, yg terjauh terbagus pakai kaleng susu 2 km, yg dekat dekat pada bandel pakai lapi buil-in di bawah seng)

kutipan di http://www.dhegleng.or.id

About ngengeh

Nama gw ndry

Posted on March 15, 2008, in Belajar, E-Book, Networking. Bookmark the permalink. 3 Comments.

  1. toturialnya bagus mas

    saat ni aku sedang coba router + radius server, di router aku install chillispot, radius server freeradius + mysql, di radius server aku coba test pake radcheck user password localhost 1812 testing123, accept, trus aku coba lgi pake ip-nya router yang ke clinet radcheck user password 192.168.2.1 1812 testing 123, reject, ip radius 192.168.1.2

    kira2 apanya yang kurang ya mas dan apa saja yg harus saya konfigurasi tuk model macem ni

    mhon bantuannya ya
    trims

  2. mas saya ada masalah ketika sending paket ko ga masuk yah
    bisa tau salahnya ga yah
    soalnya saya dah ngikutin tutorialnya
    hasilnya

    Sending Access-Request of id 238 to 127.0.0.1 port 1812
    User-Name = “jancuk”
    User-Password = “jancuk12345”
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 1812
    Sending Access-Request of id 238 to 127.0.0.1 port 1812
    User-Name = “jancuk”
    User-Password = “jancuk12345”
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 1812
    radclient: no response from server for ID 238 socket 3

    mohon di jawab via email juga boleh mas

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: