Setting up ChilliSpot with FreeRadius on Tomato Part IV

This is part four of the series on setting up ChilliSpot with FreeRadius, using MySQL, on Tomato.

The final part is to get ChilliSpot running on the Tomato router, which includes modifying its firewall to block packets.

The first step tonight is to modify the firewall script. Tomato is a bit different in how the firewall is setup.
Open the file in the network share, etc/firewall.openwrt with your favourite editor.

We only need to make a few changes to this file for tomato to work.

The file starts with defining the WANIF. This is generally needing to be changed to:

WANIF=`nvram get wan_ifname`

The next two lines:
WLANIF=”eth1″
LANIF=”br0″
.. are fine.

The definition of IPTABLES is correct, as “/usr/sbin/iptables”

Delete the next 4 lines, which are:
for T in filter nat mangle ; do
$IPTABLES -t $T -F
$IPTABLES -t $T -X
done

The next lines change the behaviour of the firewall, let’s not confuse anyone, and leave them alone.

The next lines are all OK, to the point where we get to the end, which is Enable Nat on the output device.
It’s generally already enabled, so delete that line from the file, save the file.

Now, with that done, we are all set to set to start the application on the router.

We start with:
/cifs1/usr/sbin/chilli –conf=/cifs1/etc/chilli.conf

And, unfortunately, with debug on, we get:

ChilliSpot version 1.0RC3 started.
chillispot[5490]: tun.c: 673: 2 (No such file or directory) open() failed
chillispot[5490]: chilli.c: 3437: Failed to create tun

What is the issue here is, we need to get the tun.o module loaded for this kernel. I’ve tried loading one from a different kernel, in the hour I’ve taken since starting this post, to now, to find out, and unfortunately, we’ve hit a deadend.

We can alternatively, recompile the firmware with mknod support, and that should set us on the right track to running ChilliSpot on Tomato.

Either way, that’s a very time consuming operation. If anyone has a tun.o module for the 2.4.20 kernel, I’m keen to get my hands on it and give that a go.

I’ve also asked Tomato’s developer if he was able to provide some input.

The task of recompiling the firmware involves downloading the Tomato Source, done.
Downloading a 180MB Linksys Source file, not done.
And having a feel around to find out what we need to fix to make ChilliSpot run on Tomato’s OS.

Hopefully we get some more information on this soon, and I can finish this off.

Believe it or not, the total time this blog post took was 2 hours, and around 90 minutes of that was spent researching and finding a tun.o module.

You can always look at Open WRT, but you lose the decent QoS that Tomato offers.

Maybe a merge of the both would be ideal? Not sure what we are up for, will certainly look when I get time to open this up again!

Enjoy!

This entry was posted in Linux, Networking, Random. Bookmark the permalink.

3 Responses to Setting up ChilliSpot with FreeRadius on Tomato Part IV

  1. Mick says:

    Gday mate,

    I’ve been looking all over at trying to get freeradius and tomato to work. Did you ever have any success with this? What I really want to do is have the benefits of tomato’s QOS with a captive portal.

    Cheers.

  2. Dave says:

    Sorry to bring up this dormant topic, but with ChilliSpot being gone, and the availability of Tomato + openvpn (with the tun.o module), I’ve been tackling getting the openwrt version of coovachilli running on my WRT54GL using these blog posts as a guide. I’m positive it’ll work but the coova chilli binary isn’t statically linked, and am having a hard time getting it to see the libraries (can’t modify the ld.so.conf in rom). Will post another comment if I can find a way around it.

  3. Dante says:

    HI, EXCELLENT WORK,
    but i´m stuck on: A”nd, unfortunately, with debug on, we get:

    ChilliSpot version 1.0RC3 started.
    chillispot[5490]: tun.c: 673: 2 (No such file or directory) open() failed
    chillispot[5490]: chilli.c: 3437: Failed to create tun”

    im try for more two weeks, tial and error, and nothing…. i´m exhaust, can you solve this?

Leave a Reply

Your email address will not be published. Required fields are marked *