EasyHotSpot – what it is and isn't
Posted by Kelvin on 03 Apr 2011 at 04:34 pm | Tagged as: Ubuntu
EasyHotSpot is an open-source hotspot solution built in PHP/MySQL on the CodeIgniter framework. It integrates with Chillispot and FreeRadius to provide a captive portal solution.
Per-user bandwidth quotas are provided by way of "vouchers". A voucher is something you generate according to a "plan", e.g. 10MB voucher which expires 30 days from first-use. You can setup time-based quotas if that's more relevant to you.
You can also setup "pre-paid" accounts from which invoices are generated.
The downsides of using EasyHotSpot are:
– relatively immature software (its at version 0.2, and does have a number of bugs)
– doesn't handle daily quotas out-of-box
– really difficult to configure if you try to install it from an existing Ubuntu installation (fortunately there's an Ubuntu distro which bundles EasyHotSpot)
– not for the faint of heart, and you'll need significant linux chops to pull it off
However, having said that, alot of the potential downsides also applies to most Chillispot-based implementations.
Basic Network Architecture
Here's the bare minimum you'll need to get an EasyHotSpot solution up and running
1. Internet connection (say, cable modem or satellite modem)
2. Linux computer with 2 network cards (one of them can be wireless). I chose to purchase an Asix USB ethernet card.
3. Ubuntu 10.04 or greater
Sequence of events in an EasyHotSpot implementation
Sequence of events of a client login
- Client connects to wireless/wired network, requesting for an IP Address using DHCP
- Chillispot (which provides DHCP services) grants them an IP address via a "tunnel" it sets up
- Client requests for a URL, say http://www.google.com
- Chillispot checks the client's MAC address to see if they're authenticated. If they're not, they get redirected to a login page
- Client logs into Chillispot
- Chillispot checks with FreeRadius to see if the user's credentials are accepted (and if they've exceeded their quotas)
- FreeRadius responds either negatively (wrong username/password or quota exceeded), or positively (accepted, starting time/bandwidth logging now)
- If positive response, Chillisoft redirects user to a "Thank You, you are now connected to the internet" page.
Sequence of events AFTER a client login
After a client has obtained an IP address, here's what needs to happen to successfully serve a HTTP request.
- Client attempts to resolve DNS, say of www.supermind.org
- Dnsmasq, a caching DNS server, responds with IP address of the domain
- Client makes HTTP request
- iptables-based NAT routing intercept the request and forwards to Squid proxy transparently
- Response is returned to the client
Components of EasyHotSpot
I'm now going to try to give you an uber-high-level view of what the different moving parts are (and there are a number of them indeed). Hopefully this will give you a conceptual map to successfully navigate an EasyHotSpot installation.
Chillispot is a Linux package that provides the following:
– integration with FreeRadius
– captive portal
– network bridge between "in" (LAN) and "out" (WAN) interfaces
Performs the user authentication and bandwidth/time accounting.
Caching DNS server
Caching proxy server
Used by EasyHotSpot to store user information. Used by FreeRadius to store user credentials and accounting information.
EasyHotSpot itself is a PHP web application which provides a web interface to managing users, vouchers, etc. It then writes to a MySQL database which FreeRadius uses.
The interface between EasyHotSpot and the rest of the system, therefore is EasyHotSpot. It is also the piece of the puzzle you install LAST. By the time you get to the EasyHotSpot bit of the installation, most of the hard work is done.
In my next post, I'll talk about what I did to get EasyHotSpot working just the way I needed it to.