cacti & TrafIP is up

cacti Report on bandwidth usage @ Wireless 1 AP


IPtables - PHP report on gateway bandwidth usage

Planned extra Features for V2

1. Reporting on successful login and logout
2. User request form
3. Admin disconnect online user
4. Ajax interval 10 secs to show overall download and upload in MB 5. Simple bandwidth graph

1. Reporting on successful login and logout
Have to create a table dedicated for logging successful logging and logout, so in the report it display like below

10.0.0.2 logged in using xxxxx username at 10.20pm 12th December 2008
10.0.0.50 logged in using xxxxx username at 11.20pm 12th December 2008

2. User request form
Regiestered user can request XS Code by filling the form to the Admin, admin will be notified by email and will check request . A request is a discussion between admin and user. Have to use 2 tables until the request is marked done by the admin. Can use blog topic , blog commenst db structure.

3. Admin disconnect online user
Admin can disconnect particular user by putting Max-All-Session = 0 into user's radcheck table. The connected user will be disconnected after radius interval check.

4. Ajax interval 10 secs to show overall download and upload in MB
Admin can view the concurrent usage by number of up/down bandwidth used

5. Simple Bandwidth Graph
Using IPtraf script to generate bandwidth graph.

Online Users

I've written a module to show online users.

I know that my maximum idle for every users is 300secs or 5 minutes.
So I can check againts radius.acctstoptime field == null in SQL.

If use disconnected without logging out, radius will disconnect them after idling more than 5 minutes.

MamakSpot V2 on VMWARE

From left: Win Xp running VMWARE as MamakSpot Server, Laptop simulating as wireless client


Host Ap connected directly to ETh0 and Ap2 connected to AP 1 using WDS link ( wirelessly )


AP1 ( host ), Ap2 ( WDS Client )..look..no AP 2 connect wirelessly


Wifi AP System Status


DHCP Status received by Mamakspot client


Connection status for client at Mamakspot landing page


Wireless Distribution System Status


VMWARE control panel


Running tcpdump on VMWARE



Host PC : Windows XP pro with 2 NIC
VMWARE : Redhat Linux EL5 Console Edition running MamakSpot V2
Gateway Server : 192.168.1.1 ( router modem )
VMWARE MAMAKSPOT ; 192.168.1.2, 10.0.0.1
Linksys AP 1 : 10.0.0.254
Linksys AP 2 : 10.0.0.253
Client PC : DHCP
DNS Server : Public Open DNS Server

Planned
1. Squid cache server running on transparent network

Writing blog engine @ Mamak stall

The controller


The add new post


The blog index

I left the office at 5.30pm and arrive at my wife's office area arounf 6pm, then she informed me that she will be late. Luckily there's a mamak stall nearby. I ordered a Roti Telur and Teh Tarik ( typical Malaysian fast food ) and turn on my Laptop.

Okay, to kill the time ahead of me, I'll will write a blog system for my Mamak Spot Wifi Controller. Fired up Firefox and pointed to PhpMyAdmin installed locally on my pc.

So I create a blog_posts table consists of
1. id
2. title
3. body
4. created
5. modified

Then I create my BlogPost model in /app/model as blog_post.php.



Notice that I use $scaffold in the controller. Then I point to http://localhost/blog_posts and tadaaa, the basic CRUD interface is there. But I need to customize the index layout, so that it will bring a basic blog interface. So I have to create a folder inside /views as blog_posts and create a new file named index.ctp



Save the file, refresh the browser. Tadaaa, a nice blog interface.

The phone rang again, okay, time to pickup my wife and I manage to kill my 1 hour waiting by writing a simple blog complete with CRUD functions.

Usage report for each user

At least you can know which user is heavy downloader

DD-WRT V24 SP2 Repeater Mode

Host AP : Linksys WRT54GL running CoovaAP
Repeater AP : Linksys WRT54GL running DD-WRT V24 SP2

I put the host AP in the kitchen and repeater AP in the main hall. The repeater AP actually repeat the Host's AP SSID and I can connect to the net with excellent strength.

I think , I'll use repeater mode for easy deployment.

WDS vs Repeater vs Repeater Bridge

http://www.dd-wrt.com/wiki/index.php/Repeating_Mode_Comparisons

At home , I run 2 unit Linksys WRT54GL 1.1 with WDS mode between them. Have been running for months without switching off,and no visible performance drop at all.

For low cost 'MESH', WDS is way to go. Repeater/RB will cost more 'resource' and you will have more control in WDS mode.

External Radius test with PDRNET

Me and Azmi Hamzah did a simple eternal radius test. He used his Pfsense box to test radius auth over my radius server at home connected by Streamyx broadband. It works !

ICT Funds Needed !

This development costs time and money. Luckily, I am the only one who develops this so, become a Jack Of All Trades is not good for your health.

To built Mamakspot in full scale, you'll need

1. PHP Programmer ( CakePHP 1.2 knowledge )
2. Database Administrator ( MySQL )
3. Radius Engineer ( Free Radius )
4. UI engineer ( Ajax,Javascript )
5. Web Designer ( Web 2.0, CSS,HTML )
6. Linux System Admin ( LAMP Deployment , Firewall)
7. Network Engineer ( LAN,WAN )
8. Wifi Network Engineer ( Mesh,WDS,Firmware,Network )
9. Security Engineer ( Web App Security, DDOS,Server Patches, Firewall )
10. Technical Writer ( documentation,manual, proposals )
11. Web Marketing ( SEO,PPC,Keyword )
12. Sales ( the most important job, selling the product )
13. Support Engineer ( Installer, Troubleshooting, Helpdesk )
14. Project Manager & Technical Lead ( the roadmap for future version )

Ok, now I can create 15 jobs including me, each of them will cost me RM5k per month.

So, goverment...please help me :)

CoovaAP and Freeradius

I have the same problem by the user mentioned here -> http://coova.org/phpBB3/viewtopic.php?f=3&t=393

Connect Status

To present a simple status after user connected to the net, the coding in the bakground is not easy. I have to talk with 2 databases ( radius and mamakspot ) and user 5 tables.

User can see their current status like
1. total bandwidth used
2. time to expire
3. minutes assigned ( prepaid )
4. minutes left ( prepaid )
5. total time used

The default Coova JSON interface also used in the status page. Here the screenshot

NAS Box Controller

Nas table structure in MySQL


Nas Controller in mamakspot


Using CakePHP scaffolding magic, I write this simple application to manage my NAS box. Quite handy if you want to add/remove wifi AP. Perhaps in the future I'll add the longtitude/lattitude column and I can track all the NAS using Google Map

This features can be extended
1. Have a nas_profile table for each nas inserted here
2. lattitude & longitude for the nas box
3. built a page showing history of user connected to particular nas
4. Google map widget to show the nas location in the country

Usage Report per User

Now I can track every user's usage and DENY access if their usage way too high

Bug Squashing Day

Bugs
1.Each user will have multiple radacct sessions but in admin panel, it only show one.Seems like CakePHP model relation not working, so I use RequestAction to get lists of radacct sessions using username.

2. WISPr doesn't accept integer like 512.2222, so I have use php function round()

How do I solve dynamic ip NAS in Freeradius ?

Free radius reloading, new setting and reading NAS information for Radius.nas table


The NAS table in MySQL

Traditionally, we will use clients.conf for NAS lists control. But what if, your NAS is using dynamic ip address ?

Imagine the scenario

1. You Radius server hosted in datacenter at radius.yourdomain.com
2. You have 100 of wireless AP that scattered around the country.
3.Each time the AP dies, ISP will provide them with dynamic IP
4. How to tell radius, each AP new ip address so that users connected to the Ap can authenticate with radius server ?

Solution
1. Use Nas MySQL option, turn on readclients = yes in sql.conf
2. Write a simple cron job to update NAS IP every 10 minutes
3. Use http $_GET to retrieve nas informations in the radius server and update the mysql.Each nas will have different nas-secret.
4. Set the radius server to reread configuration when there's in update on nas table.
5. Problem solved

Radius @ Work

Fired up Ubuntu mahchine and tried to do simple radtest check over my radius server at home from my office.

In my home's firewall, I've set all these credentials

ALLOW 1812 TCP DEST 192.168.1.5

ALLOW 1813 TCP DEST 192.168.1.5

ALLOW 1814 TCP DEST 192.168.1.5

But it failed. Maybe I should use UDP instead of TCP.

Here is some screenshots

Ajax Updated

If admin set the time expiration, and choose date, the Ajax will auto calculate the date in readble format.

White Russian: Coova AP flashed into my Linksys WRT54GL

The info page


First time boot

Downloaded the image file, 2.5MB from Coova.org

Upload the bin file into Linksys original firmware -> upgrade firmware

Took 5 minutes to upgrade

Turn off the AP for 1-2 minutes

Turn on back and Coova AP already in action

A little bit of Ajax

I've tested Meraki Hotspot controle panel yesterday and they used Ajax slider to set the user upload and download bandwidth speed. Quite a handy function.

Since I'm using CakePHP 1.2 and Prototype Ajax already built in, I've changed the form interface. See the screenshot.

Planning to flash my firmware to Coova AP

I've been fan of DDWRT for a long time, but now it is time to embrace the new world

http://coova.org/wiki/index.php/CoovaAP/InstallFAQ

Registered Users Access Module

Granted user can see his Internet Access Code. Simply copy and paste the code


The login form


Registered users. admin can grant selected users


Grant the user for internet use
- can set expiration time
- can set max upload speed
- can set max download speed


Admin can see connected users Internet Session


12.59am, spent almost 6 hours finishing the XS Module for registered users.

here are the screenshots

Planning for MamakSpot FreeWifi With Ad

WISPr-Redirection-URL := "http://10.0.0.1/advertisements"
Idle-Timeout := 600
Session-Timeout = 3600

I'm planning to do simple test where user can user my free wifi service, no subscriptions, no prepaid, simple press Connect Button and off you go.

Well , there's a catch. Every 600 secs or 5 minutes, they will be redirected to my own Advertisement page where I can simply run

1. Advertisement engine , to force free wifi user see the latest ad
2. Google Adsense Pay Per Click
3. Ad Rotating banner displaying products of my Advertisement clients

And use a javascript to show CONTINUE button after the user see the Ad for 10 secs
So, no body lose

I can get money from running ads, and my users can surf the net for free.

How to limit total bandwidth used by your radius users ?

http://coova.org/phpBB3/viewtopic.php?f=4&t=343&st=0&sk=t&sd=a

Mamakspot V2 Prepaid

Slept at 1am last night to finish Add Prepaid module.

Add Prepaid Module
---------------------------
1. Accessible only to Admin usergroup ,else redirect to error page
2. Admin can choose how many prepaid he want to generate ( limit at 10 )
3. Admin can choose download speed ( 56k - 1024k )
4. Admin can choose upload speed ( 56k - 1024k )
5. Admin can choose max hours ( Max-All-Sessions )

The generated prepaid will be displayed in
1.Prepaid For Sales in Prepaid Management Tab
2.Buy Prepaid in user's My Prepaid tab

When logged user click Buy Prepaid, an indication will be displayed on Admin ( or maybe I'll write a simple notification ) that somebody interested to buy the generated Prepaid.

Then the user pay the price, Admin simply edit the owner of the generated prepaid.

Then in user's My Prepaid tab, the newly bought prepaid will be displayed with full prepaid code

User then, copy the code and paste into Connect tab

User can surf the net

Prepaid Management Module

Prepaid session usage detail


Prepaid usage detail ( how many time the same prepaid being used )


List of sold prepaids


Add/Edit Form. Still need more development on this


List of created prepaid. Will be tagged for sales

Prepaid Mode

In Prepaid Mode

1. Admin can generate Prepaid with custom setting, example

512kbps Upload Speed
1024 kbps Download Speed
1 hour usage

And admin can generate 10 prepaids using same setting

The generated prepaid can be printed and sell like normal mobile phone prepaid.

Or

It can be displayed in Prepaid For Sales section and user can straight away buy the web

Mamakspot V2 Screenshot

Paid prepaid will be shown . User must copy the code and paste into prepaid form in Connect section



Admin will create the prepaid for sales, different upload/download speed, different online hours. User simple click buy the desired prepaid. Admin will update the prepaid owner into paid user.


The JSON radius info after user connected to the NET. Wrapped into cakephp custom page


List of newly created prepaid for sales by admin

coova config

[code]
# HotSpot settings for simple Captive Portal
#
HS_NASID=mamakspot01
#HS_UAMSECRET=snadi-tech
HS_RADIUS=127.0.0.1
#HS_RADIUS2=rad01.coova.org
HS_RADSECRET=snadi-tech
HS_UAMALLOW=google.com

# Put entire domains in the walled-garden with DNS inspection
HS_UAMDOMAINS=".google.com,.yahoo.com"

# Optional initial redirect and RADIUS settings
# HS_SSID= # To send to the captive portal
# HS_NASMAC= # To explicitly set Called-Station-Id
# HS_NASIP= # To explicitly set NAS-IP-Address

# The server to be used in combination with HS_UAMFORMAT to
# create the final chilli 'uamserver' url configuration.
HS_UAMSERVER=10.0.0.1
#HS_UAMSERVER=http://10.0.0.1/hotspotlogin.php

# Use HS_UAMFORMAT to define the actual captive portal url.
# Shell variable replacement takes place when evaluated, so here
# HS_UAMSERVER is escaped and later replaced by the pre-defined
# HS_UAMSERVER to form the actual "--uamserver" option in chilli.
#HS_UAMFORMAT=https://\$HS_UAMSERVER/uam
HS_UAMFORMAT=https://\$HS_UAMSERVER/cgi-bin/hotspotlogin.php

# Same principal goes for HS_UAMHOMEPAGE.
HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html

# This option will be configured to be the WISPr LoginURL as well
# as provide "uamService" to the ChilliController. The UAM Service is
# described in: http://coova.org/wiki/index.php/CoovaChilli/UAMService
#
#HS_UAMSERVICE=https://coova.org/app/uam/auth
#HS_UAMSERVICE=https://10.0.0.1/uam/auth
HS_UAMSERVICE=https://10.0.0.1/cgi-bin/hotspotlogin.php
[/code]

Radius Scaffold demo using CakePHP

Adding attributes into RadCheck table


The radiusd -X results


List of attributes added into radcheck

Snadi Tech SDN BHD kini rakan kongsi MamakSpot

Server di atas adalah ehsan Snadi Tech SDn BHD untuk meneruskan development MamakSpot. Sila lawati website mereka di http://www.renjisrenjis.com/joomlatemp/index.php

Snadi Tech juga sedang mencari PHP Programmer ( permulaan ) untuk bekerja dengan mereka untuk develop aplikasi MamakSpot version 2 menggunakan CakePHP 1.2 sebagai framework di bawah seliaaan saya. Sila pergi ke laman web mereka dan hubungi mereka mengenai jawatan programmer

MamakSpot 2 Dev Server