Login page Json connection lost error

[EasyVoiceTel]

Actual behavior

According to earlier responds on this forum; installation went fine, but wen I connect to my hotspot the login page pops an error about Json who is losing the connection see image:

Can it be that it has some thing to do with dhcpcd? Or am I talking nonsense now? I'm still a noob to raspberry!

cause thats the only thing that says failed during startup.

Expected behavior

No issues

Configuration parameters (if changed in the script)

!/bin/bash

PLEASE EDIT NEXT LINES TO DEFINE YOUR OWN CONFIGURATION

Name of the log file

LOGNAME="kupiki_hotspot.log"

Path where the logfile will be stored

be sure to add a / at the end of the path

LOGPATH="/var/log/"

Password for user root (MySql/MariaDB not system)

MYSQL_PASSWORD="pihotspot"

Name of the hotspot that will be visible for users/customers

HOTSPOT_NAME="EasyVoice-Telecom-Hotspot"

IP of the hotspot

HOTSPOT_IP="192.168.10.1"

Wi-fi code country. Use above link to find yours

https://www.cisco.com/c/en/us/td/docs/wireless/wcs/3-2/configuration/guide/wcscfg32/wcscod.html

WIFI_COUNTRY_CODE="FR"

Use HTTPS to connect to web portal

Set value to Y or N

HOTSPOT_HTTPS="Y"

Network where the hotspot is located

HOTSPOT_NETWORK="192.168.10.0"

Secret word for FreeRadius

FREERADIUS_SECRETKEY=cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1

WAN interface (the one with Internet - default 'eth0' or long name for Debian 9+)

WAN_INTERFACE=ip link show | grep '^[1-9]' | awk -F ':' '{print $2}' | awk '{$1=$1};1' | grep '^e'

LAN interface (the one for the hotspot)

LAN_INTERFACE="wlan0"

Wifi driver

LAN_WIFI_DRIVER="nl80211"

Install Haserl (required if you want to use the default Coova Portal)

Set value to Y or N

HASERL_INSTALL="N"

Password used for the generation of the certificate

CERT_PASSWORD="pihotspot"

Number of days to certify the certificate for (default 2 years)

CERT_DAYS="730"

Make Avahi optional

Set value to Y or N

AVAHI_INSTALL="Y"

Install Daloradius Portal (compatible with FR2 only in theory)

Set value to Y or N

DALORADIUS_INSTALL="Y"

Enable/Disable Bluetooth

Set value to Y or N

BLUETOOTH_ENABLED="N"

Enable/Disable fail2ban to protect server from unwanted access

Set value to Y or N

FAIL2BAN_ENABLED="N"

Enable/Disable Netflow logs to log all traffic requests. Must be crossed checked with assigned IP in the radius tables

Set value to Y or N

NETFLOW_ENABLED="Y"

Define how long Netflow logs will be stored

Sets the max life time for files generated for Netflow monitoring. The supplied maxlife_time accepts values such as 31d, 240H 1.5d etc.

Accepted time scales are w (weeks) d (days) H (hours).

A value of 0 disables the max lifetime limit. If no scale is given, H (hours) are assumed.

By default data are stored 365 days (value set to 365d)

NETFLOW_LOGS_DAYS="365d"

Enable/Disable MAC authentication

Set value to Y or N

MAC_AUTHENTICATION_ENABLED="N"

Password for MAC authentication. Could/Should be changed within the web administration interface

MAC_AUTHENTICATION_PASSWORD="123456"

Install web frontend of Kupiki Hotspot

Set value to Y or N

INSTALL_KUPIKI_ADMIN=N

Install Cron job for the hotspot updater. Will be executed every sunday at 8am (system time)

Set value to Y or N

ADD_CRON_UPDATER=Y

*****

#

PLEASE DO NOT MODIFY THE LINES BELOW

#

*****

Current script version

KUPIKI_VERSION="2.0.3"

Updater location

KUPIKI_UPDATER_ARCHIVE="https://raw.githubusercontent.com/pihomeserver/Kupiki-Hotspot-Script/master/kupiki_updater.sh"

Default Portal port

HOTSPOT_PORT="80" HOTSPOT_PROTOCOL="http:\/\/"

If we need HTTPS support, change port and protocol

if [ "$HOTSPOT_HTTPS" = "Y" ]; then HOTSPOT_PORT="443" HOTSPOT_PROTOCOL="https:\/\/" fi

Default version of MariaDB

MARIADB_VERSION='10.1'

CoovaChilli GIT URL

COOVACHILLI_ARCHIVE="https://github.com/coova/coova-chilli.git"

Daloradius URL

DALORADIUS_ARCHIVE="https://github.com/lirantal/daloradius.git"

Captive Portal URL

HOTSPOTPORTAL_ARCHIVE="https://github.com/Kupiki/Kupiki-Hotspot-Portal.git"

Kupiki Logger URL

KUPIKI_LOGGER_ARCHIVE="https://github.com/Kupiki/Kupiki-Hotspot-Logger.git"

Haserl URL

HASERL_URL="http://downloads.sourceforge.net/project/haserl/haserl-devel/haserl-0.9.35.tar.gz"

Haserl archive name based on the URL (keep the same version)

HASERL_ARCHIVE="haserl-0.9.35"

PKG Vars

PKG_MANAGER="apt-get" PKG_CACHE="/var/lib/apt/lists/" UPDATE_PKG_CACHE="${PKG_MANAGER} update" PKG_INSTALL="${PKG_MANAGER} --yes install" PKG_UPGRADE="${PKG_MANAGER} --yes upgrade"

PKG_DIST_UPGRADE="apt dist-upgrade -y --force-yes"

PKG_DIST_UPGRADE="apt dist-upgrade -y --allow-remove-essential --allow-change-held-packages" PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"

WAN_INTERFACE_IP=ifconfig eth0 | grep "inet " | cut -d ' ' -f 10 WAN_INTERFACE_IP_MASK=ifconfig eth0 | grep "inet " | cut -d ' ' -f 13

IFS=. read -r i1 i2 i3 i4 <<< "$WAN_INTERFACE_IP" IFS=. read -r m1 m2 m3 m4 <<< "$WAN_INTERFACE_IP_MASK" WAN_INTERFACE_NETWORK_MASK=printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"

check_returned_code() { RETURNED_CODE=$@ if [ $RETURNED_CODE -ne 0 ]; then display_message "" display_message "Something went wrong with the last command. Please check the log file" display_message "" exit 1 fi }

display_message() { MESSAGE=$@

Display on console

echo "::: $MESSAGE"
# Save it to log file
echo "::: $MESSAGE" >> $LOGPATH$LOGNAME

}

execute_command() { display_message "$3" COMMAND="$1 >> $LOGPATH$LOGNAME 2>&1" eval $COMMAND COMMAND_RESULT=$? if [ "$2" != "false" ]; then check_returned_code $COMMAND_RESULT fi }

prepare_logfile() { echo "::: Preparing log file" if [ -f $LOGPATH$LOGNAME ]; then echo "::: Log file already exists. Creating a backup." execute_command "mv $LOGPATH$LOGNAME $LOGPATH$LOGNAME.date +%Y%m%d.%H%M%S" fi echo "::: Creating the log file" execute_command "touch $LOGPATH$LOGNAME" display_message "Log file created : $LOGPATH$LOGNAME" display_message "Use command 'tail -f $LOGPATH$LOGNAME' in a new console to get installation details" }

prepare_install() {

Prepare the log file

prepare_logfile

# Force IPv4 on APT resources
execute_command "echo 'Acquire::ForceIPv4 \"true\";' | sudo tee /etc/apt/apt.conf.d/99force-ipv4" true "Updating APT config to force IPv4"

display_message "Configuring localepurge"

cat > /tmp/localepurge.conf << EOF localepurge localepurge/quickndirtycalc boolean false localepurge localepurge/none_selected boolean false localepurge localepurge/mandelete boolean true localepurge localepurge/dontbothernew boolean true localepurge localepurge/verbose boolean false localepurge localepurge/use-dpkg-feature boolean false localepurge localepurge/remove_no note localepurge localepurge/showfreedspace boolean true localepurge localepurge/nopurge multiselect en, en_US.UTF-8 EOF check_returned_code $? debconf-set-selections < /tmp/localepurge.conf check_returned_code $? rm -f /tmp/localepurge.conf check_returned_code $? }

check_root() {

Must be root to install the hotspot

echo ":::"
if [[ $EUID -eq 0 ]];then
    echo "::: You are root - OK"
else
    echo "::: sudo will be used for the install."
    # Check if it is actually installed
    # If it isn't, exit because the install cannot complete
    if [[ $(dpkg-query -s sudo) ]];then
        export SUDO="sudo"
        export SUDOE="sudo -E"
    else
        echo "::: Please install sudo or run this as root."
        exit 1
    fi
fi

}

jumpto() { label=$1 cmd=$(sed -n "/$label:/{:a;n;p;ba};" $0 | grep -v ':$') eval "$cmd" exit }

verifyFreeDiskSpace() {

Needed free space

local required_free_megabytes=1024
# If user installs unattended-upgrades we will check for 1GB free
echo ":::"
echo -n "::: Verifying free disk space ($required_free_megabytes Mb)"
local existing_free_megabytes=$(df -Pk | grep -m1 '\/$' | awk '{print $4}')

# - Unknown free disk space , not a integer
if ! [[ "${existing_free_megabytes}" =~ ^([0-9])+$ ]]; then
    echo ""
    echo "::: Unknown free disk space!"
    echo "::: We were unable to determine available free disk space on this system."
    echo "::: You may continue with the installation, however, it is not recommended."
    read -r -p "::: If you are sure you want to continue, type YES and press enter :: " response
    case $response in
        [Y][E][S])
            ;;
        *)
            echo "::: Confirmation not received, exiting..."
            exit 1
            ;;
    esac
# - Insufficient free disk space
elif [[ ${existing_free_megabytes} -lt ${required_free_megabytes} ]]; then
    echo ""
    echo "::: Insufficient Disk Space!"
    echo "::: Your system appears to be low on disk space. Pi-HotSpot recommends a minimum of $required_free_megabytes MegaBytes."
    echo "::: You only have ${existing_free_megabytes} MegaBytes free."
    echo ":::"
    echo "::: If this is a new install on a Raspberry Pi you may need to expand your disk."
    echo "::: Try running 'sudo raspi-config', and choose the 'expand file system option'"
    echo ":::"
    echo "::: After rebooting, run this installation again."

    echo "Insufficient free space, exiting..."
    exit 1
else
    echo " - OK"
fi

}

update_package_cache() { echo "::: Updating packages list" if command -v debconf-apt-progress &> /dev/null; then $SUDO debconf-apt-progress -- ${UPDATE_PKG_CACHE} else $SUDO ${UPDATE_PKG_CACHE} &> /dev/null fi echo ":::" }

notify_package_updates_available() { echo ":::" echo -n "::: Checking ${PKG_MANAGER} for upgraded packages...." updatesToInstall=$(eval "${PKG_COUNT}") echo " done!" echo ":::" if [[ ${updatesToInstall} -eq "0" ]]; then echo "::: Your system is up to date! Continuing with Pi-Hotspot installation..." else echo "::: There are ${updatesToInstall} updates available for your system!" echo ":::" execute_command "apt-get upgrade -y --allow-remove-essential --allow-change-held-packages" true "Upgrading the packages. Please be patient." fi }

download_all_sources() { echo ":::" execute_command "cd /usr/src && rm -rf coova-chilli*" true "Removing any previous sources of CoovaChilli project"

execute_command "cd /usr/src && git clone $COOVACHILLI_ARCHIVE coova-chilli" true "Cloning CoovaChilli project"

if [ $HASERL_INSTALL = "Y" ]; then

execute_command "cd /usr/src && rm -f ${HASERL_ARCHIVE}.tar.gz && wget $HASERL_URL" true "Download Haserl"

fi

if [ $DALORADIUS_INSTALL = "Y" ]; then

execute_command "cd /usr/src/ && rm -rf daloradius && git clone $DALORADIUS_ARCHIVE daloradius" true "Cloning daloradius project"

fi

execute_command "cd /usr/src/ && rm -rf portal && git clone $HOTSPOTPORTAL_ARCHIVE portal" true "Cloning Pi Hotspot portal project"

}

secure_system() { display_message ":::" display_message "::: Configure sysctl kernel parameters" display_message ":::" cat >> /etc/sysctl.d/kupiki.conf << EOT net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.tcp_syncookies = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.all.accept_source_route = 0 net.netfilter.nf_conntrack_tcp_timeout_established = 3600 net.ipv4.conf.all.log_martians = 0 net.netfilter.nf_conntrack_helper = 0 net.ipv4.ip_forward = 1 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.all.autoconf = 0 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.default.autoconf = 0 EOT }

package_check_install() { dpkg-query -W -f='${Status}' "${1}" 2>/dev/null | grep -c "ok installed" || ${PKG_INSTALL} "${1}" }

PIHOTSPOT_DEPS_START=( apt-transport-https localepurge git ) PIHOTSPOT_DEPS_WIFI=( apt-utils firmware-brcm80211 firmware-ralink firmware-realtek ) PIHOTSPOT_DEPS=( wget build-essential grep whiptail debconf-utils nfdump figlet git fail2ban hostapd php-mysql php-pear php-gd php-db php-fpm libgd2-xpm-dev libpcrecpp0v5 libxpm4 nginx debhelper libssl-dev libcurl4-gnutls-dev mariadb-server freeradius freeradius-mysql gcc make libnl1 libnl-dev pkg-config iptables haserl libjson-c-dev gengetopt devscripts libtool bash-completion autoconf automake )

install_dependent_packages() {

declare -a argArray1=("${!1}")

if command -v debconf-apt-progress &> /dev/null; then $SUDO debconf-apt-progress -- ${PKG_INSTALL} "${argArray1[@]}" else for i in "${argArray1[@]}"; do echo -n "::: Checking for $i..." $SUDO package_check_install "${i}" &> /dev/null echo " installed!" done fi }

valid_ip_address() { local typeChk=$1 local ip=$2 local stat=1

if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
    OIFS=$IFS
    IFS='.'
    ip=($ip)
    IFS=$OIFS
    if [ $typeChk = "IP" ]; then
        [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
            && ${ip[2]} -le 255 && ${ip[3]} -le 255 && ${ip[3]} -ne 0 ]]
        stat=$?
    else
        [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
            && ${ip[2]} -le 255 && ${ip[3]} -eq 0 ]]
        stat=$?
    fi
fi
return $stat

}

get_updater() { display_message "Checking for updater" if [ -e /etc/kupiki/kupiki_updater.sh ]; then display_message "Updater already exists. It will auto update itself" else display_message "Creating /etc/kupiki" mkdir -p /etc/kupiki && chmod 700 /etc/kupiki check_returned_code $?

display_message "Updater not found. Downloading latest version of the updater"
if ! wget --quiet --output-document="/etc/kupiki/kupiki_updater.sh" $KUPIKI_UPDATER_ARCHIVE ; then
  display_message "Error while trying to wget new version from ${KUPIKI_UPDATER_ARCHIVE}"
  exit 1
fi

display_message "Changing access rights"
chmod 700 /etc/kupiki/kupiki_updater.sh
check_returned_code $?

fi

if [ $ADD_CRON_UPDATER = "Y" ]; then execute_command "grep kupiki_updater /etc/crontab" false "Checking for existing cron job" if [ $COMMAND_RESULT -ne 0 ]; then echo "0 6 0 root /etc/kupiki/kupiki_updater.sh" >> /etc/crontab fi fi }

check_root

get_updater

if valid_ip_address 'NETWORK' $HOTSPOT_NETWORK && valid_ip_address 'IP' $HOTSPOT_IP; then display_message "Checking HOTSPOT_NETWORK and HOTSPOT_IP parameters : OK" else display_message "" display_message "Incorrect HOTSPOT_NETWORK and HOTSPOT_IP parameters" display_message "HOTSPOT_NETWORK must be a network format (ex: 192.168.1.0) and HOTSPOT_IP must be an ip format (ex: 192.168.1.10)" exit 1; fi

if [ $HOTSPOT_IP != $WAN_INTERFACE_IP ]; then display_message "Checking that HOTSPOT_IP is not the same than the WAN_INTERFACE : OK" else display_message "" display_message "HOTSPOT_IP is the same than the WAN_INTERFACE. They must be different." exit 1; fi

if [ $HOTSPOT_NETWORK != $WAN_INTERFACE_NETWORK_MASK ]; then display_message "Checking that HOTSPOT_NETWORK is not the same than the WAN_INTERFACE network : OK" else display_message "" display_message "HOTSPOT_NETWORK parameter is the same than the WAN_INTERFACE network. They must be different." exit 1; fi

DEBIAN_VERSION=cat /etc/*-release | grep VERSION_ID | awk -F= '{print $2}' | sed -e 's/^"//' -e 's/"$//' if [[ $DEBIAN_VERSION -ne 9 ]];then display_message "" display_message "This script is used to get installed on Raspbian Stretch Lite" display_message "" exit 1 fi

verifyFreeDiskSpace

secure_system

prepare_install

update_package_cache

notify_package_updates_available

install_dependent_packages PIHOTSPOT_DEPS_START[@]

if [ $BLUETOOTH_ENABLED = "N" ]; then display_message "Disable integrated Bluetooth support (After next reboot)" echo " dtoverlay=pi3-disable-bt-overlay" >> /boot/config.txt check_returned_code $? fi

execute_command "dpkg --purge --force-all coova-chilli" true "Remove old configuration of Coova Chilli" execute_command "dpkg --purge --force-all haserl" true "Remove old configuration of haserl" execute_command "dpkg --purge --force-all hostapd" true "Remove old configuration of hostapd"

execute_command "/sbin/lsmod | grep tun" false "Checking for tun module" if [ $COMMAND_RESULT -ne 0 ]; then display_message "Insert tun module if existing (for Raspbian Jessie Lite)" find /lib/modules/ -iname "tun.ko.gz" -exec /sbin/insmod {} \; check_returned_code $?

display_message "Modprobe module (no check - useless if already loaded)"
/sbin/modprobe tun

execute_command "/sbin/lsmod | grep tun" false "Checking for tun module"
if [ $COMMAND_RESULT -ne 0 ]; then
    display_message "Unable to get tun module up. Please solve before running the script again."
    display_message "If your distribution has been upgraded you should try to reboot first."
    exit 1
fi

fi

execute_command "/sbin/ifconfig -a | grep $LAN_INTERFACE" false "Checking if wlan0 interface already exists" if [ $COMMAND_RESULT -ne 0 ]; then display_message "Wifi interface not found. Upgrading the system first"

execute_command "apt dist-upgrade -y --allow-remove-essential --allow-change-held-packages" true "Upgrading the distro. Be patient"

install_dependent_packages PIHOTSPOT_DEPS_WIFI[@]

display_message "Please reboot and run the script again"
exit 1

fi

execute_command "echo 'maria-db-$MARIADB_VERSION mysql-server/root_password password $MYSQL_PASSWORD' | debconf-set-selections" true "Adding MariaDb password" execute_command "echo 'maria-db-$MARIADB_VERSION mysql-server/root_password_again password $MYSQL_PASSWORD' | debconf-set-selections" true "Adding MariaDb password (confirmation)"

display_message "Getting WAN IP of the Raspberry Pi (for daloradius access)" MY_IP=ifconfig $WAN_INTERFACE | grep "inet " | awk '{ print $2 }'

if [ $AVAHI_INSTALL = "Y" ]; then display_message "Adding Avahi dependencies" PIHOTSPOT_DEPS+=( avahi-daemon libavahi-client-dev )

display_message "Updating the system hostname to $HOTSPOT_NAME"
echo $HOTSPOT_NAME > /etc/hostname
check_returned_code $?

execute_command "grep $HOTSPOT_NAME /etc/hosts" false "Updating /etc/hosts"
if [ $COMMAND_RESULT -ne 0 ]; then
    sed -i "s/raspberrypi/$HOTSPOT_NAME/" /etc/hosts
    check_returned_code $?
fi

fi

install_dependent_packages PIHOTSPOT_DEPS[@]

if [ $NETFLOW_ENABLED = "Y" ]; then DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-remove-essential --allow-change-held-packages fprobe nfdump fi

notify_package_updates_available

download_all_sources

if [ $INSTALL_KUPIKI_ADMIN = "Y" ]; then

display_message "Creating Kupiki Admin folder for the database"
mkdir -p /var/local/kupiki
check_returned_code $?

display_message "Changing rights of the folder"
chmod 777 /var/local/kupiki
check_returned_code $?

display_message "Updating authentication plugin"
mariadb -u root -p$MYSQL_PASSWORD << EOT

use mysql; update user set authentication_string=password('$MYSQL_PASSWORD'), plugin='mysql_native_password' where user='root'; flush privileges; EOT check_returned_code $? fi

execute_command "service mariadb restart" true "Starting MySql service"

execute_command "grep $WAN_INTERFACE /etc/network/interfaces" false "Update interface configuration ($WAN_INTERFACE)" if [ $COMMAND_RESULT -ne 0 ]; then cat >> /etc/network/interfaces << EOT

auto $WAN_INTERFACE allow-hotplug $WAN_INTERFACE iface $WAN_INTERFACE inet dhcp EOT check_returned_code $? fi

execute_command "grep $LAN_INTERFACE /etc/network/interfaces" false "Update interface configuration ($LAN_INTERFACE)" if [ $COMMAND_RESULT -ne 0 ]; then cat >> /etc/network/interfaces << EOT

auto $LAN_INTERFACE allow-hotplug $LAN_INTERFACE iface $LAN_INTERFACE inet static address $HOTSPOT_IP netmask 255.255.255.0 network $HOTSPOT_NETWORK post-up echo 1 > /proc/sys/net/ipv4/ip_forward EOT check_returned_code $? fi

execute_command "grep '^country=' /etc/wpa_supplicant/wpa_supplicant.conf" false "Update wifi configuration to add country code" if [ $COMMAND_RESULT -ne 0 ]; then display_message "Adding country code to wpa_supplicant" echo "country=$WIFI_COUNTRY_CODE" >> /etc/wpa_supplicant/wpa_supplicant.conf check_returned_code $? fi

execute_command "ifup $WAN_INTERFACE" true "Activating the WAN interface" execute_command "ifup $LAN_INTERFACE" true "Activating the LAN interface"

if [ $NETFLOW_ENABLED = "Y" ]; then display_message "Stopping fprobe service" service fprobe stop check_returned_code $?

display_message "Stopping nfdump service"
service nfdump stop
check_returned_code $?

display_message "Updating fprobe configuration"
cat > /etc/default/fprobe << EOT

INTERFACE="tun0" FLOW_COLLECTOR="127.0.0.1:2055" OTHER_ARGS="-fip" EOT check_returned_code $?

display_message "Updating nfdump configuration"
cat > /etc/default/nfdump << EOT

nfcapd_start=yes EOT check_returned_code $?

display_message "Updating nfdump service configuration (init.d)"
sed -i 's/^DAEMON_ARGS.*/DAEMON_ARGS="-D -l $DATA_BASE_DIR -P $PIDFILE -z -S 7"/' /etc/init.d/nfdump
check_returned_code $?

display_message "Updating nfdump service configuration (systemd)"
sed -i 's/^ExecStart.*/ExecStart=\/usr\/bin\/nfcapd -D -l \/var\/cache\/nfdump -P \/var\/run\/nfcapd.pid -p 2055 -z -S 7 -e/' /lib/systemd/system/nfdump.service
check_returned_code $?

display_message "Set cleaning options for Netflow data"
/usr/bin/nfexpire -t $NETFLOW_LOGS_DAYS -e /var/cache/nfdump
check_returned_code $?

display_message "Adding logs cleaning every day at 1am (system time)"
execute_command "grep nfexpire /etc/crontab" false "Adding Netflow stats update in the crontab"
if [ $COMMAND_RESULT -ne 0 ]; then
    echo "00 01 * * * root /usr/bin/nfexpire -r /var/cache/nfdump" >> /etc/crontab
    check_returned_code $?
fi

fi

execute_command "service freeradius stop" true "Stopping freeradius service to update the configuration"

display_message "Creating freeradius database" echo 'drop database if exists radius;' | mariadb -u root -p$MYSQL_PASSWORD echo "GRANT USAGE ON . TO 'radius'@'localhost';" | mariadb -u root -p$MYSQL_PASSWORD echo "DROP USER 'radius'@'localhost';" | mariadb -u root -p$MYSQL_PASSWORD echo 'create database radius;' | mariadb -u root -p$MYSQL_PASSWORD check_returned_code $?

display_message "Installing freeradius schema" mariadb -u root -p$MYSQL_PASSWORD radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql check_returned_code $?

display_message "Adding setup data" mariadb -u root -p$MYSQL_PASSWORD radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/setup.sql check_returned_code $?

display_message "Updating freeradius configuration - Activate SQL support" ln -sf /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/sql check_returned_code $? chown -h freerad:freerad /etc/freeradius/3.0/mods-enabled/sql check_returned_code $?

display_message "Configuration of the Freeradius SQL driver" sed -i 's/"rlm_sql_null"$/"rlm_sql_mysql"/' /etc/freeradius/3.0/mods-enabled/sql check_returned_code $?

display_message "Change dialect of the Freeradius SQL driver to mysql" sed -i 's/"sqlite"$/"mysql"/' /etc/freeradius/3.0/mods-enabled/sql check_returned_code $?

display_message "Configuration of the Freeradius SQL connection" DIALECT_LINE=awk 's=index($0,"dialect = ") { print NR }' /etc/freeradius/3.0/mods-enabled/sql ((DIALECT_LINE+=1))

by default the radius_db is set to radius

sed -i "${DIALECT_LINE}iradius_db = \"radius\"" /etc/freeradius/3.0/mods-enabled/sql

sed -i "${DIALECT_LINE}ipassword = \"radpass\"" /etc/freeradius/3.0/mods-enabled/sql sed -i "${DIALECT_LINE}ilogin = \"radius\"" /etc/freeradius/3.0/mods-enabled/sql sed -i "${DIALECT_LINE}iport = 3306" /etc/freeradius/3.0/mods-enabled/sql sed -i "${DIALECT_LINE}iserver = \"localhost\"" /etc/freeradius/3.0/mods-enabled/sql check_returned_code $?

display_message "Updating freeradius configuration - Activate SQL counters" ln -sf /etc/freeradius/3.0/mods-available/sqlcounter /etc/freeradius/3.0/mods-enabled/sqlcounter check_returned_code $? chown -h freerad:freerad /etc/freeradius/3.0/mods-enabled/sqlcounter check_returned_code $?

display_message "Bug fix for SQL dialect once SQL Counters are activated" sed -i 's/dialect = \${modules.sql.dialect}/dialect = mysql/g' /etc/freeradius/3.0/mods-available/sqlcounter check_returned_code $?

display_message "Update of Freeradius secret key" sed -i "s/testing123/$FREERADIUS_SECRETKEY/g" /etc/freeradius/3.0/clients.conf check_returned_code $?

display_message "Updating inner-tunnel configuration (1)" sed -i 's/^[ \t]*-sql/sql/g' /etc/freeradius/3.0/sites-available/inner-tunnel check_returned_code $?

display_message "Updating inner-tunnel configuration (2)" sed -i 's/^#[ \t]*sql$/sql/g' /etc/freeradius/3.0/sites-available/inner-tunnel check_returned_code $?

display_message "Updating freeradius default configuration (1)" sed -i 's/^[ \t]*-sql/sql/g' /etc/freeradius/3.0/sites-available/default check_returned_code $?

display_message "Updating freeradius default configuration (2)" sed -i 's/^#[ \t]*sql$/sql/g' /etc/freeradius/3.0/sites-available/default check_returned_code $?

display_message "Activating COA support in Freeradius" rm -f /etc/freeradius/3.0/sites-enabled/coa echo ' listen { type = coa ipaddr = * port = 1700 virtual_server = coa } server coa { recv-coa { suffix ok } send-coa { ok } }' > /etc/freeradius/3.0/sites-enabled/coa check_returned_code $? chown -R freerad:freerad /etc/freeradius/3.0/sites-enabled/coa check_returned_code $?

execute_command "freeradius -C" true "Checking freeradius configuration"

display_message "Activating IP forwarding" sed -i '/^#net.ipv4.ip_forward=1$/s/^#//g' /etc/sysctl.conf check_returned_code $? execute_command "/etc/init.d/networking restart" true "Restarting network service to take IP forwarding into account"

execute_command "cd /usr/src/coova-chilli && dpkg-buildpackage -us -uc" true "Building CoovaChilli package"

executecommand "cd /usr/src && dpkg --force-depends -i coova-chilli*_armhf.deb" true "Installing CoovaChilli package"

display_message "Configuring CoovaChilli up action" echo 'ipt -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE' >> /etc/chilli/up.sh check_returned_code $?

display_message "Block access from LAN to WAN except portal" echo ' LOCAL_IP=ifconfig $HS_WANIF | grep -Eo "inet (addr:)?([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*" | grep -v "127.0.0.1" LOCAL_LAN=ip -o -f inet addr show | grep $HS_WANIF | awk '\''/scope global/ {print $4}'\'' ipt -I FORWARD 1 -i $TUNTAP -d $LOCAL_LAN -j DROP ipt -I INPUT 1 -i $TUNTAP -d $LOCAL_IP -j DROP ' >> /etc/chilli/up.sh

display_message "Activating CoovaChilli" sed -i 's/START_CHILLI=0/START_CHILLI=1/g' /etc/default/chilli check_returned_code $?

execute_command "cp -f /etc/chilli/defaults /etc/chilli/defaults.backup" true "Backup of default configuration file"

display_message "Configuring CoovaChilli WAN interface" sed -i "s/# HS_WANIF=eth0/HS_WANIF=$WAN_INTERFACE/g" /etc/chilli/defaults check_returned_code $?

display_message "Configuring CoovaChilli LAN interface" sed -i "s/HS_LANIF=eth1/HS_LANIF=$LAN_INTERFACE/g" /etc/chilli/defaults check_returned_code $?

display_message "Configuring CoovaChilli hotspot network" sed -i "s/HS_NETWORK=10.1.0.0/HS_NETWORK=$HOTSPOT_NETWORK/g" /etc/chilli/defaults check_returned_code $?

display_message "Configuring CoovaChilli hotspot IP" sed -i "s/HS_UAMLISTEN=10.1.0.1/HS_UAMLISTEN=$HOTSPOT_IP/g" /etc/chilli/defaults check_returned_code $?

display_message "Configuring CoovaChilli authorized network" sed -i "s/# HS_UAMALLOW=www.coova.org/HS_UAMALLOW=$HOTSPOT_NETWORK\/24/g" /etc/chilli/defaults check_returned_code $?

display_message "Removing CoovaChilli secret key" sed -i "s/HS_RADSECRET=testing123/HS_RADSECRET=$FREERADIUS_SECRETKEY/g" /etc/chilli/defaults check_returned_code $?

display_message "Removing CoovaChilli secret key" sed -i "s/HS_UAMSECRET=change-me/HS_UAMSECRET=/g" /etc/chilli/defaults check_returned_code $?

display_message "Updating UAMFORMAT" sed -i "s/^HS_UAMFORMAT=.*$/HS_UAMFORMAT=$HOTSPOT_PROTOCOL$HOTSPOT_IP:$HOTSPOT_PORT/g" /etc/chilli/defaults check_returned_code $?

display_message "Updating UAMHOMEPAGE" sed -i 's/^HS_UAMHOMEPAGE=.*$/HS_UAMHOMEPAGE=$HS_UAMFORMAT/g' /etc/chilli/defaults check_returned_code $?

display_message "Configuring CoovaChilli hotspot SSID" sed -i "s/# HS_SSID=/HS_SSID=$HOTSPOT_NAME/g" /etc/chilli/defaults check_returned_code $?

display_message "Add CoA support" sed -i '20iHS_COAPORT=3799' /etc/chilli/defaults check_returned_code $?

display_message "Add firewall allowed port" sed -i "150iHS_TCP_PORTS=\"$HOTSPOT_PORT\"" /etc/chilli/defaults check_returned_code $?

if [ $MAC_AUTHENTICATION_ENABLED = "Y" ]; then display_message "Configure MAC address authentication (1/2)" sed -i "20iHS_MACAUTH=on" /etc/chilli/defaults check_returned_code $? display_message "Configure MAC address authentication (2/2)" sed -i "21iHS_MACPASSWD=\"$MAC_AUTHENTICATION_PASSWORD\"" /etc/chilli/defaults check_returned_code $? fi

execute_command "update-rc.d chilli start 99 2 3 4 5 . stop 20 0 1 6 ." true "Activating CoovaChilli on boot"

if [ $HASERL_INSTALL = "Y" ]; then

execute_command "cd /usr/src && tar zxvf ${HASERL_ARCHIVE}.tar.gz" true "Uncompressing Haserl archive"

execute_command "cd /usr/src/$HASERL_ARCHIVE && ./configure && make && make install" true "Compiling and installing Haserl"

display_message "Updating chilli configuration"
sed -i '/haserl=/s/^haserl=.*$/haserl=\/usr\/local\/bin\/haserl/g' /etc/chilli/wwwsh
check_returned_code $?

fi

display_message "Creating configuration file for hostapd" echo 'DAEMON_CONF="/etc/hostapd/hostapd.conf"' >> /etc/default/hostapd check_returned_code $? display_message "Configuring hostapd" echo "interface=$LAN_INTERFACE driver=$LAN_WIFI_DRIVER ssid=$HOTSPOT_NAME hw_mode=g channel=6 auth_algs=1 beacon_int=100 dtim_period=2 max_num_sta=255 rts_threshold=2347 fragm_threshold=2346" > /etc/hostapd/hostapd.conf check_returned_code $?

if [ $DALORADIUS_INSTALL = "Y" ]; then

execute_command "cp -Rf /usr/src/daloradius /usr/share/nginx/html/" true "Installing Daloradius in Nginx folder"

display_message "Loading daloradius configuration into MySql"
mariadb -u root -p$MYSQL_PASSWORD radius < /usr/share/nginx/html/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
check_returned_code $?

display_message "Drop freeradius tables created by Daloradius to reload the Freeradius 3.0 version"
echo 'drop table if exists radius.radacct, radius.radcheck, radius.radgroupcheck, radius.radgroupreply, radius.radreply, radius.radusergroup, radius.radpostauth, radius.nas ;' | mariadb -u root -p$MYSQL_PASSWORD
check_returned_code $?

display_message "Reload original Freeradius schema"
mariadb -u root -p$MYSQL_PASSWORD radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql
check_returned_code $?

display_message "Creating users privileges for localhost"
echo "GRANT ALL ON radius.* to 'radius'@'localhost';" > /tmp/grant.sql
check_returned_code $?

display_message "Granting users privileges"
mysql -u root -p$MYSQL_PASSWORD < /tmp/grant.sql
check_returned_code $?

display_message "Configuring daloradius DB user name"
sed -i "s/\$configValues\['CONFIG_DB_USER'\] = 'root';/\$configValues\['CONFIG_DB_USER'\] = 'radius';/g" /usr/share/nginx/html/daloradius/library/daloradius.conf.php
check_returned_code $?
display_message "Configuring daloradius DB user password"
sed -i "s/\$configValues\['CONFIG_DB_PASS'\] = '';/\$configValues\['CONFIG_DB_PASS'\] = 'radpass';/g" /usr/share/nginx/html/daloradius/library/daloradius.conf.php
check_returned_code $?

display_message "Building NGINX configuration (default listen port : 80)"
echo '
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /usr/share/nginx/html/daloradius;

        index index.html index.htm index.php;

        server_name _;

        location / {
            try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        }
}' > /etc/nginx/sites-available/default
check_returned_code $?

fi

display_message "Building NGINX configuration for the portal (default listen port : $HOTSPOT_PORT)" if [ $HOTSPOT_HTTPS = "Y" ]; then display_message "Creating folder for Nginx certificates" mkdir /etc/nginx/certs/ check_returned_code $?

display_message "Generating self-signed certificate"
openssl req -x509 -nodes -days $CERT_DAYS -newkey rsa:2048 -keyout /etc/nginx/certs/$HOTSPOT_NAME.key -out /etc/nginx/certs/$HOTSPOT_NAME.crt -subj '/CN=$HOTSPOT_NAME'
check_returned_code $?

echo "

server { listen $HOTSPOT_IP:$HOTSPOT_PORT ssl default_server;

    ssl_certificate /etc/nginx/certs/$HOTSPOT_NAME.crt;
    ssl_certificate_key /etc/nginx/certs/$HOTSPOT_NAME.key;

    root /usr/share/nginx/portal;

    index index.html;

    server_name _;

    location / {
        try_files \$uri \$uri/ =404;
    }

    location ~ \.php\$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
    }

}" > /etc/nginx/sites-available/portal else echo " server { listen $HOTSPOT_IP:$HOTSPOT_PORT default_server;

    root /usr/share/nginx/portal;

    index index.html;

    server_name _;

    location / {
        try_files \$uri \$uri/ =404;
    }

    location ~ \.php\$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
    }

}" > /etc/nginx/sites-available/portal fi check_returned_code $?

execute_command "ln -sfT /etc/nginx/sites-available/portal /etc/nginx/sites-enabled/portal" true "Activating portal website"

execute_command "cp -Rf /usr/src/portal /usr/share/nginx/" true "Installing the portal in Nginx folder"

display_message "Updating Captive Portal file" sed -i "/XXXXXX/s/XXXXXX/$HOTSPOT_IP/g" /usr/share/nginx/portal/js/configuration.json check_returned_code $?

execute_command "nginx -t" true "Checking Nginx configuration file"

display_message "Adding Freeradius in systemd startup" echo " [Unit] Description=Start of freeradius after mysql After=syslog.target network.target After=mariadb.service

[Service] Type=oneshot ExecStart=/usr/sbin/freeradius

disable timeout logic

TimeoutSec=0

StandardOutput=tty

RemainAfterExit=yes SysVStartPriority=99

[Install] WantedBy=multi-user.target " > /etc/systemd/system/freeradius.service check_returned_code $? /bin/systemctl enable freeradius.service check_returned_code $?

display_message "Correct configuration for Collectd daemon" sed -i "s/^FQDNLookup true$/FQDNLookup false/g" /etc/collectd/collectd.conf check_returned_code $?

if [ $FAIL2BAN_ENABLED = "Y" ]; then display_message "Creating fail2ban local configuration" cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local check_returned_code $?

display_message "Configuring fail2ban jail rules"
cat > /etc/fail2ban/jail.local << EOT

[DEFAULT] ignoreip = 127.0.0.1 bantime = 600 findtime = 600 maxretry = 3 backend = auto

[sshd] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] logpath = /var/log/auth.log maxretry = 3

EOT

display_message "Reloading fail2ban local configuration"
/usr/bin/fail2ban-client reload
check_returned_code $?

fi

displaymessage "Create banner on login" /usr/bin/figlet -f lean -c "Kupiki Hotspot" | tr ' /' ' /' > /etc/ssh/kupiki-banner check_returned_code $?

display_message "Append script version to the banner" echo "

Kupiki Hotspot - Version $KUPIKI_VERSION - (c) www.pihomeserver.fr

" >> /etc/ssh/kupiki-banner check_returned_code $?

display_message "Changing banner rights" chmod 644 /etc/ssh/kupiki-banner && chown root:root /etc/ssh/kupiki-banner check_returned_code $?

display_message "Activating the banner for SSH" sed -i "s?^#Banner.*?Banner /etc/ssh/kupiki-banner?g" /etc/ssh/sshd_config check_returned_code $?

display_message "" sed -i "s?^Banner.*?Banner /etc/ssh/kupiki-banner?g" /etc/ssh/sshd_config check_returned_code $?

execute_command "service freeradius start" true "Starting freeradius service"

execute_command "service nginx reload" true "Restarting Nginx"

execute_command "service hostapd restart" true "Restarting hostapd"

execute_command "service chilli start" true "Starting CoovaChilli service"

if [ $NETFLOW_ENABLED = "Y" ]; then execute_command "service fprobe start" true "Starting fprobe service"

execute_command "systemctl daemon-reload" true "Reloading units for systemctl"

execute_command "service nfdump start" true "Starting nfdump service"

fi

execute_command "service ssh reload" true "Reload configuration for SSH service"

execute_command "sleep 15 && ifconfig -a | grep tun0" false "Checking if interface tun0 has been created by CoovaChilli" if [ $COMMAND_RESULT -ne 0 ]; then display_message " Warning " display_message "Unable to find chilli interface tun0" display_message "Try to restart chilli and check if tun0 interface is available (use 'ifconfig -a')"

Do not exit to display connection information

#exit 1

fi

display_message "Creating backend script folder" mkdir -p /etc/kupiki && chmod 700 /etc/kupiki

display_message "Creating version control file" echo $KUPIKI_VERSION > /etc/kupiki/version

Last message to display once installation ended successfully

display_message "" display_message "" display_message "Congratulation ! You now have your hotspot ready !" display_message "" display_message "- Wifi Hotspot available : $HOTSPOT_NAME" if [ $AVAHI_INSTALL = "Y" ]; then display_message "- For the user management, please connect to http://$MY_IP/ or http://$HOTSPOT_NAME.local/" else display_message "- For the user management, please connect to http://$MY_IP/" fi display_message " (login : administrator / password : radius)"

exit 0

Logs

// write log messages here, if possible
// like output of the script or system messages
// The more information you provide, the best answer you will get

Your environment

Raspberry Pi model B + Raspbian lite!

Additional comments

{Please write here, if there is something more to tell}

[EasyVoiceTel]

I decided to go over the tutorial again, with a fresh flash of raspbian lite..

I do not change any setting not even any raspbian config settings. tell the results later on.

[EasyVoiceTel]

now it even don't get passed the installation it hangs at reloading ssh services. I'll contact you by e-mail to discuss something else!

[EasyVoiceTel]

dhcpcd is failling to start even manual I checked it but it is default as installed with the script!

[pihomeserver]

Yes, that's not required by the system Please provide the output of the command ifconfig -a executed with root user

[EasyVoiceTel]

Uh, I don't really know what happend but suddenly it came to live...

[pinoyoragon]

Hi. I'm also stuck with the JSON request timed out error. Have you discovered what made it work? Thank you. I'm currently downloading your image file, but i'm still prefer if you can share me what you discovered.

[EasyVoiceTel]

Hi there, there could be many reasons for it to not work, in my case I guess that the SD card was faulty, that’s why I strongly recommend using an sdXC