Mudanças entre as edições de "Como criar o portal cativo de controle de acesso"

De Wiki Coolab
Ir para navegação Ir para pesquisar
Linha 1: Linha 1:
  
'''Informações preliminares'''
 
* Essas instruções são para o roteador que está conectado à internet, fornecendo para o resto da rede. Não foi testado com mais de um gateway
 
* Esse sistema de validação e portal cativo não funciona quando não há acesso internet, ou quando o acesso cai. Para isso, tem uma gambiarra descrita no fim da página
 
  
== Para versão DaybootRely da LibreMesh (1706) ==
+
'''Important information'''
 +
* These instructions are meant for the gateway routers, connected to the Internet and providing it to the rest of the mesh. It was not tested in networks with more than one exit.
 +
* The captive portal system doesn't work when there is no access to the Internet
  
1. Faça o login na linha de comando via SSH e atualize os repositórios do roteador que receberá o portal captivo:
+
== Libremesh's DaybootRely version (1706) ==
 +
 
 +
1. Login to the router through ssh and update the software repositories:
  
 
<code>opkg update</code>
 
<code>opkg update</code>
  
2. Vamos agora instalar o [http://nodogsplash.readthedocs.io/en/latest/ nodogsplash].
+
2. Now let’s install nodogsplash [http://nodogsplash.readthedocs.io/en/latest/ nodogsplash]. This is a package for version 17 of LiMe.
Esté um pacote com as mudanças necessárias para instalar o captivo na versão 17.
 
  
 
<code>opkg install http://nuvem.tk/files/nodogsplash_0.9.2-1_mips_24kc.ipk</code>
 
<code>opkg install http://nuvem.tk/files/nodogsplash_0.9.2-1_mips_24kc.ipk</code>
  
3. Agora vamos editar o arquivo de configuração
+
3. Now we must edit the configuration file
  
 
<code>vi /etc/config/nodogsplash</code>
 
<code>vi /etc/config/nodogsplash</code>
  
Neste arquivo, altere o arquivo nas seguintes linhas, de modo que se registre os seguintes parâmetros:
+
Change the following lines so that this is the final result:
  
Altere o valor do "option enable" de 0 para 1
+
Change "option enable" from 0 to 1
  
 
<code>option enable 1</code>
 
<code>option enable 1</code>
  
Descomentar (apagar o jogo da velha do início da linha) a linha a seguir:
+
Uncomment (erase the hash symbol from the start) the following line:
  
 
<code>option config '/etc/nodogsplash/nodogsplash.conf'</code>
 
<code>option config '/etc/nodogsplash/nodogsplash.conf'</code>
  
4. Agora salve o arquivo e saia do editor de texto.
+
Erase all lines after this one.
  
5. Crie o arquivo /etc/nodogsplash/nodogsplash.conf pelo listado abaixo (fazendo as devidas modificações nos IP e página de redirecionamento). O IP a ser usado é o do menu network -> interfaces, interface LAN (IPV4) (sem o /16). O range são os dois primeiros números, seguidos de .0.0/16. (ex se o ip é 10.7.255.50, o range é 10.7.0.0/16.
+
4. Now save the file and exit the editor.
 +
 
 +
5. Create the file /etc/nodogsplash/nodogsplash.conf using the text below (modifying the IP and redirect page according to your network). You can find the ip to be used in the graphical interface (http://thisnode.info)under the menu menu network -> interfaces, LAN interface (IPV4) (without /16). The range are the first two numbers, follwed by .0.0/16. (for example, if the ip is 10.7.255.50, the range will be 10.7.0.0/16).
  
 
<pre>
 
<pre>
Linha 111: Linha 113:
 
</pre>
 
</pre>
  
NÃO ESQUEÇA DE TROCAR OS IPs no arquivo acima!
+
DON’T FORGET TO CHANGE THE Ips IN THE FILE ABOVE!
  
6. Vá no menu system -> startup e confira se o nodogsplash está como ENABLED
+
6. Go to the menu system -> startup and check if nodogsplash is ENABLED
  
7. Reinicie o roteador. Quando ele voltar, o bloqueio das portas HTTP já devem estar funcionando.  
+
7. Restart the router. When it is back on, the blocking of http pages should be working already.
  
8. Agora, vamos modificar o FIREWALL
+
8. Now let’s modify the FIREWALL so that https and other protocols/ports will also be blocked,
  
 
<code>vi /etc/config/firewall</code>
 
<code>vi /etc/config/firewall</code>
  
Comente as seguintes linhas, incluindo jogo da velha antes de cada uma o jogo de velha (#)
+
Comment out the following lines, including the hash symbol the beginning. It should look like this after editing.
  
 
<pre>
 
<pre>
config forwarding
+
#config forwarding
     option src 'lan'
+
     #option src 'lan'
     option dest 'wan'
+
     #option dest 'wan'
 
</pre>  
 
</pre>  
  
Depois salve o arquivo e reinicie novamente o roteador. Agora o bloqueio de HTTPS já deve estar funcionado.
+
Save the file and restart the firewall
 +
 
 +
<pre>
 +
/etc/init.d/firewall reload && /etc/init.d/firewall restart
 +
</pre>
 +
 
 +
Restart the router. Now the https pages should also be blocked.
  
== Configurando o voucher ==
+
== Voucher system configuration ==
 +
 
 +
1. Let’s connect through ssh, update repos and install the vale package.
  
1. Conectadoas via SSH no roteador, vamos atualizar os repositórios e instalar o pacote do voucher
 
 
<pre>
 
<pre>
 
opkg update && opkg install http://nuvem.tk/files/vale_0.1-1_mips_24kc.ipk
 
opkg update && opkg install http://nuvem.tk/files/vale_0.1-1_mips_24kc.ipk
 
</pre>
 
</pre>
  
2. Vamos renomear o arquivo HTML do splash
+
2. Now rename the splash html file. You can also customize this file to reflect your community info.
 +
 
 
<pre>
 
<pre>
 
mv /etc/nodogsplash/htdocs/splash-vale.html /etc/nodogsplash/htdocs/splash.html
 
mv /etc/nodogsplash/htdocs/splash-vale.html /etc/nodogsplash/htdocs/splash.html
 
</pre>
 
</pre>
  
3. Reinicie o nodogpslash
+
3. Restart nodogpslash
 
<pre>
 
<pre>
 
/etc/init.d/nodogpslash restart
 
/etc/init.d/nodogpslash restart
 
</pre>
 
</pre>
  
4. Traduza ou customize as mensagens de erro que estão no arquivo /www/cgi-bin/vale
+
4. Translate or adapt the messages in the file  /www/cgi-bin/vale
 
   
 
   
5. Adicione seus códigos de VOUCHER no arquivo /etc/nodogsplash/vale/db.csv (se preferir, use um [http://generator.voucherify.io/# gerador aletório]).  
+
5. Add your VOUCHER codes in the files /etc/nodogsplash/vale/db.csv (you can use a [http://generator.voucherify.io/# random code generator]).  
  
Veja um exemplo do arquivo [https://github.com/coolabnet/lime-packages/blob/develop/packages/vale/files/etc/nodogsplash/vale/db.csv db.csv]
+
You can see an example of the formatting here: [https://github.com/coolabnet/lime-packages/blob/develop/packages/vale/files/etc/nodogsplash/vale/db.csv db.csv]
  
A primeira coluna não é utilizada. Cada linha tem que terminar com as duas vírgulas, sem espaços. As outras colunas serão usadas para anotar a hora e o MAC de cada conexão/voucher. Para gerar automaticamente as duas vírgulas ao fim de cada linha preencha a primeira linha. Exemplo:
+
Each line must end with two commas, with no spaces, and begin with one comma. The columns will be used to annotate the date/time and MAC address of every voucher. To generate automatically the commas, use an empty column in the beginning and two in the end in your spreadsheet editor. Example:
  
 
<pre>
 
<pre>
code,field1,field2
+
reference,code,field1,field2
6XvMcaLb,,
+
,6XvMcaLb,,
cF6m7eXu,,
+
,cF6m7eXu,,
nNqsSMCS,,
+
,nNqsSMCS,,
GSYJPotH,,
+
,GSYJPotH,,
PecFaM8c,,
+
,PecFaM8c,,
Tx2GgNNX,,
+
,Tx2GgNNX,,
zEeTmcwu,,
+
,zEeTmcwu,,
hBg5858g,,
+
,hBg5858g,,
rmsgUqR2,,
+
,rmsgUqR2,,
 
</pre>
 
</pre>
  
6. Agora, copie o arquivo para o seu roteador
+
6. Now copy it to your router:
  
 
<pre> scp db.csv root@thisnode.info:/etc/nodogsplash/vale/</pre>
 
<pre> scp db.csv root@thisnode.info:/etc/nodogsplash/vale/</pre>
  
== Customizando o portal captivo ==
+
 
 
1.
 
  
'''Referências'''
+
'''References'''
  
 
* [http://nuvem.tk/wiki/index.php/Fuma%C3%A7a_Data_Springs/Anexo_t%C3%A9cnico#Instala.C3.A7.C3.A3o_do_portal_de_controle_de_acesso Tutorial da Nuvem]
 
* [http://nuvem.tk/wiki/index.php/Fuma%C3%A7a_Data_Springs/Anexo_t%C3%A9cnico#Instala.C3.A7.C3.A3o_do_portal_de_controle_de_acesso Tutorial da Nuvem]
 
* [http://nodogsplash.readthedocs.io/en/latest/ Nodogsplash - Documentação]
 
* [http://nodogsplash.readthedocs.io/en/latest/ Nodogsplash - Documentação]

Edição das 22h37min de 27 de março de 2018

Important information

  • These instructions are meant for the gateway routers, connected to the Internet and providing it to the rest of the mesh. It was not tested in networks with more than one exit.
  • The captive portal system doesn't work when there is no access to the Internet

Libremesh's DaybootRely version (1706)

  1. Login to the router through ssh and update the software repositories:

opkg update

  1. Now let’s install nodogsplash nodogsplash. This is a package for version 17 of LiMe.

opkg install http://nuvem.tk/files/nodogsplash_0.9.2-1_mips_24kc.ipk

  1. Now we must edit the configuration file

vi /etc/config/nodogsplash

Change the following lines so that this is the final result:

Change "option enable" from 0 to 1

option enable 1

Uncomment (erase the hash symbol from the start) the following line:

option config '/etc/nodogsplash/nodogsplash.conf'

Erase all lines after this one.

  1. Now save the file and exit the editor.
  2. Create the file /etc/nodogsplash/nodogsplash.conf using the text below (modifying the IP and redirect page according to your network). You can find the ip to be used in the graphical interface (http://thisnode.info)under the menu menu network -> interfaces, LAN interface (IPV4) (without /16). The range are the first two numbers, follwed by .0.0/16. (for example, if the ip is 10.7.255.50, the range will be 10.7.0.0/16).
GatewayInterface br-lan
GatewayInterfaceExtra bmx+
GatewayInterfaceExtra2 anygw

FirewallRuleSet authenticated-users {
     FirewallRule allow to 0.0.0.0/0
}

FirewallRuleSet users-to-router {                                                                           
 # Nodogsplash automatically allows tcp to GatewayPort,                                                     
 # at GatewayAddress, to serve the splash page.                                                             
 # However you may want to open up other ports, e.g.                                                        
 # 53 for DNS and 67 for DHCP if the router itself is                                                       
 # providing these services.                                                                                
    FirewallRule allow udp port 53                                                                          
    FirewallRule allow tcp port 53                                                                          
    FirewallRule allow udp port 67                                                                          
 # You may want to allow ssh, http, and https to the router                                                 
 # for administration from the GatewayInterface.  If not,                                                   
 # comment these out.                                                                                       
    FirewallRule allow tcp port 22                                                                          
    FirewallRule allow tcp port 80                                                                          
    FirewallRule allow tcp port 443                                                                         
}                                                                                                           
# end FirewallRuleSet users-to-router                                                                       

FirewallRuleSet preauthenticated-users {
 # For preauthenticated users to resolve IP addresses in their initial
 # request not using the router itself as a DNS server,
 # you probably want to allow port 53 udp and tcp for DNS.
    FirewallRule allow tcp port 53  
    FirewallRule allow udp port 53
 # For splash page content not hosted on the router, you
 # will want to allow port 80 tcp to the remote host here.
 # Doing so circumvents the usual capture and redirect of
 # any port 80 request to this remote host.
 # Note that the remote host's numerical IP address must be known
 # and used here.  


     #change the IP for the address of the gateway router
     FirewallRule allow tcp port 80 to 10.7.122.55


}
# end FirewallRuleSet preauthenticated-users
      
                                                

EmptyRuleSetPolicy preauthenticated-users passthrough
EmptyRuleSetPolicy users-to-router passthrough


#change the IP for the address of the gateway router
GatewayName 10.7.122.55:80

#GatewayPort 80


MaxClients 500

ClientIdleTimeout 720

ClientForceTimeout 14400


#change the range for the ip range of your mesh network
GatewayIPRange 10.7.0.0/16

# BinVoucher "vale.sh"

# ForceVoucher yes

# EnablePreAuth yes

DON’T FORGET TO CHANGE THE Ips IN THE FILE ABOVE!

  1. Go to the menu system -> startup and check if nodogsplash is ENABLED
  2. Restart the router. When it is back on, the blocking of http pages should be working already.
  3. Now let’s modify the FIREWALL so that https and other protocols/ports will also be blocked,

vi /etc/config/firewall

Comment out the following lines, including the hash symbol the beginning. It should look like this after editing. 

#config forwarding
    #option src 'lan'
    #option dest 'wan'

Save the file and restart the firewall 

/etc/init.d/firewall reload && /etc/init.d/firewall restart

Restart the router. Now the https pages should also be blocked.

Voucher system configuration

  1. Let’s connect through ssh, update repos and install the vale package.
opkg update && opkg install http://nuvem.tk/files/vale_0.1-1_mips_24kc.ipk
  1. Now rename the splash html file. You can also customize this file to reflect your community info.
mv /etc/nodogsplash/htdocs/splash-vale.html /etc/nodogsplash/htdocs/splash.html
  1. Restart nodogpslash
/etc/init.d/nodogpslash restart
  1. Translate or adapt the messages in the file /www/cgi-bin/vale
  2. Add your VOUCHER codes in the files /etc/nodogsplash/vale/db.csv (you can use a random code generator).

You can see an example of the formatting here: db.csv

Each line must end with two commas, with no spaces, and begin with one comma. The columns will be used to annotate the date/time and MAC address of every voucher. To generate automatically the commas, use an empty column in the beginning and two in the end in your spreadsheet editor. Example: 

reference,code,field1,field2
,6XvMcaLb,,
,cF6m7eXu,,
,nNqsSMCS,,
,GSYJPotH,,
,PecFaM8c,,
,Tx2GgNNX,,
,zEeTmcwu,,
,hBg5858g,,
,rmsgUqR2,,
  1. Now copy it to your router:
 scp db.csv root@thisnode.info:/etc/nodogsplash/vale/

References

Disponível em “https://wiki.coolab.org/index.php?title=Como_criar_o_portal_cativo_de_controle_de_acesso&oldid=157