How to: Safely Share Your Wireless Internet With CoovaAP, Part I

By Eric Geier

March 30, 2009

In this two-part tutorial, we explore CoovaAP firmware and its hosted services. In Part 1, our expert explains how to turn a simple router into a hotspot gateway, set up a captive portal with different registration modes, and configure bandwidth limiting.

If you want to offer wireless Internet access to your customers or to safely share your connection with your roommates or neighbors, there is an affordable way to a simple--or advanced--Wi-Fi hotspot. The Linux and open source community offers several different solutions, from live CDs (ZoneCD) to firmware replacements (DD-WRT & CoovaAP) for wireless routers.

If you want to offer free Wi-Fi access and have some spare time, you shouldn't have to invest more than an old computer or router. In this two-part tutorial, we'll explore the CoovaAP firmware and its hosted services. In this part, we'll discover how to turn that mundane router into a hotspot gateway, set up the captive portal with different registration modes, and configure bandwidth limiting. In the next part, we'll examine Coova hosted services and see how you can offer secure WPA/WPA2 access to your hotspot users.

CoovaAP

CoovaAP is based on the open source OpenWRT firmware replacement and designed specifically for hotspots. In addition to being a normal access point, it supports WDS (wireless distribution system). Thus, if your location requires multiple APs, some can be set in repeater mode instead of having to run Ethernet cables to them. The wireless router and hotspot settings are easily configurable with a Web browser, just like regular routers.

The CoovaAP firmware features a customizable internal captive portal, where you can either require user accounts (self-registering or defined by you) or require users to just agree to the terms of service (ToS). Figure 1 shows the portal page shown to users when via the self-registering method. Figure 2 shows the ToS page users would see when not requiring users to have accounts. It even has a Facebook portal feature. Traffic shaping or bandwidth control is also included, so you can limit how much Internet power guests use.

CoovaAP has a built-in CoovaChilli Access Controller, based on the ChilliSpot solution, and the WiFiDog Access Controller. Using CoovaChilli and Coova's hosted services, CoovaAP can even run WPA/WPA2-Enterprise (password-based) authentication and encryption for the hotspot users. CoovaAP also has an internal PPTP VPN client and server, plus OpenVPN's client.

The first step is to round up a wireless router. If you have an old Linksys G router (WRT54G/GL/GS) sitting around gathering dust, grab it. Other wireless routers with a Broadcom chipset should work, as well. If you aren't sure of a router's chipset type, you can refer to the Router-Database for DD-WRT, a more popular and general firmware replacement.

Next, you want to download the correct CoovaAP firmware image. On CoovaAP's main page, you'll find links to images for the popular Linksys models and to other brands that require specific firmware. From there you can also download the raw Broadcom TRX image for other routers.

Now you need to upload or flash the firmware to the router. Specifically how to do this depends on the router model. On Linksys routers, you should be able to use their firmware upgrade page on the Web-based utility. For other routers, such as those from Buffalo Technology, you might have to use the TFTP method. Coova doesn't provide a great deal of installation help on their site, however you can get hints from the install notes for DD-WRT.Warning: Be careful when messing with the firmware! Making a mistake can brick the router, rendering it useless.

Configuring basic settings

After applying the CoovaAP firmware, the router should reboot and start broadcasting the Coova SSID. You need to connect over wireless or wire and bring up the web-based utility by entering its IP address (192.168.1.1) into a browser. The username to login is always root. The first time, you'll be prompted to set a password.Note: If the network name isn't Coova or you're having other strange issues, such as not getting an IP address when connecting, the nvram (memory) might have not been erased completely before the firmware upgrade. Thus, you can try to reset the nvram manually. To do so, log into the router with SSH, via the router IP address (192.168.1.1). You can download PuTTY, a free SSH client. Once logged in, enter mtd -r erase nvram. After rebooting, all the default CoovaAP settings should be loaded.

Before hitting the Hotspot tab to configure the cool features, you might want to get the basics done first on the System and Network tabs. We'll discuss a few important settings. First, on the System/Settings tab (see Figure 3), you should enable the boot_wait feature, which gives you the ability to recover the router with TFTP later if CoovaAP becomes corrupted. On the Network/WAN page, configure your Internet settings if required, such as for DSL or static IP connections. On the Network/Wireless tab (see Figure 4), you can choose a more descriptive and fitting ESSID or network name. You might also want to enable the Isolate WLAN clients feature, to help protect unsuspecting users from sharing their laptop's files to others.Tip: If you plan to regularly use the network and share files among your computers, you could leave the isolation feature off. Then to protect your files, use the sharing and file (NTFS) permissions to restrict access. Alternatively, when configuring the hotspot settings, you could choose to deny hotspot users to access the LAN or wired connections. Thus for your private network, you can plug the computers into the Ethernet ports. You could even plug in an extra wireless router or AP (configured with encryption) for private Wi-Fi access.

When you're ready to configure the hotspot settings, click the HostSpot tab (see Figure 5). If you require a simple solution, for the HotSpot Type choose the Internal Hotspot option, which means all the settings and users are defined locally on the AP itself. As we'll discuss in the next part, the other options are great when managing multiple locations.

The next big decision to make on this page is to pick the Registration Mode. Choosing the Configured Users option requires users to have a username and password to gain access. In other words, you'd have to manually create the user accounts on the Access Lists tab. Selecting the Self Register option lets user create their own account. Either way, you can create and modify the user accounts on the Access Lists tab. The last registration option, ToS Acceptance, doesn't use user accounts. Users are presented with a page of terms that they must agree to before accessing the Internet.

Don't forget about the other settings. The HotSpot Mode setting lets you choose whether to run the captive portal only the wireless connections or both wireless and wired connections. The HotSpot LAN Access setting lets you define whether or not to prevent hotspot users from accessing computers from the wired side. The Owner E-mail Address is where messages sent from users, using the contact link on the hotspot login page, will to sent to. For this to work, you must also input the SMTP server details on the Location tab.

The Web Protocol settings defines if the login or ToS page should use the HTTP or HTTPS protocol. If using user accounts, you might want to opt for the SSL encrypted HTTPS protocol. However, since CoovAP is preloaded a self signed certificate, users will be prompted with a security warning. If you do choose this route, you may want to purchase a SSL certificate of your own and replace the default one.

Configuring bandwidth shaping

If you plan to use the Internet connection for personal or private access still, you should configure the Traffic Shaping feature. This helps prevent users from sucking up all the available Internet speed. To enable this, click the Network tab, and then click the Shaping sub-tab (see Figure 6). You'll probably have to install two packages before you see the settings; simply click the install links.

To turn it on, select Enabled for the Traffic Shaping setting. Then you can define the Internet (WAN) upload and download limits. Additionally, you can configure advanced settings.

Stay tuned--in the next part, we'll finish up our internal hotspot by customizing the portal pages. Then we'll get to the central management approach, using their free AAA hosted servers, which gives you some more cool features.

Eric Geier is an author of many computing and networking books, including Home Networking All-in-One Desk Reference For Dummies (Wiley 2008) and 100 Things You Need to Know about Microsoft Windows Vista (Que 2007). Article adapted from LinuxPlanet.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.