How to: Safely Share Your Wireless Internet With CoovaAP, Part II
March 31, 2009
In this two-part tutorial, we explore CoovaAP firmware and its hosted services. In Part I, our expert explained how to turn a simple router into a hotspot gateway. In Part II, he outlines how to finish setting up the internal hotspot features.
In Part I of this two-part series, we discovered that we can turn an inexpensive wireless router into a hotspot gateway with CoovaAP, to offer wireless Internet access to visitors. To turn our mundane router into a hotspot, we uploaded the open source firmware to a Linux-based router. We also covered how to set up the internal captive portal with different registration modes and configured the simple bandwidth limiting feature.
In this part, we'll finish setting up the internal hotspot features by customizing the portal pages. This lets you adapt the login or ToS (Terms of Service) pages to your organization's brand or your personal tastes. We'll also discover how to take advantage of Coova's free services to centrally manage and control the hotspot(s).
Customizing the portal pages is fairly easy and straightforward. Some HTML experience helps, but it's not necessary. On CoovaAP's Web-based utility, click the Hotspot tab and select the Portal sub-tab. As you seen in Figure 1, you can choose each section/page to edit its HTML code.
If you aren't familiar with Web page design, you can simply edit the text as you wish and leave the HTML tags alone. If you want to change formatting, add pictures, or make other additional changes, you can use a visual editor, such as KompoZer in Linux or Microsoft FrontPage in Windows. Then you can copy and paste the HTML code from the editor into the CoovaAP portal settings. If you really make a mess, you can get the default code back by clicking the reset to default link under the code boxes.
The note on the Portal page about URLs and the "walled garden" apply if you add links or images on the portal pages to or from an external Website. For example, you might want to link to your organization's Website from the portal. Adding the address of your organization's Website to the walled garden list prevents users from having to login or accept the ToS before visiting your site.
Coova also offers free access to its CoovaAAA service, which is basically a shared RADIUS server. There are a few different ways you use the service. We're going to be using CoovaAP with the internal hotspot and portal while also taking advantage of CoovaAAA. This way we can easily modify the portal content while better controlling and monitoring the access.
Overall, CoovaAAA has the following advantages:
Centralized management, session logs, and monitoring alerts
Access code functionality to hand out varying types of acces.
Easier bandwidth control with per user/realm capabilitie.
MAC address authentication, so users don't have to keep logging in
We'll discuss these features further when setting everything up.
Configuring CoovaAP to use CoovaAAA
First, log into the CoovaAP Web interface with its IP address, which is 192.168.1.1 by default. Click the Hotspot tab and select the RADIUS sub-tab (see Figure 2). Then input the RADIUS Server IP address and Shared Secret. These pieces of information are shown on the Home tab when logged into the CoovaAAA site. To connect your CoovaAP with your CoovaAAA account, log into the hotspot with your CoovaAAA username and password.
Remember, if you want to use the embedded portal of CoovaAP, make sure it's enabled on the Hotspot/Configuration tab.
Instead of allowing users to self-register when requiring users to login, CoovaAAA lets you optionally create and accept Access Codes on the login page. This way you can hand out codes and their passwords to neighbors or visitors, giving you a bit more control over the hotspot access. You can also assign Access Policies to these codes. The only set back is that you can only currently create ten access codes.
To create these codes, click the Access tab, choose the Access Codes sub-tab, and click the new link. As you see in Figure 4, the settings are straightforward. The only possible realm is code. The Reset Window/Expiry checkbox is for later, to manually reset the counters when a user has reached a time or data limit.
To use the Access Codes, users can enter the code into the Username field of the hotspot login page, followed by @code, and it's password into the Password field. For example, if the access code is guests, they would enter guests@code and the password.
Sharing your hotspot access
On the Sharing tab of CoovaAAA (see Figure 5), you'll see you can share with individuals and realms. It's important to understand that you can not create shares to local accounts (including self-registered users) stored on the CoovaAP router. This means if you want the advanced usage and bandwidth controls CoovaAAA provides, its best to use only Access Policies to give out hotspot access. Thus you would want to make sure the Registration Mode defined in CoovaAP is set to Configured Users. The sharing features are more useful if users have their own Coova account, created directly on the Coova.org site.
Exploring more of Coova
We discovered the main features of CoovaAP and CoovaAAA, so we can share our Wi-Fi. You may want to do some exploring on your own now; maybe look into the embedded ChilliSpot feature or WPA-Enterprise. Just remember, as you'll see noted, some features and interfaces are for demo purposes; Coova seems like it is always evolving.
Eric Geier is an author of many computing and networking books, including Home Networking All-in-One Desk Reference For Dummies (Wiley 2008) and 100 Things You Need to Know about Microsoft Windows Vista (Que 2007). Article adapted from LinuxPlanet.