BAN - Solms

NOTE: the CopSpot Addon is frozen and will see no further development.

What is CopSpot

CopSpot is a Captive Portal for IPCop based on Chillispot.
From the Chillispot webpage: 'It is used for authenticating users of a wireless LAN. It supports web based login which is today's standard for public HotSpots. Authentication, authorization and accounting (AAA) is handled by your favorite radius server.'
Please note that the Addon does not include a radius server!

Prepare for installation

You need a blue or gray interface. Should you not have one of those, install it first and verify proper operation before continuing with CopSpot.
There are no settings required for the blue/gray interface other than proper IP and Netmask. Especially deactivate DHCP (both) as it will be handled by CopSpot, remove entries unter Blue Access (blue only), clear any rules on the gray interface (gray only).
A typical CopSpot configuration looks something like this , please note that allthough Captive Portals are targeted for WLAN users, CopSpot is just as happy to server 'wired' users.

Installation

download copspot-ipcop-<version>.tar.gz from this webpage
copy 'copspot-ipcop-<version>.tar.gz' to any directory of your choice ( e.g. to '/root' using WinSCP or SCP [ port 222! ] )
go straight to the console or open a console connection ( e.g. via Putty or SSH [ port 222! ] )
login as user 'root'
change to the directory you have copied the file to ( e.g. type 'cd /root' )
extract the archive ( type 'tar xvfz copspot-ipcop-<version>.tar.gz' )
change to installation directory ( type 'cd copspot-ipcop-<version>' )
to install the addon type './install -i' ( to uninstall type './install -u' )

Upgrading

Just follow the steps under Installation, no need to uninstall first.

Usage

After installation you should have an extra menu-item for CopSpot:

And a screen with various settings:

All options should be self-explaining. Don't forget to change the Radius Shared Secret and the Loginpage secret (this one is used between portal and login page only).
Hit save and CopSpot should start automatically. In case of trouble, goto the Logging -> CopSpot section and check for error messages.
If all is OK, the webpage should say CopSpot is running, you can also verify this by going to the Status -> System Status page.
After you have setup and properly configured a Radius server you are ready for your users.

Portal users

Users should have DHCP enabled on their PCs, don't forget to also let DHCP handle the DNS Server setting. As soon as they connect they will be issued an IP by CopSpot and should be able to ping it. CopSpot uses the first IP defined unter Network. Settings can be verified by the user with ipconfig (Windows) or ifconfig (Linux). The user should now also be able to reach any sites listed as 'free'.
As soon as the user tries to access a non-free site, he/she will be presented with a login screen, enter Radius credentials here and surf away ;)

To keep track of online time a status popup will be shown:

Currently the portal user will only be able to use http (tcp port 80) into the internet. All other access is blocked.
I suggest using BOT if you require more.

Was ist CopSpot

siehe oben

Closing remarks

Do *not* ask me why a Radius server is not included. I personally feel that if one wants to use all advantages (i.e. accounting), you need things like databases, easy maintenance etc. all those things do not really belong on a firewall (one might even question having CopSpot on a firewall). I *might* eventually include some other kind of authentication, but not now.
Please do not mail me for support etc., feel free to mail me though if you insist and want to transfer large amounts of money to my account .
In case of trouble, things not working, etc. post a message in the english or german IPCop support forums. I do visit those from time to time.

2007-01-14	0.1.0	Use a different port (than IPCop https) for CopSpot login page
2007-01-07	0.0.1	First online version

Last modified: 2008-01-26