Icaro Dedalo Hotspot installation

Ok so you have 2 machines. Perfect.

If you try to login to icaro instance, from nethserver-dedalo, you can access and visualize your hotspot details inside Cockpit?

Can you paste the result of:

config show dedalo

I’d like to have only the access to CentOS machine if the check above works. If the machine is public you can send me the credentials to private message without making an appointment for tomorrow.

Thanks.

3 Likes

Yes I can.

I will do this evening.

No it isn’t public, only VPN Port is routed by the provider router. Sadly we can’t configure it, but we we will call the provider to give us one internal address, where every traffic is routed to. If this works I’ll give you credentials.

Thanks

2 Likes

Perfect Michael :+1:

Thanks

Here is my config:

[root@fw ~]# config show dedalo
dedalo=service
    AaaUrl=
    AllowOrigins=
    ApiUrl=
    Description=Gaestenetz
    DhcpEnd=254
    DhcpStart=100
    IcaroHost=icaro.drk.local
    Id=1
    LogTraffic=disabled
    Name=DRKGast
    Network=192.168.182.0/24
    Proxy=disabled
    SplashPageUrl=
    UnitName=fw.drk.local
    Uuid=95fa2e77-ddde-4d62-bd61-04b21a239784
    status=enabled

Here are some logs from dedalo log without sending a request from a client. If you sent a request nothing changes:

Apr 07 13:05:34 fw.drk.local [12476]: calling curl_easy_cleanup()
Apr 07 13:05:34 fw.drk.local [12476]: curl error The requested URL returned error: 404 Not Found
Apr 07 13:05:34 fw.drk.local [12476]: Access-Reject
Apr 07 13:05:34 fw.drk.local [12476]: close_request
Apr 07 13:05:34 fw.drk.local [12476]: connections free 15
Apr 07 13:05:34 fw.drk.local [12476]: HTTP completed with status 22
Apr 07 13:05:34 fw.drk.local [12476]: calling curl_easy_cleanup()
Apr 07 13:05:34 fw.drk.local [12476]: curl error The requested URL returned error: 404 Not Found
Apr 07 13:05:34 fw.drk.local [12476]: Access-Reject
Apr 07 13:05:34 fw.drk.local [12476]: close_request
Apr 07 13:05:34 fw.drk.local [12476]: connections free 16
Apr 07 13:06:06 fw.drk.local [12476]: connections free 15
Apr 07 13:06:06 fw.drk.local [12476]: request index 9
Apr 07 13:06:06 fw.drk.local [12476]: connections free 14
Apr 07 13:06:06 fw.drk.local [12476]: request index 8
Apr 07 13:06:06 fw.drk.local [12476]: HTTP completed with status 22
Apr 07 13:06:06 fw.drk.local [12476]: calling curl_easy_cleanup()
Apr 07 13:06:06 fw.drk.local [12476]: curl error The requested URL returned error: 404 Not Found
Apr 07 13:06:06 fw.drk.local [12476]: Access-Reject
Apr 07 13:06:06 fw.drk.local [12476]: close_request
Apr 07 13:06:06 fw.drk.local [12476]: connections free 15
Apr 07 13:06:06 fw.drk.local [12476]: HTTP completed with status 22
Apr 07 13:06:06 fw.drk.local [12476]: calling curl_easy_cleanup()
Apr 07 13:06:06 fw.drk.local [12476]: curl error The requested URL returned error: 404 Not Found
Apr 07 13:06:06 fw.drk.local [12476]: Access-Reject
Apr 07 13:06:06 fw.drk.local [12476]: close_request
Apr 07 13:06:06 fw.drk.local [12476]: connections free 16


Thanks in advance

For the NethServer part it seems all good, can you please paste the output of:

  • systemctl status dedalo
  • dedalo query list

And again:

  • dedalo query list when you trying to connect to Wi-Fi?

Thanks.

systemctl status dedalo
● dedalo.service - Network access controller, runs on the firewal and intercepts all guest connections, based on CoovaChilli
   Loaded: loaded (/usr/lib/systemd/system/dedalo.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2020-04-04 00:20:50 CEST; 3 days ago
 Main PID: 12468 (chilli)
   CGroup: /system.slice/dedalo.service
           ├─12468 /usr/sbin/chilli -c /opt/icaro/dedalo/chilli.conf --fg
           └─12476 [chilli_proxy] -b /var/run/chilli.12468.cfg.bin

Apr 07 15:14:38 fw.drk.local [12476]: curl error The requested URL returned error: 403 Forbidden
Apr 07 15:14:38 fw.drk.local [12476]: Access-Reject
Apr 07 15:14:38 fw.drk.local [12476]: close_request
Apr 07 15:14:38 fw.drk.local [12476]: connections free 15
Apr 07 15:14:38 fw.drk.local [12476]: HTTP completed with status 22
Apr 07 15:14:38 fw.drk.local [12476]: calling curl_easy_cleanup()
Apr 07 15:14:38 fw.drk.local [12476]: curl error The requested URL returned error: 403 Forbidden
Apr 07 15:14:38 fw.drk.local [12476]: Access-Reject
Apr 07 15:14:38 fw.drk.local [12476]: close_request
Apr 07 15:14:38 fw.drk.local [12476]: connections free 16
dedalo query list

74-DA-88-EF-15-47 192.168.182.100 dnat 158595245000000002 0 74-DA-88-EF-15-47 0/0 0/0 0/0 0/0 0 0 0/0 0/0 -
dedalo query list

82-A5-6A-9A-72-D2 192.168.182.102 dnat 158626552000000001 0 82-A5-6A-9A-72-D2 0/0 0/0 0/0 0/0 0 0 0/0 0/0 http://de.archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease

74-DA-88-EF-15-47 192.168.182.100 dnat 158595245000000002 0 74-DA-88-EF-15-47 0/0 0/0 0/0 0/0 0 0 0/0 0/0 -

Thank you for helping me.

1 Like

I’ve a generally question to dedalo. What happens if a client asks for connection.
The gateway (dedalo server) tries to route to icaro portal web site, but does it always do this through red interface? If so, how can we change, because the icaro server is at the green interface.
We also tried to setup icaro server to the red network, but it doesn’t work also.
Of course the next problem is the DNS, only the nethserver where dedalo runs knows the icaro address, but I think the DNS server is only reachable from green LAN.
Hope somebody can clarify these things.

My Problem seems to be with dedalo, not icaro. Yesterday I connected my dedalo to an icaro installation from Markus. Markus gets the portal page with a client at his dedalo installation, I don’t get it running with my dedalo.

Hi @m.traeumner,
just to be sure… what is is network configuration on the dedalo side (NethServer)?
You need to have at least these 3 roles:

  • one red
  • one green
  • one hotspot
2 Likes

Hi,
It is a Nethserver with a green interface for LAN, a red interface for WAN and a third interface setup by dedalo.

Hi @m.traeumner,
if I’m right you should have icaro (CentOS 8) and dedalo (NethServer) in the same network, in this case you should have the red of NethServer connected to CentOS.
Is that you configuration?

At the moment my icaro is at the green interface, but I tried at red interface too.
I also test it with an icaro server from @mrmarkuz, reachable through the internet.

Thanks for help
Michael

icaro at green interface is perfect (how many configured interfaces do you have on your icaro?one should be enough)

Is the red interface of nethserver connected to green interface of icaro?

At the moment the icaro interface is connected to nethservers green interface, but also tried to connect to nethservers red interface.
The Nethserver is for dedalo , vpn and for firewall, but also tried to disable things like ips. There are no special firewall rules on it.

Ok, Nethserver need to be connected to icaro via red interface, that is what usually happens when icaro is on a remote server.
So try to connected red if of nethserver and green of icaro.
If you don’t need a green on your nethserver you can leave it disconnected.

1 Like

Ok, I’ll try this again. But there is also another problem, because the server of @mrmarkuz is connected via internet (red interface).

Yes, make a new try, this seems to be quite difficult to detect and there are many variables involved, but if things won’t work I think you should ask for commercial support at this point.

1 Like

Thanks for your answer. I give it a try again, also with an other nethserver installation

1 Like

Hi guys, it seems, that we can’t get it running without a connection from outside to port 80 and 443.

  • I have a firewall with a green (LAN) and a red (WAN) interface.
  • Dedalo Server is connected with its red (WAN) interface to the firewall green (LAN) interface, dedalos green interface is a fake interface and dedalos 3rd interface is connected to the hotspot with dedalo hotspot role.
  • icaro (now on CentOS 7) is at the firewalls green interface
  • Dedalos first DNS is changed to the firewall address, which is an internal DNS and knows the domain of icaro.

Everything seems to work.

  • I can curl the icaro domain from a client at the green firewall network
  • a client at the hotspot network can solve the icaro domain with a nslookup

but I can’t reach the portal site.
The same configuration with a public known domain an a letsencrypt certificate works fine.

Special thanks to @davide_marini, @edoardo_spadoni for helping me and to @mrmarkuz, who spends much hours for rebuilding the same structure, testing and helping me to install.

3 Likes

I’ve rewritten the howto for icaro on CentOS 7 with a public domain name.
If somebody is interested have a look here:

1 Like