2012-02-12 - Re: [GRASE-Hotspot] integrate grase on router - one hour by day connection

Header Data

From: Tim White <ti***8@gmail.com>
Message Hash: fadb64f9c3ad617fd50a93254dec943c3ae0f2555912c93ec2958c582a7d9eb4
Message ID: <4F38AEAB.4080308@gmail.com>
Reply To: <544839176.350.1329057460646.JavaMail.root@zimbra>
UTC Datetime: 2012-02-12 23:33:15 UTC
Raw Date: Mon, 13 Feb 2012 16:33:15 +1000

Raw message 

On 13/02/12 00:37, Dikdust wrote:
> Hi
>
> I'm a volunteer in and NGO here in Turin in Italy and I'm also the sysadmin of my IT company. I would like to share my internet link with my neighboorhod (as NGO) and I succefully do it with grase.
>
> Now the next step is to extend this free wifi hotspot with others in my zone that want to share their internet connection and this using credentials in my grase server (which I can configure in any way and I have public ip).
>
> I have read of http://www.dd-wrt.com but I don't know if is possible to use it with grase and I also want to limit bandwith of those who give for free their internet connections and limit it to one hour by day, for the users that use this connections.
>
> I will give the router for free (I will buy it and donate as company) and this object must obviously act as router, I mean one interface must get the internet connection trough the lan of the "sharer" but obviously the ip of the user who connecting is one of my grase lan (the lan of the sharer must be secure).
>
> Is possible ? I don't want to spend not more than 100\u20ac for client (I have done it something with koala but is too expensive and need to much hardware - too complicate for the sharer..)
>
> Thanks a lot
>
> Antonio Alessio "dikdust" Di Pinto

Hi Antonio.

This is possible, but outside of the original design of the Grase Hotspot.
Ideally, you'll need to install coova chilli on your routers, and set 
them up to use your Grase Hotspot install as the central server. Easiest 
way to do this would be to create a VPN (OpenVPN is ideal) so that all 
the clients can connect securely via the VPN, to the FreeRadius software 
on the main server. You'd also need to setup Coova Chilli on the routers 
to use the Web server on the main server, and there are some functions 
regarding that that haven't been tested that could need some work. 
Lastly, the network settings you set in the Grase Hotspot admin 
interface, won't propagate to the "remote" routers, and you probably 
don't want them to. Ideally each location would have it's own ip range. 
You'd probably remove the Squid redirection lines from each router, as 
running squid on each router wouldn't be ideal if they are lightweight, 
and using the squid on the main server would be stupid. This would 
remove the ability to monitor what sites clients are using, but that's 
probably ok for this setup.

Trying to protect the LAN's at each site would be a challenge. Ideally 
you'll need a firewall rule that blocks connections leaving the router, 
that are destined for any address on the LAN, unless it was the internet 
router. (And as said above, each site would have it's own "Grase" ip 
range, that didn't conflict with any other site's Grase ip range, or 
with the local sites LAN ip range).

Limiting bandwidth and connect time is easy. Create a group with the 
relevant bandwidth limits, and connection time limit (daily 1 hour for 
example), and that will be enforced across all sites. i.e. they could 
use 30 mins at one site, 30 mins at another site, and that would be it 
for the day.

For 100\u20ac, you'll be fairly limited on router hardware. I'd check out 
what hardware CoovaAP (http://www.coova.org/CoovaAP) runs on, and use that.

The hardware I use to run routers the complete system on them come out 
at more than 100\u20ac, but would be a viable option for you if you can 
increase the budget.

I've opened a ticket (http://trac.grasehotspot.org/ticket/56) for making 
this easier to setup, as in the future I'd like this to be something we 
can offer easily.

Tim

Thread