DigI:RDB52G config
From its-wiki.no
Digital Inclusion (DigI) | |||||||
---|---|---|---|---|---|---|---|
|
back to BasicInternet:Solutions, BasicInternet:InfoSpot_configuration
Configuration of LNCC RDB52G
Contents
Configuration through WinBox/WinBox4MAC
Connect the device direct to your laptop and then use the WinBox or the used configuring program
- either by connecting to WiFi to the LNCC, use the W01: Mac address
- or connecting to port 2 on the LNCC, use the E02: Mac address (E01: Mac address+1)
- Note: if connecting through cable, ensure that Wifi on our PC is off
If the device doesn't connect or appear within the configuration window then to connect to cable to port 2
- Share Wifi IP configuration from MAC
- If initial "find" from wAP fails, then disconnect Wifi, only connect USB to wAP, and "find"
- If the available network doesn't permit net/wifi sharing then connect the Mikrotikk device direct to a wifi router such RB960PGS
- Reason: for updating the packages, the wAP needs to be connected (through the MAC) with Internet
ERROR handling
Login 192.168.60.1
- Wine/Crossover - Winbox
- admin (see BasicInternet_Passwords.kbdx)BasicInternet
- E02: 74:4D:28:E8:4C:81 is the
- W01: .... 86
Check Log file
Error: sstp-tanzania: …. terminating, could not resolve name
Interface = SSTP client Dial out: sstp.basicinternet.org -> maincorerouter.basicinternet.org CHANGED sstp = maincorerouter.basicinternet.org (on Domeneshop) % Remote?? connection time-out IP = Hotspot
ERROR· no connection to its-wiki.no
Reason: https://yeboo.com is blocked (local raspberry Pi) /ip firewall filter add action=drop chain=forward comment="block yeboo https" content=yeboo disabled=no dst-port=443 protocol.tcp
Steps
1. Connect the wAP
- Connect the LNCC (RDB52G) to a network on Port 1 (not necessary for the first steps)
- Connect the Mac/PC to the LNCC wifi network that will appear on your network list looks like MikroTik-28FBFB
- Alternative: Connect the Mac/PC to port 2 of the LNCC
2. Open Winbox4Mac
- Go to neighbours connect to the device appears
- If no one appears click refresh then it will come up
- Then there is an automatic message will come up choose (Remove configuration)
- Go to System=> reset-configuration no-default=>yes
- Automatically, you will be logged out
3. Connect the LNCC to the Mac
- Go to neighbours connect to the device appears
- If no one appears click refresh then it will come up
- If it doesn't work unconnected the LNCC
- Usually, it won't connect if you use a limited and strict network that you should change to another network to give you the ability to share the network with the Mikrotik device
- go to network preferences and choose USB10/...00LAN
- Go to the sharing folder in the setting and open sharing
4. Open Winbox4Mac
- After connecting go to IP => DHCP client => click on (+) on the top to the left
- Go to interface and select (ether 1) => apply => OK
- A table will appear and show Interface (ether1), Use P... (Yes), Add D... (Yes), IP Address (....numbers...), Expire After (...time...), & Status (bound)
5. Go to system
- Choose packages => check for updates => Download&Install
- Down the box you will get the message Download and rebooting
- There are two options from this step to finalise the configuration. Both are explained in 6 and 7
6. First method
Go to files
- Upload three certificate files those will be found one OwnCloud=> Certificate8 directory, contains bif_client_tz8.crt,key,csrr ( 3 files 1. Ca.crt 2. Client1.crt 3.client1.key)
- The certificate file should be uploaded in the winbox=> file=> file list=> flash directory
- Go to file list and import the suitable configuration file (RB921) from OwnCloud => BasicInternet => Technology => Mikrotik => Tanzania_backups => the file name
- Take the file to the window File list and there will appear with the other two folders flash & flash/skins
- Take the file another time and this time put it within the flash/skin folder to be imported in it also
Go to New Terminal
- On the end of the page write the command (import the file you imported's name)
- Press enter and wait for a few seconds
- It should give you a message that the file is loaded and executed successfully
7. Second method
Go to files
- Upload the certificates files from Owncloud (bif_client_tz8.crt,key,csrr)
Go to New Terminal
- copy the following command lines and paste them into the terminal and press "Enter" key
/interface bridge add comment="Bridge to distribute hotspot" fast-forward=no name=\
Hotspot_Bridge
/interface wireless set [ find default-name=wlan1 ] disabled=no mode=ap-bridge radio-name=\
BasicInternet_AP ssid=BasicInternet
set [ find default-name=wlan2 ] disabled=no mode=ap-bridge radio-name=\
BasicInternet_AP ssid=BasicInternet
/interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] dns-name=access.basicinternet.org hotspot-address=\
10.5.50.1 html-directory=flash/BI_hotspot login-by=http-chap name=\ BS_Hotspot_Profile use-radius=yes
/ip hotspot user profile set [ find default=yes ] session-timeout=1h shared-users=unlimited /ip pool add comment="Hotspot pool" name=HSPool ranges=10.5.50.10-10.5.50.254 add name=PoolEther2 ranges=192.168.60.10-192.168.60.20 /ip dhcp-server add add-arp=yes address-pool=HSPool disabled=no interface=Hotspot_Bridge \
name=HSDHCP
add address-pool=PoolEther2 disabled=no interface=ether2 name=server1 /ip hotspot add address-pool=HSPool addresses-per-mac=1 disabled=no idle-timeout=none \
interface=Hotspot_Bridge name=server1
- copy the following command line and paste it into the terminal and press "Enter" key
/certificate import file-name=ca.crt
Then you will be asked for the password below b1fcl13nt1
- copy the following command line and paste it into the terminal and press "Enter" key
/certificate import file-name=client1.crt
Then you will be asked for the password below b1fcl13nt1
- copy the following command line and paste it into the terminal and press "Enter" key
/certificate import file-name=client1.key
Then you will be asked for the password below b1fcl13nt1
- copy the following command lines and paste it into the terminal and press "Enter" key
/interface sstp-client add authentication=mschap2 certificate=bif_client_tz7.crt_0 connect-to=\
maincorerouter.basicinternet.org disabled=no name=sstp-tanzania password=\ t4nz4n14s3v3n profile=default-encryption user=sstptanzania7
/interface bridge port add bridge=Hotspot_Bridge interface=ether4 add bridge=Hotspot_Bridge interface=ether5 add bridge=Hotspot_Bridge interface=wlan1 add bridge=Hotspot_Bridge interface=wlan2 add bridge=Hotspot_Bridge interface=ether3 /ip neighbor discovery-settings set discover-interface-list=LAN /interface list member add comment=Hotspot interface=Hotspot_Bridge list=LAN add comment=Internet interface=ether1 list=WAN /ip address add address=10.5.50.1/24 comment="IP address for Hotspot bridge" interface=\
Hotspot_Bridge network=10.5.50.0
add address=192.168.60.1/24 interface=ether2 network=192.168.60.0 /ip dhcp-client add comment=Internet dhcp-options=hostname,clientid disabled=no interface=\
ether1
/ip dhcp-server network add address=10.5.50.0/24 comment="Hotspot pool" gateway=10.5.50.1 add address=192.168.60.0/24 gateway=192.168.60.1 /ip dns set allow-remote-requests=yes
/ip firewall filter add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=drop chain=input disabled=yes in-interface=sstp-tanzania /ip firewall nat add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
/ip firewall nat add action=masquerade chain=srcnat out-interface=*9 /ip hotspot walled-garden add action=deny dst-host=*porn* server=server1 add dst-host=login.muftwifi.com server=server1 add dst-host=*mitu.or.tz server=server1 add dst-host=*healthresearchweb.org server=server1 add dst-host=*TrygtSvangerskap.no server=server1 add dst-host=*tanzania.go.tz server=server1 add dst-host=*wdr.de server=server1 add dst-host=*google.co.tz server=server1 add dst-host=*google.com server=server1 add dst-host=*yeboo.com server=server1 add dst-host=*moh.go.tz server=server1 add dst-host=*.go.tz server=server1 add dst-host=*nimr.or.tz server=server1 add dst-host=*sua.ac.tz server=server1 add dst-host=*mnh.or.tz server=server1 add dst-host=*mzrh.go.tz server=server1 add dst-host=*msd.go.tz server=server1 add dst-host=*tfda.go.tz server=server1 add dst-host=*nbs.go.tz server=server1 add dst-host=*nbts.go.tz server=server1 add dst-host=*ntlp.go.tz server=server1 add dst-host=*thps.or.tz server=server1 add dst-host=*nacp.go.tz server=server1 add dst-host=*apt.or.tz server=server1 add dst-host=*bugandomedicalcentre.go.tz server=server1 add dst-host=*ccbrt.or.tz server=server1 add dst-host=*edu.tz server=server1 add dst-host=*who.int server=server1 add dst-host=*.int server=server1 add dst-host=*unicef.org server=server1 add dst-host=*nhif.or.tz server=server1 add dst-host=*mcdgc.co.tz server=server1 add dst-host=*ac.tz server=server1 add dst-host=*imis.tfda.go.tz server=server1 add dst-host=*hmisportal.moh.go.tz server=server1 add dst-host=*ammehjelp.no server=server1 add dst-host=*domene.shop server=server1 add dst-host=*helsenorge.no server=server1 add dst-host=*helsedirektoratet.no server=server1 add dst-host=*matportalen.no server=server1 add dst-host=*dinutvei.no server=server1 add dst-host=*rustelefonen.no server=server1 add dst-host=*slutta.no server=server1 add dst-host=*tryggmammamedisin.no server=server1 add dst-host=*hioa.no server=server1 add dst-host=*uio.no server=server1 add dst-host=*ous.no server=server1 add dst-host=*ruter.no server=server1 add dst-host=*yr.no server=server1 add dst-host=*unik.no server=server1 add dst-host=*digicert.com server=server1 add dst-host=*opera-mini.net server=server1 add dst-host=*gravidpluss.no server=server1 add dst-host=*gravidpluss.org server=server1 add dst-host=*norad.no server=server1 add dst-host=*digi.futurecompetence.net server=server1 add dst-host=*basicinternet.no server=server1 add dst-host=*basicinternet.org server=server1 add dst-host=*its-wiki.no server=server1 add dst-host=*wikipedia.org server=server1 add dst-host=*sustainabledevelopment.un.org server=server1 add dst-host=*facebook.com server=server1 add dst-host=free.facebook.com server=server1 add dst-host=*amazon.com server=server1 add dst-host=*akadns* server=server1 add dst-host=*akamai* server=server1 add dst-host=*un.org server=server1 add dst-host=*whatsapp.net server=server1 add dst-host=*apple.com server=server1 add dst-host=*google.no server=server1 add dst-host=*gstatic.com server=server1 add dst-host=*google.com server=server1 add dst-host=*googleusercontent.com server=server1 add dst-host=*gvt1.com server=server1 add dst-host=*bing.com server=server1 add dst-host=*who.int server=server1 /ip hotspot walled-garden ip add action=accept disabled=no dst-address=52.88.179.209 !dst-address-list \
!dst-port !protocol server=server1 !src-address !src-address-list
/ip route add dst-address=192.168.111.10 gateway=172.29.0.1
/ip route add distance=1 dst-address=192.168.111.10/32 gateway=sstp-tanzania
/ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set api disabled=yes set winbox address=192.168.60.0/24 set api-ssl disabled=yes /ip ssh set allow-none-crypto=yes /radius add address=193.156.3.235 secret=basicinternet service=hotspot /system clock set time-zone-name=Europe/Oslo /system identity set name=BasicInternet_Core_Mali /system scheduler add interval=1d name=statusticJob on-event=Statistic policy=\
read,write,policy,test start-date=mar/29/2019 start-time=00:05:00
add interval=1d name=WhitelistUpdate_job on-event=WhiteList_Update policy=\
read,write,policy,test start-date=sep/15/2018 start-time=00:05:00
/system script add dont-require-permissions=no name=WhiteList_Update owner=\
admin@BasicInternet policy=read,write,policy,test source="#Download a file\ \_with whitelisted website and add to hotspot walled-garden\r\ \n#File should be in form of:server_name,destination_host,action,optional_\ destination_port\r\ \n/tool fetch mode=https user=\"TEST_BI\" password=\"90838066\" url=\"http\ s://owncloud.basicinternet.org/remote.php/webdav/Device/hapAC-Mali.txt\"\r\ \n:if ( [:len hapAC-Mali.txt] != [:len LastWhitelist.txt] ) do={\r\ \n\r\ \n#remove Hotspot walled-garden entries\r\ \n:foreach ENTRY in=[/ip hotspot walled-garden find] do={\r\ \n/ip hotspot walled-garden remove number=\$ENTRY\r\ \n}\r\ \n#Add downloaded whitelist to Hotspot whitelist\r\ \n#Read the file contents\r\ \n:global content [/file get hapAC-Mali.txt contents]\r\ \n:global contentLen [ :len \$content ]\r\ \n:global lineEnd 0\r\ \n:global line \"\"\r\ \n:global lastEnd 0\r\ \n\r\ \n:do {\r\ \n#Determine end of line by newline charachter\r\ \n:set lineEnd [:find \$content \"\\r\\n\" \$lastEnd ]\r\ \n:set line [:pick \$content \$lastEnd \$lineEnd]\r\ \n:set lastEnd ( \$lineEnd + 2 )\r\ \n#Convert string to array\r\ \n:local tmpArray [:toarray \$line] \r\ \n:if ( [:pick \$tmpArray 0] != \"\" ) do={\r\ \n#Add rule to Hotspot walled-garden\r\ \n/ip hotspot walled-garden add server=\"server1\" dst-host=[:pick \$tmpAr\ ray 0] dst-port=[:pick \$tmpArray 2] action=[:pick \$tmpArray 1]\r\ \n}\r\ \n} while (\$lineEnd < (\$contentLen - 2))\r\ \n\r\ \n\r\ \n/tool fetch mode=https user=\"TEST_BI\" password=\"90838066\" url=\"http\ s://owncloud.basicinternet.org/remote.php/webdav/Device/hapAC-Mali.txt\" d\ st-path=\"LastWhitelist.txt\"\r\ \n\r\ \n}"
add dont-require-permissions=no name=Statistic owner=admin@BasicInternet \
policy=read,write,policy,test source="#Send statistics including Walled-Ga\ rden hits, Ether1 bytes, hs free internet and number of users\r\ \n:global WebProxyTemp\r\ \n:global Ether1RXTemp\r\ \n:global Ether1TXTemp\r\ \n:local temp \"EmptyHost\"\r\ \n:local HitStr \"\"\r\ \n# print Mikrotik hotspot walled garden entries ( as-value is good for pa\ rsing)\r\ \n:local WalledGarden [/ip hotspot walled-garden print as-value]\r\ \n#Iterate through each line in the walled garden \r\ \n:foreach line in=\$WalledGarden do={\r\ \n#Iterate through each key=value in each line\r\ \n:foreach key,value in=\$line do={\r\ \n#Find the destination host key=value\r\ \n:if (\$key = \"dst-host\") do={ :set \$temp \"\$value\"}\r\ \n#Find the Hits key=value\r\ \n:if (\$key = \"hits\") do={ :set HitStr (\$HitStr . \$temp . \"=\" . \$v\ alue . \";\")}\r\ \n}\r\ \n}\r\ \n#Get Walledgaren usage in KB through web proxy\r\ \n:local ProxyLine [/ip proxy monitor once as-value];\r\ \n#Iterate through each line in the filter \r\ \n:foreach key2,value2 in=\$ProxyLine do={\r\ \n:if (\$key2 = \"received-from-servers\") do={ :set \$hsFreeKB \$value2}\ \r\ \n}\r\ \n#Get the Overall Traffic usage\r\ \n:local Ether1RX [/interface get ether1 rx-byte]\r\ \n:local Ether1TX [/interface get ether1 tx-byte]\r\ \n#Get number of devices connected to hotspot\r\ \n:local NrDevices [/ip hotspot host print count-only]\r\ \n\r\ \n:foreach ENTRY in=[/ip hotspot host find] do={\r\ \n/ip hotspot host remove number=\$ENTRY\r\ \n}\r\ \n# Get system date\r\ \n:local date [/system clock get date]\r\ \n# Get system Time\r\ \n:local time [/system clock get time]\r\ \n#Get RouterBoard box identity\r\ \n:local identity [/system identity get name]\r\ \n# Concatenate all variables to a global variable\r\ \n:global Statistic (\$identity . \" \" . \$date . \" \" . \$time . \" \" \ . \$HitStr . \"Ether1RXMiB=\" . ( (\$Ether1RX - \$Ether1RXTemp) / 1048576)\ \_. \";Ether1TXMiB=\" . ((\$Ether1TX - \$Ether1TXTemp) / 1048576) . \";hsF\ reeMiB=\" . ( (\$hsFreeKB - \$WebProxyTemp) / 1024) . \";NrhsDevices=\" . \ \$NrDevices)\r\ \n#Used to keep track of Counter- beacuse reset-counter doesnot work\r\ \n:set \$WebProxyTemp \$hsFreeKB\r\ \n:set \$Ether1RXTemp \$Ether1RX\r\ \n:set \$Ether1TXTemp \$Ether1TX\r\ \n\r\ \n#Reset counters then we have daily usage\r\ \n/ip hotspot walled-garden reset-counters-all\r\ \n#Send walled garden statistics stored in Statistic global variable to re\ mote server HTTPS\r\ \n/tool fetch mode=https keep-result=no user=\"data@infointernet\" passwor\ d=\"b2HmNqB4yrIUaT5KE1OY\" url=\"https://walleddata.basicinternet.org/\" h\ ttp-method=post http-data=\"\$Statistic\""
/tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN
- After this you are done with the LNCC configuration