Difference between revisions of "DigI:RDB52G config"

From its-wiki.no

Jump to: navigation, search
(Check Log file)
 
(4 intermediate revisions by the same user not shown)
Line 5: Line 5:
 
[[File:RB951-configuration.png|550px|right|thumb|''Figure 1: Example of Winbox configuration for a RB951 LNCC'']]
 
[[File:RB951-configuration.png|550px|right|thumb|''Figure 1: Example of Winbox configuration for a RB951 LNCC'']]
  
== Configuration through WinBox/WinBox4MAC ==
+
== Configuration through WinBox ==
 
Connect the device direct to your laptop and then use the WinBox or the used configuring program  
 
Connect the device direct to your laptop and then use the WinBox or the used configuring program  
 
* either by connecting to WiFi to the LNCC,  use the W01: Mac address
 
* either by connecting to WiFi to the LNCC,  use the W01: Mac address
Line 33: Line 33:
  
 
IP = Hotspot  
 
IP = Hotspot  
</pre>
+
</pre> ERROR· no connection to its-wiki.no
 
+
 
+
ERROR· no connection to its-wiki.no
+
 
<pre>
 
<pre>
 
Reason: https://yeboo.com is blocked (local raspberry Pi)
 
Reason: https://yeboo.com is blocked (local raspberry Pi)
Line 42: Line 39:
 
</pre>
 
</pre>
  
{{Large|''Use the configuration steps on http://owncloud.basicinternet.org''}}
 
 
= Steps =
 
== 1. Connect the wAP ==
 
*Connect the LNCC (RDB52G) to a network on Port 1 (not necessary for the first steps)
 
*Connect the Mac/PC to the LNCC wifi network that will appear on your network list looks like MikroTik-28FBFB
 
** ''Alternative: Connect the Mac/PC to port 2 of the LNCC''
 
 
== 2. Open Winbox4Mac ==
 
*Go to neighbours connect to the device appears
 
*If no one appears click refresh then it will come up
 
*Then there is an automatic message will come up choose (Remove configuration)
 
*Go to System=> reset-configuration no-default=>yes
 
*Automatically, you will be logged out
 
== 3. Connect the LNCC to the Mac ==
 
*Go to neighbours connect to the device appears
 
*If no one appears click refresh then it will come up
 
* If it doesn't work unconnected the LNCC
 
*Usually, it won't connect if you use a limited and strict network that you should change to another network to give you the ability to share the network with the Mikrotik device
 
* go to network preferences and choose USB10/...00LAN
 
*Go to the sharing folder in the setting and open sharing
 
== 4. Open Winbox4Mac ==
 
*After connecting go to IP => DHCP client => click on (+) on the top to the left
 
* Go to interface and select (ether 1) => apply => OK
 
*A table will appear and show Interface (ether1), Use P... (Yes), Add D... (Yes), IP Address (....numbers...), Expire After (...time...), & Status (bound)
 
== 5. Go to system ==
 
* Choose packages => check for updates => Download&Install
 
* Down the box you will get the message Download and rebooting
 
 
**There are two options from this step to finalise the configuration. Both are explained in 6 and 7
 
 
== 6. First method ==
 
== Go to files ==
 
*Upload three certificate files those will be found one OwnCloud=> Certificate8 directory, contains bif_client_tz8.crt,key,csrr ( 3 files 1. Ca.crt 2. Client1.crt 3.client1.key)
 
* The certificate file should be uploaded in the winbox=> file=> file list=> flash directory
 
* Go to file list and import the suitable configuration file (RB921) from OwnCloud => BasicInternet => Technology => Mikrotik => Tanzania_backups => the file name
 
*Take the file to the window File list and there will appear with the other two folders flash & flash/skins
 
*Take the file another time and this time put it within the flash/skin folder to be imported in it also
 
 
== Go to New Terminal ==
 
*On the end of the page write the command (import the file you imported's name)
 
*Press enter and wait for a few seconds
 
* It should give you a message that the file is loaded and executed successfully
 
 
== 7. Second method ==
 
== Go to files ==
 
* Upload the certificates files from Owncloud (bif_client_tz8.crt,key,csrr)
 
 
== Go to New Terminal ==
 
* copy the following command lines and paste them into the terminal and press "Enter" key
 
/interface bridge
 
add comment="Bridge to distribute hotspot" fast-forward=no name=\
 
    Hotspot_Bridge
 
/interface wireless
 
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge radio-name=\
 
    BasicInternet_AP ssid=BasicInternet
 
set [ find default-name=wlan2 ] disabled=no mode=ap-bridge radio-name=\
 
    BasicInternet_AP ssid=BasicInternet
 
/interface list
 
add comment=defconf name=WAN
 
add comment=defconf name=LAN
 
/interface wireless security-profiles
 
set [ find default=yes ] supplicant-identity=MikroTik
 
/ip hotspot profile
 
set [ find default=yes ] dns-name=access.basicinternet.org hotspot-address=\
 
    10.5.50.1 html-directory=flash/BI_hotspot login-by=http-chap name=\
 
    BS_Hotspot_Profile use-radius=yes
 
/ip hotspot user profile
 
set [ find default=yes ] session-timeout=1h shared-users=unlimited
 
/ip pool
 
add comment="Hotspot pool" name=HSPool ranges=10.5.50.10-10.5.50.254
 
add name=PoolEther2 ranges=192.168.60.10-192.168.60.20
 
/ip dhcp-server
 
add add-arp=yes address-pool=HSPool disabled=no interface=Hotspot_Bridge \
 
    name=HSDHCP
 
add address-pool=PoolEther2 disabled=no interface=ether2 name=server1
 
/ip hotspot
 
add address-pool=HSPool addresses-per-mac=1 disabled=no idle-timeout=none \
 
    interface=Hotspot_Bridge name=server1
 
 
* copy the following command line and paste it into the terminal and press "Enter" key
 
/certificate import file-name=ca.crt
 
 
Then you will be asked for the password below
 
b1fcl13nt1
 
 
 
* copy the following command line and paste it into the terminal and press "Enter" key
 
/certificate import file-name=client1.crt
 
 
Then you will be asked for the password below
 
b1fcl13nt1
 
 
* copy the following command line and paste it into the terminal and press "Enter" key
 
/certificate import file-name=client1.key
 
 
Then you will be asked for the password below
 
b1fcl13nt1
 
 
* copy the following command lines and paste it into the terminal and press "Enter" key
 
/interface sstp-client
 
add authentication=mschap2 certificate=bif_client_tz7.crt_0 connect-to=\
 
    maincorerouter.basicinternet.org disabled=no name=sstp-tanzania password=\
 
    t4nz4n14s3v3n profile=default-encryption user=sstptanzania7
 
 
/interface bridge port
 
add bridge=Hotspot_Bridge interface=ether4
 
add bridge=Hotspot_Bridge interface=ether5
 
add bridge=Hotspot_Bridge interface=wlan1
 
add bridge=Hotspot_Bridge interface=wlan2
 
add bridge=Hotspot_Bridge interface=ether3
 
/ip neighbor discovery-settings
 
set discover-interface-list=LAN
 
/interface list member
 
add comment=Hotspot interface=Hotspot_Bridge list=LAN
 
add comment=Internet interface=ether1 list=WAN
 
/ip address
 
add address=10.5.50.1/24 comment="IP address for Hotspot bridge" interface=\
 
    Hotspot_Bridge network=10.5.50.0
 
add address=192.168.60.1/24 interface=ether2 network=192.168.60.0
 
/ip dhcp-client
 
add comment=Internet dhcp-options=hostname,clientid disabled=no interface=\
 
    ether1
 
/ip dhcp-server network
 
add address=10.5.50.0/24 comment="Hotspot pool" gateway=10.5.50.1
 
add address=192.168.60.0/24 gateway=192.168.60.1
 
/ip dns
 
set allow-remote-requests=yes
 
 
/ip firewall filter
 
add action=passthrough chain=unused-hs-chain comment=\
 
    "place hotspot rules here" disabled=yes
 
add action=drop chain=input disabled=yes in-interface=sstp-tanzania
 
/ip firewall nat
 
add action=passthrough chain=unused-hs-chain comment=\
 
    "place hotspot rules here" disabled=yes
 
add action=passthrough chain=unused-hs-chain comment=\
 
    "place hotspot rules here" disabled=yes
 
 
/ip firewall nat add action=masquerade chain=srcnat out-interface=*9
 
/ip hotspot walled-garden
 
add action=deny dst-host=*porn* server=server1
 
add dst-host=login.muftwifi.com server=server1
 
add dst-host=*mitu.or.tz server=server1
 
add dst-host=*healthresearchweb.org server=server1
 
add dst-host=*TrygtSvangerskap.no server=server1
 
add dst-host=*tanzania.go.tz server=server1
 
add dst-host=*wdr.de server=server1
 
add dst-host=*google.co.tz server=server1
 
add dst-host=*google.com server=server1
 
add dst-host=*yeboo.com server=server1
 
add dst-host=*moh.go.tz server=server1
 
add dst-host=*.go.tz server=server1
 
add dst-host=*nimr.or.tz server=server1
 
add dst-host=*sua.ac.tz server=server1
 
add dst-host=*mnh.or.tz server=server1
 
add dst-host=*mzrh.go.tz server=server1
 
add dst-host=*msd.go.tz server=server1
 
add dst-host=*tfda.go.tz server=server1
 
add dst-host=*nbs.go.tz server=server1
 
add dst-host=*nbts.go.tz server=server1
 
add dst-host=*ntlp.go.tz server=server1
 
add dst-host=*thps.or.tz server=server1
 
add dst-host=*nacp.go.tz server=server1
 
add dst-host=*apt.or.tz server=server1
 
add dst-host=*bugandomedicalcentre.go.tz server=server1
 
add dst-host=*ccbrt.or.tz server=server1
 
add dst-host=*edu.tz server=server1
 
add dst-host=*who.int server=server1
 
add dst-host=*.int server=server1
 
add dst-host=*unicef.org server=server1
 
add dst-host=*nhif.or.tz server=server1
 
add dst-host=*mcdgc.co.tz server=server1
 
add dst-host=*ac.tz server=server1
 
add dst-host=*imis.tfda.go.tz server=server1
 
add dst-host=*hmisportal.moh.go.tz server=server1
 
add dst-host=*ammehjelp.no server=server1
 
add dst-host=*domene.shop server=server1
 
add dst-host=*helsenorge.no server=server1
 
add dst-host=*helsedirektoratet.no server=server1
 
add dst-host=*matportalen.no server=server1
 
add dst-host=*dinutvei.no server=server1
 
add dst-host=*rustelefonen.no server=server1
 
add dst-host=*slutta.no server=server1
 
add dst-host=*tryggmammamedisin.no server=server1
 
add dst-host=*hioa.no server=server1
 
add dst-host=*uio.no server=server1
 
add dst-host=*ous.no server=server1
 
add dst-host=*ruter.no server=server1
 
add dst-host=*yr.no server=server1
 
add dst-host=*unik.no server=server1
 
add dst-host=*digicert.com server=server1
 
add dst-host=*opera-mini.net server=server1
 
add dst-host=*gravidpluss.no server=server1
 
add dst-host=*gravidpluss.org server=server1
 
add dst-host=*norad.no server=server1
 
add dst-host=*digi.futurecompetence.net server=server1
 
add dst-host=*basicinternet.no server=server1
 
add dst-host=*basicinternet.org server=server1
 
add dst-host=*its-wiki.no server=server1
 
add dst-host=*wikipedia.org server=server1
 
add dst-host=*sustainabledevelopment.un.org server=server1
 
add dst-host=*facebook.com server=server1
 
add dst-host=free.facebook.com server=server1
 
add dst-host=*amazon.com server=server1
 
add dst-host=*akadns* server=server1
 
add dst-host=*akamai* server=server1
 
add dst-host=*un.org server=server1
 
add dst-host=*whatsapp.net server=server1
 
add dst-host=*apple.com server=server1
 
add dst-host=*google.no server=server1
 
add dst-host=*gstatic.com server=server1
 
add dst-host=*google.com server=server1
 
add dst-host=*googleusercontent.com server=server1
 
add dst-host=*gvt1.com server=server1
 
add dst-host=*bing.com server=server1
 
add dst-host=*who.int server=server1
 
/ip hotspot walled-garden ip
 
add action=accept disabled=no dst-address=52.88.179.209 !dst-address-list \
 
    !dst-port !protocol server=server1 !src-address !src-address-list
 
 
/ip route add dst-address=192.168.111.10 gateway=172.29.0.1
 
 
/ip route
 
add distance=1 dst-address=192.168.111.10/32 gateway=sstp-tanzania
 
 
/ip service
 
set telnet disabled=yes
 
set ftp disabled=yes
 
set www disabled=yes
 
set api disabled=yes
 
set winbox address=192.168.60.0/24
 
set api-ssl disabled=yes
 
/ip ssh
 
set allow-none-crypto=yes
 
/radius
 
add address=193.156.3.235 secret=basicinternet service=hotspot
 
/system clock
 
set time-zone-name=Europe/Oslo
 
/system identity
 
set name=BasicInternet_Core_Mali
 
/system scheduler
 
add interval=1d name=statusticJob on-event=Statistic policy=\
 
    read,write,policy,test start-date=mar/29/2019 start-time=00:05:00
 
add interval=1d name=WhitelistUpdate_job on-event=WhiteList_Update policy=\
 
    read,write,policy,test start-date=sep/15/2018 start-time=00:05:00
 
/system script
 
add dont-require-permissions=no name=WhiteList_Update owner=\
 
    admin@BasicInternet policy=read,write,policy,test source="#Download a file\
 
    \_with whitelisted website and add to hotspot walled-garden\r\
 
    \n#File should be in form of:server_name,destination_host,action,optional_\
 
    destination_port\r\
 
    \n/tool fetch mode=https user=\"TEST_BI\" password=\"90838066\" url=\"http\
 
    s://owncloud.basicinternet.org/remote.php/webdav/Device/hapAC-Mali.txt\"\r\
 
    \n:if ( [:len hapAC-Mali.txt] != [:len LastWhitelist.txt] ) do={\r\
 
    \n\r\
 
    \n#remove Hotspot walled-garden entries\r\
 
    \n:foreach ENTRY in=[/ip hotspot walled-garden find] do={\r\
 
    \n/ip hotspot walled-garden remove number=\$ENTRY\r\
 
    \n}\r\
 
    \n#Add downloaded whitelist to Hotspot whitelist\r\
 
    \n#Read the file contents\r\
 
    \n:global content [/file get hapAC-Mali.txt contents]\r\
 
    \n:global contentLen [ :len \$content ]\r\
 
    \n:global lineEnd 0\r\
 
    \n:global line \"\"\r\
 
    \n:global lastEnd 0\r\
 
    \n\r\
 
    \n:do {\r\
 
    \n#Determine end of line by newline charachter\r\
 
    \n:set lineEnd [:find \$content \"\\r\\n\" \$lastEnd ]\r\
 
    \n:set line [:pick \$content \$lastEnd \$lineEnd]\r\
 
    \n:set lastEnd ( \$lineEnd + 2 )\r\
 
    \n#Convert string to array\r\
 
    \n:local tmpArray [:toarray \$line] \r\
 
    \n:if ( [:pick \$tmpArray 0] != \"\" ) do={\r\
 
    \n#Add rule to Hotspot walled-garden\r\
 
    \n/ip hotspot walled-garden add server=\"server1\" dst-host=[:pick \$tmpAr\
 
    ray 0] dst-port=[:pick \$tmpArray 2] action=[:pick \$tmpArray 1]\r\
 
    \n}\r\
 
    \n} while (\$lineEnd < (\$contentLen - 2))\r\
 
    \n\r\
 
    \n\r\
 
    \n/tool fetch mode=https user=\"TEST_BI\" password=\"90838066\" url=\"http\
 
    s://owncloud.basicinternet.org/remote.php/webdav/Device/hapAC-Mali.txt\" d\
 
    st-path=\"LastWhitelist.txt\"\r\
 
    \n\r\
 
    \n}"
 
add dont-require-permissions=no name=Statistic owner=admin@BasicInternet \
 
    policy=read,write,policy,test source="#Send statistics including Walled-Ga\
 
    rden hits, Ether1 bytes, hs free internet and number of users\r\
 
    \n:global WebProxyTemp\r\
 
    \n:global Ether1RXTemp\r\
 
    \n:global Ether1TXTemp\r\
 
    \n:local temp \"EmptyHost\"\r\
 
    \n:local HitStr \"\"\r\
 
    \n# print Mikrotik hotspot walled garden entries ( as-value is good for pa\
 
    rsing)\r\
 
    \n:local WalledGarden [/ip hotspot walled-garden print as-value]\r\
 
    \n#Iterate through each line in the walled garden \r\
 
    \n:foreach line in=\$WalledGarden do={\r\
 
    \n#Iterate through each key=value in each line\r\
 
    \n:foreach key,value in=\$line do={\r\
 
    \n#Find the destination host key=value\r\
 
    \n:if (\$key = \"dst-host\") do={ :set \$temp \"\$value\"}\r\
 
    \n#Find the Hits key=value\r\
 
    \n:if (\$key = \"hits\") do={ :set HitStr (\$HitStr . \$temp . \"=\" . \$v\
 
    alue . \";\")}\r\
 
    \n}\r\
 
    \n}\r\
 
    \n#Get Walledgaren usage in KB through web proxy\r\
 
    \n:local ProxyLine [/ip proxy monitor once as-value];\r\
 
    \n#Iterate through each line in the filter \r\
 
    \n:foreach key2,value2 in=\$ProxyLine do={\r\
 
    \n:if (\$key2 = \"received-from-servers\") do={ :set \$hsFreeKB \$value2}\
 
    \r\
 
    \n}\r\
 
    \n#Get the Overall Traffic usage\r\
 
    \n:local Ether1RX [/interface get ether1 rx-byte]\r\
 
    \n:local Ether1TX [/interface get ether1 tx-byte]\r\
 
    \n#Get number of devices connected to hotspot\r\
 
    \n:local NrDevices [/ip hotspot host print count-only]\r\
 
    \n\r\
 
    \n:foreach ENTRY in=[/ip hotspot host find] do={\r\
 
    \n/ip hotspot host remove number=\$ENTRY\r\
 
    \n}\r\
 
    \n# Get system date\r\
 
    \n:local date [/system clock get date]\r\
 
    \n# Get system Time\r\
 
    \n:local time [/system clock get time]\r\
 
    \n#Get RouterBoard box identity\r\
 
    \n:local identity [/system identity get name]\r\
 
    \n# Concatenate all variables to a global variable\r\
 
    \n:global Statistic (\$identity . \" \" . \$date . \" \" . \$time . \" \" \
 
    . \$HitStr . \"Ether1RXMiB=\" . ( (\$Ether1RX - \$Ether1RXTemp) / 1048576)\
 
    \_. \";Ether1TXMiB=\" . ((\$Ether1TX - \$Ether1TXTemp) / 1048576) . \";hsF\
 
    reeMiB=\" . ( (\$hsFreeKB - \$WebProxyTemp) / 1024) . \";NrhsDevices=\" . \
 
    \$NrDevices)\r\
 
    \n#Used to keep track of Counter- beacuse reset-counter doesnot work\r\
 
    \n:set \$WebProxyTemp \$hsFreeKB\r\
 
    \n:set \$Ether1RXTemp \$Ether1RX\r\
 
    \n:set \$Ether1TXTemp \$Ether1TX\r\
 
    \n\r\
 
    \n#Reset counters then we have daily usage\r\
 
    \n/ip hotspot walled-garden reset-counters-all\r\
 
    \n#Send walled garden statistics stored in Statistic global variable to re\
 
    mote server HTTPS\r\
 
    \n/tool fetch mode=https keep-result=no user=\"data@infointernet\" passwor\
 
    d=\"b2HmNqB4yrIUaT5KE1OY\" url=\"https://walleddata.basicinternet.org/\" h\
 
    ttp-method=post http-data=\"\$Statistic\""
 
/tool mac-server
 
set allowed-interface-list=LAN
 
/tool mac-server mac-winbox
 
set allowed-interface-list=LAN
 
  
 +
== Detailed configuration of the LNCC ==
  
* After this you are done with the LNCC configuration
+
{{Large|'''Use the configuration steps on http://Nextcloud.basicinternet.org'''}}, start from https://nextcloud.basicinternet.org/index.php/f/6092 (registration & approval required)

Latest revision as of 18:48, 14 October 2022

Digital Inclusion (DigI)
Home Overview connected Villages Tanzania Publications About us
English-Language-icon.png

back to BasicInternet:Solutions, BasicInternet:InfoSpot_configuration

Configuration of LNCC RDB52G

Figure 1: Example of Winbox configuration for a RB951 LNCC

Configuration through WinBox

Connect the device direct to your laptop and then use the WinBox or the used configuring program

  • either by connecting to WiFi to the LNCC, use the W01: Mac address
  • or connecting to port 2 on the LNCC, use the E02: Mac address (E01: Mac address+1)
  • Note: if connecting through cable, ensure that Wifi on our PC is off

If the device doesn't connect or appear within the configuration window then to connect to cable to port 2

  • Share Wifi IP configuration from MAC
  • If initial "find" from wAP fails, then disconnect Wifi, only connect USB to wAP, and "find"
  • If the available network doesn't permit net/wifi sharing then connect the Mikrotikk device direct to a wifi router such RB960PGS
  • Reason: for updating the packages, the wAP needs to be connected (through the MAC) with Internet

ERROR handling

Login 192.168.60.1

Wine/Crossover - Winbox
admin (see BasicInternet_Passwords.kbdx)BasicInternet
E02: 74:4D:28:E8:4C:81 is the
W01: .... 86

Check Log file

Error: sstp-tanzania: …. terminating, could not resolve name 

Interface = SSTP client 
 Dial out: sstp.basicinternet.org -> maincorerouter.basicinternet.org
 CHANGED sstp = maincorerouter.basicinternet.org  (on Domeneshop)
 % Remote?? connection time-out

IP = Hotspot
ERROR· no connection to its-wiki.no 
Reason: https://yeboo.com is blocked (local raspberry Pi)
 /ip firewall filter add action=drop chain=forward comment="block yeboo https" content=yeboo disabled=no dst-port=443 protocol.tcp


Detailed configuration of the LNCC

Use the configuration steps on http://Nextcloud.basicinternet.org, start from https://nextcloud.basicinternet.org/index.php/f/6092 (registration & approval required)

Retrieved from "https://its-wiki.no/index.php?title=DigI:RDB52G_config&oldid=49658"