DigI:RDB52G config

From its-wiki.no

Jump to: navigation, search

back to BasicInternet:Solutions, BasicInternet:InfoSpot_configuration

Configuration of LNCC RDB52G

Figure 1: Example of Winbox configuration for a RB951 LNCC

Configuration through WinBox

Connect the device direct to your laptop and then use the WinBox or the used configuring program

  • either by connecting to WiFi to the LNCC, use the W01: Mac address
  • or connecting to port 2 on the LNCC, use the E02: Mac address (E01: Mac address+1)
  • Note: if connecting through cable, ensure that Wifi on our PC is off

If the device doesn't connect or appear within the configuration window then to connect to cable to port 2

  • Share Wifi IP configuration from MAC
  • If initial "find" from wAP fails, then disconnect Wifi, only connect USB to wAP, and "find"
  • If the available network doesn't permit net/wifi sharing then connect the Mikrotikk device direct to a wifi router such RB960PGS
  • Reason: for updating the packages, the wAP needs to be connected (through the MAC) with Internet

ERROR handling

Login 192.168.60.1

Wine/Crossover - Winbox
admin (see BasicInternet_Passwords.kbdx)BasicInternet
E02: 74:4D:28:E8:4C:81 is the
W01: .... 86

Check Log file

Error: sstp-tanzania: …. terminating, could not resolve name

Interface = SSTP client 
 Dial out: sstp.basicinternet.org -> maincorerouter.basicinternet.org
 CHANGED sstp = maincorerouter.basicinternet.org  (on Domeneshop)
 % Remote?? connection time-out

IP = Hotspot 
ERROR· no connection to its-wiki.no
Reason: https://yeboo.com is blocked (local raspberry Pi)
 /ip firewall filter add action=drop chain=forward comment="block yeboo https" content=yeboo disabled=no dst-port=443 protocol.tcp

Use the configuration steps on http://owncloud.basicinternet.org

Steps

1. Connect the wAP

  • Connect the LNCC (RDB52G) to a network on Port 1 (not necessary for the first steps)
  • Connect the Mac/PC to the LNCC wifi network that will appear on your network list looks like MikroTik-28FBFB
    • Alternative: Connect the Mac/PC to port 2 of the LNCC

2. Open Winbox (PC) or Winbox4Mac (Mac)

  • Go to neighbours connect to the device appears
  • If no one appears click refresh then it will come up
  • Then there is an automatic message will come up choose (Remove configuration)
  • Go to System=> reset-configuration no-default=>yes
  • Automatically, you will be logged out

3. Connect the LNCC to the Mac

  • Go to neighbours connect to the device appears
  • If no one appears click refresh then it will come up
  • If it doesn't work unconnected the LNCC
  • Usually, the LNCC won't connect if you use a limited and strict network that you should change to another network to give you the ability to share the network with the Mikrotik device (or disconnect to your existing network and just connect to the LNCC)
    • go to network preferences and choose USB10/...00LAN
  • Go to the sharing folder in the setting and open sharing

4. Open Winbox or Winbox4Mac

  • After connecting go to IP => DHCP client => click on (+) on the top to the left
  • Go to interface and select (ether 1) => apply => OK
  • A table will appear and show Interface (ether1), Use P... (Yes), Add D... (Yes), IP Address (....numbers...), Expire After (...time...), & Status (bound)

5. Update the system

Goto System

  • Choose packages => check for updates => Download&Install (Note: will only work if you are connected through a shared network)
  • Down the box you will get the message Download and rebooting

Installing the specific Basic Internet configuration

The Basic Internet configuration is done in three steps, with specific instructions provided on owncloud

1. Step is to upload certficates to the flash directory, to make them available after reboot

  • see owncloud = Device config = 01-LNCC_RBD52G = 00Install_LNCC_Tanzania_2021.txt (or corresponding file)
  • installing instructions from 1New.txt

2. Step is to install the specific credentials to the LNCC, giving the LNCC a connection to the Basic Internet core router

  • Installating instructions from e.g. 2_TZS_84.txt (the configuration for device 84 for the voucher region schools in Tanzania - TZS)

3. Step is to install the country specific white list

  • installing follows the steps from 3New.txt


<--- OLD INFO, disregarded

  • Upload three certificate files those will be found one OwnCloud=> Certificate8 directory, contains bif_client_tz8.crt,key,csrr ( 3 files 1. Ca.crt 2. Client1.crt 3.client1.key)
  • The certificate file should be uploaded in the winbox=> file=> file list=> flash directory
  • Go to file list and import the suitable configuration file (RB921) from OwnCloud => BasicInternet => Technology => Mikrotik => Tanzania_backups => the file name
  • Take the file to the window File list and there will appear with the other two folders flash & flash/skins
  • Take the file another time and this time put it within the flash/skin folder to be imported in it also

Go to New Terminal

  • On the end of the page write the command (import the file you imported's name)
  • Press enter and wait for a few seconds
  • It should give you a message that the file is loaded and executed successfully

7. Second method

Go to files

  • Upload the certificates files from Owncloud (bif_client_tz8.crt,key,csrr)

Go to New Terminal

  • copy the following command lines and paste them into the terminal and press "Enter" key

/interface bridge add comment="Bridge to distribute hotspot" fast-forward=no name=\

   Hotspot_Bridge

/interface wireless set [ find default-name=wlan1 ] disabled=no mode=ap-bridge radio-name=\

   BasicInternet_AP ssid=BasicInternet

set [ find default-name=wlan2 ] disabled=no mode=ap-bridge radio-name=\

   BasicInternet_AP ssid=BasicInternet

/interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] dns-name=access.basicinternet.org hotspot-address=\

   10.5.50.1 html-directory=flash/BI_hotspot login-by=http-chap name=\
   BS_Hotspot_Profile use-radius=yes

/ip hotspot user profile set [ find default=yes ] session-timeout=1h shared-users=unlimited /ip pool add comment="Hotspot pool" name=HSPool ranges=10.5.50.10-10.5.50.254 add name=PoolEther2 ranges=192.168.60.10-192.168.60.20 /ip dhcp-server add add-arp=yes address-pool=HSPool disabled=no interface=Hotspot_Bridge \

   name=HSDHCP

add address-pool=PoolEther2 disabled=no interface=ether2 name=server1 /ip hotspot add address-pool=HSPool addresses-per-mac=1 disabled=no idle-timeout=none \

   interface=Hotspot_Bridge name=server1
  • copy the following command line and paste it into the terminal and press "Enter" key

/certificate import file-name=ca.crt

Then you will be asked for the password below b1fcl13nt1


  • copy the following command line and paste it into the terminal and press "Enter" key

/certificate import file-name=client1.crt

Then you will be asked for the password below b1fcl13nt1

  • copy the following command line and paste it into the terminal and press "Enter" key

/certificate import file-name=client1.key

Then you will be asked for the password below b1fcl13nt1

  • copy the following command lines and paste it into the terminal and press "Enter" key

/interface sstp-client add authentication=mschap2 certificate=bif_client_tz7.crt_0 connect-to=\

   maincorerouter.basicinternet.org disabled=no name=sstp-tanzania password=\
   t4nz4n14s3v3n profile=default-encryption user=sstptanzania7

/interface bridge port add bridge=Hotspot_Bridge interface=ether4 add bridge=Hotspot_Bridge interface=ether5 add bridge=Hotspot_Bridge interface=wlan1 add bridge=Hotspot_Bridge interface=wlan2 add bridge=Hotspot_Bridge interface=ether3 /ip neighbor discovery-settings set discover-interface-list=LAN /interface list member add comment=Hotspot interface=Hotspot_Bridge list=LAN add comment=Internet interface=ether1 list=WAN /ip address add address=10.5.50.1/24 comment="IP address for Hotspot bridge" interface=\

   Hotspot_Bridge network=10.5.50.0

add address=192.168.60.1/24 interface=ether2 network=192.168.60.0 /ip dhcp-client add comment=Internet dhcp-options=hostname,clientid disabled=no interface=\

   ether1

/ip dhcp-server network add address=10.5.50.0/24 comment="Hotspot pool" gateway=10.5.50.1 add address=192.168.60.0/24 gateway=192.168.60.1 /ip dns set allow-remote-requests=yes

/ip firewall filter add action=passthrough chain=unused-hs-chain comment=\

   "place hotspot rules here" disabled=yes

add action=drop chain=input disabled=yes in-interface=sstp-tanzania /ip firewall nat add action=passthrough chain=unused-hs-chain comment=\

   "place hotspot rules here" disabled=yes

add action=passthrough chain=unused-hs-chain comment=\

   "place hotspot rules here" disabled=yes

/ip firewall nat add action=masquerade chain=srcnat out-interface=*9 /ip hotspot walled-garden add action=deny dst-host=*porn* server=server1 add dst-host=login.muftwifi.com server=server1 add dst-host=*mitu.or.tz server=server1 add dst-host=*healthresearchweb.org server=server1 add dst-host=*TrygtSvangerskap.no server=server1 add dst-host=*tanzania.go.tz server=server1 add dst-host=*wdr.de server=server1 add dst-host=*google.co.tz server=server1 add dst-host=*google.com server=server1 add dst-host=*yeboo.com server=server1 add dst-host=*moh.go.tz server=server1 add dst-host=*.go.tz server=server1 add dst-host=*nimr.or.tz server=server1 add dst-host=*sua.ac.tz server=server1 add dst-host=*mnh.or.tz server=server1 add dst-host=*mzrh.go.tz server=server1 add dst-host=*msd.go.tz server=server1 add dst-host=*tfda.go.tz server=server1 add dst-host=*nbs.go.tz server=server1 add dst-host=*nbts.go.tz server=server1 add dst-host=*ntlp.go.tz server=server1 add dst-host=*thps.or.tz server=server1 add dst-host=*nacp.go.tz server=server1 add dst-host=*apt.or.tz server=server1 add dst-host=*bugandomedicalcentre.go.tz server=server1 add dst-host=*ccbrt.or.tz server=server1 add dst-host=*edu.tz server=server1 add dst-host=*who.int server=server1 add dst-host=*.int server=server1 add dst-host=*unicef.org server=server1 add dst-host=*nhif.or.tz server=server1 add dst-host=*mcdgc.co.tz server=server1 add dst-host=*ac.tz server=server1 add dst-host=*imis.tfda.go.tz server=server1 add dst-host=*hmisportal.moh.go.tz server=server1 add dst-host=*ammehjelp.no server=server1 add dst-host=*domene.shop server=server1 add dst-host=*helsenorge.no server=server1 add dst-host=*helsedirektoratet.no server=server1 add dst-host=*matportalen.no server=server1 add dst-host=*dinutvei.no server=server1 add dst-host=*rustelefonen.no server=server1 add dst-host=*slutta.no server=server1 add dst-host=*tryggmammamedisin.no server=server1 add dst-host=*hioa.no server=server1 add dst-host=*uio.no server=server1 add dst-host=*ous.no server=server1 add dst-host=*ruter.no server=server1 add dst-host=*yr.no server=server1 add dst-host=*unik.no server=server1 add dst-host=*digicert.com server=server1 add dst-host=*opera-mini.net server=server1 add dst-host=*gravidpluss.no server=server1 add dst-host=*gravidpluss.org server=server1 add dst-host=*norad.no server=server1 add dst-host=*digi.futurecompetence.net server=server1 add dst-host=*basicinternet.no server=server1 add dst-host=*basicinternet.org server=server1 add dst-host=*its-wiki.no server=server1 add dst-host=*wikipedia.org server=server1 add dst-host=*sustainabledevelopment.un.org server=server1 add dst-host=*facebook.com server=server1 add dst-host=free.facebook.com server=server1 add dst-host=*amazon.com server=server1 add dst-host=*akadns* server=server1 add dst-host=*akamai* server=server1 add dst-host=*un.org server=server1 add dst-host=*whatsapp.net server=server1 add dst-host=*apple.com server=server1 add dst-host=*google.no server=server1 add dst-host=*gstatic.com server=server1 add dst-host=*google.com server=server1 add dst-host=*googleusercontent.com server=server1 add dst-host=*gvt1.com server=server1 add dst-host=*bing.com server=server1 add dst-host=*who.int server=server1 /ip hotspot walled-garden ip add action=accept disabled=no dst-address=52.88.179.209 !dst-address-list \

   !dst-port !protocol server=server1 !src-address !src-address-list

/ip route add dst-address=192.168.111.10 gateway=172.29.0.1

/ip route add distance=1 dst-address=192.168.111.10/32 gateway=sstp-tanzania

/ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set api disabled=yes set winbox address=192.168.60.0/24 set api-ssl disabled=yes /ip ssh set allow-none-crypto=yes /radius add address=193.156.3.235 secret=basicinternet service=hotspot /system clock set time-zone-name=Europe/Oslo /system identity set name=BasicInternet_Core_Mali /system scheduler add interval=1d name=statusticJob on-event=Statistic policy=\

   read,write,policy,test start-date=mar/29/2019 start-time=00:05:00

add interval=1d name=WhitelistUpdate_job on-event=WhiteList_Update policy=\

   read,write,policy,test start-date=sep/15/2018 start-time=00:05:00

/system script add dont-require-permissions=no name=WhiteList_Update owner=\

   admin@BasicInternet policy=read,write,policy,test source="#Download a file\
   \_with whitelisted website and add to hotspot walled-garden\r\
   \n#File should be in form of:server_name,destination_host,action,optional_\
   destination_port\r\
   \n/tool fetch mode=https user=\"TEST_BI\" password=\"90838066\" url=\"http\
   s://owncloud.basicinternet.org/remote.php/webdav/Device/hapAC-Mali.txt\"\r\
   \n:if ( [:len hapAC-Mali.txt] != [:len LastWhitelist.txt] ) do={\r\
   \n\r\
   \n#remove Hotspot walled-garden entries\r\
   \n:foreach ENTRY in=[/ip hotspot walled-garden find] do={\r\
   \n/ip hotspot walled-garden remove number=\$ENTRY\r\
   \n}\r\
   \n#Add downloaded whitelist to Hotspot whitelist\r\
   \n#Read the file contents\r\
   \n:global content [/file get hapAC-Mali.txt contents]\r\
   \n:global contentLen [ :len \$content ]\r\
   \n:global lineEnd 0\r\
   \n:global line \"\"\r\
   \n:global lastEnd 0\r\
   \n\r\
   \n:do {\r\
   \n#Determine end of line by newline charachter\r\
   \n:set lineEnd [:find \$content \"\\r\\n\" \$lastEnd ]\r\
   \n:set line [:pick \$content \$lastEnd \$lineEnd]\r\
   \n:set lastEnd ( \$lineEnd + 2 )\r\
   \n#Convert string to array\r\
   \n:local tmpArray [:toarray \$line] \r\
   \n:if ( [:pick \$tmpArray 0] != \"\" ) do={\r\
   \n#Add rule to Hotspot walled-garden\r\
   \n/ip hotspot walled-garden add server=\"server1\" dst-host=[:pick \$tmpAr\
   ray 0] dst-port=[:pick \$tmpArray 2] action=[:pick \$tmpArray 1]\r\
   \n}\r\
   \n} while (\$lineEnd < (\$contentLen - 2))\r\
   \n\r\
   \n\r\
   \n/tool fetch mode=https user=\"TEST_BI\" password=\"90838066\" url=\"http\
   s://owncloud.basicinternet.org/remote.php/webdav/Device/hapAC-Mali.txt\" d\
   st-path=\"LastWhitelist.txt\"\r\
   \n\r\
   \n}"

add dont-require-permissions=no name=Statistic owner=admin@BasicInternet \

   policy=read,write,policy,test source="#Send statistics including Walled-Ga\
   rden hits, Ether1 bytes, hs free internet and number of users\r\
   \n:global WebProxyTemp\r\
   \n:global Ether1RXTemp\r\
   \n:global Ether1TXTemp\r\
   \n:local temp \"EmptyHost\"\r\
   \n:local HitStr \"\"\r\
   \n# print Mikrotik hotspot walled garden entries ( as-value is good for pa\
   rsing)\r\
   \n:local WalledGarden [/ip hotspot walled-garden print as-value]\r\
   \n#Iterate through each line in the walled garden \r\
   \n:foreach line in=\$WalledGarden do={\r\
   \n#Iterate through each key=value in each line\r\
   \n:foreach key,value in=\$line do={\r\
   \n#Find the destination host key=value\r\
   \n:if (\$key = \"dst-host\") do={ :set \$temp \"\$value\"}\r\
   \n#Find the Hits key=value\r\
   \n:if (\$key = \"hits\") do={ :set HitStr (\$HitStr . \$temp . \"=\" . \$v\
   alue . \";\")}\r\
   \n}\r\
   \n}\r\
   \n#Get Walledgaren usage in KB through web proxy\r\
   \n:local ProxyLine [/ip proxy monitor once as-value];\r\
   \n#Iterate through each line in the filter \r\
   \n:foreach key2,value2 in=\$ProxyLine do={\r\
   \n:if (\$key2 = \"received-from-servers\") do={ :set \$hsFreeKB \$value2}\
   \r\
   \n}\r\
   \n#Get the Overall Traffic usage\r\
   \n:local Ether1RX [/interface get ether1 rx-byte]\r\
   \n:local Ether1TX [/interface get ether1 tx-byte]\r\
   \n#Get number of devices connected to hotspot\r\
   \n:local NrDevices [/ip hotspot host print count-only]\r\
   \n\r\
   \n:foreach ENTRY in=[/ip hotspot host find] do={\r\
   \n/ip hotspot host remove number=\$ENTRY\r\
   \n}\r\
   \n# Get system date\r\
   \n:local date [/system clock get date]\r\
   \n# Get system Time\r\
   \n:local time [/system clock get time]\r\
   \n#Get RouterBoard box identity\r\
   \n:local identity [/system identity get name]\r\
   \n# Concatenate all variables to a global variable\r\
   \n:global Statistic (\$identity . \" \" . \$date . \" \" . \$time . \" \" \
   . \$HitStr . \"Ether1RXMiB=\" . ( (\$Ether1RX - \$Ether1RXTemp) / 1048576)\
   \_. \";Ether1TXMiB=\" . ((\$Ether1TX - \$Ether1TXTemp) / 1048576) . \";hsF\
   reeMiB=\" . ( (\$hsFreeKB - \$WebProxyTemp) / 1024) . \";NrhsDevices=\" . \
   \$NrDevices)\r\
   \n#Used to keep track of Counter- beacuse reset-counter doesnot work\r\
   \n:set \$WebProxyTemp \$hsFreeKB\r\
   \n:set \$Ether1RXTemp \$Ether1RX\r\
   \n:set \$Ether1TXTemp \$Ether1TX\r\
   \n\r\
   \n#Reset counters then we have daily usage\r\
   \n/ip hotspot walled-garden reset-counters-all\r\
   \n#Send walled garden statistics stored in Statistic global variable to re\
   mote server HTTPS\r\
   \n/tool fetch mode=https keep-result=no user=\"data@infointernet\" passwor\
   d=\"b2HmNqB4yrIUaT5KE1OY\" url=\"https://walleddata.basicinternet.org/\" h\
   ttp-method=post http-data=\"\$Statistic\""

/tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN --->

  • After this you are done with the LNCC configuration