DigI:RDB52G config

From its-wiki.no

Jump to: navigation, search

back to BasicInternet:Solutions, BasicInternet:InfoSpot_configuration

Configuration of LNCC RDB52G

Figure 1: Example of Winbox configuration for a RB951 LNCC

Configuration through WinBox

Connect the device direct to your laptop and then use the WinBox or the used configuring program

  • either by connecting to WiFi to the LNCC, use the W01: Mac address
  • or connecting to port 2 on the LNCC, use the E02: Mac address (E01: Mac address+1)
  • Note: if connecting through cable, ensure that Wifi on our PC is off

If the device doesn't connect or appear within the configuration window then to connect to cable to port 2

  • Share Wifi IP configuration from MAC
  • If initial "find" from wAP fails, then disconnect Wifi, only connect USB to wAP, and "find"
  • If the available network doesn't permit net/wifi sharing then connect the Mikrotikk device direct to a wifi router such RB960PGS
  • Reason: for updating the packages, the wAP needs to be connected (through the MAC) with Internet

ERROR handling

Login 192.168.60.1

Wine/Crossover - Winbox
admin (see BasicInternet_Passwords.kbdx)BasicInternet
E02: 74:4D:28:E8:4C:81 is the
W01: .... 86

Check Log file

Error: sstp-tanzania: …. terminating, could not resolve name

Interface = SSTP client 
 Dial out: sstp.basicinternet.org -> maincorerouter.basicinternet.org
 CHANGED sstp = maincorerouter.basicinternet.org  (on Domeneshop)
 % Remote?? connection time-out

IP = Hotspot 


ERROR· no connection to its-wiki.no

Reason: https://yeboo.com is blocked (local raspberry Pi)
 /ip firewall filter add action=drop chain=forward comment="block yeboo https" content=yeboo disabled=no dst-port=443 protocol.tcp

Use the configuration steps on http://owncloud.basicinternet.org

Steps

1. Connect the wAP

  • Connect the LNCC (RDB52G) to a network on Port 1 (not necessary for the first steps)
  • Connect the Mac/PC to the LNCC wifi network that will appear on your network list looks like MikroTik-28FBFB
    • Alternative: Connect the Mac/PC to port 2 of the LNCC

2. Open Winbox4Mac

  • Go to neighbours connect to the device appears
  • If no one appears click refresh then it will come up
  • Then there is an automatic message will come up choose (Remove configuration)
  • Go to System=> reset-configuration no-default=>yes
  • Automatically, you will be logged out

3. Connect the LNCC to the Mac

  • Go to neighbours connect to the device appears
  • If no one appears click refresh then it will come up
  • If it doesn't work unconnected the LNCC
  • Usually, it won't connect if you use a limited and strict network that you should change to another network to give you the ability to share the network with the Mikrotik device
  • go to network preferences and choose USB10/...00LAN
  • Go to the sharing folder in the setting and open sharing

4. Open Winbox4Mac

  • After connecting go to IP => DHCP client => click on (+) on the top to the left
  • Go to interface and select (ether 1) => apply => OK
  • A table will appear and show Interface (ether1), Use P... (Yes), Add D... (Yes), IP Address (....numbers...), Expire After (...time...), & Status (bound)

5. Go to system

  • Choose packages => check for updates => Download&Install
  • Down the box you will get the message Download and rebooting
    • There are two options from this step to finalise the configuration. Both are explained in 6 and 7

6. First method

Go to files

  • Upload three certificate files those will be found one OwnCloud=> Certificate8 directory, contains bif_client_tz8.crt,key,csrr ( 3 files 1. Ca.crt 2. Client1.crt 3.client1.key)
  • The certificate file should be uploaded in the winbox=> file=> file list=> flash directory
  • Go to file list and import the suitable configuration file (RB921) from OwnCloud => BasicInternet => Technology => Mikrotik => Tanzania_backups => the file name
  • Take the file to the window File list and there will appear with the other two folders flash & flash/skins
  • Take the file another time and this time put it within the flash/skin folder to be imported in it also

Go to New Terminal

  • On the end of the page write the command (import the file you imported's name)
  • Press enter and wait for a few seconds
  • It should give you a message that the file is loaded and executed successfully

7. Second method

Go to files

  • Upload the certificates files from Owncloud (bif_client_tz8.crt,key,csrr)

Go to New Terminal

  • copy the following command lines and paste them into the terminal and press "Enter" key

/interface bridge add comment="Bridge to distribute hotspot" fast-forward=no name=\

   Hotspot_Bridge

/interface wireless set [ find default-name=wlan1 ] disabled=no mode=ap-bridge radio-name=\

   BasicInternet_AP ssid=BasicInternet

set [ find default-name=wlan2 ] disabled=no mode=ap-bridge radio-name=\

   BasicInternet_AP ssid=BasicInternet

/interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] dns-name=access.basicinternet.org hotspot-address=\

   10.5.50.1 html-directory=flash/BI_hotspot login-by=http-chap name=\
   BS_Hotspot_Profile use-radius=yes

/ip hotspot user profile set [ find default=yes ] session-timeout=1h shared-users=unlimited /ip pool add comment="Hotspot pool" name=HSPool ranges=10.5.50.10-10.5.50.254 add name=PoolEther2 ranges=192.168.60.10-192.168.60.20 /ip dhcp-server add add-arp=yes address-pool=HSPool disabled=no interface=Hotspot_Bridge \

   name=HSDHCP

add address-pool=PoolEther2 disabled=no interface=ether2 name=server1 /ip hotspot add address-pool=HSPool addresses-per-mac=1 disabled=no idle-timeout=none \

   interface=Hotspot_Bridge name=server1
  • copy the following command line and paste it into the terminal and press "Enter" key

/certificate import file-name=ca.crt

Then you will be asked for the password below b1fcl13nt1


  • copy the following command line and paste it into the terminal and press "Enter" key

/certificate import file-name=client1.crt

Then you will be asked for the password below b1fcl13nt1

  • copy the following command line and paste it into the terminal and press "Enter" key

/certificate import file-name=client1.key

Then you will be asked for the password below b1fcl13nt1

  • copy the following command lines and paste it into the terminal and press "Enter" key

/interface sstp-client add authentication=mschap2 certificate=bif_client_tz7.crt_0 connect-to=\

   maincorerouter.basicinternet.org disabled=no name=sstp-tanzania password=\
   t4nz4n14s3v3n profile=default-encryption user=sstptanzania7

/interface bridge port add bridge=Hotspot_Bridge interface=ether4 add bridge=Hotspot_Bridge interface=ether5 add bridge=Hotspot_Bridge interface=wlan1 add bridge=Hotspot_Bridge interface=wlan2 add bridge=Hotspot_Bridge interface=ether3 /ip neighbor discovery-settings set discover-interface-list=LAN /interface list member add comment=Hotspot interface=Hotspot_Bridge list=LAN add comment=Internet interface=ether1 list=WAN /ip address add address=10.5.50.1/24 comment="IP address for Hotspot bridge" interface=\

   Hotspot_Bridge network=10.5.50.0

add address=192.168.60.1/24 interface=ether2 network=192.168.60.0 /ip dhcp-client add comment=Internet dhcp-options=hostname,clientid disabled=no interface=\

   ether1

/ip dhcp-server network add address=10.5.50.0/24 comment="Hotspot pool" gateway=10.5.50.1 add address=192.168.60.0/24 gateway=192.168.60.1 /ip dns set allow-remote-requests=yes

/ip firewall filter add action=passthrough chain=unused-hs-chain comment=\

   "place hotspot rules here" disabled=yes

add action=drop chain=input disabled=yes in-interface=sstp-tanzania /ip firewall nat add action=passthrough chain=unused-hs-chain comment=\

   "place hotspot rules here" disabled=yes

add action=passthrough chain=unused-hs-chain comment=\

   "place hotspot rules here" disabled=yes

/ip firewall nat add action=masquerade chain=srcnat out-interface=*9 /ip hotspot walled-garden add action=deny dst-host=*porn* server=server1 add dst-host=login.muftwifi.com server=server1 add dst-host=*mitu.or.tz server=server1 add dst-host=*healthresearchweb.org server=server1 add dst-host=*TrygtSvangerskap.no server=server1 add dst-host=*tanzania.go.tz server=server1 add dst-host=*wdr.de server=server1 add dst-host=*google.co.tz server=server1 add dst-host=*google.com server=server1 add dst-host=*yeboo.com server=server1 add dst-host=*moh.go.tz server=server1 add dst-host=*.go.tz server=server1 add dst-host=*nimr.or.tz server=server1 add dst-host=*sua.ac.tz server=server1 add dst-host=*mnh.or.tz server=server1 add dst-host=*mzrh.go.tz server=server1 add dst-host=*msd.go.tz server=server1 add dst-host=*tfda.go.tz server=server1 add dst-host=*nbs.go.tz server=server1 add dst-host=*nbts.go.tz server=server1 add dst-host=*ntlp.go.tz server=server1 add dst-host=*thps.or.tz server=server1 add dst-host=*nacp.go.tz server=server1 add dst-host=*apt.or.tz server=server1 add dst-host=*bugandomedicalcentre.go.tz server=server1 add dst-host=*ccbrt.or.tz server=server1 add dst-host=*edu.tz server=server1 add dst-host=*who.int server=server1 add dst-host=*.int server=server1 add dst-host=*unicef.org server=server1 add dst-host=*nhif.or.tz server=server1 add dst-host=*mcdgc.co.tz server=server1 add dst-host=*ac.tz server=server1 add dst-host=*imis.tfda.go.tz server=server1 add dst-host=*hmisportal.moh.go.tz server=server1 add dst-host=*ammehjelp.no server=server1 add dst-host=*domene.shop server=server1 add dst-host=*helsenorge.no server=server1 add dst-host=*helsedirektoratet.no server=server1 add dst-host=*matportalen.no server=server1 add dst-host=*dinutvei.no server=server1 add dst-host=*rustelefonen.no server=server1 add dst-host=*slutta.no server=server1 add dst-host=*tryggmammamedisin.no server=server1 add dst-host=*hioa.no server=server1 add dst-host=*uio.no server=server1 add dst-host=*ous.no server=server1 add dst-host=*ruter.no server=server1 add dst-host=*yr.no server=server1 add dst-host=*unik.no server=server1 add dst-host=*digicert.com server=server1 add dst-host=*opera-mini.net server=server1 add dst-host=*gravidpluss.no server=server1 add dst-host=*gravidpluss.org server=server1 add dst-host=*norad.no server=server1 add dst-host=*digi.futurecompetence.net server=server1 add dst-host=*basicinternet.no server=server1 add dst-host=*basicinternet.org server=server1 add dst-host=*its-wiki.no server=server1 add dst-host=*wikipedia.org server=server1 add dst-host=*sustainabledevelopment.un.org server=server1 add dst-host=*facebook.com server=server1 add dst-host=free.facebook.com server=server1 add dst-host=*amazon.com server=server1 add dst-host=*akadns* server=server1 add dst-host=*akamai* server=server1 add dst-host=*un.org server=server1 add dst-host=*whatsapp.net server=server1 add dst-host=*apple.com server=server1 add dst-host=*google.no server=server1 add dst-host=*gstatic.com server=server1 add dst-host=*google.com server=server1 add dst-host=*googleusercontent.com server=server1 add dst-host=*gvt1.com server=server1 add dst-host=*bing.com server=server1 add dst-host=*who.int server=server1 /ip hotspot walled-garden ip add action=accept disabled=no dst-address=52.88.179.209 !dst-address-list \

   !dst-port !protocol server=server1 !src-address !src-address-list

/ip route add dst-address=192.168.111.10 gateway=172.29.0.1

/ip route add distance=1 dst-address=192.168.111.10/32 gateway=sstp-tanzania

/ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set api disabled=yes set winbox address=192.168.60.0/24 set api-ssl disabled=yes /ip ssh set allow-none-crypto=yes /radius add address=193.156.3.235 secret=basicinternet service=hotspot /system clock set time-zone-name=Europe/Oslo /system identity set name=BasicInternet_Core_Mali /system scheduler add interval=1d name=statusticJob on-event=Statistic policy=\

   read,write,policy,test start-date=mar/29/2019 start-time=00:05:00

add interval=1d name=WhitelistUpdate_job on-event=WhiteList_Update policy=\

   read,write,policy,test start-date=sep/15/2018 start-time=00:05:00

/system script add dont-require-permissions=no name=WhiteList_Update owner=\

   admin@BasicInternet policy=read,write,policy,test source="#Download a file\
   \_with whitelisted website and add to hotspot walled-garden\r\
   \n#File should be in form of:server_name,destination_host,action,optional_\
   destination_port\r\
   \n/tool fetch mode=https user=\"TEST_BI\" password=\"90838066\" url=\"http\
   s://owncloud.basicinternet.org/remote.php/webdav/Device/hapAC-Mali.txt\"\r\
   \n:if ( [:len hapAC-Mali.txt] != [:len LastWhitelist.txt] ) do={\r\
   \n\r\
   \n#remove Hotspot walled-garden entries\r\
   \n:foreach ENTRY in=[/ip hotspot walled-garden find] do={\r\
   \n/ip hotspot walled-garden remove number=\$ENTRY\r\
   \n}\r\
   \n#Add downloaded whitelist to Hotspot whitelist\r\
   \n#Read the file contents\r\
   \n:global content [/file get hapAC-Mali.txt contents]\r\
   \n:global contentLen [ :len \$content ]\r\
   \n:global lineEnd 0\r\
   \n:global line \"\"\r\
   \n:global lastEnd 0\r\
   \n\r\
   \n:do {\r\
   \n#Determine end of line by newline charachter\r\
   \n:set lineEnd [:find \$content \"\\r\\n\" \$lastEnd ]\r\
   \n:set line [:pick \$content \$lastEnd \$lineEnd]\r\
   \n:set lastEnd ( \$lineEnd + 2 )\r\
   \n#Convert string to array\r\
   \n:local tmpArray [:toarray \$line] \r\
   \n:if ( [:pick \$tmpArray 0] != \"\" ) do={\r\
   \n#Add rule to Hotspot walled-garden\r\
   \n/ip hotspot walled-garden add server=\"server1\" dst-host=[:pick \$tmpAr\
   ray 0] dst-port=[:pick \$tmpArray 2] action=[:pick \$tmpArray 1]\r\
   \n}\r\
   \n} while (\$lineEnd < (\$contentLen - 2))\r\
   \n\r\
   \n\r\
   \n/tool fetch mode=https user=\"TEST_BI\" password=\"90838066\" url=\"http\
   s://owncloud.basicinternet.org/remote.php/webdav/Device/hapAC-Mali.txt\" d\
   st-path=\"LastWhitelist.txt\"\r\
   \n\r\
   \n}"

add dont-require-permissions=no name=Statistic owner=admin@BasicInternet \

   policy=read,write,policy,test source="#Send statistics including Walled-Ga\
   rden hits, Ether1 bytes, hs free internet and number of users\r\
   \n:global WebProxyTemp\r\
   \n:global Ether1RXTemp\r\
   \n:global Ether1TXTemp\r\
   \n:local temp \"EmptyHost\"\r\
   \n:local HitStr \"\"\r\
   \n# print Mikrotik hotspot walled garden entries ( as-value is good for pa\
   rsing)\r\
   \n:local WalledGarden [/ip hotspot walled-garden print as-value]\r\
   \n#Iterate through each line in the walled garden \r\
   \n:foreach line in=\$WalledGarden do={\r\
   \n#Iterate through each key=value in each line\r\
   \n:foreach key,value in=\$line do={\r\
   \n#Find the destination host key=value\r\
   \n:if (\$key = \"dst-host\") do={ :set \$temp \"\$value\"}\r\
   \n#Find the Hits key=value\r\
   \n:if (\$key = \"hits\") do={ :set HitStr (\$HitStr . \$temp . \"=\" . \$v\
   alue . \";\")}\r\
   \n}\r\
   \n}\r\
   \n#Get Walledgaren usage in KB through web proxy\r\
   \n:local ProxyLine [/ip proxy monitor once as-value];\r\
   \n#Iterate through each line in the filter \r\
   \n:foreach key2,value2 in=\$ProxyLine do={\r\
   \n:if (\$key2 = \"received-from-servers\") do={ :set \$hsFreeKB \$value2}\
   \r\
   \n}\r\
   \n#Get the Overall Traffic usage\r\
   \n:local Ether1RX [/interface get ether1 rx-byte]\r\
   \n:local Ether1TX [/interface get ether1 tx-byte]\r\
   \n#Get number of devices connected to hotspot\r\
   \n:local NrDevices [/ip hotspot host print count-only]\r\
   \n\r\
   \n:foreach ENTRY in=[/ip hotspot host find] do={\r\
   \n/ip hotspot host remove number=\$ENTRY\r\
   \n}\r\
   \n# Get system date\r\
   \n:local date [/system clock get date]\r\
   \n# Get system Time\r\
   \n:local time [/system clock get time]\r\
   \n#Get RouterBoard box identity\r\
   \n:local identity [/system identity get name]\r\
   \n# Concatenate all variables to a global variable\r\
   \n:global Statistic (\$identity . \" \" . \$date . \" \" . \$time . \" \" \
   . \$HitStr . \"Ether1RXMiB=\" . ( (\$Ether1RX - \$Ether1RXTemp) / 1048576)\
   \_. \";Ether1TXMiB=\" . ((\$Ether1TX - \$Ether1TXTemp) / 1048576) . \";hsF\
   reeMiB=\" . ( (\$hsFreeKB - \$WebProxyTemp) / 1024) . \";NrhsDevices=\" . \
   \$NrDevices)\r\
   \n#Used to keep track of Counter- beacuse reset-counter doesnot work\r\
   \n:set \$WebProxyTemp \$hsFreeKB\r\
   \n:set \$Ether1RXTemp \$Ether1RX\r\
   \n:set \$Ether1TXTemp \$Ether1TX\r\
   \n\r\
   \n#Reset counters then we have daily usage\r\
   \n/ip hotspot walled-garden reset-counters-all\r\
   \n#Send walled garden statistics stored in Statistic global variable to re\
   mote server HTTPS\r\
   \n/tool fetch mode=https keep-result=no user=\"data@infointernet\" passwor\
   d=\"b2HmNqB4yrIUaT5KE1OY\" url=\"https://walleddata.basicinternet.org/\" h\
   ttp-method=post http-data=\"\$Statistic\""

/tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN


  • After this you are done with the LNCC configuration