Wednesday, 28 November 2012

DMASOFTLAB Radius Manager SMS Notification Configuration


DMASOFTLAB Radius Manager have a very nice feature of SMS notification for Account Expiry / New Account Activation Message, New Account Activation Code / Password Recovery and many other cool functions that can be done using this feature, however activating it is a bit complex thing to do. As radius manager supplies clickatell HTTP gateway API with there default installation, and I really didn't wanted to purchase the clickatell account because it would be expensive for any mid-large size network, even a small network wouldn't want to pay extra amount. So I decided to create my own HTTP gateway which is connected with my GSM Modem. Following is the complete guide on how you can create your own SMS HTTP GATEWAY.
> http://aacable.wordpress.com/2012/11/26/howto-configure-your-local-http-gateway-using-kannel-on-ubuntu/ (http://aacable.wordpress.com/2012/11/26/howto-configure-your-local-http-gateway-using-kannel-on-ubuntu/)
Once you have a working HTTP gateway , you can move on to RM configuration section.
Howto configure API to make it work with your Local SMS HTTP gateway.
Login to your RM box using terminal.
Open the api.php file by
nano /var/www/radiusmanager/api/api.php
(Change the path if you have RM installed at some other folder)
Now remove all lines and replace them with the following.
<?php
/*****************************************************************************
**        Name: api_sendsms
**
** Description: This function is used to send a SMS messages to a mobile phone.
**        You can call your SMS gateway to send a message to a mobile phone.
**        The function includes an example code of integrating the
**        clickatell.com HTTP -> SMS gateway.
**
** >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
**  Syed Jahanziab > I have changed it to use my local sms gateway running on KANNEL , Configured on same box where RM is installed and connected TELTONIKA GSM MODEM with it in VM.
** >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
**
**       Input: $mode - SMSMODE_ACCVERIFY: send verification code
**            SMSMODE_WELCOME: send account data
**            SMSMODE_PSWCODE: send new password activation code
**            SMSMODE_NEWPSW: send new password
**        $username - RADIUS user name
**        $password - RADIUS password
**        $firstname - first name of user
**        $lastname - last name of user
**        $address - postal address of user
**        $city - city of user
**        $zip - zip code of user
**        $country - country of user
**        $state - state of user
**        $phone - phone number of user
**        $mobile - mobile number of user
**        $email - email address of user
**        $srvid - associated service id
**        $verifycode - the verification code to send
**        $errmsg - pointer to error message returned by the gateway
**
**      Output: True if API succeeded or false
*****************************************************************************/
function api_sendsms($mode, $username, $password, $firstname, $lastname, $address, $city, $zip, $country, $state, $phone, $mobile, $email, $srvid, $verifycode, &$errmsg)
{
// enter your local sms http gateway credentials here
$api_user     = "kannel";
$api_password = "kannel";
switch ($mode)
{
case SMSMODE_ACCVERIFY:
$body = "Enter the following verification code in UCP: $verifycode";
break;
case SMSMODE_WELCOME:
$body = "Welcome new user! Your user name is $username, your password is $password";
break;
case SMSMODE_PSWCODE:
$body = "New password activation code: $verifycode";
break;
case SMSMODE_NEWPSW:
$body = "Your new password: $password";
break;
}
// return success (uncomment the following lines in testing environments only)
//  print $body;
//  return true;
// implement your own SMS gateway in the following block
$body = rawurlencode($body);
$ch = curl_init();
// change the IP and id password in the below line to match your local config. syed jahanzaib
curl_setopt($ch, CURLOPT_URL, "http://101.11.11.250:13013/cgi-bin/sendsms?user=$api_user&password=$api_password&api_id=$api_id&to=$mobile&text=$body");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$res = curl_exec($ch);
curl_close($ch);
// uncomment this to see the result from clickatell.com HTTP->SMS gateway
//  print $res;
if (substr($res, 0 , 4) ==  "ERR:")
{
$errmsg = $res;
return false;
}
// SMS sent successfully
return true;
}
?>
That's It. Your RM is ready to send sms using your local SMS HTTP gateway.
.
Howto send Account Expiry Warning to User
Logon to RM Admin Panel,
Goto System/ System Settings
At the bottom of the page, You will see Notification's section.
At the Expiry warning: Type the number of days you want RM to send account expiry warning before the account expires.
As showed in the image below . . .
http://aacable.files.wordpress.com/2012/11/sms-notifi-when-expir-setting.png&h=410
.
Howto Recover User Password via FORGOT PASSWORD link at user.php (ver 4.x or above)
User can recover his forgotten password using Forgot my password at (http://101.11.11.250/radiusmanager/passwd.php) user.php
For Example
http://aacable.files.wordpress.com/2012/11/forgot-password.png&h=323 .
http://aacable.files.wordpress.com/2012/11/forgot-password-2.png&h=303
After submission the mobile number, user will receive A code on his mobile number (If he have defined valid number while registering the account. Then after entering the code in the below screen, he will receive new password.
As showed in the image below . . .
http://aacable.files.wordpress.com/2012/11/enter-code.png&h=74
http://aacable.files.wordpress.com/2012/11/new-passwoprd-sms.png&h=78
.
.
Regard's
Syed Jahanzaib





































How to configure your Local HTTP Gateway using KANNEL on Ubuntu

 Howto configure your Local HTTP Gateway using KANNEL on Ubuntu

As per web defines: Kannel (http://www.kannel.org/) is one of the most popular open source WAP/SMS Gateway, because its very good performance to handle a huge SMS. Kannel supports many modem's brand even generic modem, also support multi modems (modem bank).
x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x
After some testing, I have found Kannel one of the best , fastest SMS and WAP gateway among other open source sms gateways , capable of handling several hundreds of requests per second". "
Following is a guide on how you can configure your own Local SMS HTTP gateway using KANNEL
(The aim of configuring kannel on my Ubuntu box was that I required it to send sms via DMASOFTLAB RADIUS MANAGER which uses API to send sms via clickatell HTTP gateway for New Account / Expiry Warning / Password recovery via sms , verification code and many other cool functions. It comes with the clickatell HTTP gateway API which off course require you to buy sms bundle package and do require handsome amount of $$ if you have a huge number of users, Therefore to save $$ money , I  created my own gateway)
O/S = Ubuntu 10.4
Hardware = Teltonika ModemUSB/E12 UM1400
First install KANNEL using apt-get (the easiest one ;) )
apt-get install libxml2
apt-get install kannel
NOTE:
Kannel works great with the Linux base distribution BUT there are some workarounds to make it run on Windows. Do some googling and you will find few links for it.
Now open the kannel config file by
nano /etc/kannel/kannel.conf
Remove all the lines and paste the following config
# Syed Jahanzaib
# http://aacable.wordpress.com
# aacable [at] hotmail.com
group = core
admin-port = 13000
smsbox-port = 13001
admin-password = zaibadmin
status-password = zaibstatus
log-file = "/var/log/kannel/bearerbox.log"
log-level = 0
box-deny-ip = "*.*.*.*"
box-allow-ip = "127.0.0.1"
group = smsc
smsc = at
modemtype = teltonika
device = /dev/ttyACM0 # change this to match your port, it could ACM1 , if you dont set it correctly,  it will not work and you will get error in logs that unable to connect to device, Jahanzaib)
speed = 19200
my-number = 0333302100000 # (put your sim number, not necessary)
group = modems
id = teltonika
name = "Teltonika e12"
detect-string = "Undefined"
enable-mms = true
init-string = "AT+CNMI=2,2,0,1,1"
speed = 115200
group = smsbox
bearerbox-host = localhost
sendsms-port = 13013
global-sender = 13013
sendsms-chars = "0123456789 +-"
log-file = "/var/log/kannel/smsbox.log"
log-level = 0
access-log = "/var/log/kannel/access.log"
group = sendsms-user
username = kannel
password = kannel
concatenation = true
max-messages = 3
group = sms-service
keyword = default
get-url = "http://localhost/kannel/receivesms.php?sender=%p&amp;text=%b"
accept-x-kannel-headers = true
max-messages = 3
concatenation = true
catch-all = true
Open two terminal windows and issue below commands in each terminal box
1. Start the BearerBox
bearerbox -v 0 /etc/kannel/kannel.conf
2. Start the SMSBox
smsbox -v 0 /etc/kannel/kannel.conf
[If you receive error that the address is already in use, first issue the command service kannel stop]
.
Now From your browse, type the following to make sure kannel is working fine :)
http://101.11.11.250:13000/status?password=zaibstatus
[change the ip and password to match your config]
and you may see the following screen , if your config is ok
http://aacable.files.wordpress.com/2012/11/kannel-status.png&h=209
.
.
Howto send SMS via http command
Open your browser and paste the following command.
http://101.11.11.250:13013/cgi-bin/sendsms?username=kannel&password=kannel&to=03333021909&text=ZAIB+KANNEL+WORK
Change the IP / ID + Password = and number to match your local configuration.
The result would be similar to the following . . .
http://aacable.files.wordpress.com/2012/11/kannel-test-ok-send-sms.png&h=169
& You will receive the sms on the target number very soon.
.
Regard's
Syed Jahanzaib










































Thursday, 22 November 2012

Mikrotik Hotspot Quick Setup Guide + Tips n Tricks for Hotspot !

A HOTSPOT is way to provide internet access to subscribers by means of an easy to use login interface as it does not require any client software/driver/dialer at user end. To log in, users may use almost any web browser , so they are not required to install additional software.It is also possible to allow users to access some web pages without authentication using Walled Garden feature.
In my personnel opinion, Hotspot is best suited for ad hoc situations, where you cannot control how the client has their machines configured. This is generally useful in Conference Rooms, Hotels, Cafe’s , Restaurants and likewise since people will come and go and you have few permanent users.
One big advantage of using hotspot is that HotSpot does not require any client software/driver/dialer. One disadvantage of using HotSpot is that its usually requires your client to open up his browser to log in before he can use your service . So users wanting to connect to your service using a router or some kind usually have a problem (as routers usually don’t support logging in via HTTP).
Following is a quick setup guide (CLI version) on how-to setup HOTSPOT server in Mikrotik using command interface.
This guide will help you in setting up . . .
HOTSPOT server,
# It will also configure DHCP to assign users IP Address from 172.16.0.1-172.16.0.255 ip pool .
Change it accordingly.
# I will add two Speed / Rate Limit Profiles, 256k and 512k, it will add a new user ‘zaib‘ password=test with 512k profile and user ‘test‘ Password=test with 256k  Limit.
# It will Add Default Route to internet which is DSL router ip 192.168.2.2 ,
Change it accordingly.
In this examples, Mikrotik have two interface cards.
Ether1 LAN = 172.16.0.1  / Connected with LAN/Hotspot users
Ether2 WAN = 192.168.2.1 / Connected with DSL router
DSL Router = 192.168.2.2
Script Starts Below.
01/ip address
02add address=172.16.0.1/24 comment=LAN disabled=no interface=ether1 network=172.16.0.0
03add address=192.168.2.1/24 comment=WAN disabled=no interface=ether2 network=192.168.2.0
04 
05/ip pool
06add name=hs-pool-1 ranges=172.16.0.10-172.16.0.255
07 
08/ip dns
09set allow-remote-requests=yes cache-max-ttl=1w cache-size=10000KiB max-udp-packet-size=512 servers=192.168.2.2
10 
11/ip dhcp-server
12add address-pool=hs-pool-1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=ether1 lease-time=1h name=dhcp1
13 
14/ip dhcp-server config set store-leases-disk=5m
15 
16/ip dhcp-server network add address=172.16.0.0/24 comment="hotspot network" gateway=172.16.0.1
17 
18/ip hotspot profile
19 
20set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
21 
22add dns-name=login.aacable.net hotspot-address=172.16.0.1 html-directory=hotspot http-cookie-lifetime=1d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=hsprof1 rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
23 
24/ip hotspot
25add address-pool=hs-pool-1 addresses-per-mac=2 disabled=no idle-timeout=5m interface=ether1 keepalive-timeout=none name=hotspot1 profile=hsprof1
26 
27/ip hotspot user profile
28 
29set default idle-timeout=none keepalive-timeout=2m name=default shared-users=1 status-autorefresh=1m transparent-proxy=no
30 
31add address-pool=hs-pool-1 advertise=no idle-timeout=none keepalive-timeout=2m name="512k Limit" open-status-page=always rate-limit=512k/512k shared-users=1 status-autorefresh=1m transparent-proxy=yes
32 
33add address-pool=hs-pool-1 advertise=no idle-timeout=none keepalive-timeout=2m name="256k Limit" open-status-page=always rate-limit=256k/256k shared-users=1 status-autorefresh=1m transparent-proxy=yes
34 
35/ip hotspot service-port set ftp disabled=yes ports=21
36 
37/ip hotspot walled-garden ip add action=accept disabled=no dst-address=172.16.0.1
38 
39/ip hotspot set numbers=hotspot1 address-pool=none
40 
41/ip firewall nat add action=masquerade chain=srcnat disabled=no
42 
43/ip hotspot user
44add disabled=no name=admin password=123 profile=default
45add disabled=no name=zaib password=test profile="512k Limit" server=hotspot1
46add disabled=no name=test-256k password=test profile="256k Limit" server=hotspot1
47 
48/ip route
49add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.2 scope=30 target-scope=10
Basic HOSTPOT is now configured. Now goto client pc, Upon booting, it will automatically receive ip from hotspot dhcp server, Open your browser and try to open any web site, You will see Hotspot Login page asking for credentials.
or you can customize it to something that looks like this===
You can also make configuration changes via GUI.
Please read the following guide for easy n step by step guide on HOTSPOT setup.
http://wiki.mikrotik.com/wiki/Hotspot_server_setup

HOWTO CUSTOMIZE HOTSPOT LOGIN PAGE

You can use some fancy good looking login page. To customize the login page, Open Winbox , Goto Files , here you will see various fileslook at hotspot/login.html , Drag n Drop this file to Desktop. See the attached picture.



Now open it using any html editor, I always prefer FRONTPAGE for editing HTML pages due to its easy interface. Customize it according to your need, You must have some prior knowledge of some website / html editing. You can insert your logo , advertisement and lot more in this page. After you are done, simply Upload the file back from where you downloaded it. use drag n drop feature. For beginners, I recommend you not to change any default variable, just ad your logo n text , After you are familiarized with the structure, you can build your own fully customized login page.
Good examples of hotspot login page can be found at following link.

Howto Redirect User to your selected site after succesful Login

If you want that after successful login to hotspot , user must be redirected to your advertisement web site / any other web, then You will need to replace a variable on the hotspot/login.html document on the mikrotik router.
You must replace $(link-orig) with the url of the website you want them to get after login.
There are two links that you have to replace, and both look like this:
1<input type="hidden" name="dst" value="$(link-orig)">
Change them to
1<input type="hidden" name="dst" value="http://www.yoursite.com">
Now after successful login, user will automatically redirected to yoursite.com, you can also create your customized page showing users details using the variables available.

Howto Allow URL for some destinations for non authenticated Users

Sometimes it is required to allow access to some destinations / URLs for non authenticated users, for example if you have a web / radius server and you want that user can access it without login to hotspot, then you can add its ip address in walled garden.
1/ip hotspot walled-garden add dst-host=www.website.com
2/ip hotspot walled-garden ip add dst-address=192.168.2.2 action=accept
3OR
4/ip firewall nat add chain=pre-hotspot dst-address=192.168.2.2 action=accept

HOTSPOT users can’t communicate with each other or PROXY-ARP issue

If you face hotspot broadcast issue / arp-poisoning , problem, Remove the address pool from the Hotspot to turn off Universal NAT,
1/ip hotspot set <number> address-pool=none
2OR
3/ip hotspot set numbers=hotspot1 address-pool=none
4OR
5/ip firewall nat add chain=pre-hotspot dst-address-type=!local hotspot=auth action=accept

Howto Bypass authentication for Few Clients

This bypasses the hotspot by mac address.
1/ip hotspot ip-binding add mac-address=xx:xx:xx:xx:xx:xx type=bypassed
(change xx:xx:xx:xx:xx:xx with your user's mac address. You can also use the ip address to bypass.