Raspberry Pi, CoovaChilli and Freeradius for a Wifi Hotspot with captive portal

For an automatic install of the hotspot, read this post.


I told you there is a time how to create a WiFi access point with PHP and control connections. Only if the principle was simple, so was the result was simple too. So today we will install a much more powerful tool : CoovaChilli.

WiFI-Hotspot-Raspberry Pi

Attention : this article is long, really long…

What is CoovaChilli ?

CoovaChilli is the OpenSource version of the project ChilliSpot. It offers a user interface to authenticate users who connect to a hotspot (not necessarily Wifi). It has the advantage of not requiring specific modules at kernel level, AAA management is delegated to a RADIUS server (local or not) and OAuth authentication (not tested by yours truly).

In short it makes everything you need to manage your hotspot (including 802.1x authentication or with MAC address) !

What is FreeRadius ?

FreeRadius (OpenSource version of RADIUS protocol) allows to have on their server/machine a network protocol that is used to manage authentication and user accounts. It controls access (authentication) but also to monitor usage and to apply rules of authorization or rejection based on attributes such as time, the duration, the volume of data, etc.. The famous AAA : authentication, authorization, and accounting


What you'll need :

  • One Raspberry Pi with its SD card (minimum 2Gb)
  • One Wifi adapter. Remember to check its compatibility with the Raspberry at the time of purchase ! Moreover, the dongle size will play on its range and the rates. It could take you Wifi dongle with integrated antenna. In this case un hub USB alimenté may be useful.
  • An Ethernet cable to connect to your router Raspberry. It is through this connection that the Raspberry must have Internet access (and the SSH must be available)

The connection to the hotspot is the Wifi interface. The Raspberry must be connected to the Internet via Ethernet cable. Moreover, it is through it that I will connect via SSH to the installation and configuration.

About the operating system, I installed a minimalist Raspbian by the network to be updated. You will find all the steps here.

The Wifi

This is to set up your wifi hotspot dongle to be able to office. I use a Ralink RT5370 key:

Ralink Technology, Corp. RT5370 Wireless Adapter

Using an unsupported component by default it was therefore necessary to add a kernel module :

  1. Download the module to support the RT2870 (if you need it !)
    wget "http://git.kernel.org/?p=linux/kernel/git/firmware/linux-firmware.git;a=blob_plain;f=rt2870.bin" -O /lib/firmware/rt2870.bin
  2. Disable turbo mode which poses problems of stability (if you use a key with a RT2870 chipset)
    bash -c "echo options smsc95xx turbo_mode=N > /etc/modprobe.d/smscnonturbo.conf"
  3. You can restart the Raspberry for the module fully loaded. The command “ifconfig -a” will list your new interface.
  4. Remember to check that this key can be used as an access point (it's still the goal !) :
    • Download tools iw for information on your key Wifi
      wget https://www.kernel.org/pub/software/network/iw/iw-3.14.tar.gz
      tar zxvf iw-3.14.tar.gz
      cd iw-3.14
    • Now you can test if your key supports WiFi Access Point mode with the control iw list

      If you have "AP" (Access Point) in the modes supported, It won !
  5. For now configure this interface, you have to edit the file /etc/network/interfaces and add the following configuration at the end of file :
    auto wlan0
    allow-hotplug wlan0
    iface wlan0 inet static
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward

    You set the network as that linked to WiFi interface. Your key will be the network router. And you activate the IP forwarding to link the wireless interface with the Ethernet interface.

  6. Finally, we must enable the IP Forwarding system level. I think it duplicates the post-up of the interface, but better to be safe. Remove character # on line 29 file /etc/sysctl.conf :

    For immediate support, run the command

    /etc/init.d/networking restart


  1. Preparing to package installation. Mysql password is set at “raspbian”. Of course you can put whatever you want but remember to change the value in different directions on the database.
    apt-get install -y debconf-utils
    debconf-set-selections <<< 'mysql-server mysql-server/root_password password raspbian'
    debconf-set-selections <<< 'mysql-server mysql-server/root_password_again password raspbian'
    apt-get install -y debhelper libssl-dev libcurl4-gnutls-dev mysql-server freeradius freeradius-mysql gcc make libnl1 libnl-dev pkg-config iptables
  2. Configuration de FreeRadius :
    1. Creating the database in MySQL dedicated to FreeRadius. You will need to enter the password when requested MySQL installation.
      echo "create database radius;" | mysql -u root -praspbian
    2. Installing the database schema radius that we just created
      mysql -u root -praspbian radius < /etc/freeradius/sql/mysql/schema.sql
    3. Installing the part of directors. This will create an administrative user and give him all necessary rights.
      mysql -u root -praspbian radius < /etc/freeradius/sql/mysql/admin.sql
    4. Installing additional tables for NAS
      mysql -u root -praspbian radius < /etc/freeradius/sql/mysql/nas.sql
    5. Edit the file /etc/freeradius/radiusd.conf to load the SQL Module. We must uncomment the line 700 :
      freeradius sql module
    6. You must enable authentication MySQL Database. Why edit the file /etc/freeradius/sites-enabled/default and look for lines where sql is commented. At home I found three times in lines 177, 406 and 454. You remove the commented out by removing # the beginning of each line.
    7. You can now test your configuration by stopping and restarting the FreeRadius mode debug.
      service freeradius stop


      freeradius -X

      If you do not have it champagne error !
      freeradius ready

    8. We will make a connection test. For this, we will create a test user usertest with his password passwd
      echo "insert into radcheck (username, attribute, op, value) values ('usertest', 'Cleartext-Password', ':=', 'passwd');" | mysql -u root -praspbian radius

      And now to test you use the command

      radtest usertest passwd localhost 0 testing123

      The value testing123 comes from the configuration file /etc/freeradius/clients.conf. That's the word “secret” which will be used to secure the connection between FreeRadius and what is called the NAS, which will capture the connections.
      You will need to change this value when you install your hotspot “production” !
      freeradius radtest


  1. Compilation and installation of CoovaChilli
    1. Download the archive
      cd / usr / src
      wget https://coova.github.io/Download/coova-chilli-1.3.0.tar.gz
      tar zxvf coova-chilli-1.3.0.tar.gz
      cd coova-chilli-1.3.0
    2. Start the configuration for compilation
      export CFLAGS="-Wno-error"
      ./configure  --prefix=/usr --mandir=$${prefix}/share/man \
      --infodir =  $${prefix}/share/info \
      --sysconfdir=/etc --localstatedir=/var --enable-largelimits \
      --enable-binstatusfile --enable-statusfile --enable-chilliproxy \
      --enable-chilliradsec --enable-chilliredir --with-openssl --with-curl \
      --with-poll --enable-dhcpopt --enable-sessgarden --enable-dnslog \
      --enable-ipwhitelist --enable-redirdnsreq --enable-miniconfig \
      --enable-libjson --enable-layer3 --enable-proxyvsa --enable-miniportal \
      --enable-chilliscript --enable-eapol --enable-uamdomainfile \
      --enable-modules --enable-multiroute
    3. Change the compatibility level for the compilation
      echo 9 > debian/compat
    4. Change to the directory where the package will be created by changing the line 54 file /usr/src/coova-chilli-1.3.0/debian/rules :
      $(MAKE) DESTDIR=/ install
    5. Start the compilation
      dpkg-buildpackage -us -uc

      You should get a package ready for installation (after 15 minutes on a model B 512Mb)!

    6. Install the package
      cd ..
      dpkg -i coova-chilli_1.3.0_armhf.deb

      Use option Y when will ask you. The error in the end is normal because we have not set CoovaChilli and does not exist (i hope)
      Screenshot 2015-07-15 from 21.00.48

  2. Compilation and installation of Haserl. This is a tool from UNIX or LUA scripts will generate CGI scripts. It is necessary for the operation of CoovaChilli.
    1. Download haserl
      cd /usr/src
      wget http://downloads.sourceforge.net/project/haserl/haserl-devel/haserl-0.9.35.tar.gz
      tar zxvf haserl-0.9.35.tar.gz
      cd haserl-0.9.35
    2. Compile and install haserl
      ./configure && make && make install
  3. Configure CoovaChilli
    1. At the end of /etc/chilli/up.sh file add the line
      iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE

      It will allow to transfer what happens by WiFi to Ethernet

    2. In the file /etc/default/chilli replacing



      This allows the boot CoovaChilli

    3. In the file /etc/chilli/wwwsh must give the exact location of the line haserl 9
    4. In the /etc/chilli/config is the main configuration Chilli. Where you will be able to define which interfaces are used, which network, etc. Some of the following values ​​are commented by default, it will therefore remove # beginning of the line if necessary. And these values ​​are not grouped in the same place.

      The details of the configured settings :
      HS_WANIF is the interface connected to the Internet
      HS_LANIF est l’interface du Wifi/Hotspot
      HS_NETWORK the hotspot network
      HS_UAMLISTEN the hotspot network gateway
      HS_UAMALLOW IP hotspot network allowed to connect
      HS_SSID le SSID (does not seem to have any effect)

    5. Making the final start
      update-rc.d chilli start 99 2 3 4 5 . stop 20 0 1 6 .
  4. Start the service
    service chilli start

    With the command ifconfig you should see an interface tun0 confirming that is well executed CoovaChilli.
    Screenshot 2015-07-15 from 21.29.18


  1. To make your visible WiFi access point, we will install hostapd who will do all the work
    apt-get install -y hostapd
  2. Edit the file /etc/default/hostapd and add at the end :
  3. Edit the file /etc/hostapd/hostapd.conf (that does not exist yet) and copy the following lines :
    # interface wlan Wi-Fi
    # nl80211 avec tous les drivers Linux mac80211
    # Nom du spot Wi-Fi
    # mode Wi-Fi (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.1g)
    # canal de fréquence Wi-Fi (1-14)
    # Wi-Fi ouvert, pas d'authentification !
    # Beacon interval in kus (1.024 ms)
    # DTIM (delivery traffic information message)
    # Maximum number of stations allowed in station table max_num_sta=255
    # RTS/CTS threshold; 2347 = disabled (default)
    # Fragmentation threshold; 2346 = disabled (default)
  4. You can manually start the service
    service hostapd start

Here we reach the end of the configuration ! Phew ! It's time to test the connection (with the user created above : usertest / passwd) :

  1. Connect to access point
    raspberry pi hotspot SSID selection
  2. You will automatically have a redirection window (on my Mac. IPhone / iPad / Windows you have to try to access the Internet via the browser)
    raspberry pi hotspot redirection
  3. Enter your login (usertest / passwd)
    raspberry pi hotspot login
  4. You will then have displays confirming the connection
    raspberry pi hotspot success raspberry pi hotspot success end
  5. To you the joys of the Internet by your hotspot !
    raspberry pi hotspot wifi coovachilli freeradius internet

Bonus : daloRADIUS

Ok but some of you will ask me : “yes but how I manage users ?”, “I have to make a SQL query every time ?”. In theory yes ! There is no default interface for FreeRadius. Except that … there are software to help you. And daloRadius is one of them ! Through a web interface you will be able to manage users, manage their rights, Logon Hours, authorized debits, etc.

  1. Install a web server. My favorite remains Nginx.
    apt-get install -y php5-mysql php-pear php5-gd php-db php5-fpm libgd2-xpm-dev libpcrecpp0 libxpm4 nginx php5-xcache
    apt-get remove -y apache2.2-bin apache2-utils apache2.2-common
  2. Download daloRadius
    cd /usr/src
    wget http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz
    tar zxvf daloradius-0.9-9.tar.gz -C /usr/share/nginx/www/
    mv /usr/share/nginx/www/daloradius-0.9-9 /usr/share/nginx/www/daloradius
    cd /usr/share/nginx/www/daloradius
  3. Add the information used by daloRadius in FreeRadius database
    mysql -u root -praspbian radius < /usr/share/nginx/www/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
    mysql -u root -praspbian
    GRANT ALL ON radius.* to 'radius'@'localhost';
    GRANT ALL ON radius.* to 'radius'@'127.0.01';
  4. In the file /usr/share/nginx/www/daloradius/library/daloradius.conf.php you define the access rights to the database (Here defaults)
    $configValues['CONFIG_DB_USER'] = 'radius';
    $configValues['CONFIG_DB_PASS'] = 'radpass';
    $configValues['CONFIG_DB_NAME'] = 'radius';
  5. Update the default site configuration by enabling PHP support. The information is to be added (or remove comments) in the section server.
    At the line 25 (always default)
index index.php index.html index.htm;

And enable PHP support

location ~ .php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/PHP5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
  • Redémarrez Nginx
    service nginx restart
  • You can now log on http://<ip of your raspberry>/daloradius
    Login : administrator / Password : radius

So now how to create a user ? Nothing simpler than that :

  1. Login and go to the tab Management
    raspberry pi daloradius management hotspot
  2. Enter the Username then Password and click on Apply. You can of course choose the password encryption type, enter information about the user and … attributes. We will come back later on that (yes it is not finished yet !)
    raspberry pi daloradius management hotspot create user

You can now use this identifier. It appears in the list of users with a beautiful green flag to inform you that the user is enabled.raspberry pi daloradius management hotspot list users

Double bonus : attributes

We have a Wifi hotspot, an authentication service, a user management interface. But how do you define connections hours ? A connection time ? A maximum data volume ? In short it is not all inclusive open bar !

Everything happens at the attributes associated with a user. In the interface of daloRadius, you can edit a user and add attributes.

hotspot raspberry pi coovachilli daloradius attributes

Above, I add to the user pi, the attribute Login-Time with the value Wk1800-2100. The user can connect 18:00 from 21:00 Monday to Friday. You can go further : “Wk0855-2355,Sa,Su1655-2305”, days of the week 08:55 from 23:55, Saturday and Sunday 16:55 from 23:05.

You can find more details on certain attributes here. The most common : Login-Time, Simultaneous-Use, Expiration. Unfortunately I have not found a place where all attributes are detailed with their meanings and possible values. If you have a link please share in the comments.

If you come to the end of this article you deserve a medal ! But you now have a hotspot with raspberry inside !

Next step : integrate Squid as a transparent proxy ?

Sources :

  • https://www.raspberrypi.org/forums/viewtopic.php?t=24105&p=224789
  • http://doc.ubuntu-fr.org/coovachilli
  • http://ehc.ac/p/radiusdesk/wiki/install_ubuntu_nginx/?version=14#install-radiusdesk
  • http://www.binaryheartbeat.net/2013/12/raspberry-pi-based-freeradius-server.html
  • google, bing, duckduck, etc.

You may also like...

  • Excellent article, ça m’étonne qu’il n’y ait pas encore de commentaires ! 😀
    Je n’ai pas encore eu l’occasion de tester ceci dit, mais ça ressemble très fort à ce que l’on faisait pendant mes études (à la diférence qu’on utilisait du matériel Cisco pour AP et Switch, mais couplé avec une Debian), je reconnais beaucoup d’étapes dans le processus.
    Je pense que je tenterai d’appliquer ton tuto, mais sans utiliser le raspberry pour le WiFi. Instead, j’ai un petit routeur TP-Link WR841ND sur lequel j’ai flashé DD-WRT. It is compatible Chillispot and just fill in the address of the radius server.
    Good by cons I have a little trouble at first glance to distinguish the difference between the “NAS ID” et UAM Secret, ainsi que les UAM allowed/domains (cfr screenshot)
    Le but à terme sera sans doute d’implémenter cette solution dans un petit hôtel 🙂
    To see if it will take several AP.

  • I would also add that I have just discovered RadiusDesk (I see a link in the source, but their official website is very well done with lots of guides), obviously it looks good to manage users, much like daloradius, with a web interface that looks a little friendlier

    • Hello
      I have not managed to run the raspberry radiusdesk I pulled over daloradius DPNC is actually less sexy !

  • Lucas F

    Excellent tutorial, I will put in place shortly.

    However, There-there are ways to set up a limited bandwidth ? For example, do not exceed 1MB / S for the “Server” in general, or for each user ?
    Thank you

    • Hello,

      Yes it is possible in FreeRadius with WISPr-Bandwidth-Max-Down options and WISPr-Bandwidth-Max-Up

  • Jno

    Excellent tutorial !

    French law requires keeping the traces … Is that the case here with FreeRadius (if so how do we do ?) or does it require mandatory Squid ?
    Thank you

    • Hello,
      Squid keeps only accessible from local IP. Is it sufficient ? I think in the case of allocation of a local IP to an identifier must also keep information in order to know who is behind the connection. It must be feasible in FreeRadius but I do not know how …

  • Jno

    Hello again,
    I tried to put it up on a Raspberry PI 2 (raspbian Jessie). Unfortunately, the compilation fails CoovaChilli : #dpkg-buildpackage -us -uc

    main-opt.c: In function ‘main’:
    main-opt.c:786:29: error: ‘ptr’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
    _options.uamdomains[I ] = STRDUP(took);
    cc1: all warnings being treated as errors
    Makefile:755: recipe for target ‘main-opt.o’ failed
    make[4]: *** [main-opt.o] Error 1
    make[4]: Leaving directory ‘/usr/src/coova-chilli-1.3.0/src’
    Makefile:813: recipe for target ‘all-recursive’ failed
    make[3]: *** [all-recursive] Error 1
    make[3]: Leaving directory ‘/usr/src/coova-chilli-1.3.0/src’
    Makefile:313: recipe for target ‘all-recursive’ failed
    make[2]: *** [all-recursive] Error 1
    make[2]: Leaving directory ‘/usr/src/coova-chilli-1.3.0’
    Makefile:240: recipe for target ‘all’ failed
    make[1]: *** [CL.] Error 2
    make[1]: Leaving directory ‘/usr/src/coova-chilli-1.3.0’
    debian/rules:36: recipe for target ‘build’ failed
    make: *** [build] Error 2
    dpkg-buildpackage: error: debian / rules build produced a type of output error 2

    What do I do ?
    Thanks in advance

    • Looks like the warning are treated as errors … A view to remove the compiler flag
      -Werror in the Makefile ?

    • Patrick Dupertuis

      I had the same problem : this is a bug in the latest version of Raspbian (Jessie)
      To disable the error correction and creating the package is no problem.

      export CFLAGS=”-Wno-error”

      Before doing :

      ./configure –prefix=/usr –mandir=$${prefix}/share/man
      –infodir = $${prefix}/share/info
      –sysconfdir=/etc –localstatedir=/var –enable-largelimits
      –enable-binstatusfile –enable-statusfile –enable-chilliproxy
      –enable-chilliradsec –enable-chilliredir –with-openssl –with-curl
      –with-poll –enable-dhcpopt –enable-sessgarden –enable-dnslog
      –enable-ipwhitelist –enable-redirdnsreq –enable-miniconfig
      –enable-libjson –enable-layer3 –enable-proxyvsa –enable-miniportal
      –enable-chilliscript –enable-eapol –enable-uamdomainfile
      –enable-modules –enable-multiroute

      • Mikymike

        Could someone tell me we do commant to disable error correction to create the package please. Thank you in advance.

        • It is the export command explained above by Patrick

          • Mikymike

            Ok I not connaissai this command, I thought that had to be added to a file before starting the compilation. Thanks for the reply.

      • Joris Sjaaksken

        je rencontre le même souci mais même avec le ‘export CFLAGS=”-Wno-error”‘ je rencontre la même erreur.
        Quelqu’un a une autre solution?

    • Axl Mtz


      Hope you are well.

      I have the same problem with coovachilli.

      I am wonder if you can help me?

      Can you tell me how did you resolved it?

      Thank you.

      • Please look at patrick answer below. You have to set an env variable before compiling.

      • Jno


        I removed the Werror options from Makefile.am and Makefile.in the /usr/src/coova-chilli-1.3.0 directory.

        Good luck,

        2016-02-09 6:24 GMT+01:00 Disqus :

  • Jno

    In this forum it is the message length limited ?
    For several time I try to post but my message disappears after a few minutes …

  • Thierry Fernandez

    Good evening,
    Problem solved

  • Jirpong Puttanbut

    Thank you so much for the nice tutorial 🙂

  • Gauthier

    Hello, this is a very good tutorial but cons I wonder how many people at max can connect simultaneously to the hotspot.

    • Hello,
      Technically it is limited by bandwidth. It is also possible to limit the number of connection

  • Paul

    For my part I have a problem when compiling, I followed the tutorial, even fixed the bug with the information in the comments, me me I have the problem the. (see pj)

    An idea?


    • It seems odd that the documentation part is not present. Is ca blocks later ? If so can be deactivate this part …

      • Paul

        Yes because I can not have the .deb so this is pretty important, I try to reinstall everything again, nothing changes.

        • Maybe a bad record because other people do not have this problem

          • Paul

            The link http://ap.coova.org/chilli/coova-chilli-1.3.0.tar.gz does not exist anymore, so I did a search on Google archive, but it is possible that if it is not good. Would you have a valid link please?

          • Paul

            I use “NOOBS” as bones (so Raspbian) your tutorial is for the one or not?

          • I always use the network version of which is lightened Raspbian (bcp less packets)
            So yes it is for Raspbian

          • Paul

            La ça a fonctionné sans problèmes 🙂

            Thank you, If your time to spare would have to edit a post with the new URL and the command has put (export CFLAGS=”-Wno-error”)

            Thank you !

          • Paul

            After finishing the tutorial step up “Hostapd 4”, and I have no distribution. Yet, my key works well because when I made a “iwlist scan” I well get the wifi to my home.

            The key is a tl WN821N and the first step with iw list does not work… (see pj) I do not know if my key supports access point

            I have another key (more old) a Sagem xg-762N

          • drivers of problem with the key. You have to find what is the right driver to load based on the key model. It must be the exact reference and searches in Google

          • Paul

            I am not sure it is a driver issue because it happens to a wifi scan…

          • Paul

            I am not sure it is a driver problem, because it happens to me a good wifi scan…

  • Rodrigo Fuentes

    Hi, im having issues after running dpkg -i coova-chilli_1.3.0_armhf.deb it says

    Unpacking replacement coova-chilli …

    Setting up coova-chilli (1.3.0) …

    Starting chilli: SIOCSIFADDR: No such device

    eth1: ERROR while getting interface flags: No such devic

    But I only have a eth0 and wlan0 on my raspberry

    Thank you

    • Because default configuration files use eth1 but by default on the pi it’s eth0. Continue to next steps and in files replace eth1 with eth0

  • Kazadrur & concessive (Kazadrur_Mo


    I have a problem with the command : export CFLAGS= “-Wno-error”
    When I launch, it makes me : -bash: export: “-Wno-error” : invalid username

    Yet I am in the folder coova-chilli-1.3.0 /

    Thanks in advance !

    • This is not a directory but worries control. Maybe the space after the equal. I have no unix box on hand to test

      • Kazadrur & concessive (Kazadrur_Mo

        OK, I just tested : export CFLAGS=”-Wno-error”
        More error, but nothing happens, c’est normal ?

        • Yes it sets an environment variable
          echo $CFLAGS
          It will output

          • Kazadrur & concessive (Kazadrur_Mo

            Ah ok ^^
            It's good, it worked !

            Thank you for taking the time to reply, and thank you for the tutorial !

  • Matteo forming

    it’ wheezy or jessy? a lot of problem when download package

  • Christophe


    First thank you for your tutorial ! It is very well explained, but I have a slight concern

    I set up my CoovaChilli and hostapd but when I make a “service hostapd start” all goes well but IMPOSSIBLE to see my WiFi on a Laptop PC.. I do not understand why, I check each file and they are identical to like.

    Thanks for your help ! 🙂

    PS : My wireless is a key ALFA AWUS036NH (iw reference list although the AP mode and was co WIFI with)

    • Hello. The problem is that does not generate hostapd wifi network. According to the link (https://www.raspberrypi.org/forums/viewtopic.php?f=28&t=17489) despite what is marked by the key, the AP does not work. If you have another key you also need to try

      • Christophe

        Thanks for your reply,

        Given your link, my key works (as a response)

        I have a ASUW036NH ALFA and is used with aircrack etc..

        I'll try with another key, but when I make a ” hostapd -dd /etc/hostapd/hostapd.conf to see the conf file, I have an error with “nl80211 driver initialization failed” but I do not know any other driver I can use..

        Si tu as une idée 🙂

        PS : I'll try anyway with another key if I find one ^^

        • Ok at least where does the problem is known. We must find the associated driver. In early article I show this to compile the RT2870 chipset support dns certain key. If you can inspire ca …

  • Matteo forming

    i’d like to create a rule for a Group of user to connent max for an half or hour. is possible?
    how to create a system of payment for my hotspot to generate user name and automatically?
    the sistem preferred payment could be paypal
    great tutorial
    i’m installed on same raspberry
    freepbx, Wifi Hotspot with captive portal, and plex. great 🙂

  • Manoj Mathivanan

    I have set up an hotsopt with coovachilli & freeradius. Everything is working fine. I get a landing page, after logging in, I am able to access internet.

    Now, I have also hosted a web server which is listening at port 3740 in the same system as coovachilli and freeradius. I am not able to access that port from any system connected to the hotspot.

    My wifi hotspot access point IP is and the webserver is running at port 3740. Even if I login to my hotspot, the port is not accessible. Can you let me know how to open this port?

    • Hi
      Are you sure that your server is listening to the correct interface / rolling ?

      • Manoj Mathivanan

        Yes, it is listening to the proper interface. I did wget to test ‘wlan0’ and wget http:\ to test the 'eth0'.

        I am able to ping the webserver’s computer( from another computer( which is connected through wlan0. I am not able to access the port 3740, only 3990 and 4990 are accessible since they are coovachilli ports.

      • Manoj Mathivanan

        Its working now. I had to change the coovachilli config file to allow the ports

  • Maxamed Daahir Maxamed

    is there an attribute to disconnect user when time limit exceeds

  • AnwarWijaya

    Hi, I get a problem with compilation coova-chilli like on this picture.
    that error cause there is no coova-chilli_1.3.0_armhf.deb on /usr/src

    any solution ?
    thanks 🙂

  • AnwarWijaya

    Hi all, I get a problem with compilation coova-chilli like on this picture.
    that error cause there is no coova-chilli_1.3.0_armhf.deb on /usr/src
    any solution ?

    thanks 🙂

    • That’s normal, the compilation failed (see error messages ?) look at the error (upper in your screen), correct and try to compile again
      I guess that the reason is the flag for warnings (look comments below about how to set the flag)

      • AnwarWijaya

        thanks for attention.

        this is an error message (?) on picture below.

        btw, I have try echo $ CFLAGS but the result is same.

        • It’s not echo that you have to do but the export command below. The echo is only to check the variable content

          • AnwarWijaya

            ok thanks for your help I done that step.

            But, when i want to compile and install haserl with:

            ./configure && make && make install

            there arenothing to be done”:

            ** Configuration summary for haserl 0.9.35:

            Building haserl with with lua disabled
            Building haserl with with bash-extensions disabled

            make[2]: Leaving directory ‘/usr/src/haserl-0.9.35/doc’
            make[1]: Leaving directory ‘/usr/src/haserl-0.9.35/doc’
            make[1]: Entering directory ‘/usr/src/haserl-0.9.35’
            make[2]: Entering directory ‘/usr/src/haserl-0.9.35’
            make[2]: Nothing to be done for ‘install-exec-am’.
            make[2]: Nothing to be done for ‘install-data-am’.
            make[2]: Leaving directory ‘/usr/src/haserl-0.9.35’
            make[1]: Leaving directory ‘/usr/src/haserl-0.9.35’

            any solution ?

            i am newbie 🙂

          • Try to do amake cleanfirst, then check that the export worked (using echo and get the content displayed) and then compile

          • AnwarWijaya

            thanks Pi Home Server.
            I have done this tutorial and can running normal, but sometime some devices (esespecially Iphone & MAC Book) difficult to connect access point and I must stop and start freeradius to solve it. Do yo know why it happened ?

          • Hi.
            Do you restart freeradius only ? Difficulties to connect : do you see the wifi network ? If not it could be due to your wifi dongle that switch in energy saving mode.

  • Matteo forming

    is it possible to authenticate with facebook or Google?

    • Hi. Never tried and not sure it’s possible natively. Try for google results with “coovachilli oauth” seems that some people want to do the same than you
      About paypal same idea. Not sure it’s possible

      • Matteo forming

        Yes I study a lot but I haven’t found this argument for raspberry

        • Pablo Ariel Nicoli

          plz share the solution for a social captive portal in RPi

          • Matteo forming

            I dont have a solution 🙁

  • Hi. Never tried and not sure it’s possible natively. Try for google results with “coovachilli oauth” seems that some people want tondonthe same than you

  • aurelien


    Merci pour le tuto complet etl que je suis à la lettre, mais chez moi cela ne fonctionne pas. Le point d’accès n’apparait pas.
    lsusb me renvoit ça : “Bus 001 Device 004: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter”

    So obviously I use the same equipment as you, but my rasp 2 by Jessie wants nothing.

    Thank you for your pipes.

    • It will take a little more info. Is that the key is compatible Access Point ? Do hotspotd is started ? Does the WLAN interface has an assigned IP ?

      • aurelien

        Then, I took the tutorial from the start, on the basis of available minimum Raspbian image on the foundation's website. So this time everything went well except for haserl or I have not managed to compile. Un apt-get install haserl m’a dépanné. I also commented on the lines in / etc / network / interfaces for wpa-supplicant

        My access point is visible and works but only when I run in debug via hostapd “hostapd -dd /etc/hostapd/hostapd.conf” . I do not understand the.
        In addition, how to launch automatically at startup hostapd ? I pass by the daemon or service ?

        • The point 4 hostapd of not working ?

          • aurelien

            I have no speedy return. I place my order, he is looking 30 seconds and no error message (but no launch confirmation) and it gives me the hand

          • aurelien

            Problem solved. The address of the daemon was discussed in / etc / default / hostapd. Thank you for the tutorial and for your help.

            I finish tonight the realization of the tutorial

          • aurelien

            I tried to finish the tutorial, and I stuck with Nginx, when I type the ip of my rasp / daloradius I have a pretty error 404. I do not know what to do and I wade in the configuration of Nginx, to the point that I do not even know which file is the error.

            As a matter of fact, I look a bit complicated to install, because I like to have daloradius ez and monitor service web version in parallel.

            I do not want to abuse, but if you could give me your help, or point me to a tutorial on Nginx config, because I have to skip a box in those I have traveled far.

  • Théa Van

    hi I would first like to say thank you for this comprehensive tutorial.

    I have a concern at the index.html redirect to my web page

    file :/etc/chilli/www/login_success_tmpl


    You are about to be redirected $(href=”index.html” “project “)

    To log out, type “logout” (or “http://logout/”) enjoy!

    Thanks for the tip

  • Gabriel

    Where do I add the script in nginx for daloradius like these

    Update the default site configuration by enabling PHP support. The information is to be added (or remove comments) in the section server.
    At the line 25 (always default)
    index index.php index.html index.htm;
    And enable PHP support

    location ~ .php$ {
    fastcgi_split_path_info ^(.+.php)(/.+)$;
    fastcgi_pass unix:/var/run/PHP5-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;

    is it in site-enabled or site-available? Do I create a new conf file or just modify the default? I cannot seems to get it working…

    • Either. The one in sites-enabled is a logical link to the one in sites-available.
      Don’t forget to restart the service after any update

      • Gabriel

        Hi i receive this message when I run “nginx -t” to test the conf file

        nginx: [Emerg] “fastcgi_index” directive is duplicate in /etc/nginx/sites-enabled/default:46
        nginx: configuration file /etc/nginx/nginx.conf test failed

        This is my default file can you spot any problem? It appears that index.php is referred twice so the warning message?

        • Search for fastcgi_index. It seems you have 2 lines uncommented in the file and comment the unwanted one

          • Gabriel

            I cleaned up the script a bit and still have the fastcgi_index duplicated… Searched fastcgi_index and it only has one occurrence.. any ideas?

          • Look at the file included from the snippets folder. Should have another fastcgi_index command into it. You can comment the one in the nginx configuration file

        • Gabriel

          Ok it works now and I can restart nginx service. However when I type to login to daloradius (i.e. it returns 404 Not Found page. Nginx/1.6.2 is in the page also so i suppose everything is working but nginx cannot find daloradius folder ??

          • Correct. The folder does not exist or have a default index based on the root path defined in the configuration file

          • Gabriel

            I set the root to /usr/share/nginx/www/daloradius which is where daloradius php files located according to your instruction.. Still unable to locate it?

          • Gabriel

            I used apache2 as server and its all good now… Many thanks for your help Pi Home!!

  • Olivier

    Thank you for that Tuto is the most complete that I could find.
    First I must say that I started on inux.
    I'm stuck in the installation of Freeradius. I created the database by adding the psw before mysql in command , but when I want to take the next step on installing the diagram my rapsberry systematically replies “access denied ”
    Where I could miss a step

    Thank you


    “Failed better “

    • Hello
      Is the connection to MySQL works with the root user and password ? If you can validate the couple before starting the ca command could be given a track because it is “just” to run a script with root user (Linux with MySQL root)

      • Nicolas Nioche (Nicos)

        Hi and thank you for the tutorial !

        I have the same worries. For further discussion, I'm able to connect to MySQL as root + MDP, I could “use radius” and “show databases;”

        | Database |
        | information_schema |
        | MySQL |
        | performance_schema |
        | radius |

        So the basis is created. The problem is when I ask the Shema base, it's empty. logical because as Olivier, the command

        [19:07 pi@raspberrypi /] > mysql -u root -p*********** radius sudo apt-get install -y debhelper libssl-dev libcurl4-gnutls-dev mysql-server freeradius freeradius-mysql gcc make libnl1 libnl-dev pkg-config iptables
        Reading package lists… Done
        Building dependency tree
        Reading state information… Done
        debhelper is already the newest version.
        freeradius is already the newest version.
        freeradius-mysql is already the newest version.
        gcc is already the newest version.
        iptables is already the newest version.
        libcurl4-gnutls-dev is already the newest version.
        libnl-dev is already the newest version.
        libnl1 is already the newest version.
        libssl-dev is already the newest version.
        make is already the newest version.
        mysql-server is already the newest version.
        pkg-config is already the newest version.

        0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

        So I do not see too that blocks, if not an access to some files problem..

        • Is not super familiar with Linux, I found a replica of this tutorial in Thai (Yes Yes) in which there was the liberating screen . He had spent 'sudo su’ as I tried only in sudo’

          [19:08 PI@raspberrypi ~.] > sudo su
          root@raspberrypi:/home/pi# mysql -u root -p********* radius < /etc/freeradius/sql/mysql/schema.sql

          and there it goes ! I therefore continues.

          • Olivier

            after a short stop months on my project, I will be back.

            go through the root user has solved the problem but I do not know if this is due to my version of Raspbian, I had to manually configure mysql, firstly by cleaning my config :
            sudo apt-get purge mysql-server-5.5
            sudo rm -rf /var/lib/mysql
            then reinstalling (with Raspbian password)
            sudo apt-get install mysql-server-5.5

            I then launched mysql :
            # mysql -u root –p
            MySQL> create database radius;
            MySQL> Quit

            and now it work … I now have a small problem with coova but this will be a separate post

            Thank you


            “Fail better”

        • The user pi has no right to access where the error you have also detected and resolved saw your comment next file
          FYI / recall all commands are made with the root user. It's bad practice but for my home use

  • PBX-Ramdas

    Hello, the best tutorial that I found on the web. Thank you very much.
    I would like to know if you had time to integrate Squid as a transparent proxy. I am using a 3G/4G connection as WAN interface, and Squid could save data costs.

    • Hi. Thank you for the feedback
      Sorry about Squid. I did not try to add it yet

  • litoy2x

    hi, is it possible that every time i press a button switch it will generate a new user & password? i was thinking to do that programmatically. my scenario is that if someone comes to my house, they will just press a button and print the user and password. is this possible?

    • I know that you can with dedicated software (oft en used inns omega companies for customers). Maybe there is an API that will allow you to do that. I am curious to know if it’s possible

  • Hi all, it's me again
    ( yes I do in the tutorial 3 days and then ? – I try indeed to understand each step, commands etc.. history not to make a stupid copy / paste.

    Question 1 – First I have a strange question (Yes, I started with Linux). I have a raspberry 3 (that therefore an integrated wifi if I'm not mistaken) and I bought the wifi key with two antennas (Préco the beginning of tutorial.)
    the catch, is that I'm pretty sure the wlan1 (wifi lan i guess) is the wireless interface provided with the Rasp and the wlan0 must be one of my key wifi. I have not found any other way than unplugging the key to a wifi ifconfig, and reconnect again ifconfig to see the wlan0 was added. There he has a cleaner method ?

    Here is a screen to be see more clearly (the first interface is eth0 (Ethernet 0 i guess)): https://uploads.disquscdn.com/images/79a0912d29837ec03621f4d7924266e8a46e562a22f66d3d5c2c2211f70159bd.png

    Question 2 : I arrived at the tutorial where I have to start the service hostapd (service hostapd start) . I run the command (in sudo su) but nothing happens and it makes me immediately prompt. I think it is good may not be very talkative, and therefore try with another laptop wifi at home or my laptop to see if the network is available PiHomeServeurAP. Without success. Let me advise you to debug ?

    Thanking you in advance.

    • In fact, if some read me, I advise a Raspberry restarting after every major installation point. (at each change of “chapter”. Indeed after restarting, I see now my access point from my laptop, pc etc.. It's been so happy to see his side of the server 100 WiFi groin area. Good. Now via browser (from my mobile) I can not get the login page covachilli. I will still look before asking. ><. The question 1 précédente reste toujours d'actualité si quelqu'un passe par ici

  • Olivier

    quand j’exécute la commande : root@raspberrypi:/usr/src# wget https://coova.github.io/Download/coova-chilli-1.3.0.tar.gz
    j’ai le retour suivant :
    –2016-07-18 02:45:09– https://coova.github.io/Download/coova-chilli-1.3.0.tar.gz
    Resolving coova.github.io (coova.github.io)…
    Connecting to coova.github.io (coova.github.io)||:443… connected.
    HTTP request sent, awaiting response… 404 Not Found
    2016-07-18 02:45:09 ERROR 404: Not Found.

    with some research, I've found at : http://coova.github.io/CoovaChilli/DistroBuilding/
    the link works : wget https://github.com/coova/coova-chilli/archive/

    but without success at the end :
    root@raspberrypi:/usr/src/coova-chilli- dpkg-buildpackage -us -uc
    dpkg-buildpackage: source package coova-chilli
    dpkg-buildpackage: source version 1.3.0
    dpkg-buildpackage: source distribution unstable
    dpkg-buildpackage: source changed by David Bird (Coova Technologies)
    dpkg-buildpackage: host architecture armhf
    dpkg-source –before-build coova-chilli-
    dpkg-checkbuilddeps: Unmet build dependencies: gengetopt libtool automake
    dpkg-buildpackage: warning: build dependencies/conflicts unsatisfied; aborting
    dpkg-buildpackage: warning: (Use -d flag to override.)

    What bothers me most is that I seem to be alone in seeing a connection problem with the server github.

    Thanks for your help


    “Fail Better”

  • Darby

    Thank you for this excellent tutorial that I followed to the letter with my Raspi3 and that works perfectly !

    I would use it without Internet access point, is it possible ? (when I unplug the ethernet cable is no longer possible to connect)
    When connecting, Is it possible to be run on a different page than the login page ?
    Thanks in advance.

    • Great news if it works !
      The purpose of Coova is to provide identification. For a “fill” Portal settings captive ago this solution : http://www.pihomeserver.fr/2014/05/23/raspberry-pi-home-server-creer-hot-spot-wifi-portail-captif-22/

      Unfortunately I lost the point sources 5 but it can give the general principle

      Good luck !

      • Darby

        Thanks for the quick reply.
        without Coova, I get to have my access point, without internet. The Raspi gives me an IP address and what I want to do, is that opening the browser, I am redirected to the main page of the server running on my Raspi. Is it possible ?

        • Yes it is in the “playing” with iptables
          Basically it is necessary : up a Web server with the page that you would like (there is an example in the link I gave you)
          Then you use iptables to redirect traffic that comes from the interface of the hotspot to your web server. A trick in the genre

          iptables-t nat-A PREROUTING-i wlan0 p tcp m mark –Mark 99 -m tcp –dport 80 -j DNAT –to-destination

          you send all traffic to the ip and harbor 80. In the article that is where is the web server.

          • Darby

            I can not find my error :

          • I see nothing on the capture. For iptable I gave an example but you have to dig to get the right order. And I do not master this subject

    • denis

      Bonjour Darby, I hope to achieve the same thing as you. I installed the automatic version which is operational on a PI3. 9has works very well but now I just wish that the connection reference anyone connected to a server (Joomla) installed on the same IP. Have you managed to achieve this manipulation. I am close to share on this topic.
      Kind regards

  • Hey i was wondering if you could give me a hand! When im doing the coovachilli configuration for compilation i always the following error, do you have any idea why?

    cc1: all warnings being treated as errors
    Makefile:755: recipe for target ‘main-opt.o’ failed
    make[4]: *** [main-opt.o] Error 1
    make[4]: Leaving directory ‘/usr/src/coova-chilli-1.3.0/src’
    Makefile:813: recipe for target ‘all-recursive’ failed
    make[3]: *** [all-recursive] Error 1
    make[3]: Leaving directory ‘/usr/src/coova-chilli-1.3.0/src’
    Makefile:313: recipe for target ‘all-recursive’ failed
    make[2]: *** [all-recursive] Error 1
    make[2]: Leaving directory ‘/usr/src/coova-chilli-1.3.0’
    Makefile:240: recipe for target ‘all’ failed
    make[1]: *** [CL.] Error 2
    make[1]: Leaving directory ‘/usr/src/coova-chilli-1.3.0’
    debian/rules:36: recipe for target ‘build’ failed
    make: *** [build] Error 2
    dpkg-buildpackage: error: debian/rules build gave error exit status 2

    • Hi
      Because warnings are treated as errors so the first warning will stop the compilation
      Remove the flag -Werror that could block the job

      • I was able to do it earlier by removing a space in that export CFLAGS= “-Wno-error” command, i’m not sure it was that but it seemed to work soo xD, thanks for the quick response anyways!

      • Just another problem i seem to be having by the way, it seems that when installing the daloradius packages, raspberry cannot find the libgd2-xpm package, do you have any idea why?

      • Could you also help me with one thing, in the /usr/share/nginx/www/daloradius/library/daloradius.conf.php i can put this:

        $configValues[‘CONFIG_DB_USER’] = ‘radius’;
        $configValues[‘CONFIG_DB_PASS’] = Radpass';
        $configValues[‘CONFIG_DB_NAME’] = ‘radius’;

        anywhere i want right?

        And also this

        index index.php index.html index.htm;

        i am to put whats above in the line 25 i got that but what about what comes afterwards

        location ~ .php$ {
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_pass unix:/var/run/PHP5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;

        am i suposed to put this right below the index index.php etc?

      • Abraham Gomez

        Remove -Werror from where exactly? Sorry if this is a silly question. I didn’t see it in debian/rules file

        • Execute the following command and run the compilation again (in the same session of course)
          export CFLAGS=”-Wno-error”

    • Tempest Fury

      I got stuck at the same place, and I finally found an article where someone suggested a fix.

      There are two files (Makefile.am and Makefile.in) in /usr/scr/coova-chilli-1.3.0/src. Remove the -Werror option

      In Makefile.am look for this line “AM_CFLAGS = -D_GNU_SOURCE -Wall -Werror -fno-builtin -fno-strict-aliasing ” and remove -Werror, close and save the file

      in Makefile.in look for this line “AM_CFLAGS -D_GNU_SOURCE = -Wall -Werror -fno-builtin” and remove -Werror, close and save file. (this is near the bottom of the file)

      Then continue from here :

      export CFLAGS=”-Wno-error”
      ./configure –prefix=/usr …..
      sudo dpkg-buildpackage -us -uc (when you bulidpackage, should not result in any errors this time)

      • Thx. I did not know that the export was not enought.
        Thank you for the share

        I hope to have time to update this post with newest software versions and Raspberry 3

      • klima777

        First thanks @pihomeserver:disqus for the article. I try to install CoovaChilli now in a virtual machine on Ubuntu Server 16.04 LTS for a Captive Portal and this article helped me a lot!!

        I got stuck in the same moment described above. I removed -Werror in both files, but the compilation still does not complete.

        I get the following.

        make[4]: Leaving directory ‘/usr/src/coova-chilli-1.3.0/src’
        make[3]: Leaving directory ‘/usr/src/coova-chilli-1.3.0/src’
        Making all in doc
        make[3]: Entering directory ‘/usr/src/coova-chilli-1.3.0/doc’
        make[3]: *** No rule to make target ‘all’. Stop.
        make[3]: Leaving directory ‘/usr/src/coova-chilli-1.3.0/doc’
        Makefile:313: recipe for target ‘all-recursive’ failed
        make[2]: *** [all-recursive] Error 1
        make[2]: Leaving directory ‘/usr/src/coova-chilli-1.3.0’
        Makefile:240: recipe for target ‘all’ failed
        make[1]: *** [CL.] Error 2
        make[1]: Leaving directory ‘/usr/src/coova-chilli-1.3.0’
        debian/rules:36: recipe for target ‘build’ failed
        make: *** [build] Error 2
        dpkg-buildpackage: error: debian/rules build gave error exit status 2

        I get in some steps earlier when entering ./configure …. the following warnings

        configure: WARNING: you should use –build, –host, –target
        configure: WARNING: invalid host type: 2763{prefix}/share/info
        configure: error: expected an absolute directory name for –infodir: =

        Do I compile it on a wrong OS? Shell I merge the ./config arguments with the arguments in the /usr/src/coova-chilli-1.3.0/debian/rules file?

        • Did you try the export command first and then configure and compile ?

          • klima777

            Thank you for your reply.
            I tried that for about 3 or four times.
            Now the installation passes very quick and I get these at the end

            make[1]: Entering directory ‘/usr/src/coova-chilli-1.3.0’
            /usr/bin/make all-recursive
            make[2]: Entering directory ‘/usr/src/coova-chilli-1.3.0’
            Making all in bstring
            make[3]: Entering directory ‘/usr/src/coova-chilli-1.3.0/bstring’
            make[3]: Nothing to be done for ‘all’.
            make[3]: Leaving directory ‘/usr/src/coova-chilli-1.3.0/bstring’
            Making all in src
            make[3]: Entering directory ‘/usr/src/coova-chilli-1.3.0/src’
            make[4]: Entering directory ‘/usr/src/coova-chilli-1.3.0/src’
            make[4]: Nothing to be done for ‘all-am’.
            make[4]: Leaving directory ‘/usr/src/coova-chilli-1.3.0/src’
            make[3]: Leaving directory ‘/usr/src/coova-chilli-1.3.0/src’
            Making all in doc
            make[3]: Entering directory ‘/usr/src/coova-chilli-1.3.0/doc’
            make[3]: *** No rule to make target ‘all’. Stop.
            make[3]: Leaving directory ‘/usr/src/coova-chilli-1.3.0/doc’
            Makefile:313: recipe for target ‘all-recursive’ failed
            make[2]: *** [all-recursive] Error 1
            make[2]: Leaving directory ‘/usr/src/coova-chilli-1.3.0’
            Makefile:240: recipe for target ‘all’ failed
            make[1]: *** [CL.] Error 2
            make[1]: Leaving directory ‘/usr/src/coova-chilli-1.3.0’
            debian/rules:36: recipe for target ‘build’ failed
            make: *** [build] Error 2
            dpkg-buildpackage: error: debian/rules build gave error exit status 2

            It seems that something is missing in the debian/rules file. there is something similar what the ./configure …. command is.
            What effect does ./configure (with all its arguments) have?
            perhaps I should start a new fresh installation?

          • Did you update the file (line 54) as explained in the post :

            $(MAKE) DESTDIR=/ install

          • klima777

            No I haven’t. I understood from the post that I have to change the destination directory to something other.
            Now it seems that my system should be 32-bit so that it will work:

            This program built for x86_64-pc-linux-gnu
            Report bugs to
            debian/rules: 10: debian/rules: Shell: not found
            debian/rules: 10: debian/rules: DEB_HOST_GNU_TYPE: not found
            debian/rules: 11: debian/rules: Shell: not found
            debian/rules: 11: debian/rules: DEB_BUILD_GNU_TYPE: not found
            debian/rules: 14: debian/rules: Syntax error: word unexpected (expecting “)”)
            dpkg-buildpackage: error: debian/rules clean gave error exit status 2

            Thank you so much for help. I am installing CoovaChilli since three days at work and your tutorial helped me the most. I don’t understand why there is no real description at the github repository.

          • klima777

            deleted the previous compilation and compiled fresh and the .deb package appeared. I hope that it will work.
            @pihomeserver:disqus thank you sooo much. Meci much for this article and your fatigue.

  • Abraham Gomez

    Hello there!
    Thank you for the tutorial!

    This is my first real raspberry pi project and I believe I have come to a dead end.

    I tried everything and I hope you can help me out.

    root@raspberrypi:/etc/chilli# ls -l
    total 48
    -rw - r–r– 1 root root 6504 Jul 28 06:41 defaults
    -rwsr-x— 1 root chilli 405 Jul 28 06:41 down.sh
    -rwxr-xr-x 1 root root 13301 Jul 28 06:41 functions
    -rw - r–r– 1 root root 672 Jul 28 06:41 gui-config-default.ini
    -rwxr-xr-x 1 root root 567 Jul 28 06:41 newmulti.sh
    -rwsr-x— 1 root chilli 2486 Jul 28 06:41 up.sh
    drwxr-xr-x 2 chilli root 4096 Jul 28 06:41 www
    -rwxr-xr-x 1 root root 893 Jul 28 06:55 wwwsh

    Any ideas why I don’t have a config file? Should I create one?

    • Because dev tools are not installed on your system
      Try to install the package build-essentials

      • Abraham Gomez

        @pihomeserver:disqus Thanks for your reply.

        I was able to figure it out, but ran into another odd error.

        I seem to not have the /etc/chilli/config file after following your steps. I even manually created the config file just to see if it would work, but sadly it doesn’t.

        I see the end so close yet so far! 🙁

        • It should be a default file so I guess that there is an issue with the archive that you downloaded

          • Abraham Gomez

            wget https://coova.github.io/coova-chilli/coova-chilli-1.3.0.tar.gz
            I used this archive, because the one provided is not found

            I also found the following in etc/chilli/defaults:

            # -*- mode: shell-script; -*-


            # Coova-Chilli Default Configurations.

            # To customize, copy this file to /etc/chilli/config

            # and edit to your liking. This is included in shell scripts

            # that configure chilli and related programs before file ‘config’.


            # Local Network Configurations


            # HS_WANIF = eth0 # WAN Interface toward the Internet

            HS_LANIF = eth1 # Subscriber Interface for client devices

            HS_NETWORK= # HotSpot Network (must include HS_UAMLISTEN)

            HS_NETMASK= # HotSpot Network Netmask

            HS_UAMLISTEN= # HotSpot IP Address (on subscriber network)

            HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)

            HS_UAMUIPORT=4990 # HotSpot UAM “UI” Port (on subscriber network, for embedding $

            # HS_DYNIP=

            # HS_DYNIP_MASK=

            # HS_STATIP=

            # HS_STATIP_MASK=

            # HS_DNS_DOMAIN=

            # OpenDNS Servers

            HS_DNS1 =

          • It seems that the archive is not build like before … i see in the GIT that many files have been recently updated so i guess they changed the structure

  • Abraham Gomez

    Hey everyone, my research online has found that the Raspbian Jessie has made large changes to networking from Raspbian Wheezy. From what is looks like, the etc/network/interface file SHOULD NOT be touched while configurations where moved to another file /etc/dhcpcd.conf . Sadly, that is all the information I have right now. If anyone figure it out please let me know!

    Thank you

  • I just noticed there is an error in the compilation of coovachilli. It is –mandir=$${prefix}/share/man and
    –infodir = $${prefix}/share/info. Also there is an extra space in the infodir one.

  • Richard Yendoube Bomboma

    hi I want to thank you for this post is clear and has a level lisible.mais I bloquerMettre updates the default site configuration by activating the support
    PHP. The information is to be added (or remove comments) in
    la section server.
    At the line 25 (always default)

    index index.php index.html index.htm;

    And enable PHP support

    location ~ .php$ {
    fastcgi_split_path_info ^(.+.php)(/.+)$;
    fastcgi_pass unix:/var/run/PHP5-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    aufaite I know what file do I enable PHP support .
    Thank you

    • Hello. This is the default file located in / etc / nginx / memory-enabled websites
      It must of course be installed nginx

  • Antho

    Hello, installation nginx, I took this command :

    apt-get install -y php5-mysql php-pear php5-gd php-db php5-fpm libgd2-xpm libpcrecpp0 libxpm4 nginx php5-xcache

    This is what happens after validating :
    Reading package lists… Fact
    Construction of the dependency tree
    Reading state information… Fact
    E: Can not find libgd2-xpm package

    Looking hopelessly how to add this package but can not. Someone he has a board?

    Thank you

    • The package has changed name is now called libgd2-xpm-dev. It should be like this

      • Antho

        Thank you for your help actually now more worries at this level.

        As against this time I encounter an error 404 when I log on the ip of raspberry, I have checked the file structure has changed, everything is good since I have no error in nginx restart. There I blocks.

        • You have to look in the logs (/var/log/nginx) in the error file to know which file it wants to reach and it can not find

          • Antho

            Hello, here is the error that spring :
            08/09 14:03:46 [error] 791#0: *10 directory index of “/var / www / html /” is forbidden, client:, server: _, request: “GET / HTTP/1.1”, host: “”

            I find it very strange, Daloradius the file must well be in / usr / share / nginx / www and not in / var / www / html?

            Thanks for your help

          • The configuration of the server points to / var / www / html (in the file default variable / root attribute)
            We must put the value corresponding to your directory and make sure the user www-data (which is the default user to nginx in principle) has read rights

          • Antho

            I just did the mod, Daloradius placed the file in / usr / share / nginx / html,
            connecting me hard “IP du Rasp”/daloradius I obteint a blank page, I have the strong impression that the display of php pages is not done.
            I did a lot of tests, I do not see how to make sure the service is running.

            It kills me to be so close to the goal and whacked on that, I burn. 🙂

          • Antho

            Is functional!!! he had to do a mod in the / etc / nginx / sites-enabled / default, replacing “include fastcgi_params;” by “include fastcgi.conf;”

            source : https://www.vincentliefooghe.net/content/php-nginx-page-blanche-lors-lappel-dun-script-php

            Again thank you for your help

  • Olivier

    the entire installation went well ; no error messages, navigation is really fluide.mais when I try to connect to Daloradius I have a message
    404 not found

    I tried the antho proposal but without success

    Thank you

    • Hello
      We must look at the error message in the log nginx to have a track start. Is the dolaradius directory is in the right place ? Accessible ?

      • Olivier

        daloradius is under NGINX :
        I corrected the default file “root /usr/share/nginx/html” and with the mod of Antho ” make a mod in the / etc / nginx / sites-enabled / default, replacing “include fastcgi_params;” by “include fastcgi.conf;” –> everything works perfectly.

        Thanks to all


  • In finalizing the installation on a Raspberry 3, once connected to the hotspot authentication after I ERR_EMPTY_RESPONSE an error when redirecting to the page login.chi
    The problem comes MacOS and Android.

    An idea ?

  • John Jules Vivas

    is there a way that it can backup and restore most viewed videos so that it wont load from the internet again and again?

    • Yes with squid as a transparent proxy

      • John Jules Vivas

        do you have tutorial for that sir? and can it be apply with this setup too?

        • I have a separated one on this blog but not linked to coova. You can try to adapt it (is still work on it)



    I have a problem when access to my wifi network,I create the user “usertest” and password “passwd” but when I connect with,the interface sends me an error of the kind: “Username and/or password was not valid”

    Or that I tested with this command “radtest usertest passwd localhost 0 testing123” and there are those which result appears:

    Sending Access-Request of id 67 to port 1812

    User-Name = “usertest”

    User-Password = “passwd”

    NAS-IP-Address =

    NAS-Port = 0

    Message-Authenticator = 0x00000000000000000000000000000000

    rad_recv: Access-Accept packet from host port 1812, id=67, length=20

    pi@raspberrypi:~ $

    Does someone can help me???

    • I think coovachilli configuration is not correct and does not use data la.base radius that contains the users


        So how can we configure it using the radius database???

        For information,I had to create my own chilli configuration file in / etc / chilli because there were not when downloading, I then copy its contained after the site sivant: https://forum.ubuntu-fr.org/viewtopic.php?id=1002791
        After I changed to be functional,then I continue to follow the tutorials.

        • Is the configuration that has been copied is consistent with that section in settings ? Because the problems that can come from in my opinion because freeradius your valid user and coovachilli valid connection to hot-spot
          You took or archive coova ?

  • Lucas

    Hi have two errors:
    insserv: warning: script ‘K01chilli’ missing LSB tags and overrides
    insserv: warning: script ‘chilli’ missing LSB tags and overrides

    pls help me for it.

    • Hello. It’s not errors but warnings and it’s due to a missing header in the script but the header is not mandatory so it’s not blocking

      • Lucas

        OK, tks

  • Chintan Patel

    Can you please upload the Images of Rapberry pi OS after conplete installation.

  • Prasan Dutt

    Freeradius step 5, I found out that “$INCLUDE sql.conf” is line number is 743.

    • You have to uncomment to use sql

      • Prasan Dutt

        I mean to say that line number was different.
        I followed all the steps correctly (uncomment sql lines), but not getting response from port. If there is no any other reason that can cause such problem, then I’ll try again.

        • Seeing your screenshot your freeradius is not running. Check logs to get info
          Also search comments here are some advices that could help you

          • Prasan Dutt

            I needed to reboot the pi to make it work. Thanks 🙂

  • Lucas

    Hi in which file I include the lines. (daloRADIUS)
    5.Update the default site configuration by enabling PHP support. The information is to be added (or remove comments) in the section server.
    At the line 25 (always default)
    index index.php index.html index.htm;
    And enable PHP support

    location ~ .php$ {
    fastcgi_split_path_info ^(.+.php)(/.+)$;
    fastcgi_pass unix:/var/run/PHP5-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;

    • In the nginx configuration file that is in sites-enabled folder

      • Lucas

        OK, in web page: http://myserver/daloradius/

        403 Forbidden


        can you help me?

        • It’s related to your Nginx configuration. Check folder rights and adapt them. Should not be root but www-data user

    • Lucas

      ok tks

  • Lucas

    the home page (index) of nginx is ok!

    more web page: http://myserver/daloradius/
    403 Forbidden
    can you help me?

  • Prasan Dutt

    Following all the steps carefully, I got the final error when I try to open daloradius in chrome browser as “502 Bad Gateway nginx/1.6.2”

    Only one problem during installation was “unable to locate libgd2-xpm”. Is this the issue or something else?

  • SEB

    I have a desire to start Daloradius.

    I can not access to the web interface.

    In the logs of nginx I have this message :
    invalid number of arguments in “root” directive in/etc/nginx/sites-enabled/default:33

    This line is register :
    root /usr/share/nginx/html

    I can not start the nginx Service.

    Thanks for your help

  • Tom Domenge

    to integrate a small squid redscoks did the trick :

    # Define various configuration parameters.

    TMP=/tmp/subnetproxy ; mkdir -p $TMP
    SUBNET_INTERFACE=wlp2s0 #interface wifi
    SUBNET_PORT_ADDRESS=$(ip -o -4 addr list $SUBNET_INTERFACE | awk ‘{print $4}’ | cut -d/ -f1) #Automatic recovery of IP
    INTERNET_INTERFACE=enp025 #ethernet

    #redsocks configuration

    Base {
    log_info = on;
    log = "file:$REDSOCKS_LOG";
    daemon = on;
    redirector = iptables;
    also prepared {
    local_ip =;
    local_port = $REDSOCKS_TCP_PORT;
    ip = proxy;
    port = 8080;
    type = http-relay; #or socks

    # To use tor just change the redsocks output port from 1080 to 9050 and
    # replace the ssh tunnel with a tor instance.

    # start redsocks

    sudo redsocks -c $REDSOCKS_CONF -p /dev/null

    # proxy iptables setup

    # create the REDSOCKS target
    sudo iptables -t nat -N REDSOCKS

    # don't route unroutable addresses
    sudo iptables -t nat -A REDSOCKS -d -j RETURN
    sudo iptables -t nat -A REDSOCKS -d -j RETURN
    sudo iptables -t nat -A REDSOCKS -d -j RETURN
    sudo iptables -t nat -A REDSOCKS -d -j RETURN
    sudo iptables -t nat -A REDSOCKS -d -j RETURN
    sudo iptables -t nat -A REDSOCKS -d -j RETURN
    sudo iptables -t nat -A REDSOCKS -d -j RETURN
    sudo iptables -t nat -A REDSOCKS -d -j RETURN

    # redirect statement sends everything else to the redsocks
    # proxy input port
    sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT
    –to-ports $REDSOCKS_TCP_PORT

    # if it came in on eth0, and it is tcp, send it to REDSOCKS
    sudo iptables -t nat -A PREROUTING -i $SUBNET_INTERFACE
    -p tcp -j REDSOCKS

    sudo iptables -A INPUT -i $SUBNET_INTERFACE -p tcp –dport $REDSOCKS_TCP_PORT
    -j ACCEPT

    • SEB


      I am trying to integrate too squid.

      I have this message with your commands IPTABLES :

      iptables: No chain/target/match by that name.

      Thanks for your help

      • Can you contact me through my email box as these exchanges are likely to be long and pollute the thread of discussion (pihomeserver at gmail dot com)
        Et j’ai la réponse 😉

  • Farouk Hmida


    So here it goes. J’utilise un Pi 3 et je ne sais pas la configuration est la même. Je bloque à la partie où je dois compiler Coovachili avec dpkg-build package. je reçoit toujours les mêmes erreurs:

    cc1: all warnings being treated as errors
    Makefile:755: recipe for target ‘main-opt.o’ failed
    make[4]: *** [main-opt.o] Error 1
    make[4]: Leaving directory ‘/usr/src/coova-chilli-1.3.0/src’
    Makefile:813: recipe for target ‘all-recursive’ failed
    make[3]: *** [all-recursive] Error 1
    make[3]: Leaving directory ‘/usr/src/coova-chilli-1.3.0/src’
    Makefile:313: recipe for target ‘all-recursive’ failed
    make[2]: *** [all-recursive] Error 1
    make[2]: Leaving directory ‘/usr/src/coova-chilli-1.3.0’
    Makefile:240: recipe for target ‘all’ failed
    make[1]: *** [CL.] Error 2
    make[1]: Leaving directory ‘/usr/src/coova-chilli-1.3.0’
    debian/rules:36: recipe for target ‘build’ failed
    make: *** [build] Error 2
    dpkg-buildpackage: error: debian / rules build produced a type of output error 2

    Si quelqu’un pouvait m’aider, je lui serai très reconnaissant.
    Also, pourrez-tu ,PI Home Server, ou quelqu’un d’autre, explain what we have done by choosing the compatibility ( echo 9 > debian/compat) ? I think that might be related to my issue.

    Pending read you.

    • Vous avez essayé le script d’installation automatique (link at top of this article) ? It works perfectly on a model 3

      • Farouk Hmida

        Yes, I then problems with freeradius who want to settle and dpkg tells me an error code 1.

        • There is also a problem because the script works perfectly and has been validated by several people on b + models 3 (with built-in Wi-Fi for v3) . Try to start the installation by following the instructions Git repo

          • Farouk Hmida

            I'm afraid you are right. I misconfigured freeradius and mysql and now I can not even reinstall Freeradius. Could you tell me how I can go back and undo all the changes and start over, without reinstalling the OS ? Thank you

          • A blind not. Impossible to know the actions done or not. It's easier to start from scratch

          • boyezen

            je viens de faire une install sur un PI3 b+ .sd=8gb
            apt-get update && apt-get upgrade
            apt-get install raspi-config
            là utiliser le menu pour resizer.
            install apt-transport-https
            apt-get update
            1c——— activier wifi —– option ?
            apt-get update
            apt-get install firmware-brcm80211 pi-bluetooth wpasupplicant
            2 ——–
            apt - get install git
            git clone https://github.com/pihomeserver/Pi-Hotspot.git
            3—— exécuter le script
            cd Pi-Hotspot
            chmod +x pihotspot.sh

            UN GRAND Merci pour le script .
            je vais voir pour personnaliser la slashpage de coova .

      • Farouk Hmida

        Je reviens à mon raspberyy 3. Je repars d’une feuille blanche. mais hélas, je bloque toujours sur la compilation de coovachili ( j’ai une telle erreur _options.uamdomains[I ] = STRDUP(took); dans la fonction main d’un certain script. L’installation automatique avec le script plante aussi.

        An idea? j’ai suivi à la lettre le tuto ( qui est confirmé par d’autre sites 🙂 )

        • Hello. L’idéal est de passer par le script et de regarder dans la log générée.
          What is the distribution that you use as a base ?

          • Farouk Hmida

            I have a RPI3 under Raspbian I just reinstalled ( an nth time). This time I went with a white sheet and carried automatic cript. here is the error I receive:

            ** Starting CoovaChilli service
            ** Cheching if interface tun0 has been created by CoovaChilli
            ** Unable to find chilli interface tun0

            I wonder or is it fear that ca steeple. Is it the fact that my raspberry has a armv7 processor architecture instead of 8, reducing performance? Any help is welcome me.

          • I do not know if the script with Raspbian passes being given everything settles more like package. It takes from one installation to the light version of Raspbian be even better distribution of the netinst which I give the link or that is on my git

          • Farouk Hmida

            All right. I'll try with the lite version of Raspbian. I would also try with a RPI1. What you advise me Bones ? RspBMC , archlinux ..?

          • Farouk Hmida

            That that it works. Thank you very much for your help. Part of the answer to my last question would be welcome.

  • denis

    To begin, Congratulations to this site and the work that is proposed.
    I installed the automatic version is a functional PI3, Installation without any problems.
    My question is this : I wish, once the person “logged in somewhere”, it is redirected to a website installed locally on PI ( wordpress or Joomla e.g. ). Je connais un peu linux mais je cale sur cet aspect ;-).
    Si vous avez une idée ?
    Thanks in advance

    • Hello. Content que ca fonctionne 🙂
      Pour moi il s’agit de mettre en place une iptable qui forcera le flux à passer par un serveur local genre :

      iptables -t nat -A PREROUTING -p tcp -m multiport –dport 80,443 -i eth0 -d W.X.Y.Z -j DNATto-destination W.X.Y.Z

      Avec W.X.Y.Z l’ip du serveur local
      Après je suis pas expert iptables 🙂 Je suis preneur de la solution

      • denis

        I'll take the test and come back here to give the info Thank our rapid response.
        PS: by reading the posts, I saw that I was not the only one looking this solution ;-). He had to click on load more. Tiredness …
        Good end of year festivities pending

      • Alain bron

        Hello, merci bien pour toutes ces informations qui fonctionnent bien.
        J’ai ajouté cette séquence en l’adaptant à ma config ( et ça marche mais bizarrement c’est en étant connecté sur le Pi en wifi, it is under the address Pi on the server ( I'm the site (spip) which is on the Pi .

        • Hello
          The server exposes the well site on the right interface ?

          • Alain bron

            The customer computer wifi PI out an address And interviewing the website under the address (IP address on the LAN) I have a site that is on PI ! I'm using nginx on the IP instead of Apache as the web provider.
            Under the address I then valid DOLARADIUS login screen, not the IP Site.

          • Daloradius appears on the local interface. So if the site appears on the other is that there must be a reversal of interfaces in the configuration nginx. Start your search here

  • scott

    error expected absolute directory name for –infodir: =

  • Farouk Hmida


    May I ask how you change the time of session? I find myself quickly disconnected and am forced to go through the captive portal.

    Thank you

    • Hello
      With the attribute session-timeout
      Look attributes radius to configure users

  • michel

    Regarding the secret word testing123
    in /etc/freeradius/clients.conf file

    If you want to change you will also change
    in the / etc / chilli / defaults

  • Nicolas Bruls

    Hello, I have a little problem I see no log or the users online .

    • The message comes from what action ?
      No need to do other actions as in the tutorial so something has not gone well

      • Nicolas Bruls

        I click overs then log and then any log . I have the same worries if I want to change the SMTP server if I click apply ca shows me an error

        I followed the tutorial , I did all the tutorial after sudo -i I had no error message

        • You can watch the nginx log in / var / log for the complete message.
          It is possible that an error is due to the fact que.le.fichier log or outside the root www therefore unauthorized

          • Nicolas Bruls

            I have nothing moves . or change in the script for now

          • Nicolas Bruls

            I have to chmod 777 concerned about the log file and it seems to show now log . but for some boot log I have nothing . then I know that file is concerned ? sorry for accent but I'm keyboard US. bcp thank you anyway

          • Nicolas Bruls

            I see no error in the log nginx … yet I have not followed the tutorial was not your script .

          • For encryption password I've never tested so it may be necessary to make configuration adjustments

  • Nicolas Bruls

    Another small problem, When I created a user and I selected cleartext password no worries I know connects me to the captive portal for wifi by cons if I chose another type of password ( crypted, chap , sha , … ) he said invalid password . an idea ? has what serves the password type ?

  • Thomas

    Hello, thank you for this tutorial I wanted to know what the DHCP server process gerai .
    Thank you

  • lordof weed

    Thank you for this wonderull useful blog.
    I followed all the steps completely, But I didn’t find out the passwort to log in to the coovachilli.
    I tried username “chilispot” password “chillispot” and username “usertest” password “passwd”.

    • Hi. Please read the post and the part with daloradius (management tab). You have to create a user and define an attribute password with the expected value. Then you can use this user to log in

  • Dom2310

    Hello,and THANK YOU for tutorial and self script. Despite some problems with different distro that came not up to tun0 suggestion boyezen helped me. Good continuation.

    • Hello. The latest version of the script is to solve this problem and offers a customizable interface

  • Raul Barragan

    I downloaded the kupiki hotspot from this site: https://drive.google.com/file/d/0B5CzDtjmXSaySVNPZ1A1VkYtVFk/view
    but the credentials your provide are not correct.

    user: pi
    password: pihotspot

    Could you please help me with the credentials? Thanks. Nice work with the tutorial by the way, i could do my captive portal in three steps just like you say. But now i want to run your own kupiki images, thats why im locking for the credentials.


    • Hi
      Should be correct. Can you please try pi / raspbian ?
      Be careful that it’s an old version of raspbian and of the script. You should use the latest script from GitHub on a fresh Raspbian Lite

      • Raul Barragan

        No, ir doesnt work, thanks by the way. I will use the GitHub script.

        Do you know how to integrate facebook like button? I put the source code. But it doesn’t work, I think because it need internet connection on the captive portal. I wanted to ask for a like to enter to internet, but I saw that facebook policy doesn’t allow this. So… i just want to put the like button just to try to generate more likes… if you know how to do that will be so great! Thanks!

  • Rimte Rocher

    I moved daloradius but can not add a user, when I click on new user, I arrive on the new page but I do not see the form.. In the console I kind of strange errors
    mng-new.php:175 Uncaught ReferenceError: DHTMLgoodies_formTooltip is not defined
    at mng-new.php:175
    (anonymous) @ Mng-new.php:175
    mng-new.php:742 Uncaught ReferenceError: autoComEdit is not defined
    at mng-new.php:742
    Have you seen something like?
    Thank you

    • Hello
      No. Try and do a reinstall daloradius control over php. It should not be any such error

      • Rimte Rocher

        Thank you, you mean by control over php? chmod?.. I believe

        • A page phpinfo works

          • Rimte Rocher

            Ok I see, yes indeed work ca ca!