PK I%D4vIC IC tollgate-latest/licensing.html
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
A full copy of the license is available in the file /LICENSE.
Please be specifically aware of Section 13 “Remote Network Interaction; Use with the GNU General Public License.” This requires you to make modifications to this software available to network users. The easiest way you can do this is by making a publicly available Git repository for your users. (GitHub has a nice ‘fork’ option, which makes it easy for me to track this stuff...)
A notice will appear on all pages unless you set the SOURCE_URL setting to a location where the source code is stored. This is enforced as some members of the LAN community in my experience are “lax” about following licensing obligations. Removing the code that enforces this does not exempt you from the agreement - it is only there as a reminder and to assist you in license compliance.
Pushing your changes upstream is a great thing to do – it not only assists other users of the software, but also assists you as internally-developed features don’t have to be patched in every time there is a new release.
This software uses flot, a jQuery library for generating charts, copyright 2007-2009 IOLA and Ole Laursen. It’s terms are as follows:
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
flot itself also includes:
Add the tollgate repository, or grab the rpms manually.
You can install the tollgate repository by running:
yum localinstall --nogpgcheck 'http://repo.tollgate.org.au/pub/fedora/tollgate-repo.noarch.rpm'
Install tollgate by running:
yum install tollgate
Make sure your networking is set to start on boot.:
systemctl enable network.service
systemctl start network.service
We need to allow certain traffic into our system. This should be configured by iptables. An example set of rules can be found in example/fedora/iptables and should be placed into /etc/sysconfig/iptables. Once you have configured these rules, reload iptables with:
systemctl restart iptables.service
We can setup the network either with DNSMASQ or ISC-DHCP and BIND9. This will document how to install ISC-DHCP and BIND9.
Install the packages:
yum install dhcp bind bind-utils
Setup your LAN facing network device with a static IP address. There is an example of this in example/fedora/ifcfg-lan, and the file you want to edit will be /etc/sysconfig/network-scripts/ifcfg-DEVICENAME.
Additionally, ensure that your internet facing device is set to ONBOOT="yes"
Once configured run.:
ifup DEVICENAME
Next, we setup ISC-DHCP. This will provide DHCP addresses to your LAN network. Make sure you get this right, else you will have a DHCP conflict on your Internet side. There is an example config in example/fedora/dhcpd.conf.
Before you can start DHCP, you must create the rndc key that will be shared with named. Run the command:
rndc-confgen -a -r keyboard -b 256
chown named:named /etc/rndc.key
Now ISC-DHCP can be started:
systemctl enable dhcpd.service
systemctl start dhcpd.service
Check systemctl status dhcpd.service and /var/log/messages if you encounter issues.
Next named.conf needs to be configured. There is an example of this in example/fedora/named.conf. This is a modification of the default named.conf.
Additionally, you must configure the forwards and reverse zones to match for ISC-DHCP. There are example zones in example/fedora/named/. These should go into /var/named/dynamic/.
Please note, we have provided a zone for conntest.nintendowifi.net. This is also aided by a component in HTTPD (Documented later). This is to allow the Nintendo DS, Nintendo DSi and Nintendo Wii wireless connection test to complete, so that the Access point can be associated with. If this is not avaliable, Nintendo devices will be unable to join the wireless access point.
Now BIND9 is picky about permissions, but afterwards, can be started:
chown named:named /etc/named.conf
chown named:named /var/named/dynamic/*
systemctl enable named.service
systemctl start named.service
You can check that bind it working from the server, by running a query against localhost. In this case, we also try zone transfers (axfr):
dig @127.0.0.1 example.lan A
dig @127.0.0.1 example.lan axfr
dig @127.0.0.1 dhcp.example.lan axfr
dig @127.0.0.1 1.0.4.10.in-addr.arpa PTR
dig @127.0.0.1 0.4.10.in-addr.arpa axfr
dig @127.0.0.1 conntest.nintendowifi.net A
From a client connected to the LAN side, you should NOT be able to carry out a zone transfer, but you should see the A and PTR records returned:
dig @10.4.0.1 1.0.4.10.in-addr.arpa PTR
dig @10.4.0.1 tollgate.example.lan. A
dig @10.4.0.1 conntest.nintendowifi.net A
dig @10.4.0.1 example.lan axfr
When a client connects you should see messages in /var/log/messages like:
tollgate dhcpd: DHCPREQUEST for 10.4.0.10 from 00:00:00:00:00:00 (Franky) via p1p1
tollgate dhcpd: DHCPACK on 10.4.0.10 to 00:00:00:00:00:00 (Franky) via p1p1
tollgate dhcpd: Added new forward map from Franky.dhcp.example.lan. to 10.4.0.10
tollgate dhcpd: Added reverse map from 10.0.4.10.in-addr.arpa. to Franky.dhcp.example.lan.
If you see messages like:
tollgate dhcpd: Unable to add forward map from Franky.dhcp.example.lan. to 10.4.0.10: not found
Then you have made a mistake somewhere. Check that the rndc-key permissions are set to named:named, that dhcpd and named have been reloaded, that you have the correct control statements in named.conf and that in dhcpd.conf you have the primary option either as an ip or a resolvable hostname - We recommend this be the same as the IP in the named.conf control statement.
Django supports a number of SQL servers for it’s operation. We have extensively tested MariaDB (Formerly MySQL) with Tollgate. However, PostgreSQL and SQLite are also valid options.
We have extensively tested Tollgate with MySQL and MariaDB. Additionally, they support replication features which allows for retrospective conversion to a clustered setup.
First install the mysql packages.:
yum install MySQL-python mysql-server mysql
Now you need to setup the database. We advise you to remove the anonymous users and test tables, as well as setting a strong root password.:
systemctl start mysqld.service
mysql_secure_installation
Now we need to login to mysql, to create the database and tollgate user.:
mysql -u root -p
mysql> create database tollgate;
mysql> create user 'tollgate'@'localhost' identified by 'password';
mysql> grant all privileges on tollgate.* to 'tollgate'@'localhost';
mysql> flush privileges;
Keep these details for when you configure the settings.py - You will need to remember the USER, NAME and PASSWORD. The HOST setting will be localhost.
Apache HTTPD is what provides the majority of Tollgate functionality. We highly recommend that you install mod_ssl, mod_nss or mod_gnutls, since tollgate requires user authentication’s to be sent via the HTTP channels. Our examples below will cover the usage of mod_ssl.
We create certificates for use with Tollgate.:
cd /etc/pki/tls/private/
openssl genrsa -out tollgate.key 2048
openssl req -new -key tollgate.key -out tollgate.csr
It is CRUCIAL at this step, that when asked, you put in your servers hostname in the Common Name field.:
Common Name (eg, your name or your server's hostname) []: tollgate.example.lan
Either you can send this CSR to be signed by another CA, or you can self sign. Either way, your resultant certificate should be tollgate.crt. Below is how you self sign your certificate:
openssl x509 -req -in tollgate.csr -days 365 -signkey tollgate.key -out tollgate.crt
Now you should reconfigure the ServerName and ServerAlias parameters in /etc/httpd/conf.d/tollgate.conf. Please note the VirtualHost for conntest.nintendo.net. Do not modify this VirtualHost.
Next you must edit /var/www/tollgate/tollgate_site/settings.py. Fill in the DATABASE section with your SQL server information. Finally, at the bottom of the settings.py fill in your LAN details as needed. Check to make sure all values seem sane for your environment.
Additionally, you should configure the SOURCE_URL parameter to ensure that you uphoad your AGPL obligations. If you DO NOT modify the tollgate source code (With the sole exception of the configuration files) this obligation can be met by sharing the source RPMs to the package. The source url parameter you can use is SOURCE_URL='https://tollgate.example.lan/source/' To retrieve these, run the following commands. The HTTPD configuration doesn’t need alteration to support this configuration.:
yum install yum-utils
yumdownloader --source tollgate --destdir /var/www/tollgate/source
NOTE: If you are using mysql, you must add to your settings.py USE_TZ = False
Finally, we need to sync the database, and collect the static components ready for deployment.:
cd /var/www/tollgate/tollgate_site
python manage.py syncdb --noinput
python manage.py migrate --noinput
python manage.py collectstatic --noinput
python manage.py createsuperuser
If you are running on MySQL or MariaDB, you will also need to patch the tables that Django has generated to allow big quota usage values, otherwise it will stop counting at 4GB:
python manage.py mysql_bigint_patch
Now you should start httpd.:
systemctl enable httpd.service
systemctl start httpd.service
You should configure /etc/tollgate/backend.ini with your site details. Additionally, you should configure /etc/sysconfig/tollgate with the correct DNS name of your tollgate.
You can now start the tollgate backends.:
systemctl enable tollgate-backend.service
systemctl enable tollgate-captivity.service
systemctl start tollgate-backend.service
systemctl start tollgate-captivity.service