ControlAP

ControlAP Loader is available for Mac OS X, Windows and Linux.

Screenshot (Windows):

Network Configuration(s):

On the left, using a modem/router combo (or an additional router). On the right directly connecting to the Internet (modem only) and also illustrating how to extend coverage with additional AP(s).

Note that the 2nd AP is not running ControlAP but its DHCP server must be disabled (from Linksys web admin) as ControlAP will be assigning addresses to all clients (adjust ControlAP's DHCP IP range for clients as necessary, e.g. 192.168.1.3 thru 192.168.1.200 from ControlAP's web admin).

Recommended AP: WRT54GS V4 (Serial CGN5)*
*WRT54GS is recommended over the WRT54G because it has twice the memory (but may not be the case with some V4 models)

In addition to Linksys WRT54G, WRT54GS, and WRT54GL, you can upload ControlAP Hotspot software into other brand name APs using a third party firmware such as OpenWRT and Talisman.

Recommended firmware:

Additional Manufacturers supported with third party firmware (OpenWRT):

Asus WL-300g, WL-500bv1, WL-500g, WL-500g deluxe *, WL-HDD
Buffalo WBR-B11, WBR-G54, WBR2-G54S, WLA-G54, WLA2-G54L
Dell TrueMobile 2300
Microsoft MN-700
Mototola WR850G, WR850GP
Ravotek W54-RT, RT210w
Siemens SE505

For a complete list and installation notes: http://wiki.openwrt.org/TableOfHardware

Uploading ControlAP into default Linksys firmware for WRT54G/GS/GL:

Using the default firmware allows you to power down your AP to revert back to the Linksys web interface and voiding your warranty, but requires reinstalling with every powerup. Use this to initially test but consider replacing firmware for best performance.

Note: Not all versions and Linksys firmwares will support third party software. If you still want to use a Linksys firmware instead of a third party firmware like OpenWRT or Talisman, you have to use an older Linksys firmware depending on the AP version (see bottom of AP) if no version, it's V1

For WRT54G V1-2 use
ftp://ftp.linksys.com/pub/network/WRT54GV2_3.01.3_US_code.zip

For WRT54GS V1 use
ftp://ftp.linksys.com/pub/network/WRT54GS_3.37.2_US_code.zip

WRT54GS 1.1 with a firmware version 4.50 works
WRT54G V3.1 with firmware V4.01.2 works

1) Using a wireless client connect to your AP (or wired to one of the 4 ports) and make sure you have Internet access. Now run ControlAP Loader and specify the AP's LAN IP address. The default is usually 192.168.1.1 as shown above. Enter the username and password as you would for the Linksys Web administrator (http://192.168.1.1)

2) Use the Check Linksys Version button to verify the connection. You should see which firmware version you are running and if it may not be compatible it will be indicated (see * note below)

3) Press the Upload ControlAP button to upload and run ControlAP. To see the captive portal page, you should reconnect to the AP or renew your IP address. ControlAP's web administrator is at:
http://192.168.1.1:8090/admin

You can also use ControlAP's web admin to change IP addresses, set the SSID, set PPPoe/Auto/Static IPs and run unix commands inside the AP. After uploading ControlAP, set the static IP back to DHCP (Obtain IP automatically) on your PC if you set it to static in order to get an IP address from ControlAP. ControlAP will not display a splash page to those who try to set a static IP to circumvent access. This is a security measure. Only clients who have been assigned an IP address by ControlAP will get a splash page.

For the loader to work, you must have previously configured the Internet adapter settings of the Linksys WRT54G to either use a static IP for the Internet connection or make sure a DHCP IP address is currently assigned and there is Internet access.

ControlAP Configuration:

Once uploaded, use ControlAP's web administrator available at http://192.168.1.1:8090/admin

Set the settings desired and if you are using the default Linksys firmware, save the configuration (config.txt) into the controlap folder found in the controlaploader folder on the PC. This is necessary should you lose power since settings are not permanent when using the Linksys firmware. You can also preconfigure web pages in the controlap/web folder so that they get uploaded whenever ControlAP gets uploaded.

You can also use the loader program to telnet into your Linksys AP with the default firmware but prior to uploading ControlAP as loading ControlAP removes the Linksys web admin. To do so with ControlAP running requires checking the debug checkbox (uses more memory).

Rebooting from the loader only reboots if the Linksys web admin is running, otherwise use ControlAP's web administrator to reboot.

To handle power outages (when using the default Linksys firmware), the loader can be automated to run periodically without user prompts by running in the command line mode (see -h for help when run from the command line) or by setting cmdline=true in settings.txt. Use the task scheduler (Windows) or cron (Mac/Linux/Unix) to schedule uploading ControlAP periodically (e.g. once every night).

For installation and debugging, ControlAP's web admin can be accessed from any IP address. To secure access please change the default from "*" to a specific IP address or addresses using the ControlAP web administrator.

Note: For help with general ControlAP settings and operation refer to Online Help from the ControlAP web administrator. Note that references to network settings for the PC version may not apply to the embedded AP version of ControlAP. Refer to diagram above and your AP's web administrator to change network settings.

Uploading ControlAP and replacing firmware with OpenWRT
(may be modified for use with other third party firmware)

Select Using OpenWRT Firmware tab and follow instructions there.
(the links below are also provided from within the loader).

Download the latest OpenWRT firmware for Linksys WRT54G or WRT54GS:

All other APs (non-Linksys) should use the .trx firmware files. See documentation at http://openwrt.org for more support information for additional APs.

Note: Set a static IP address (from network settings, TCP/IP Properties) on the PC adapter connected to the AP (wired or wireless) to be in the same subnet scope. For example, use 192.168.1.2 to connect to an AP at 192.168.1.1 in order to avoid losing an IP address during reboots and especially during a firmware upload.

NOTE: The easiest way to upload any firmware is to use the Firmware Upgrade option from the Linksys web administrator

However it's recommended to use the following 2 steps instead as the recommended fail safe method, meaning you can interrupt this process and keep retrying (unlike the Linksys's firmware upgrade). With this TFTP method however, you must use one of the LAN ports with an ethernet cable.

1) Run controlaploader and select TFTP Firmware Uploader tab.

2) a) Power off AP
b) Click on Select Firmware File and Upload and select a file e.g. openwrt-wrt54gs-squashfs.bin
c) Power up AP

Note: TFTP firmware uploads to Linksys APs must use 192.168.1.1 even if AP is configured otherwise. This IP address is just for firmware uploads and available only during power up by the Linksys AP.

Once the firmware is uploaded please allow several minutes (as much as 5-10 minutes) while it configures the file system. Note: do not set a ssh password yet until after you upload ControlAP.

Uploading ControlAP:

3) Click on the Upload ControlAP button in the Using OpenWRT Firmware tab. This downloads kaffe-openwrt.tar.gz (an additional file required by ControlAP) if not already done so, uploads the controlap folder, initializes and reboots the AP.

After rebooting it may take a few minutes before ControlAP starts accepting clients the first time.

Make sure that you are connected to the Internet when booting.

ControlAP's web administrator is available at http://192.168.1.1:8090/admin For installation and debugging, ControlAP's web admin can be accessed from any IP address. To secure access please change the default from "*" to a specific IP address or addresses using the ControlAP web administrator.

Note: If you telnet into OpenWRT, the firmware will now allow you to enter a password to use the built-in ssh server and will disable telnet. Do not do so until after you've installed ControlAP. If you wish to continue to use telnet after disabling it, you must remove the ssh password by reverting the file /etc/passwd to its original form:

root:!:0:0:root:/tmp:/bin/ash
nobody:*:65534:65534:nobody:/var:/bin/false

To restore a wrt54g or wrt54gs to the Linksys firmware after replacing it with OpenWRT (or another firmware) make sure you first have the boot_wait nvram variable set to on (from telnet or ssh issue the commands: "nvram set boot_wait=on" and "nvram commit"). You must use controlaploader (or other similar tftp client) and use the appropriate Linksys firmware files as previously indicated above.

Troubleshooting and Advanced Usage:

Add rebootonrestart=true to address scheduling issues (fails to start) or when low on memory. Previously, ControlAP would restart ControlAP only.

Known issue with scheduling downtime: make sure current time is correct in
web administrator->advanced. If not, simply update page (with correct TZ offset) to reset time.

If you want to make sure you can upload a firmware greater than 3M bytes, upload the Linksys firmware 2.02.7 or 2.07.1 first, (see above) then use the firmware upgrade option from the Linksys web interface to upload a firmware that's greater than 3Mb (note however that it may be possible to use ControlAP's tftp firmware loader instead).

If you can't upload any firmware, try running 'nvram set boot_wait=on' followed by 'nvram commit' from a telnet session first.

If you can't upload ControlAP with OpenWRT (read only partition errors), it's possible that OpenWRT resulted in filesystem issues when reflashing the firmware more than once or on certain new APs. To correct the problem, telnet into OpenWRT and run 'firstboot' followed by 'reboot'.

Please be patient, as OpenWRT may take several minutes when booting the first time. You can keep trying to telnet until you can connect to verify the firmware has uploaded but note that it may still be in the process of booting. To see running processes use the 'ps' command and make sure firstboot has completed upon booting.

To enable the OpenWRT's web admin run the web server on a different port, from command line or from ControlAP web admin: httpd -p 81 -h /www -r OpenWrt where port is 81 in this example.

Note: You must open port 8000 on your host machine to allow file transfers to the AP from the host machine when uploading ControlAP using the OpenWRT (or a third party firmware) using the loader's built in web server.

Troubleshooting tips: Make sure a client can ping to the gateway(ping 192.168.1.1), resolve host names (nslookup [domain]), and access login page directly. If hard coding the dhcp servers in the AP for WAN connections, try a different order and make sure you can resolve hosts inside the AP.

For advanced users, you can also the current NAT table using iptables -n -L -t nat and the current dhcptable with the web administrator: http://[ap ipaddress]:8090/admin/dhcptable

You can easily transfer files back and forth using a scp client (requires enabling ssh). (Windows users can use Winscp).

An additional troubleshooting guide is available here.

Advanced Usage:

Custom Firewall: provided is an iptables based firewall script, named 'fwfw'. Carefully edit this script to create a custom firewall for your AP network. When 'fwfw' is renamed to 'fw' it will be loaded and run when ControlAP is uploaded with the ControlAP Loader (Linksys firmwares only). For example, this is useful to add additional protection to internal lan (wired computers connected to the external router) from wireless users, and to add custom rules and filters, such as limiting access to destinations or other users. OpenWRT users refer to the /etc/init.d/S45firewall startup script instead. Other firmware users should refer to that firmware's documentation for startup scripts and firewalls.

Remember that ControlAP Loader also has the option to run from the command line to run as a daemon or service or to schedule execution for automation by using the console command option.

Optimization:

For optimal and effective firewall usage, from the Linksys Web Administrator specify an external (ISP provided) DNS server rather than specifying an internal local router as the DNS server.

Due to memory constraints, do not store many local web pages inside the AP (try using links to external sites, using ControlAP's 'allow sites' feature). Additionally, instead of locally stored web pages for the splash page, you may also use the 'Redirection URL' option for the splash page.

Using the Linksys default firmware's web administrator and ControlAP:

If you wish to upload ControlAP and still use the Linksys Web Admin (https only) check the debug checkbox. This is not the default in order to save memory for maximum performance, once Linksys web admin settings are set they are not forgotten, should you wish to change them later you can simply reboot (from ControlAP web admin) or toggle power to get the original Linksys interface. Changes to Linksys web settings while running ControlAP however may require reloading ControlAP since everytime you save settings using the Linksys admin it will try to restart processes that conflict with ControlAP.

Using other firmware other than Linksys or OpenWRT -or- using other embedded devices:

If you wish to use a different firmware (to support other APs or embedded devices) you can still use this Loader distribution to install ControlAP by copying the controlap folder into your device and running the controlap.sh script (edit if necessary). To copy the files into the device you can use the ControlAP Loader as a web server and wget the necessary files from the device (refer to the 'script' file and the 'S52controlap' startup script used for OpenWRT as reference).

Installing the Java VM (kaffe):

If using a mipsel (MIPS little endian) processor (as found on Linksys and all the OpenWRT supported APs in the list above) use the kaffe distro as downloaded by the loader or download it manually from http://controlap.com/download/kaffe-wrt54g.zip

If using a i386 based processor (or higher, ix86) such as found in Soekris boards (as an example) use this version of kaffe: http://controlap.com/download/kaffe114-i386-embedded.tar.gz

Now copy the the tar file (or tar.gz) file into the device and expand the kaffe Java runtime into the /tmp folder for mipsel or /usr/local for i386 (these locations are fixed). You may have to also modify your startup boot script to include the controlap.sh startup script. The controlap folder can reside anywhere but the startup command must be run from that folder see controlap.sh and modify paths and variables as necessary. Also note that if you didn't use the loader to install controlap, the first time controlap is run from the command line must be at an interactive terminal (telnet or ssh).

Also note that ControlAP looks for the following hard coded commands: /usr/sbin/iptables, /usr/bin/route, /sbin/ifconfig, /sbin/reboot and /bin/sh so if they are located elsewhere in your firmware distribution you may have create a symbolic link to them for the above paths. For example: ln -s /sbin/route /usr/bin/route (note: recent versions will try both paths)