Basic install instructions

if you are interested in using the bleeding edge version as it’s developed, see nightly builds for more information

Install Ubuntu Server to computer (the guide is for an older version of Ubuntu, new installs should be on at least 14.04 or Debian 7. The installation guide is still somewhat useful as a guide). UbuntuServerInstallation (Ubuntu 14.04 (LTS) is tested and currently supported. Debian 7 is also currently supported)

If you didn’t follow the Ubuntu Server install instructions, or have installed a GUI, please check the Hardware Setup page for some important information about the network card setup.

When it boots you will be presented with a prompt. Login with the username and password you set. Download latest grase-repo package from
e.g. (Update to point to the latest grase-repo package at the above link)

$ wget

install the package

$ sudo dpkg -i grase-repo_1.7_all.deb

Update the repository

$ sudo apt-get update

Then install the components. Currently for a full system, the following command should suffice

$ sudo apt-get install grase-www-portal grase-conf-freeradius grase-conf-openvpn

This will proceed to download all the dependencies as well and install them. It will ask a few questions which are needed to finish setting it up. See the below sections for answering these questions

If you have issues installing coova-chilli, see for more information on installing libssl0.9.8

IMPORTANT: In the interest of total openness, you should be aware that the grase-conf-openvpn package will connect your Hotspot computer to a virtual private network, that allows remote access to your computer on that virtual private network.
This is used for 3 purposes:

  • If you request assistance, we have a method of connecting to your Grase hotspot machine remotely to assist you. This connection is the same as if I was sitting on your WiFi network, so I am unable to access any other device other than your Grase Hotspot machine, and I am only able to access it’s web interface. (This is also the reason for the support user in the web interface)
  • Statistics gathering. Again, only the information that is publicly available on the web interface, in particular the version you are using. Used to track uptake of new versions
  • So YOU can remotely administer your Grase Hotspot. If you need the ability to remotely login to your Grase Hotspot device, (i.e. from outside of your WiFi/Local network). If you need to do this, please contact me to arrange your side of the connection, so we ensure your computer remains secure

To be clear, I DO NOT have any more access to your computer, than the admin web interface provides. If you delete the support user, the only access I have is to get the version number for Statistics gathering.

Finally, if you have a support contract for full remote assistance, then install the remote assistance part. (Certain organisations currently get this, if in doubt please contact me first).

Please do not install the grase-remote-assist-user unless you understand why you are installing. I have purposely made the below command break if you copy and paste it and do not understand what it is.

$ sudo apt-get install grase_remote_assist_user

Configuring grase-conf-freeradius

Attempting to setup the database manually is possible but should not be attempted without good reason.

  1. When it asks you if you want to use dbconfig-common to manage it, please answer yes.
  2. You will then need to enter the MySQL root users password which was set during the Ubuntu Server install. If you didn’t select LAMP when installing Ubuntu Server, before you get to this question it will install MySQL and ask you to set a password.
  3. It will then ask you for and “MySQL application password for grase-conf-freeradius. You can leave this blank and a random password will be created. If you are going to want/need to poke around in the user database userself with SQL commands, then set this password to something you know.

Configuring grase-www-portal

See the above section for grase-conf-freeradius, all of that applies for this, it’s just for the database for the web interface (mostly admin users and logs)

Install finished

This should have installed the base system, and submit the systems key to a central server for remote admin. (But not the remote admin user setup, that will have to come later at this stage).

You should now be able to access the web interface at (from the LAN side). The LAN side is the network interface you are running your WiFi Access Point off.
Default username is admin and password is hotspotadmin

Please post support requests to the mailing list, and not as comments below. This way the whole community can assist with answering your questions.
Comments are CLOSED!

67 thoughts on “Installation”

  1. Mate great work
    Is there a way to geto the gui from the wan side
    looking forward to updates

    1. Easiest way is to port forward port 80 to your hotspot machine (you can port forward an alternative port like 5678 as long as it points to 80 on the hotspot machine). Just make sure you secure the server to allow access from limited ip addresses.

  2. Thanks mate
    just had a look where is the script located
    i am running 11.04 and just found out its changed a bit from 10.10

  3. Your Hotspot works like a charm 😀

    I thank you so much for all your work.

    Definitely Greater than all the other free hotspot !

    You’re amazing


  4. the installation, don’t work.
    I can’t install on ubuntu server 10.04
    this command don’t work

    sudo apt-get install grase-www-portal grase-conf-freeradius grase-conf-squid3 grase-conf-openvpn

    have any idea?

  5. I to all,
    with ubuntu server 11.04 it’s work but i think that we have some problem with dns.

  6. Good Morning All i got this error msg while configuring Grase HotSpot………
    Any HELP please…..

    * Stopping virtual private network daemon(s)… * Stopping VPN ‘grase’: No such VPN is running.
    * Starting virtual private network daemon(s)…
    * Starting VPN’grase’ [fail]
    invoke-rc.d: initscript openvpn, action “restart” failed.
    Setting up grase-www-portal (3.3) …

    1. This message is normal for the grase-conf-openvpn package. Until the VPN certificate is approved by the central server, the VPN can’t start. The install is fine.

  7. Hello, I installed the latest version of fat hotspot on ubuntu 11.04. but from the PC client is not possible to go on the internet. in fact, I have not even the captive portal. someone could help me?

    1. Hi Fabrice.
      Please post all support requests to the mailing list. We’ll need you to run different commands to try and diagnose where the problem is.



    1. Hi Mena.
      It is possible to run Dansguardian on the same server, I’ve just not written any instructions for it yet. Please consider posting to the mailing list as someone else may have already set it up.


  8. Hola, es factible realizar control de acceso a sitios web con grasehotspot? Puedo modificar el archivo squid.conf para agregar las acl?

    Excelente herramienta grasehotspot.


    1. Hi Manuel.
      Yes, you can use squid to control access. Please post support requests to the mailing list, preferably in English.

      1. Hello Tim, i have seen that in squid directory there are 2 files squid.conf and squid.conf.grase which of these files is using grasehotspot?

        Also i don’t see in the acl the network 10.1.0.x to be allowed.

    2. that is what i want to do, well not exactly the same.
      i want to filter page by user.

      lo que quiero hacer es filtrar por usuario, que unos puedan acceder a varias paginas y otros no.
      Tim me dijo que para eso debia configurar a squid para que conozca la base de datos de los usuarios, aun no he tenido exito.

      this project is great Tim!!

  9. dre@GRASE-HOTSPOT:~$ sudo apt-get install grase-www-portal grase-conf-freeradius grase-conf-squid3 grase-conf-openvpn
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    Some packages could not be installed. This may mean that you have
    requested an impossible situation or if you are using the unstable
    distribution that some required packages have not yet been created
    or been moved out of Incoming.
    The following information may help to resolve the situation:

    The following packages have unmet dependencies:
    grase-conf-freeradius: PreDepends: coova-chilli (>= 1.2.6grase3) but it is not going to be installed
    grase-conf-squid3: Depends: squid3 (>= 3.1) but it is not going to be installed
    E: Broken packages

  10. Great work, once I had the correct version of ubuntu (11.04 worked for me) it came up no worries. All I was wondering was how to change the default prices for the data and time limits.

    1. Older versions of Ubuntu don’t currently work as they don’t have a new enough version of squid3.
      As for the default data and time limits, I’m working on a fix for that. Ideally, you use the groups feature to setup groups with a default data and time limit, and then just select that group.

      As for the prices of data and time, they are under the main settings page.

  11. Thanks for the great work. I’ve been trying to install on 10.04 LTS Server and was having the same issues as above. I’ll try with 11.04 and see how it goes.

    Again, Thanks to EVERYONE!

    1. Please post support request to the mailing list.

      The address will work from a computer connected to the Hotspot, as long as you don’t change the default settings. If you wish to access this page from a machine on the WAN side of the Hotspot, you’ll need to find out it’s WAN ip address and use that in place of


  12. Hey Tim, Just wanted to say GREAT WORK! This is an awesome system, but I did have to do some searching to find out that it needed Ubuntu 10.10 and also I had to write a script to auto-start chilli since there was something messed up there, but it was pretty easy to figure out.

    Again, GREAT WORK!


  13. How to get GraseHotspot to work on ubuntu 11.01 when the two network cards are not configured well.

    Make sure that you have disabled DHCP, Encryption, and Router feature in your AP or router (if exist)
    1. $ ifconfig …. to see the interfaces.
    2. $ sudo gedit /etc/chilli/config
    to see part of the coova chilli configuration below….

    # Local Network Configurations


    HS_WANIF=${HS_WANIF:-eth1} # WAN Interface toward the Internet

    HS_LANIF=${HS_LANIF:-eth0} # Subscriber Interface for client devices

    3. Modify the interfaces to suite yours.
    4. Restart and voila…… it should be working now
    5. Access your admin hotspot interface from

    1. Yes Boniface it will work… am using a desktop version myself. You just need to install some other applications for it to work.

      First you need to install lamp, followed by phpmyadmin
      then you can continue with the grase installation from their website.
      below is the command to install lamp and phpmyadmin

      # sudo apt-get install php5 mysql-server apache2

      follow the instructions then

      # sudo apt-get install phpmyadmin

      then continue with installation from

      hope this was helpful

      1. Thanks Bismark. sorry for the delay in responding. i have actually been busy studying for my masters exams. i tried installing grasehotpot as per your advise and after 2days of struggling it really worked out. thanks a lot.

  14. Yes Boniface it will work… am using a desktop version myself. You just need to install some other applications for it to work.

    First you need to install lamp, followed by phpmyadmin
    then you can continue with the grase installation from their website.
    below is the command to install lamp and phpmyadmin

    # sudo apt-get install php5 mysql-server apache2

    follow the instructions then

    # sudo apt-get install phpmyadmin

    then continue with installation from

    hope this was helpful

  15. How to get GraseHotspot to work on ubuntu 11.01 when the two network cards are not configured well. MODIFIED
    Make sure that you have disabled DHCP, Encryption, and Router feature in your AP or router (if exist)
    1. $ ifconfig …. to see the interfaces.
    2. $ sudo gedit /etc/chilli/config
    to see part of the coova chilli configuration below….
    # Local Network Configurations

    HS_WANIF=${HS_WANIF:-eth1} # WAN Interface toward the Internet
    HS_LANIF=${HS_LANIF:-eth0} # Subscriber Interface for client devices
    3. Modify the interfaces to suite yours (i.e. HS_WANIF:-eth1 and HS_LANIF:-eth0)
    4. now edit the network interfaces by ( # sudo gedit /etc/network/interfaces )
    5. add the ff line … (iface eth1 inet manual ) where eth1 is the lan interface
    6. Restart Chilli and the whole system. ( # sudo service chilli restart ) and ( #sudo reboot).
    7. Upon restart access admin hotspot interface from
    8. Clients will be automatically redirected.

    1. It’s not recommended changing the /etc/chilli/config file. The LAN and WAN interfaces are setup semi-automatically and via the admin interface.
      The WAN interface (which should be plugged in while installing the packages) will be automatically detected based on the default gateway to the internet. So simply, if you have internet access while installing, which you should, it should detect the WAN interface correctly.
      If you have more than 2 NIC’s, then the LAN interface won’t always be detected correctly, but can be selected in the Admin interface.

      Thansk for giving assistance Bismark!

  16. i installed this software on ubuntu 11.10 and don’t work perfectly !!! i create an account in the admin interface and whene i connect from client post the loin succeed but ther is no internet connection…

    is there any specials tips for install Grase ??


    1. Hi Amma
      I think you will need to post in the mailling list for more support on this.

      Also include details like
      Whether you installed as a Virtual machine or whether it is installed on a physical pc on its own with ubuntu and whether there is 1 or 2 network cards. how the network cards are setup
      and possibly a diagram of how you have it setup

      But in short you will find
      Network Eth0 = Internet
      Network Eth1 = Local Network or switch.

      There are some issues installing this package on top of a desktop client of ubuntu that you need to be aware of and this gets a little explained in the hardware setup link at top right of page.
      you can thank network manager for this 🙂

    1. This is dependant mostly on the PC running the hotspot system.

      If your running an old pc or slow system as ur server then con-current users will be lower than that of a more up to date system.

      Things to be aware of
      Harddrive Speed – Access Speed
      Ram Amount available via amount used
      CPU processor Speed
      and of course the network cards
      1gb network interface cards will work better than 100mb network interface cards.

      same applies to the rest of the network the server is implemented on with it being 100mb network or 1gb network. and so on

  17. I have installed the server and it looks great.
    but there is one thing i need help.

    some of my users are supposed to get local(internal) IP addresses while others need to get live (external) IP addresses.
    how can i configure that?

    1. u may need to elaborate on this a bit more but from what i get
      PC 1, 2, 3 need to be accessible from the wan
      PC 4, 5, 6 dont need to be assesable from wan but have access to wan from the lan.

      Could u explain the reason for this need ? is it the pc or user different, users on same pc or same user on different pcs. more details to understand the issue would be good to arrive at a solution.
      it would also be suggestive to post via the maillist to get a wider community of grase users who may also be able to help with this solution your looking for.

      1. If that’s the case, you could potentially use a router running DDWRT and set up VLAN’s for specific ports to do what is needed there. I don’t know about them being able to have a separate address, but using ACL’s on the different VLAN’s you could potentially have the specific computers access network resources that way and prevent the other computers not have access to those resources.

        Just a suggestion. I’m not 100% sure if that would work or not, but it might be worth a shot.

        1. Yeah this would be one way but that would be entirely dependant on the network setup that Hanan Needs. if its specific users and not pcs this would be irrelevant. then again if Hanan wants PC to go thru the hotspot system but be assessable from wan then the most likely way would be adding and editing routing and config files to be of use.
          again this is entirely on what kind of network Hanan actually wants and Hanan will need to be very very clear on specifically what is required.
          for a server behind the hotspot for example. that users do need to use. u can setup 2 network cards on it and connect one card to the lan outside the hotspot. its accessable from wan but when u go to use the internet as a user it routes thru to the hotspot. any further comment really requires Hanan to be alot more specific on their network requirements.

  18. Hi everyone. Wanted to know whether grasehotspot can run on a more secure “https” implimentation on the host computer.

    And if it can, can somebody help me out on how to go about it?

  19. I got this below error on radmin login page | Ubuntu Server 12.04 amd64


    An Error has occured. Please report the error to the administrator
    There may be more information available to the administrator in the logs
    Getting groups failed: MDB2 Error: no such table

    1. This means more information is available in your server logs. Please post support requests to the mailing list.

  20. Hi everyone. it has been a while since i asked this,Wanted to know whether grasehotspot can run on a more secure “https” implementation on the host computer.
    I am running a free community internet access and people are worried of their safety due to use of an open network wireless access point. I want to retain open access but ensure access of internet through grasehotspot is more secure than just using javascript aunthentication. So i want to impliment a more secure way open SSL certificate.
    Tim can you can you help me out on how to go about it? Thanks

    1. Please post support requests to the forum.

      The short answer, you are asking for the wrong thing. The login system in use is secure enough to protect a users password, as it uses CHAP authentication via Javascript. This prevents a user sniffing a password over the open access point, when logging in to the portal. You can assure your users that their login details are safe.

      HTTPS would secure it another step, but then you need to purchase an SSL certificate that matches the domain name you are using, which requires more changes to the underlying system (which will come in a future version). This still only secures the login though.

      What your users should actually be worried about, is everything they do over the hotspot, which isn’t via a HTTPS website. i.e. if you goto then everything that travels between you and facebook is visible to anyone sniffing the network. HTTPS in the Hotspot won’t fix this, but will.

      There are 2 ways to “fix” this. Both are planned for future versions. The first is to provide an OpenVPN server on the hotspot, that you can connect to once authenticated to have all your traffic encrypted over the unsecured wireless access point. This is the solution that will be easiest to deploy, but possibly harder for clients to setup. The second way is with WPA-EAP, which means you login to the hotspot with your login and password at WPA time, without a captive portal. This is easier for clients, but harder for the setup as it requires hardware that supports it.

      You can assure your users that the Javascript CHAP login system is as secure as it needs to be for their login details, and that HTTPS (SSL) costs mean they would probably have to pay for their free community internet access. (Not entirely correct, but it’s difficult to maintain a SSL cert without paying a bit to a CA)

      Hope that answers your question, please direct all future requests to the mailing list.

  21. Hi,
    Thanks for your program. I have installed it on Ubuntu 12.04 and everything went smooth.

    I am trying to use your hotspot soft to authenticate users coming in to squid port on 3128.

    I have another program which redirects users to the squid interface.

    sherpa –sherpa-proxy -b,3128 -f,8443

    So traffic coming to port 8443 are directed to 3128.

    Is there anything I can do to make this work on the wan side?

    Thanks once again


  22. Hi again,

    I could make the traffic enter through the lan side too, but my program wants to see a port number. Cannot seem to redirect it to a lan interface

    sherpa –sherpa-proxy -b,3128 -f,8443

    So traffic coming to front-end gets redirected to back-end

    Any suggestions?


  23. Thanks I did join the mailing list. By the way, is there any specific port on the Lan that this software is listening? for example port 8080

  24. IT Doesn’t WORK Properly

    Firstly needs to be updated!!!!

    Version in repo is 1.4 and tutorial says 1.3

    Secondly, when all installed all pages turn in error unless you manually add .php to the end of URL

    Could you please advise on how to FIX?

    Thank You

    1. Hey Marco.

      Firstly, you’ll note that the first line above the “copy and paste” instructions says you need to update for the latest version in the repo. It’s a pain to constantly be updating this page and any other page that points to the link.

      Secondly, the pages with .php is caused by this bug.
      It seems they have chosen to not “fix” it how we’d like it fixed, and so in the next release there’ll be a fix in the grase-conf-apache2 package (actually it’ll hit the repos before the next proper release)


  25. Thanks Tim

    I did figure it out in the end, and am happily testing your beautiful software package!

    It’s never enough to say thank you for making such easy and resourceful application!

    I would like to help this project in any way I can, so please let me know by email what would be the best way to contribute!

    I have read above that you had some issues with your computer, and hope that you now are sorted!

    If not, let me know if I can help!!!!!!!


  26. Hello, any help please? after installing the grase software, for some reason it messes up my network configuration of the ubuntu when i try to restart the server, and i do not get internet anymore on the server, also i was unable to access the setup page of the grase hardware any help appreciated thanks.

  27. Tim, Finally I got it working, it works great!, great software, Will like to know if there is a way I can use Time limit per day /month instead of per minutes, is there an option where i can change it?… Also, If a person can create their own account (I plan to use walled garden) so they can pay via paypal, so to have the option of creating their own account while i control the amount depending on how they pay. I know the php and html coding part to create the portal, however, Don’t know if i need to change something on the code, or If i can do it via database or options.. I did not see anything on the settings.
    Please let me know, thanks

Comments are closed.