Syed Jahanzaib Personal Blog to Share Knowledge !

November 30, 2012

DMASOFTLAB Radius Manager: Install + Backup + Restore [Short Reference Guide]





You can also use radius manager automated installation script to install RM 4.0.4 and 4.1.0


Following is a short reference guide for DMASOFTLAB Radius Manager on Ubuntu Distro

Part-  1)         Installation Of RM with some TIPS,
Part- 2)         Complete Backup for RM and RM DB,
Part- 3)         Restore RM Data to new Installation.



Please be informed that you can get better installation instructions in details from DMASOFTLAB official manual. This guide is a extracted version of original manual with my custo modifications. Please consult with the original manual and DMA helpdesk for official support. I have no affiliation with the DMA, its just my personnel experience you are reading in this guide. It can be wrong, or might not be working as per your requirements. Just drop me an message or email for any correction or modification if required.

aacable [at]

Thank you
Syed Jahanzaib





Part-1 # Installation of Radius Manager 4.x on Ubuntu 10.4 [32/64 bit versions]


DMASOFTLAB Radius Manager 4.0 Short reference manual guide for UBUNTU 10.4  *** 32 /64 Bit Version

If you have 64bit OS, then you have to download compatible 64bits packages from the dmasoftlab download section, just note down the 32bit files in this guide, and download 64bit version of same package from the DMA page.

After you have installed Ubuntu, configure IP address and enable internet access on it.

Now open Terminal Window and issue the below command to install required Modules. but make sure you do update ubuntu  before doing any further process.

Create temp directory where you will download things

mkdir /temp
cd /temp
apt-get update
apt-get install mc wget rcconf make gcc mysql-server mysql-client libmysqlclient15-dev libperl-dev curl php5 php5-mysql php5-cli php5-curl php5-mcrypt php5-gd php5-snmp

### For 32bit Only, download following two items and install them
dpkg -i libltdl3_1.5.24-1ubuntu1_i386.deb
dpkg -i libltdl3-dev_1.5.24-1ubuntu1_i386.deb

### For 64bit Only, download following two items and install them
dpkg -i libltdl3_1.5.26-1ubuntu1_amd64.deb
dpkg -i libltdl3-dev_1.5.26-1ubuntu1_amd64.deb

IONCUBE Installation:

Now Download ioncube library

### For 32bit

### For 64bit

Untar it in any temp folder for example /temp/ioncube

### For 32bit
tar zxvf ioncube_loaders_lin_x86.tar.gz

### For 64bit
tar zxvf ioncube_loaders_lin_x86-64.tar.gz

Create new folder for ioncube in usr/local

mkdir /usr/local/ioncube

and copy the whole folder in /usr/local

cd /temp/ioncube
cp * /usr/local/ioncube/

Now Add the appropriate ionCube loader to your php.ini

e.g: in following files.

echo "zend_extension=/usr/local/ioncube/" >> /etc/php5/apache2/php.ini
echo "zend_extension=/usr/local/ioncube/" >> /etc/php5/cli/php.ini




Installation procedure of FreeRadius

cd /temp

tar zxvf freeradius-server-2.2.0-dma-patch-2.tar.gz

cd freeradius-server-2.2.0/

### Now proceed with the compilation of FREERAIDUS , applicable for all
make install


Now test RADIUS by issuing following command:

radiusd -X

You will see something like below . . .


TIP: After issuing make command , if you see errors like below

gcc -o .libs/radeapclient .libs/radeapclient.o libeap/.libs/ -lnsl -lresolv -lpthread
/usr/bin/ld: .libs/radeapclient.o: undefined reference to symbol ‘fr_perror’
/usr/bin/ld: note: ‘fr_perror’ is defined in DSO /root/freeradius-server-2.1.8/src/lib/.libs/ so try adding it to the linker command line
/root/freeradius-server-2.1.8/src/lib/.libs/ could not read symbols: Invalid operation
collect2: ld returned 1 exit status
make[6]: *** [radeapclient] Error 1
make[6]: Leaving directory `/root/freeradius-server-2.1.8/src/modules/rlm_eap’
make[5]: *** [common] Error 2
make[5]: Leaving directory `/root/freeradius-server-2.1.8/src/modules’
make[4]: *** [all] Error 2
make[4]: Leaving directory `/root/freeradius-server-2.1.8/src/modules’
make[3]: *** [common] Error 2
make[3]: Leaving directory `/root/freeradius-server-2.1.8/src’
make[2]: *** [all] Error 2
make[2]: Leaving directory `/root/freeradius-server-2.1.8/src’
make[1]: *** [common] Error 2
make[1]: Leaving directory `/root/freeradius-server-2.1.8′
make: *** [all] Error 2

To solve this this problem,Add followign directive


in freeradius-server-2.1.8/src/modules/rlm_eap/Makefile .
Open it in nano/vi or any text editor by,

nano freeradius-server-2.1.8/src/modules/rlm_eap/Makefile

Before editing

    $(LIBTOOL) –mode=link $(CC) $(LDFLAGS) $(RLM_LDFLAGS) -o radeapclient radeapclient.lo $(CLIENTLIBS) $(LIBS) $(OPENSSL_LIBS)

After editing done

$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) $(RLM_LDFLAGS) -lfreeradius-radius-2.1.8 -o radeapclient radeapclient.lo $(CLIENTLIBS) $(LIBS) $(OPENSSL_LIBS)

Save & Exit.

now run make and make install again.

make install


Set the correct ownership on FreeRadius configuration files

chown www-data /usr/local/etc/raddb
chown www-data /usr/local/etc/raddb/clients.conf


Review and edit (if required) the MySQL credentials in /usr/local/etc/raddb/sql.conf (Just in case you have mentioned different password/id for mysql)


Creating MySQL databases with MySQL command line tool

mysql -u root -ppassword

CREATE USER 'radius'@'localhost' IDENTIFIED BY 'yourpass';
CREATE USER 'conntrack'@'localhost' IDENTIFIED BY 'yourpass';
GRANT ALL ON radius.* TO radius@localhost;
GRANT ALL ON conntrack.* TO conntrack@localhost;

Time to Install RADIUS MANAGER 4.0.4


Copy the radius manager radiusmanager-4.0.4.tgz (or your version) in any temp folder
now extract it using

tar zxvf radiusmanager-4.0.4.tgz
cd radiusmanager-4.0.4/
chmod +x

Start RADIUS MANAGER Installation script

Execute the installation Script . . .

(If you are new to radius manager installation, use default password scheme, it will save you from few headaches, BUT later on as you will get familiar with the system, CHANGE the default passwords as its risk to use default password)


Now the install script will ask few questions . . . Select answers as per your local design.

For example:
Select the Operating  System
(For Ubuntu)

Select Installation type:
(New Installation)

WWW root path:
Press Enter to select the Default , which is /var/www

Radius Database host:
Press Enter to select the Default , which is localhost

Radius Database username:
Press Enter to select the Default , which is radius

Radius Database password:
Press Enter to select the Default , which is radius123

CTS Database host:
Press Enter to select the Default , which is localhost

CTS database username:
Press Enter to select the Default , which is conntrack

CTS database password:
Press Enter to select the Default , which is conn123

Freeradius UNIX User:
Press Enter to select the Default , which is root

Httpd Unix User:
Press Enter to select the Default , which is www-data

Create rmpoller service:
Press Enter to select the Default , which is y (yes)

create rmconntrack service:
Press Enter to select the Default , which is y (yes)

Backup Radius database:
Press Enter to select the Default , which is y (yes)

Now it will ask if you want to start the installation
Press y and press ENTER to continue the installation.

and at the end you will INSTALLATION COMPLETE!

As showed in the image below . . .


Now copy the two license files (that you receive from DMASOFTLAB) in /var/www/radiusmanager


Now access the admin panel from your browser


As showed in the image below . . .




Adding NAS (Mikrotik) in Radius Manager + Mikrotik Radius Configuration for RM


Login to Administration Control Panel (ACP) of RM.
Goto NAS / NEW
Fill the required info, Like Mikrotik name, IP address, Secret
As showed in the image below . . .










Now Login to Mikrotik,
Goto PPP Section
Click on PPP Authentication & Accounting
Click on Use Radius
As showed in the image below . . .



Now create any user in RM, and connect it from client end using pppoe (or test it via radtest).









Testing Radius via radtest

First edit /etc/hosts

and change the system name to local host ip i.e
as showed in the example below. . .


Don’t forget to restart radiusd after making changes to the NAS list!

service radiusd restart

Now issue following commands to test.

radtest user 1111 1812 testing123

and you may see following. (with access-accept)


Various Errors & Troubleshooting . . .


If you see the following error while accessing admin.php

Could not connect to localhost

could-not-connect-mysqlsIf you are using your own password (other then default password of rm, ) then Make sure your passwords for radius and conntrack hosts are set correctly in




2# :Blank page is showing while accessing admin.php

If you see blank page while accessing admin.php , following could be wrong.
a- Your license files are not valid or expired.
b- you have not installed ioncube library correctly.

To test if your license is valid, tail the /var/log/apache2/access.log and error.log , they will show you if your license have issues like expired or invalid dueto mac address restrictions.

To test IONCUBE LIBRARY , Open Terminal and Type

php -v

& you should see something similar to below . . . (Focus on Last line that says with the ioncube php loader . . .)

root@zaib-desktop:~# php -v

PHP 5.3.2-1ubuntu4.18 with Suhosin-Patch (cli) (built: Sep 12 2012 19:33:42)
 Copyright (c) 1997-2009 The PHP Group
 Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
     with the ionCube PHP Loader v4.2.2, Copyright (c) 2002-2012, by ionCube Ltd.

3# : Incorrect User name & Passowrds in Mikrotik LOG

you are seeing ‘Incorrect user name and password error’ in mikrotik logs for the users created on RM, then make sure you have defined correct password in  /usr/local/etc/raddb/sql.conf


If you see NAS NOT FOUND in radtest, please see the heading “Testing Radius via radtest“.

If the hostname is different than localhost, (like you have some other hostname name for the machine e.g: radius, then

Edit /etc/hosts

and change the system name to local host ip i.e

As showed in the example below . . .


Don’t forget to restart radiusd after making changes to the NAS list!

service radiusd restart




Use the following link to get the backup script.

Or use the manual method

To take full backup use the following.

Create backup folder in root /

 mkdir /backup

Now copy whole contents of following folders ,


TIP: You can use following commands to copy whole contents and zip it

tar cfz /backup/myrmbackup.tgz /etc /home/root /usr/local /var/www /var/lib/mysql

You can schedule it run on daily basis.

Now Create mysql dump of mysql database of DB RADIUS
(which have RM User and other Data)

mysqldump -u radius -pRADIUSPASSWORD radius > /backup/db_full_type_current_date.sql
gzip -f /backup/db_full_type_current_date.sql

(Tip# To unzip the .gz file, use gzip -d filename.gz )




If somehow your server crashes, and you got to re-built it from scratch , you can restore the database using below procedure. (To simplify things, use the same OS)

1) Install OS (Same as previous one, in this example Ubuntu)
2) Install RM with the same same config you used for previous installation, e.g: radius db passwords and folders locations
3) Restore all the folders from the backup to there original locations.(backup that taken in part-2 backup part)
by using command in / folder (main root folder)

tar zxvf full_data.tgz (or file name)

4) Now its time to restore mysql radius DB, use the below command to restore DB in mysql.

mysql -u root -prootpassword radius < db_full_type_current_date.sql

Change the db_full_type_current_date.sql to match your mysql backup file.

Now restart your box onc time.

If you receive ‘cannot connect to localhost‘ check the passwords in


Also check the DB password for user radius  in mysql , You can change the DB password via using this command

mysql -u root -pYOURPASSWORD
use mysql;
SET PASSWORD for 'radius'@'localhost' = PASSWORD('radius123');
SET PASSWORD for 'conntrack'@'localhost' = PASSWORD('conn123');

Now restart your box and hopefully everything will be restored back to normal





Some  TiPS  For  Customizations . . .

▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲

Howto Configure Email notifications 

To configure Email server, edit following,


Goto SMTP section, and modify it as per your local SMTP server/user/domain.

// SMTP definitions

define('smtp_relay', '');                          // SMTP relay
define('smtp_port', 25);                                    // SMTP port
define('smtp_auth', FALSE);                             // SMTP authentication
define('smtp_user', 'syed.jahanzaib');           // SMTP user name
define('smtp_psw', 'my_pass');                       // SMTP password
define('mail_from', '');             // sender address
define('mail_fromname', 'Syed Jahanzaib');  // sender name
define('mail_newuser', '');      // self registered new user notification
define('mail_localdomain', '');           // default domain name

Now configure some settings in ACP / Systems / Ssytem Settings






You can Replace/Edit the default DMASOFTLAB logo files. by default, Images are available where you have installed the radiusmanager. Look into the images folder of radiusmanager.

For example I installed RM in /var/www/html/radiusmanager. There will be a folder name ‘images’ Look for these files.





Edit Various Text/headings Show at UCP/ACP

You can also edit the texts/descriptions in language description files in radiusmanager/lang/english folder.
look for texts.txt and strings.txt




To Add Logo in Prepaid Cards

You can modify its base image at radiusmanager/lang/english/card folder.
look for classic_bg.png and refill_bg.png

To add logo in prepaid classic cards, copy classic_bg.png to your windows desktop, Edit it in any image editing software (I used MS Paint Brush default), add Your logo , Save this file in .jpg extension like classic_bg.jpg , now upload this file back to radiusmanager/lang/english/card

Now edit following file,


and rename the classic_bg.png  to >  classic_bg.jpg ,

As showed in the image below …


Save & Exit.

Now generate your cards, and you will see your logo shining 🙂




To clear LOGS in RM ACP [last syslog events]

mysql -uroot -pSQLPASSWD -e "truncate rm_syslog" radius



PHP Warning: main(config/payfast_cfg.php): failed to open stream: No such file or directory in /var/www/radiusmanager/user.php on line 0

If you received following error

PHP Warning: main(config/payfast_cfg.php): failed to open stream: No such file or directory in /var/www/radiusmanager/user.php on line

Just rename the following file






Simultaneous Session config for user in Mikrotik/RM

If you want to allow simultaneous session for specific Users …

1- Set SHARED USERS option in User Profile to required number of simultaneous users … As showed in the image below …


2- In USER EDIT properties, modify the number of simultaneous users you want to allow (specific User or Group) … As showed in the image below …

2-rm user shared user option

3- Now test by login same ID with 2 computers … As showed in the image below …

1- rm




Modify Country Listing

To modify country list appear in the country list, you can modify following file


Look for // Country List, and modify it as per requirements, Modified Example is below …



Save, Exit, and reload RM ACP page, and you will see new country listing in the list.


If AP’s Signals stops showing in Online Users, try

Delete the stale lockfile (/tmp/

Allow Special characters in Username / Passwords

By default special characters are not allowed even dash, at the rate sign etc. To allowt hem open the config file (in ubuntu path is following,

nano /var/www/radiusmanager/config/system_cfg.php

for centos  user,

nano /var/www/html/radiusmanager/config/system_cfg.php


Search following




and replace old values with following

define('regexp_username', '/^[a-z0-9._!@#$%&*]+$/');                  // regular expression for validating user names

define('regexp_managername', '/^[a-z0-9._!@#$%&*]+$/');               // regular expression for validating manager names

define('regexp_psw', '/^[a-zA-Z0-9._!@#$%&*]+$/');                    // regular expression for validating passwords

Save and exit. and reload the admin page in browser.

 Radius LOGS


Create short name for Radius Admin Panel

Example: If you want to access radius admin panel using short name , something like

then Edit file `/etc/apache2/sites-enabled/000-default`

and add lines in the end (but before /virtualhost directive, so the last line of this files should be like this…

Alias /panel /var/www/radiusmanager
<Directory /var/www/radiusmanager>
DirectoryIndex admin.php
Options Includes Indexes FollowSymLinks MultiViews


Allah Hafiz



Syed Jahanzaib
aacable [at]


November 26, 2012

Howto configure your Local SMS HTTP Gateway using KANNEL on Ubuntu

Filed under: Linux Related — Tags: , , , , , , , — Syed Jahanzaib / Pinochio~:) @ 12:01 PM



As per web defines: Kannel ( is one of the most popular open source WAP/SMS Gateway, because its very good performance to handle a huge SMS. Kannel supports many modem’s brand even generic modem, also support multi modems (modem bank).


After some testing, I have found Kannel one of the best , fastest SMS and WAP gateway among other open source sms gateways , capable of handling several hundreds of requests per second.

Following is a guide on how you can configure your own Local SMS HTTP gateway using KANNEL 

(The aim of configuring kannel on my Ubuntu box was that I required it to send sms via DMASOFTLAB RADIUS MANAGER which uses API to send sms via clickatell HTTP gateway for New Account / Expiry Warning / Password recovery via sms , verification code and many other cool functions. It comes with the clickatell HTTP gateway API which off course require you to buy sms bundle package and do require handsome amount of $$ if you have a huge number of users, Therefore to save $$ money , I  created my own gateway)

O/S = Ubuntu 10.4
Hardware = Teltonika ModemUSB/E12 UM1400 / and Dlink dwm-156 , dlink is a problematic modem


 Detecting MODEM

First thing you have to do is to search for working modem port , various methods are used, try to Use WVDIALCONF command to detect modem and see at which port its working (or not detected)

As showed below …

root@radius:/temp# wvdialconf

Editing `/etc/wvdial.conf'.

Scanning your serial ports for a modem.

ttyS0<*1>: ATQ0 V1 E1 -- failed with 2400 baud, next try: 9600 baud
ttyS0<*1>: ATQ0 V1 E1 -- failed with 9600 baud, next try: 115200 baud
ttyS0<*1>: ATQ0 V1 E1 -- and failed too at 115200, giving up.
Modem Port Scan<*1>: S1   S2   S3   S4   S5   S6   S7   S8
Modem Port Scan<*1>: S9   S10  S11  S12  S13  S14  S15  S16
Modem Port Scan<*1>: S17  S18  S19  S20  S21  S22  S23  S24
Modem Port Scan<*1>: S25  S26  S27  S28  S29  S30  S31
ttyUSB0<Info>: Device or resource busy
Modem Port Scan<*1>: USB0
ttyUSB1<*1>: ATQ0 V1 E1 -- failed with 2400 baud, next try: 9600 baud
ttyUSB1<*1>: ATQ0 V1 E1 -- OK
ttyUSB1<*1>: ATQ0 V1 E1 Z -- OK
ttyUSB1<*1>: ATQ0 V1 E1 S0=0 -- OK
ttyUSB1<*1>: ATQ0 V1 E1 S0=0 &C1 -- OK
ttyUSB1<*1>: ATQ0 V1 E1 S0=0 &C1 &D2 -- OK
ttyUSB1<*1>: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 -- OK
ttyUSB1<*1>: Modem Identifier: ATI -- MTK2
ttyUSB1<*1>: Max speed is 9600; that should be safe.
ttyUSB1<*1>: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 -- OK
ttyUSB2<*1>: ATQ0 V1 E1 -- failed with 2400 baud, next try: 9600 baud
ttyUSB2<*1>: ATQ0 V1 E1 -- failed with 9600 baud, next try: 9600 baud
ttyUSB2<*1>: ATQ0 V1 E1 -- and failed too at 115200, giving up.
ttyUSB3<*1>: ATQ0 V1 E1 -- failed with 2400 baud, next try: 9600 baud
ttyUSB3<*1>: ATQ0 V1 E1 -- failed with 9600 baud, next try: 9600 baud
ttyUSB3<*1>: ATQ0 V1 E1 -- and failed too at 115200, giving up.

Found a modem on /dev/ttyUSB1.
Modem configuration written to /etc/wvdial.conf.
ttyUSB1<Info>: Speed 9600; init "ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0"

As you can see the modem is detected on ttyUSB1 port.



First install KANNEL using apt-get (configuring it on ubuntu is the easiest task ! that’s why i love ubuntu ,not all but in most cases 😉 )

apt-get install libxml2

apt-get install kannel



Now open the kannel config file by

nano /etc/kannel/kannel.conf

Remove all the lines and paste the following config

!     MAKE     SURE     YOU     CHANGE     THE     USB     PORT      IN    THE  DEVICE     SECTION     ! Also pay attention to speed as some modems like serial may work on 115200 speed , zaib

# Syed Jahanzaib
# aacable [at]

group = core
admin-port = 13000
smsbox-port = 13001
admin-password = zaibadmin
status-password = zaibstatus
log-file = "/var/log/kannel/bearerbox.log"
log-level = 0
box-deny-ip = "*.*.*.*"
box-allow-ip = ""
#Send sms only once. No retry
sms-resend-retry = 1

group = smsc
smsc = at
smsc-id = zaibgsmid
modemtype = teltonika
device = /dev/ttyACM0
# Change above port to match your port, it could ACM1 or USB0, if you dont set it correctly,  it will not work and you will get error in logs that unable to connect to device)
# Or use serial-by-id like
# device = /dev/serial/by-id/usb-D-Link_Inc_D-Link_DWM-156-if03-port0
speed = 19200
my-number = 0333302100000 # (put your sim number, not necessary)
# Following SMSC number is for zong
# sms-center = 00923040000011
sim-buffering = true
log-level = 0

# for teltonkia only, if you are using other brand you may need to get there INIT stribgs
# But what I have seen that this string worked for dlink and huawei modem as well.
group = modems
id = teltonika
name = "Teltonika E12"
detect-string = "Undefined"
enable-mms = true
init-string = "AT+CNMI=2,2,0,1,1"
# or i used this for dlink as well.
#init-string = "ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0"
speed = 115200
message-storage = "SM"

# for Huawei USB/GSM modem e155 i guess, remove hashes from below lines if u r using this model.
#group = modems
#id = huawei
#name = "Huawei"
#detect-string = "huawei"
#enable-mms = true
#init-string = "ATZ"
#init-string = "ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0"

group = smsbox
bearerbox-host = localhost
sendsms-port = 13013
global-sender = 13013
sendsms-chars = "0123456789 +-"
log-file = "/var/log/kannel/smsbox.log"
log-level = 0
access-log = "/var/log/kannel/access.log"

group = sendsms-user
# MAKE VERY SURE that you change the PASSWORD for security reasons
username = kannel
password = kannel
concatenation = true
max-messages = 1000

group = sms-service
keyword = default
get-url = "http://localhost/kannel/receivesms.php?sender=%p&text=%b"
# If you have playSMS installed to receive sms use below line instead
#get-url = "http://localhost/playsms/index.php?app=call&cat=gateway&plugin=kannel&access=geturl&t=%t&q=%q&a=%a&Q=%Q"
accept-x-kannel-headers = true
max-messages = 99
concatenation = true
catch-all = true
text = "Galaxy ROBOT by Zaib"
omit-empty = true



Now start kannel (for test start with two terminals, one bearerbox and smsbox)


Open two terminal windows and issue below commands in each terminal box in the following order.

1. Start the Bearer Box

and leave it running as it will show you the debug logs)

bearerbox -v 0 /etc/kannel/kannel.conf

You may see the following screenshot if your config is ok

Now leave it running.


2. Start the SMSBOX in separate terminal

(in second terminal window and leave it running as it will show you the debug logs)

smsbox -v 0 /etc/kannel/kannel.conf


You may see the following screenshot if your config is OK

[If you receive error that the address is already in use, first issue the command service kannel stop]




First check kannel service status with

ps aux |grep kannel

and you should see something like this

root@radius:/temp# ps aux |grep kannel
kannel   15448  0.0  0.0   2252   308 ?        Ss   12:05   0:00 /usr/sbin/run_kannel_box --pidfile /var/run/kannel/ --no-extra-args /usr/sbin/bearerbox -v 4 -- /etc/kannel/kannel.conf
kannel   15450  1.5  0.1  94936  7780 ?        Sl   12:05   0:10 /usr/sbin/bearerbox -v 4 -- /etc/kannel/kannel.conf
kannel   15465  0.0  0.0   2252   368 ?        Ss   12:05   0:00 /usr/sbin/run_kannel_box --pidfile /var/run/kannel/ --no-extra-args /usr/sbin/wapbox -v 4 -- /etc/kannel/kannel.conf
kannel   15468  0.0  0.0   2252   312 ?        Ss   12:05   0:00 /usr/sbin/run_kannel_box --pidfile /var/run/kannel/ --no-extra-args /usr/sbin/smsbox -v 4 -- /etc/kannel/kannel.conf
kannel   15470  0.0  0.0  71192  2544 ?        Sl   12:05   0:00 /usr/sbin/smsbox -v 4 -- /etc/kannel/kannel.conf
root     23357  0.0  0.0   4388   820 pts/0    S+   12:16   0:00 grep --color=auto kannel


Now From your browse, type the following to make sure kannel is working fine 🙂

[change the ip and password to match your config]

and you may see the following screen , if your config is ok



How to Send SMS via HTTP command

Open your browser and paste the following command.


NOTE: Change the IP / ID + Password = and number to match your local configuration.


The result would be similar to the following . . .


and you shoudl receive sms on your cell as following …




Some Tips and reference.

Howto send SMS via GAMMU CLI

gammu sendsms TEXT 03333021909 -text "Test Msg from GAMMU  .."


For balance check (below example is for zong balacne check)

gammu --getussd *222# 

Howto send sms via CLI
using KANNEL

curl "http://localhost:13013/cgi-bin/sendsms?username=kannel&password=KANNELPASS&to=03333021909&text=Welcome+Jahanzaib+Test+Message"

Sending mesage with new line using %0A code using KANNEL

curl "http://localhost:13013/cgi-bin/sendsms?username=kannel&password=KANNELPASS&to=03333021909&text=Welcome+Jahanzaib+Test+Message%0ANew+line"

Howto send sms using FILE via CLI using KANNEL

curl "" -G --data-urlencode text@/temp/message.txt

Howto send sms using any output  via CLI using KANNEL

ls -l | curl "" -G --data-urlencode text@-



/tool fetch url="http://KANNEL_GW_IP:13013/cgi-bin/sendsms\?username=kannel&password=KANNELPASSWORD&to=03333021909&text=ALERT:+INTERNET+Link+DOWN+at+$date+$time+[YOURCOMPANY+Pvt+Ltd]"



Howto make KANNEL start on reboot 

edit following file


and make sure it looks like following


If you receive some permission error in logs like below image


then follow this guide





Syed Jahanzaib

November 22, 2012

Howto enable mikrotik to Send/Receive SMS using GSM Modem

Filed under: Mikrotik Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 1:25 PM

More reference can be found here.

Following is a small guide on how you can enable your mikrotik box/routerboard to send /receive SMS using GSM modem or any supported mobile set. This guide will also demonstrate that how you can enable mikrotik to receive SMS via GSM modem and execute script based on the command received in the SMS 🙂

Its very useful in many situation , for example you can configure multiple script to do various task, Few examples are that you can

  • Mikrotik Health Status,
  • create/disable users ,
  • change queues ,
  • reset router admin/user password ,
  • ask router about internet connectivity,
  • alert you if any link goes down,
  • restart router

& so much other fun things you can imagine,  another example to restart router remotely by sending SMS message to mikrotik and then it can execute the specified script, it will reboot right away. I have used this SMS function for number of tasks and it performed very well.

Hardware used for this guide

1) Mikrotik 5.20 x86 version installed on PC
2) Teltonika GSM Modem Device. (Picture attached below, you can also use any supported mobile set to do the task)

Teltonika ModemUSB/E12 UM1400

Teltonika  ModemUSB/E12 UM1400

After plugin the device into mikrotik box, reboot the mikrotik once so it can initialize the modem device.

Open Terminal and issue the following command to make view the usb port detail.

/port print

and you will see its result something like below image . . .

If you can see usb listed, it means your device have been detected.

  • Now goto TOOLS > SMS
  • Click on  ‘Receive Enabled‘ (Only if you want to enable receiving for various functions)
  • in Port, select Select USB3 (or whatever your USB port name is appearing)
  • Set the Channel to 1 [as showed in the image above]
  • In Secret type any password e.g 12345 [Secret is like your password, it is used if you want mikrotik to execute any script/command when it received appropriate sms]
  • Click APPLY

As showed in the image below . . .

Test SMS sending using Mikrotik

Now its time to send test SMS to any number using mikrotik.

  • Click on Send SMS
  • In Port, select USB3 (or whatever name of your USB is detected)
  • in Phone number, type your destination mobile number
  • in Message, type your desired message,
  • and click on SEND SMS

As showed in the image below . . .


Howto execute script upon receiving SMS

If you have selected ‘Receive Enabled‘, then you can receive Messages on Mikrotik in INBOX section of SMS. It can also execute any script of your choice.

For example you want to reboot your router by sending sms, use the following method.

First create appropriate script that can restart router.

/system script add name=reboot policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source="/system reboot"

Now from your own mobile , send the following sms to mikrotik connected GSM Device number.

:cmd 12345 script reboot

Explanation of above command.

  • :cmd = tell mikrotik that its the command it need to execute
  • 12345 = is the secret/password that we set in the SMS setting
  • script = it tells mikrotik that it have to execute script function
  • reboot = the script name we want mikrotik to run, which we created in above step.

You can do so much interesting stuff using this feature. I did used this option in the past to control my whole company network including Mikrotik/Linux/Microsoft Domain environment. It was used to power OFF / Power ON using WOL/ Reboot and many other functions.

I will write about them later . . .


Enabling receive-enabled via script

Receive Enabled turns off auto when the router reboots [it was observed in 5.x version no idea about later versions]. You can schedule a script that runs on every reboot and after 15 minutes of interval.

Below is a simple command to enable the receiving via terminal manually.

/tool sms set receive-enabled=yes

Now we will create script and add scheduler, We will use terminal to do the task quickly.

/system script add name=enable-sms-rec policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    source="/tool sms set receive-enabled=yes;"

Now add scheduler so this script runs periodically after 15 minutes each. and on start up also.

/system scheduler
add comment="execute enable-sms-rec script" disabled=no interval=15m name=\
    "execute enable-sms-rec script" on-event=enable-sms-rec policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \

Using NETWATCH tool to monitor your WAN connectivity

You can configure NETWATCH to monitor any WAN ip , for example Google dns, when it will timeout, it can can trigger script that can send sms so you can be aware about your WAN connectivity.

For example:

/tool netwatch
 add disabled=no down-script=”/sys script run down” host= \
 interval=5m timeout=1s up-script=”/sys script run up”

/system script
 add name=down policy=\
 ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
 source=”/tool sms send message=WAN_DOWN phone-number=03333021909 usb3”"
 add name=up policy=\
 ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
 source=”/tool sms send message=WAN_UP phone-number=03333021909 usb3”

Script SAMPLE:

Tto send reboot alert, when mikrotik reboots. schedule it to run on reboot.

:delay 30s
:log error "Sending RESTART ALERT SMS ... by jz"

/tool sms send port=usb3 phone-number=03xxxxx message="ALERT: Mikrotik Routerboard CCR restarted now."  channel=0

Syed Jahanzaib

Howto Block Adult websites using OPENDNS for free :) (with category base filtering support)

Filed under: General IT Related, Mikrotik Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 10:09 AM

Last day someone asked me howto block Adult websites in mikrotik. There is no builtin way to do it as it involves URL filtering and its not the job of ROUTER to do such task. Dedicated proxy server can do it effectively since they are built for such purposes like caching/URL filtering/redirecting etc.

We are using Microsoft TMG in our organization which filters URL based on category, so its easier for us to just select the required category that we want to block , for example Porn / Gambling / Spywares etc but Microsoft charge for this service on annual basis (Which I guess is about 15$ per user annually) , It does the job perfectly and very efficiently but its not a cost effective solution specially if you dont have much budget to pay Microsoft.

However following is the free, neat and clean method to block almost 99$ of porn web sites using OpenDNS server as your primary DNS server in your router/proxy or even desktop PC.

Use the below DNS server as your primary dns server in mikrotik / isa server / router or even a desktop. If you are using Mikrotik or other Server, make sure clients are using your server ip as there DNS server, because opendns will work only if the client / router is using there dns server. You can also force users to use your DNS server by adding redirect rule so every request for dns should be redirected to your local server.


If you are using mikrotik server, then it would look alike something below image . . .

Now if you will try to open any adult web site , it wont open and will give you the default browser ‘Could not open’ error,  or the request will  will be redirected to OpenDNS block page informing you that your request was blocked by OpenDNS.
As showed in the image below . . .



You can also show your own page explaining that Adult web sites are blocked and with your Advertisement. For this purpose, you have to enable web.proxy and redirect user traffic to local proxy, then in proxy access, block the / and redirect it to local web server page.



Category  Base  Filtering …


If you have fix public ip address , then you can create account at and then you can do category base filtering.

as showed in the image below …

1 2



Howto Enable Web Proxy in Mikrotik and redirect opendns error page to local error page.


/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=yes max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy= \
parent-proxy-port=0 port=8080 serialize-connections=no src-address=\

/ip proxy access
add action=deny disabled=no dst-port="" \

/ip proxy access
add action=deny disabled=no dst-port="" \

Replace the and the full path with your local web server.

Now enable NAT rule to redirect user traffic to local proxy.

Now Redirect All User Traffic to Local Proxy

/ip firewall nat
 add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp \

Make sure you move this rule in NAT section above the default masquerading rule. so it captures the http traffic & redirect it, before masquerading it to outside world.

As showed in the image below . . .

If you dont want to use proxy for all request, but for only , then use the below rule that will only redirect traffic to local web proxy, all other traffic will go directly.

/ip firewall nat
add action=redirect chain=dstnat disabled=no dst-address= \
dst-port=80 protocol=tcp to-ports=8080

Now when the user will try to open any adult web site, he will be redirected to local proxy, and proxy will (using access rules we defined above) redirect the request to our local web server page showing our info page.
As showed in the image below . . .



How to force users to use specific DNS Server

/ip firewall nat
add chain=dstnat action=dst-nat to-addresses= to-ports=53 protocol=tcp dst-port=53
add chain=dstnat action=dst-nat to-addresses= to-ports=53 protocol=udp dst-port=53

only udp is required i guess



Syed Jahanzaib

November 21, 2012

November 20, 2012

Dmasoftlab Radius Manager: Different Bandwidth for Day & Night

Scenario # 1

We have created 512k service for the users, In late night, our bandwidth is usually not much used because only limited number of users uses the internet in late timings. Therefore we want to increase users bandwidth from 512k to 1mb automatically in night 12:00am till 12:00pm

we will divide this article in three sections.

1) Mikrotik Section (For Adding API):
2) Radius Manager Section (For Adding API):
3) Adding Service & Plan in Radius Manager:

Mikrotik Section (For Adding API):

We have to first configure API both in Mikrotik & DMASOFTLAB RM Panel.

Goto IP > Services  & enable API service.
As showed in the image below . . .

Now create API user so it can be used by RM to connect to MT.

Goto SYSTEM  > USERS and add new user by click on + icon.
User name = api
Password = api (or anything else)
As showed in the image below . . .

Radius Manager Section (For Adding API):

Open Radius Manager Admin Panel,
Select your Mikrotik NAS
Define API user name & Password that we added in mikrotik section.
As showed in the image below . . .


Adding Service & Plan in Radius Manager:

First Create a normal service profile (512k) using Radius Manager Admin Panel.
As showed in the image below . . .


Now Click on EDIT button on Special Bandwidth Periods section at the bottom of the page . . .
As showed in the image below . . .


Now click on NEW PERIOD
As showed in the image below . . .

Enter your desired timings (in this example I used night 12 till day 12) in which you want to allow excess/reduced bandwidth. After done, click on ADD PERIOD
As showed in the image below . . .

After You see the new Special Bandwidth Periods close this popup window.
As showed in the image below . . .


Click on the UPDATE SERVICE  on main service window.

Now create any user and test it by modifying timings (for test or quick results)

As showed in the image below . . .


Important Note: [updated as of Year 2016]

DMA 4.1.x change on the fly may not work with ver 6.30 or above. so try this with 6.29 first.

Syed Jahanzaib

DMASOFTLAB RM 4.x Email Notifications for various events

Filed under: Linux Related, Mikrotik Related, Radius Manager — Tags: — Syed Jahanzaib / Pinochio~:) @ 2:30 PM

DMASOFTLAB Radius Manager 4.0.4  have interesting feature of email notifications for various events like account expiry warning, account renewal notification, send custom email to all users, password recovery via email verification code and many more. By default RM uses authentication less smtp server of your ISP, but in most cases Email sent from the RM box arrives in JUNK/SPAM folder in users email box, and sometimes bounces back due to black listed IP’s . This happens very frequent in my country as we widely use national telecom company internet service called PTCL, whose ip’s usually get blocked by many email services. Therefore I created this method by installing SENDMAIL in RM box, and uses my GMAIL account as SENDMAIL SMTP RELAY. This way RM sends mail via localhost, which uses valid GMAIL account to send email and email arrives in users INBOX directly 🙂

First we need to configure sendmail with gmail smtp relay. Use the below link to install.

After you have verified your smtp server is working fine by sending test email to your Hotmail/gmail/yahoo mail account.

You need to edit the following files.




Radius Manager 4.0.4 Email Configuration SAMPLES:



smtp_relay              localhost                       ; smtp relay
mail_from                    ; email sender address
mail_reply                   ; email reply adddress
mail_localdomain                       ; email local domain


define("smtp_relay", "localhost");                            // SMTP relay
define("mail_from", "");                   // warning email sender
define("mail_reply", "");                  // warning email return path
define("mail_preview", "");                // preview user of mass mail
define("mail_newuser", "");                // self registered new user notification
define("mail_localdomain", "");                      // default domain name


Now Open RM ACP (Administrator Control Panel) ,
& check the following settings.
As showed in the image below . . .

5- email setting.

Now Administrator & user will receive various Email Notifications.
As showed in the images below . . .


Account Expiry before 5 Days (days are configurable via admin panel / home ,settings)

1- Account Expire Warning



Welcome Message for newly registered users

2- Welcome New User.


Recover Password by Email

3- Recover password by email



Account Renewed Notification

4- Account Renewed


Note: Please check JUNK email folder, because sometimes email gets in JUNK folder if your ISP ips are listed in any dns black list as spam. Mark it safe so future mails comes into INBOX directly.

To edit various Texts appeared in the notifications, you can edit following files.






Radius Manager 4.1.x Email Configuration SAMPLES:


mail_localdomain            ; email    local domain



// SMTP definitions

define('smtp_relay', 'localhost');                // SMTP relay
define('smtp_port', 25);                    // SMTP port
define('smtp_auth', FALSE);                    // SMTP authentication
define('smtp_user', '');                // SMTP user name
define('smtp_psw', 'YOUR_GMAIL_PASSWORD');                // SMTP password
define('mail_from', '');            // sender address
define('mail_fromname', 'SYED JAHANZAIB Support');            // sender name
define('mail_newuser', '');            // self registered new user notification
define('mail_localdomain', '');        // default domain name




Syed Jahanzaib

Dmasoftlab Radius Manager: Quota Base Service

Filed under: Linux Related, Radius Manager — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 2:13 PM

Scenario # 1 =  1 mbps Speed limit, Fix Monthly Quota Base Service with Daily 300 Mb Download Quota limit, if the user cross the daily quota limit, his service will shift to lower speed profile i.e 256k for the current day, after date change, the user profile will revert back to 1mb.


Bandwidth Allowed = 1 mb
User Expiry = 1 Month
(after one month, user accounts will expire)
User Monthly Traffic Quota = 1 gbps
(after consuming 1gb total, account will expire)
User Daily Traffic Quota = 300mb
(After downloading 300mb in a day, user service will be changed to NEXT DAILY SERVICE of less speed i.e 256k daily service for the rest of the day. after the date change, user service will be returned to normal i.e 1mb)

Ok here we go . . .

First Create New Service in RM using the following screenshots.



Now create another new service using following screenshots.


That’s it. Now When the user will be registered using the user.php, he will first see the below account details.


After the user refills his account and purchase credit via user panel, his ID will be ACTIVE with the following info.



After the user reaches above 300 MB in a single day, his service will be switched to NEXT DAILY SERVICE of zaib-256k-daily.




The Service change will not be implemented on the FLY for pppoe users because COA is not supported for it. only hotspot users service can be changed on the fly. The pppoe session will be auto disconnected by Mikrotik on radius request, and when it will reconnect , the user will be using 256k service profile.


6.x: I noted that with version 6.29 , change on the fly works fine for pppoe as well. in few mikrotik versions, this doesnt works as expected. so i recommend to try 6.29.

Syed Jahanzaib

November 19, 2012

Mikrotik Daily Backup via GMAIL

Filed under: Mikrotik Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 2:31 PM

Updated Note as of 18-Aug-2017 : After RouterOS firmware to v 6.40.1 , daily backup email sending via gmail had following error.

mt mail send error after 6.40.1.JPG

Therefore I have updated this post with MC (minor changes) to make it compatible with the new FW that is 6.40.1

This guide will illustrate on how you can setup Script in Mikrotik RouterOS , which can send Mikrotik Backup & Export (or user manager database  = optional) file via GMAIL on daily basis. This way you can have offline backup set for DR purposes in case of any disaster recovery

This guide is divided in three parts

  1. Adding the Script
  2. Adding Email Server [now optional , as new script added on 18-jan-2016 also adds tools email options auto every time)
  3. Adding Scheduler to run the script on daily basis

Important Note: Please make sure to Enable the ‘access to the less secure applications’ in your gmail account settings otherwise sending will not be allowed by Gmail.

1) Adding the Script

The below script perform following functions …

1) Backup Complete Mikrotik Configuration in a file
3) Export Complete Mikrotik Configuration in a file

After creating 2 files, it will email them using GMAIL  SMTP server (You can change it in the script if you are using some other isp smtp server, some isp’s allow only there IP series to relay through there SMTP server) , then the script will delete the files after sending Email to save space on RB (as we all know that RB have very limited storage, so if you dont delete the files created on daily basis, it will soon fill up the storage)

Let’s Start …

Goto System > Scripts
Click on + icon to add script.
Name it backup
In the Source box, paste the below script.

# Mikrotik Backup Script for Mikrotik RouterOS "6.40.1"
# This script will take mikrotik backup/export in files, and send them using
# Gmail SMTP. it will then delete those 2 files from the FILES section to preserve disk space in ROS
# It will also continue in case of DNS failure by an additional check
# Syed Jahanzaib / aacable at hotmail com / https:// aacable . wordpress . com
# Last Modified at 18-AUG-2017

:local sub1 ([/system identity get name])
:local sub2 ([/system clock get time])
:local sub3 ([/system clock get date])
:local backupfile "$sub1 mt_config_backup.backup"
:local mikrotikexport "$sub1 mt_export.rsc"
:local adminmail1
:local adminmail2

# GMAIL SMTP DYNAMIC Config Section, Make sure to change these values to match your's / Jz
:local gmailid
:local gmailuser YOUR_GMAIL_ID
:local gmailpwd GMAIL_PASSWORD
:local gmailport 587

# GMAIL SMTP DYNAMIC Config Section, Make sure to change these values to match your's / Jz
# Additional Check for GMAIL SMTP Resolving.
# If gmail SMTP failed to resolve, then it willset manual IP for gmail smtp
# So that email should go even if there is a dns failure.
# By ZAIB - 17-Aug-2017

:global GMAILSMTP ""
:foreach addr in $RESOLVELIST do={
:do {:resolve server= $addr} on-error={:set GMAILSMTP "0";}}
:if ($GMAILSMTP = 0) do={
:set GMAILSMTP "";
} else={

## Donot change beyon this point ####

# Setting gmail options in tool email as well, useful when u dont have configured toosl email option
/tool e-mail set address=$GMAILSMTP port=$gmailport start-tls=yes from=$gmailid user=$gmailuser password=$gmailpwd

:log warning "$COMPANY - Mikrotik Router Backup JOB Started . . . Powered by Syed Jahanzaib"
:log warning "$COMPANY - Creating new up-to date backup/export files . . . "

# Start creating Backup files backup and export both
/system backup save name=$backupfile dont-encrypt=yes
/export file=$mikrotikexport
:put "$COMPANY : Backup JOB process pausing for 20s so it can complete creating backup. Usually for Slow systems ..."
:log warning "$COMPANY : Backup JOB process pausing for 20s so it can complete creating backup. Usually for Slow systems ..."
:delay 20s

:log warning "Backup JOB is now sending Backup File via Email using GMAIL SMTP . . ."

# Start Sending email files to 1st email account, you can duplicate following two sending mail entries to add mulitple recipients
/tool e-mail send to=$adminmail1 subject="$sub3 $sub2 $sub1 Configuration BACKUP File" file=$backupfile start-tls=yes
/tool e-mail send to=$adminmail1 subject="$sub3 $sub2 $sub1 Configuration EXPORT File" file=$mikrotikexport start-tls=yes

# Send same backup files to 2nd email account , jsut for duplication and backup
/tool e-mail send to=$adminmail2 subject="$sub3 $sub2 $sub1 Configuration BACKUP File" file=$backupfile start-tls=yes
/tool e-mail send to=$adminmail2 subject="$sub3 $sub2 $sub1 Configuration EXPORT File" file=$mikrotikexport start-tls=yes

:log warning "$COMPANY : BACKUP JOB: Sleeping for 20s seconds so email can be delivered, "
:delay 20s

# REMOVE Old backup files to save space.
/file remove $backupfile
/file remove $mikrotikexport

# Print Log for done
:log warning "$COMPANY : Backup JOB: Process Finished & Backup File Removed. All Done. You should verify your inbox for confirmation, Regard's Syed Jahanzaib"

# Script END

Click on OK to save the script.

You can remove user manager backup from the list, if its not required.


Adding (GMAIL) Email Server in tools/e-mail for mikrotik 6.x (not required with above script, but still as a reference you can use it)

Open Terminal & paste the following config

(first resolve the gmail smtp by using command ‘ping and note down the IP address and use it in below section)

/tool e-mail
set address= password=GMAILPASSWORD port=587 start-tls=yes user=YOURGMAILID



First we will enable script logging, so we can see its result / errors etc.

/system logging
add action=echo disabled=no prefix="" topics=scrip

Now Test the script by using following command at terminal. (Also open the log window so you can see the script results or any error)

/tool e-mail send subject="test from gmail" start-tls=yes password=GMAILPASS
agp port=587 user=YOURGMAILID

Now execute the script.

/sys script run backup

Open the LOG window. You may see the following screens if every thing is setup correctly.




Adding Scheduler to run the script on daily basis

Open Terminal & paste the following command

/system scheduler
add comment="Scheduler for daily backup of MT" interval=1d name=daily-backup on-event=backup policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=jan/01/1970 start-time=00:00:00






[Short Reference]

To Send Email, use this command.

/tool e-mail send server= port=587 start-tls=yes user="mygmailid" passwo
rd="gmailpassword" from="" to="" subject="test" body="test"


GMAIL  Configuration  on  Mikrotik 5.2x [Short Reference]

[admin@MikroTik] &gt; /tool e-mail pr
port: 587
starttls: no
user: gmailid
password: mypassword

[admin@MikroTik] &gt; /tool e-mail ex
# dec/12/2012 10:45:57 by RouterOS 5.20
/tool e-mail
set address= password=mypassword port=587 starttls=no user=gmailid
[admin@MikroTik] &gt;

/tool e-mail&gt; send server= port=587 tls=yes password=xxxxxx subject=test body=test


Syed Jahanzaib

Older Posts »

%d bloggers like this: