Running Chilli on FreeBSD
odhiambo at gmail.com
Mon Nov 17 20:13:53 UTC 2008
On Mon, Nov 17, 2008 at 10:40 PM, Outback Dingo <outbackdingo at gmail.com>wrote:
> <begin main.conf>
>> #copy this file into /usr/local/chilli
>> #& create 2 empty files named hs.conf & local.conf
>> # http://www.geeklan.co.uk/files/coova-main.conf
>> 1. cmdsocket /var/run/chilli.sock
>> 2. pidfile /var/run/chilli.pid
>> 3. net 192.168.1.0/255.255.255.0
>> 4. uamlisten 192.168.1.101
>> 5. uamport 3990
>> 6. dhcpif vr0
>> 7. adminuser chillispot
>> 8. adminpasswd chillispot
>> 9. uamallowed coova.org,coova.org,rad01.coova.org,coova.org
>> 11. domain lan
>> 12. dns1 192.168.1.1
>> 13. uamhomepage http://192.168.1.101:3990/coova/coova.html
>> 14. wisprlogin https://coova.org/app/uam/auth
>> 15. wwwdir /usr/local/www/chilli
>> 16. wwwbin /usr/local/etc/chilli/wwwsh
>> 17. locationname "ROWTech Securitet"
>> 18. radiuslocationname ROWTech_HotSpot
>> 19. radiuslocationid isocc=,cc=,ac=,network=Coova,
>> 20. radiusserver1 rad01.coova.org
>> 21. radiusserver2 rad01.coova.org
>> 22. radiussecret coova-anonymous
>> 23. radiusauthport 1812
>> 24. radiusacctport 1813
>> 25. uamserver https://coova.org/app/uam/chilli
>> 26. radiusnasid nas01
>> Let's say I have a dual-homed box, with vr0 being the public interface and
>> fxp0 being the private interface. And say I run a DHCP server on the
>> internal interface.
>> Also say I run FreeRADIUS (with MySQL support) on the same box. I also run
>> my Apache22 on this very box, so it is "everything to me". I have the IP
>> 192.168.1.101 on the internal/private interface (fxp0). Can someone
>> explain to me what items 6-10, 14, 19, 25 should be?
>> I am especially not sure how 14 and 25 are being arrived at.
> 6 is the interface you want chilli to basically listen for dhcp requests on
> 7 and 8 are radius authentication attibutes, if using that type of auth for
RADIUS authentication attributes? The credentials chilli uses to connect to
> 9 is a list of allowed urls surfable without authentication first
> 10 means it will aloow any dns server, say if a client has one set manually
> other then what you rovided from dhcp
> 14 is for the WISPR login URL
Where is it derived from? I mean, is
/app/uam/auth<https://coova.org/app/uam/auth>derived from some Apache
Alias on my server running the chilli web portal?
What is the actual location on disk?
> 19 is the NAS information for radius
I still don't understand that one. Why is it in an LDAP like notation?
> 25 is the physical location of the UAM server, should be the same as the
> uamhomepage ip or address
Is /app/uam/chilli <https://coova.org/app/uam/chilli> an Apache Alias on
the chilli web portal as well? What is the actual location on disk of the
Alias, if any?
>> I also have the file named "defaults" which I need to copy to "config".
>> They are both in /usr/local/etc/chilli/. Looking at them, I see that most of
>> the parameters are almost like what I see in main.conf. This has left me
>> confused as what purpose the "config" file is supposed to serve.
> the config file is for your customized parameters, where default is the
> default coova settings, it reads variables from default, looks at config for
> customizations and the writes main.conf, this file is generated by functions
It writes main.conf on the fly??? So I should not create a main.conf?
>> All my chilli files are accesible on my webserver via /coova (an Apache
>> Alias pointer). Now where /app are supposed to come from still beats me.
>> Am I supposed to be running my own DHCP server or does coova-chilli have
>> some sort of built-in DHCP server?
> chilli does have an internal dhcp system
Wow. So I do not need to have one? Interesting. Thank you for this. It's the
only one I clearly understand now:-)
>> At some point, I believe I am going to introduce a Wireless Access Point
>> into this mix, connected to my DHCP interface, yes? This is how the clients
>> are going to communicate with the system, correct?
> its exactly how i am configured though chilli runs on my APs not on my auth
chilli runs on your APs? You have different computers acting as APs using
Wireless Access Point hardware??
>> My other problem are two files- up.sh and down,sh: I can run either PF or
>> IPFilter/IPNat on the FreeBSD box, but not IPTABLES. So I am wondering what
>> the purpose of these two files. What do they do? I do believe IPTables is
>> for Linux only. Is there a FreeBSD use who can share their *BSD versions of
>> these two files?
You did not mention anything about the up.sh and down.sh and the issue on
IPTables.... Do you use FreeBSD, bay any chance? It would be most helpful.
>> I also had to install haserl from http://haserl.sourceforge.net/ but I
>> still wonder if it's necessary in my setup. I still haven't quite caught up
>> speed on this so please excuse my ignorance.
> yes, and no, if you are running the coova web interface / internal portal
> then yes, if not then essentailly no
I don't understand this answer? Is it optional to run coova web
interface/internal portal? If I don't run them, then what else is there to
Excuse my stupidity on this, honestly.
> my config and main.conf for APs looks like
> HS_LANIF=ath0 # Subscriber Interface for client devices
> HS_UAMLISTEN=126.96.36.199 # HotSpot IP Address (on subscriber network)
> HS_UAMPORT=3990 # HotSpot Port (on subscriber network)
> HS_RADIUS=188.8.131.52 # replace with your radius server's ip
> HS_RADSECRET=edited-out # you should probably choose a
> better shared secret
> HS_LOC_NAME="OptimWIFI HotSpot" # WISPr Location Name and used in
> my server is on 184.108.40.206 with radius / apache / uam hostspotlogin,
> and notice i do use variables in my config, if you read them it might help
> you understand the way it puts this together
I will read these keenly, honestly.
Don't get tired with me:-)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Oh My God! They killed init! You Bastards!"
--from a /. post
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Chilli