[Chilli] CoovaChilli and dhcpgateway

Thu Apr 1 04:43:05 UTC 2010

I asked if you are using the uamanyip option, because I do understand
your question. The option can influence _when_ IP addresses are taken
out of the pool. Sounds like you don't want the option and you should
not be using it, just make sure you are not using it..

On Wed, 2010-03-31 at 11:20 +0400, Anatoly Oreshkin wrote:
> You misunderstood me.
> 
> I would like wireless clients to get addresses from external dhcp server,
> not from chilli. With dhcpgateway specified chilli relays dhcp request
> to our dhcp server which assigns address to client from pool.
> At the same time chilli itself assigns address to client.
> For example, dhcpserver assigns address 10.2.3.7 but chilli assigns
> 10.2.3.45 and as I think, wants to work with client having address
> 10.2.3.45.
> Really client has address 10.2.3.7 and I guess, because of
> this a client can't authenticate through chilli.
> How to make chilli not assign addresses  itself but get from external
> dhcp server ? Is it possible at all ?
> We need external dhcp server also for wire clients.
> 
> My main idea  is the following:
> 
> At present we have 3Com APs configured with security WPA2/AES
> EAP-PEAP-MSCHAPv2
> and authentication is performed via radius server. Wireless clients get
> their fixed addresses from dhcp server by their MAC addresses.
> 
> Also we need temporary wireless connections (for workshops, conferences
> ...) using UAM authentication regardless of MAC addresses, only with
> login and password.
> So we would like to use the same APs for UAM authenticaton too using chilli
> at the same time preserving secure authentication in secure SSID for
> permanent clients.
> For this end we configure on each AP second SSID but without security.
> Temporary clients should connect to this insecure SSID, get
> addresses from pool regardless of MAC addresses and authenticate through
> chilli using UAM.
> 
> Any hints, ideas.
> Thanks.
> 
> > Are you also using uamanyip? If so, try without.
> >
> >
> > On Tue, 2010-03-30 at 19:50 +0400, Anatoly Oreshkin wrote:
> >> Hello,
> >>
> >> My coovachili has such configuration:
> >>
> >> HS_WANIF=eth0  (195.19.214.216)
> >> HS_LANIF=eth1
> >> HS_NETWORK=10.2.3.0
> >> HS_NETMASK=255.255.255.0
> >> HS_UAMLISTEN=10.2.3.1
> >>
> >> I've configured coovachilli with dhcpgateway in order to get ip
> >> addresses
> >> for clients from external dhcp server. For this goal I've specified in
> >> local.conf
> >>
> >> dhcpgateway=212.193.96.134   (external dhcp address)
> >> dhcpgatewayport=67
> >> dhcprelayagent=195.19.214.216  (chilli eth0 address)
> >>
> >> DHCP server is configured as:
> >> subnet 10.2.3.0 netmask 255.255.255.0 {
> >> option routers                  10.2.3.1;
> >> option subnet-mask              255.255.255.0;
> >> range  10.2.3.2  10.2.3.254;
> >> ...
> >> }
> >>
> >> On chilli server in /var/log/messages I see
> >>
> >> New DHCP request from MAC=00-16-EA-8A-DE-38
> >> Client MAC=00-16-EA-8A-DE-38 assigned IP 10.2.3.53
> >>
> >> On dhcp server in /var/log/messages I see
> >>
> >> DHCPDISCOVER from 00:16:ea:8a:de:38 via 195.19.214.216
> >> DHCPOFFER on 10.2.3.2 to 00:16:ea:8a:de:38 (csd-notebook) via
> >> 195.19.214.216
> >> DHCPREQUEST for 10.2.3.2 (10.2.3.1) from 00:16:ea:8a:de:38 via
> >> 195.19.214.216
> >> DHCPACK on 10.2.3.2 to 00:16:ea:8a:de:38 via 195.19.214.216
> >>
> >> On client I see configuration
> >> IP-address: 10.2.3.2
> >> network mask: 255.255.255.0
> >> gateway: 10.2.3.1
> >> dhcp server: 10.2.3.1
> >>
> >> That is the client have got ip address from dhcp server rather than from
> >> chilli. As the consequence of this the client could not authenticate
> >> through
> >> chilli.
> >>
> >> What is wrong ?  What purpose is dhcpgateway designed for ?
> >>
> >> Thanks.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Chilli mailing list
> >> Chilli at coova.org
> >> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
> >
> >
> 