[Chilli] CoovaChilli and dhcpgateway

Anatoly Oreshkin Anatoly.Oreshkin at pnpi.spb.ru
Thu Apr 1 06:35:58 UTC 2010 

I don't use uamanyip option.

Config file /usr/local/etc/chilli/config have such lines:

HS_WANIF=eth0        # has address 195.19.214.216
HS_LANIF=eth1
HS_NETWORK=10.2.3.0
HS_NETMASK=255.255.255.0
HS_UAMLISTEN=10.2.3.1
HS_UAMPORT=3990
HS_UAMUIPORT=4990
HS_DNS_DOMAIN=my.domain
HS_DNS1=<ip address1>
HS_DNS2=<ip address2>
HS_NASID=nas01
HS_RADIUS=<ip address>
HS_RADIUS2=<ip address>
HS_UAMALLOW="10.2.3.1/24,195.19.214.216"
HS_RADSECRET=<secret>
HS_UAMSECRET=<uam secret>
HS_UAMALIASNAME=chilli
HS_UAMSERVER=<uam server>
HS_UAMFORMAT=https://\$HS_UAMSERVER/cgi-bin/hotspotlogin.cgi
HS_TCP_PORTS="80 443"
HS_MODE=hotspot
HS_TYPE=chillispot
HS_WWWDIR=/usr/local/etc/chilli/www
HS_WWWBIN=/usr/local/etc/chilli/wwwsh
HS_PROVIDER=Coova
HS_PROVIDER_LINK=http://www.coova.org/
HS_LOC_NAME="My HotSpot"


The file /usr/local/etc/chilli/local.conf have the lines:

dhcpgateway=212.193.96.134
dhcpgatewayport=67
dhcprelayagent=195.19.214.216



> I asked if you are using the uamanyip option, because I do understand
> your question. The option can influence _when_ IP addresses are taken
> out of the pool. Sounds like you don't want the option and you should
> not be using it, just make sure you are not using it..
>
> On Wed, 2010-03-31 at 11:20 +0400, Anatoly Oreshkin wrote:
>> You misunderstood me.
>>
>> I would like wireless clients to get addresses from external dhcp
>> server,
>> not from chilli. With dhcpgateway specified chilli relays dhcp request
>> to our dhcp server which assigns address to client from pool.
>> At the same time chilli itself assigns address to client.
>> For example, dhcpserver assigns address 10.2.3.7 but chilli assigns
>> 10.2.3.45 and as I think, wants to work with client having address
>> 10.2.3.45.
>> Really client has address 10.2.3.7 and I guess, because of
>> this a client can't authenticate through chilli.
>> How to make chilli not assign addresses  itself but get from external
>> dhcp server ? Is it possible at all ?
>> We need external dhcp server also for wire clients.
>>
>> My main idea  is the following:
>>
>> At present we have 3Com APs configured with security WPA2/AES
>> EAP-PEAP-MSCHAPv2
>> and authentication is performed via radius server. Wireless clients get
>> their fixed addresses from dhcp server by their MAC addresses.
>>
>> Also we need temporary wireless connections (for workshops, conferences
>> ...) using UAM authentication regardless of MAC addresses, only with
>> login and password.
>> So we would like to use the same APs for UAM authenticaton too using
>> chilli
>> at the same time preserving secure authentication in secure SSID for
>> permanent clients.
>> For this end we configure on each AP second SSID but without security.
>> Temporary clients should connect to this insecure SSID, get
>> addresses from pool regardless of MAC addresses and authenticate through
>> chilli using UAM.
>>
>> Any hints, ideas.
>> Thanks.
>>
>> > Are you also using uamanyip? If so, try without.
>> >
>> >
>> > On Tue, 2010-03-30 at 19:50 +0400, Anatoly Oreshkin wrote:
>> >> Hello,
>> >>
>> >> My coovachili has such configuration:
>> >>
>> >> HS_WANIF=eth0  (195.19.214.216)
>> >> HS_LANIF=eth1
>> >> HS_NETWORK=10.2.3.0
>> >> HS_NETMASK=255.255.255.0
>> >> HS_UAMLISTEN=10.2.3.1
>> >>
>> >> I've configured coovachilli with dhcpgateway in order to get ip
>> >> addresses
>> >> for clients from external dhcp server. For this goal I've specified
>> in
>> >> local.conf
>> >>
>> >> dhcpgateway=212.193.96.134   (external dhcp address)
>> >> dhcpgatewayport=67
>> >> dhcprelayagent=195.19.214.216  (chilli eth0 address)
>> >>
>> >> DHCP server is configured as:
>> >> subnet 10.2.3.0 netmask 255.255.255.0 {
>> >> option routers                  10.2.3.1;
>> >> option subnet-mask              255.255.255.0;
>> >> range  10.2.3.2  10.2.3.254;
>> >> ...
>> >> }
>> >>
>> >> On chilli server in /var/log/messages I see
>> >>
>> >> New DHCP request from MAC=00-16-EA-8A-DE-38
>> >> Client MAC=00-16-EA-8A-DE-38 assigned IP 10.2.3.53
>> >>
>> >> On dhcp server in /var/log/messages I see
>> >>
>> >> DHCPDISCOVER from 00:16:ea:8a:de:38 via 195.19.214.216
>> >> DHCPOFFER on 10.2.3.2 to 00:16:ea:8a:de:38 (csd-notebook) via
>> >> 195.19.214.216
>> >> DHCPREQUEST for 10.2.3.2 (10.2.3.1) from 00:16:ea:8a:de:38 via
>> >> 195.19.214.216
>> >> DHCPACK on 10.2.3.2 to 00:16:ea:8a:de:38 via 195.19.214.216
>> >>
>> >> On client I see configuration
>> >> IP-address: 10.2.3.2
>> >> network mask: 255.255.255.0
>> >> gateway: 10.2.3.1
>> >> dhcp server: 10.2.3.1
>> >>
>> >> That is the client have got ip address from dhcp server rather than
>> from
>> >> chilli. As the consequence of this the client could not authenticate
>> >> through
>> >> chilli.
>> >>
>> >> What is wrong ?  What purpose is dhcpgateway designed for ?
>> >>
>> >> Thanks.
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> Chilli mailing list
>> >> Chilli at coova.org
>> >> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>> >
>> >
>>
>
>

More information about the Chilli mailing list