[Chilli] Radius Proxy

Damien Courtaillier d.courtaillier at gmail.com
Mon Apr 19 15:22:15 UTC 2010


Hi,

After building and installing the latest svn 1.2.3 release, I'm still
struggling against the same problem.

Is there really nobody who faced this issue or has tips on that?

Here's my chilli config file:

*HS_WANIF=eth0.1            # WAN Interface toward the Internet
HS_LANIF=br-lan           # Subscriber Interface for client devices
HS_NETWORK=10.1.0.0       # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0   # HotSpot Network Netmask
HS_UAMLISTEN=10.1.0.1       # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990            # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990          # HotSpot UAM "UI" Port (on subscriber network,
for embedded portal)

HS_DNS1=8.8.8.8
HS_DNS2=8.8.8.8

HS_NASID=nas01
HS_RADIUS=radius1.domain.com
HS_RADIUS2=radius2.domain.com
HS_UAMALLOW=www.coova.org
HS_RADSECRET=secret    # Set to be your RADIUS shared secret
HS_UAMSECRET=change-me     # Set to be your UAM secret
HS_UAMALIASNAME=chilli

HS_RADPROXY=on
 HS_RADPROXY_LISTEN=127.0.0.1
 HS_RADPROXY_CLIENT=127.0.0.1
 HS_RADPROXY_PORT=1645
 HS_RADPROXY_SECRET=$HS_RADSECRET

HS_MODE=hotspot
HS_TYPE=chillispot*

and my /etc/config/wireless:

*config 'wifi-iface'
    option 'device' 'wl0'
    option 'mode' 'ap'
    option 'ssid' 'WPA'
    option 'network' 'lan'
    option 'encryption' 'wpa2'
    option 'server' '127.0.0.1'
    option 'port' '1645'
    option 'key' 'secret'
    option 'isolate' '1'
    option 'hidden' '1'

*
Regards,

Damien Courtaillier

---------- Forwarded message ----------
From: Damien Courtaillier <d.courtaillier at gmail.com>
Date: 2010/4/15
Subject: Radius Proxy
To: chilli at coova.org


Hello,

I'm trying to setup coova as a radius proxy, using radproxy options.
I use coova-chilli 1.2.3 (from the svn) on OpenWrt Kamikaze

coova runs directly on the AP that provides WPA2 wireless.

When I try to connect, I can see the Access-Accept in my radius log, but
coova never gives acces to the client.

Here is coova's output:

chilli.c: 1957: 0 (Debug) RADIUS Access-Request received
chilli.c: 1986: 0 (Debug) Calling Station ID is: 701a04a76fc3
dhcp.c: 389: 0 (Debug) DHCP newconn: 70:1a:04:a7:6f:c3
chilli.c: 3285: 0 (Debug) New DHCP request from MAC=70-1A-04-A7-6F-C3
chilli.c: 3288: 0 (Debug) New DHCP connection established
radius.c: 1446: 0 (Debug) RADIUS to 192.168.0.5:1812
chilli.c: 2792: 0 (Debug) Received access request confirmation from radius
server

chilli.c: 2828: 0 (Debug) Received access challenge from radius server
chilli.c: 920: 0 (Debug) Sending RADIUS AccessChallenge to client
chilli.c: 1957: 0 (Debug) RADIUS Access-Request received
chilli.c: 1986: 0 (Debug) Calling Station ID is: 701a04a76fc3
radius.c: 1446: 0 (Debug) RADIUS to 192.168.0.5:1812
chilli.c: 2792: 0 (Debug) Received access request confirmation from radius
server

Coova receives the dhcp request but seems not to respond to it...

when I try a chilli_query list, I get:

70-1A-04-A7-6F-C3 10.1.0.2 pass 4bc72fad44400001 1 net_test 9/0 9/0 0/0 0/0
0 0 0/0 0/0 -

It is the MAC address of my client, so chilli thinks it is connected however
it is not...

I tried giving an address directly to the client, I definitely can't
communicate with my AP.

What am  I doing wrong?

Does the WPA2 client communicate with coova's tun interface or directly with
the bridge ?
Actually, does the WPA2 clients have to be connected directly to the network
handled by coova (that is my case) or  can they connect to another network,
and coova just makes the authentication ?

Thanks for your answers.

Cheers.

Damien Courtaillier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20100419/efbbe7de/attachment.htm>


More information about the Chilli mailing list