[Chilli] Coova when no wan

Alexandre Rubert alexandre.rubert at gmail.com
Sat Mar 16 15:33:32 UTC 2013


Ok so If there isn't any solution with coova, how do they do in Mc 
Donald, or University ? What kind of soft do they use ?
Le 14/03/2013 17:29, David Bird a écrit :
> There is no elegant way to deal with https traffic... essentially,
> chilli is a man-in-the-middle and it breaks SSL security. Having users
> notified of this lack of security is a GOOD thing. My advice is to keep
> SSL blocked. What would be interesting for Chrome to integrate into
> their browser is a notice that 'Authentication is required' on the
> network -- similar to how Android will give you such a notice, etc.
>
>
> On Thu, 2013-03-14 at 15:38 +0100, Bojan Pogacar wrote:
>> Another problem with HTTPS redirection is, that google websites like
>> google.com, gmail, .. in Chrome not just warns about invalid (self
>> signed) certificate, but also disable redirection to captive portal.
>> They report that something strange is going on and you can not click
>> proceed anyway.
>>
>> The problem is even bigger with Chrome 25 because all searches from
>> address bar are now on https. Users are now confused and some don't try
>> to open some other web site to login and just complain, that they can
>> not login.
>>
>> Is there any solution for that?
>>
>> BR, Bojan
>>
>>
>>
>> Dne 14.3.2013 9:01, piše Xabier Oneca -- xOneca:
>>> For HTTPS redirections to work, you need a valid certificate for each
>>> domain you want to be redirected. It would be a huge security hole, so
>>> you cannot do a beautiful HTTPS redirect.
>>>
>>> If you don't mind that the user gets a security warning in his browser,
>>> you can use --redirssl with its --ssl* config options to allow
>>> CoovaChilli to listen to HTTPS requests. Chilli does not do this by
>>> default. You will need a (self signed) certificate.
>>>
>>> HTH.
>>>
>>> --
>>> Xabier Oneca_,,_
>>>
>>> El 14/03/2013 08:50, "Alexandre Rubert" <alexandre.rubert at gmail.com
>>> <mailto:alexandre.rubert at gmail.com>> escribió:
>>>
>>>      Ok, thank for your answer. I tried with dnsmasq and now all DNS
>>>      request return an IP which is unauthaurized by coova, in that way
>>>      client is redirected to uamhomepage. That's what I want but when
>>>      client try to access to https, he isn't redirected. Wireshark  show
>>>      that client try to access to https on the redirected IP but there is
>>>      nothing matching it.
>>>      Le 14/03/2013 03:39, David Bird a écrit :
>>>
>>>          The problem with there being no WAN is that DNS will not work.
>>>          Without
>>>          DNS, you do not get a redirect since the browser times out
>>>          before making
>>>          any HTTP request. However, what you can do is use option
>>>          --domaindnslocal to instruct CoovaChilli to return a 'local' IP
>>>          for any
>>>          DNS request under the --domain (so, if you have domain=lan, then
>>>          hostname.lan would resolve in chilli to a local IP). Typically, DNS
>>>          systems will attempt the original hostname, then the hostname
>>>          under the
>>>          DHCP domain, searching for a result.
>>>
>>>
>>>          On Wed, 2013-03-13 at 15:18 +0100, Alexandre Rubert wrote:
>>>
>>>              Hello,
>>>              I try to configure coovachilli to redirect all client to the
>>>              uamhomepage
>>>              when there is no internet connection. But actually, it
>>>              doesn't work. Do
>>>              you have an example of a kind of configuration ?
>>>
>>>              Thanks
>>>              _________________________________________________
>>>              Chilli mailing list
>>>              Chilli at coova.org <mailto:Chilli at coova.org>
>>>              http://lists.coova.org/cgi-__bin/mailman/listinfo/chilli
>>>              <http://lists.coova.org/cgi-bin/mailman/listinfo/chilli>
>>>
>>>
>>>
>>>      _________________________________________________
>>>      Chilli mailing list
>>>      Chilli at coova.org <mailto:Chilli at coova.org>
>>>      http://lists.coova.org/cgi-__bin/mailman/listinfo/chilli
>>>      <http://lists.coova.org/cgi-bin/mailman/listinfo/chilli>
>>>
>>>
>>>
>>> _______________________________________________
>>> Chilli mailing list
>>> Chilli at coova.org
>>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>>



More information about the Chilli mailing list