[Chilli] Coova when no wan

David Bird david at coova.com
Mon Mar 18 21:05:35 UTC 2013 

Google for "WPAD" ...

On Sat, 2013-03-16 at 16:33 +0100, Alexandre Rubert wrote:
> Ok so If there isn't any solution with coova, how do they do in Mc 
> Donald, or University ? What kind of soft do they use ?
> Le 14/03/2013 17:29, David Bird a écrit :
> > There is no elegant way to deal with https traffic... essentially,
> > chilli is a man-in-the-middle and it breaks SSL security. Having users
> > notified of this lack of security is a GOOD thing. My advice is to keep
> > SSL blocked. What would be interesting for Chrome to integrate into
> > their browser is a notice that 'Authentication is required' on the
> > network -- similar to how Android will give you such a notice, etc.
> >
> >
> > On Thu, 2013-03-14 at 15:38 +0100, Bojan Pogacar wrote:
> >> Another problem with HTTPS redirection is, that google websites like
> >> google.com, gmail, .. in Chrome not just warns about invalid (self
> >> signed) certificate, but also disable redirection to captive portal.
> >> They report that something strange is going on and you can not click
> >> proceed anyway.
> >>
> >> The problem is even bigger with Chrome 25 because all searches from
> >> address bar are now on https. Users are now confused and some don't try
> >> to open some other web site to login and just complain, that they can
> >> not login.
> >>
> >> Is there any solution for that?
> >>
> >> BR, Bojan
> >>
> >>
> >>
> >> Dne 14.3.2013 9:01, piše Xabier Oneca -- xOneca:
> >>> For HTTPS redirections to work, you need a valid certificate for each
> >>> domain you want to be redirected. It would be a huge security hole, so
> >>> you cannot do a beautiful HTTPS redirect.
> >>>
> >>> If you don't mind that the user gets a security warning in his browser,
> >>> you can use --redirssl with its --ssl* config options to allow
> >>> CoovaChilli to listen to HTTPS requests. Chilli does not do this by
> >>> default. You will need a (self signed) certificate.
> >>>
> >>> HTH.
> >>>
> >>> --
> >>> Xabier Oneca_,,_
> >>>
> >>> El 14/03/2013 08:50, "Alexandre Rubert" <alexandre.rubert at gmail.com
> >>> <mailto:alexandre.rubert at gmail.com>> escribió:
> >>>
> >>>      Ok, thank for your answer. I tried with dnsmasq and now all DNS
> >>>      request return an IP which is unauthaurized by coova, in that way
> >>>      client is redirected to uamhomepage. That's what I want but when
> >>>      client try to access to https, he isn't redirected. Wireshark  show
> >>>      that client try to access to https on the redirected IP but there is
> >>>      nothing matching it.
> >>>      Le 14/03/2013 03:39, David Bird a écrit :
> >>>
> >>>          The problem with there being no WAN is that DNS will not work.
> >>>          Without
> >>>          DNS, you do not get a redirect since the browser times out
> >>>          before making
> >>>          any HTTP request. However, what you can do is use option
> >>>          --domaindnslocal to instruct CoovaChilli to return a 'local' IP
> >>>          for any
> >>>          DNS request under the --domain (so, if you have domain=lan, then
> >>>          hostname.lan would resolve in chilli to a local IP). Typically, DNS
> >>>          systems will attempt the original hostname, then the hostname
> >>>          under the
> >>>          DHCP domain, searching for a result.
> >>>
> >>>
> >>>          On Wed, 2013-03-13 at 15:18 +0100, Alexandre Rubert wrote:
> >>>
> >>>              Hello,
> >>>              I try to configure coovachilli to redirect all client to the
> >>>              uamhomepage
> >>>              when there is no internet connection. But actually, it
> >>>              doesn't work. Do
> >>>              you have an example of a kind of configuration ?
> >>>
> >>>              Thanks
> >>>              _________________________________________________
> >>>              Chilli mailing list
> >>>              Chilli at coova.org <mailto:Chilli at coova.org>
> >>>              http://lists.coova.org/cgi-__bin/mailman/listinfo/chilli
> >>>              <http://lists.coova.org/cgi-bin/mailman/listinfo/chilli>
> >>>
> >>>
> >>>
> >>>      _________________________________________________
> >>>      Chilli mailing list
> >>>      Chilli at coova.org <mailto:Chilli at coova.org>
> >>>      http://lists.coova.org/cgi-__bin/mailman/listinfo/chilli
> >>>      <http://lists.coova.org/cgi-bin/mailman/listinfo/chilli>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Chilli mailing list
> >>> Chilli at coova.org
> >>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
> >>>
> 
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli

-- 
--
David Bird
http://www.linkedin.com/in/dwbird
https://twitter.com/wlanmac

More information about the Chilli mailing list