DHCP - WLAN behaviour of Windows Notebooks

David Bird mem.corruption at gmail.com
Sat Sep 8 13:37:18 UTC 2007 

I think I must come to your island to help you out! :)

Have you tested authenticating multiple users from the same AP? From
your network diagram, I wasn't certain if you're APs are bridging the
192.168.1.0/24 network. If not, you may be authenticating the entire
AP instead of just one user.

I typically don't assign my dhcpif an IP address, but others do. You
indeed just need to be a lot more careful with your iptables rules.
For instance, if someone made the their default gateway that of your
eth1 instead of the chilli tunnel, are they bypassing authentication?
You need to be careful what traffic gets picked up and handled by the
kernel and what gets switched through chilli...

David


On 9/8/07, SR Infosystèmes <contact at sriviere.info> wrote:
> Hi all,
>
> I'm fairly new around TUN/TAP systems, and experiment some problems.
>
> Setting up a wifi network for tests, I use a single debian server
> hosting all the stuff (LAMP/RADIUS/COOVA-CHILLI) with two AP used like
> hubs (ap open-mode, no dhcp, original manufacturer firmware).
>
> This test platform must be unchanged for production : one PC, many AP
> (with original manufacturer firmware).
>
>             internet
>           192.168.0.x
>                |
>                |
> ----------- eth0 -----------
> |                          |
> |Debian server (all in one)|
> |                          |
> ------------eth1------------
>                |
>                |
>           192.168.1.x
>                |
>                |
>            --------
>            |switch|
>            --------
>              /  \
>             /    \
>            /      \
>          AP1      AP2
>
> At this stage, after a week of work and tests, all basics function works
> well (home redirection, user connection, and so on).
>
> It's like magic, I thank warmly all the CoovaChilli maintainers ! Chilli
> is far more elegant and efficient than stuff like NoCat.
>
> My /etc/network/interface is standard :
> ______________________________
> auto eth0
> iface eth0 inet static
> network 192.168.0.0
> netmask 255.255.255.0
> address 192.168.0.251
> gateway 192.168.0.254
>
> auto eth1
> iface eth1 inet static
> address 0.0.0.0
> _______________________________
>
> But I need to maintain my AP via SSH. (change subtles settings not
> available bySo, I modify eth1 to :
> _______________________________
>
> auto eth1
> iface eth1 inet static
> network 192.168.1.0
> netmask 255.255.255.0
> address 192.168.1.251
> _______________________________
>
> AP connections via SSH works well (ntp, tftp firmwares updates too), but
> now I lost automatic redirection to "uamhomepage" (when a new wifi
> client connects it don't get the home page but the web browser page by
> default is searched until timeout).
>
> I still may connect using http://192.168.1.1:3990/prelogin, but
> automatic redirection is very useful for users.
>
> In addition CoovaChilli now affects an IP address to the AP via its
> internal dhcp and there is some ARP problems...
>
> I've read in the old ChilliSpot doc we can set an address to eth1, to
> maintain AP, but maybe it's a little more difficult :)
>
> I guess I need to exclude AP (by MAC addresses ?) from CoovaChilli
> processing and make a setup for concurrents access (wifi clients and AP
> maintenance via SSH).
>
> I'm not familiar with TUN, reading manpages carefully, I noticed some
> parameters (dhcpmac) which may help, after many tries, I feel I need help...
>
> chilli.conf parameters (all others omitted, values by default) :
> _______________________________
> dhcpif          eth1
> dhcpstart       5
> dhcpend         240
> net             192.168.1.0/24
> dynip           192.168.1.0/24
> uamserver https://192.168.1.1/cake/hotcakes/webroot/welcome/go/
> uamhomepage http://192.168.1.1/cake/hotcakes/welcome/login_page.html
> uamsecret ht2eb8ej6s4et3rg1ulp
> uamlisten 192.168.1.1
> uamallowed 212.27.54.252,212.27.53.252
> radiusserver1 127.0.0.1
> radiusserver2 127.0.0.1
> radiussecret testing123
> _______________________________
>
> AP1 & AP2 settings :
> _______________________________
>
> AP1 ip addr : 192.168.1.241
> AP1 ip mask : 255.255.255.0
> AP1 ip gateway : 192.168.1.1
> AP1 dhcp : disabled
>
> AP2 ip addr : 192.168.1.242
> AP2 ip mask : 255.255.255.0
> AP2 ip gateway : 192.168.1.1
> AP2 dhcp : disabled
> _______________________________
>
>
> I've also tried to set AP ip gateway to eth1 IP address (192.168.1.251)
> without success.
>
> If you can help me, it would be much appreciated.
>
>
> All the best form Oleron island.
>
> Stéphane Rivière
>
>
> --
> LA SOLUTION à vos problèmes INFORMATIQUES
>
> SR Infosystèmes
> 15, rue du Temple
> 17310 St Pierre d'Oléron
> Ile d'Oléron - France
>
> Mobile : 06 89 29 88 44
> Fixe :   09 54 10 55 60 (appel local)
> Fax :    05 46 36 30 59
> Site :   www.sriviere.info
> Email :  contact at sriviere.info
> Skype :  stephane.riviere
>
> Certificat X509 : disponible sur le site
>

More information about the Chilli mailing list