Accessing AP through eth1

SR Infosystèmes contact at sriviere.info
Sat Sep 8 15:19:14 UTC 2007 

Hi David,

Thanks for your fast answer !

> I think I must come to your island to help you out! :)

You're welcome ! Sail, wind-surf, surf, dive, kite-surf, plane, see, 
horses, bicycle, sun... But I'm at work, even week-ends :)))

Since the guy who have to setup the test platform has given up (too 
difficult, he says, after trying many things around NoCat for weeks. I 
restart the project from the ground and, after intensive googling, 
choose CoovaChilli : better design, faster software and alive project. I 
use hotcake to manage accounts, hotcake is a new project, very promising.

More seriously, I'm basically a software and hardware engineer, 
definitly not an experienced network engineer. I discover theses days 
netfilter/iptables and so on. But I'm stubborn, and I want to learn and 
make things work together, gracefully if possible :)

> Have you tested authenticating multiple users from the same AP? 

I start CoovaChilli

I switch on pc1 wifi card
log says client mac_wifi_card_pc1 assigned 192.168.1.5

I switch on pc2 wifi card
log says client mac_wifi_car_pc2 assigned 192.168.1.6

I log test01 user on pc1
log says Successful UAM login from username=test01 IP=192.168.1.5

I log test01 user on pc2
log says Successful UAM login from username=test02 IP=192.168.1.6

I know my APs mac adresses and my PC mac adresses : there is no ambiguity.

> I typically don't assign my dhcpif an IP address, but others do. You
> indeed just need to be a lot more careful with your iptables rules.

> For instance, if someone made the their default gateway that of your
> eth1 instead of the chilli tunnel, are they bypassing authentication?

Must I give eth1 a real IP OUTSIDE my Chilli network class (192.168.1.x) 
choosing 192.168.3.x for example ? and affect IP of APs in the same 
192.168.3 class ?

eth0 : 192.168.0.0/24, ip 192.168.0.251 via /etc/network/interfaces

tun0 : 192.168.1.0/24, ip 192.168.1.1 via chilli.conf

eth1 : 192.168.2.0/24, ip 192.168.2.251 via /etc/network/interfaces

If I setup AP1 like this :

ip : 192.168.2.241
gateway : 192.168.2.251

May I hope avoiding interference between Chilli and AP maintenance via 
SSH doing like this  ?

> You need to be careful what traffic gets picked up and handled by the
> kernel and what gets switched through chilli...

Despite the iptables rules to avoid unauthentication bypassing, why 
CoovaChilli is confused when I give a real IP to eth1 ?

Because I melt tun0 and eth1 in the same network class (192.168.1.0/24) ?

If I understood well the Chilli design :

1) Chilli listen to DHCP request. At this stage, Chilli don't mind 
network class or ip of eth1, it just listen eth1 to dhcp request.

2) When it receives a dhcp request, it affects an ip address (inside 
network class settings in chilli.conf) through its internal dhcp and 
make a tunnel between the client and Chilli.

Thanks again for your help.

Sorry to disturb you with newbie questions.

Stephane Riviere

-- 
LA SOLUTION à vos problèmes INFORMATIQUES

SR Infosystèmes
15, rue du Temple
17310 St Pierre d'Oléron
Ile d'Oléron - France

Mobile : 06 89 29 88 44
Fixe :   09 54 10 55 60 (appel local)
Fax :    05 46 36 30 59
Site :   www.sriviere.info
Email :  contact at sriviere.info
Skype :  stephane.riviere

Certificat X509 : disponible sur le site

More information about the Chilli mailing list