[Chilli] R: building chilli from source

Brigitta Bennici b.bennici at it360.it
Tue Apr 20 15:08:25 UTC 2010


Hello Isidor,
i tried to apply the patch you attached before but I fail to apply it.
This is the error:

[centos at localhost coova-chilli-1.2.2]$ sudo patch coova-chilli.spec.in <
coova-rpm-ssl.diff 
patching file coova-chilli.spec.in
Reversed (or previously applied) patch detected!  Assume -R? [n] y
Hunk #2 FAILED at 22.
1 out of 2 hunks FAILED -- saving rejects to file coova-chilli.spec.in.rej
[centos at localhost coova-chilli-1.2.2]$

Thank you

My best regards,

Brigitta Bennici
E-mail: b.bennici at it360.it
Web: http://www.it360.it

----------------------------------------------------------------------------
----------------
Ai sensi e per gli effetti della Legge sulla tutela della riservatezza
personale (DLgs. 196/03 e collegate), questa mail è destinata unicamente
alle persone sopra indicate e le informazioni in essa contenute sono da
considerarsi strettamente riservate. E' proibito leggere, copiare, usare o
diffondere il contenuto della presente mail senza autorizzazione. Se avete
ricevuto questo messaggio per errore, siete pregati di rispedire lo stesso
al mittente. Grazie

-----Messaggio originale-----
Da: chilli-bounces at coova.org [mailto:chilli-bounces at coova.org] Per conto di
chilli-request at coova.org
Inviato: martedì 20 aprile 2010 14.00
A: chilli at coova.org
Oggetto: Chilli Digest, Vol 7, Issue 23

Send Chilli mailing list submissions to
	chilli at coova.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
or, via email, send a message with subject or body 'help' to
	chilli-request at coova.org

You can reach the person managing the list at
	chilli-owner at coova.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Chilli digest..."


Today's Topics:

   1. Re: Radius Proxy (Damien Courtaillier)
   2. Re: Squid transparent proxy on same server (Jason Allen)
   3. Re: R: building chilli from source (was: R: R: R: Chilli
      Digest, Vol 7, Issue 13) ('Isidor Zeuner')


----------------------------------------------------------------------

Message: 1
Date: Mon, 19 Apr 2010 17:22:15 +0200
From: Damien Courtaillier <d.courtaillier at gmail.com>
Subject: Re: [Chilli] Radius Proxy
To: chilli at coova.org
Message-ID:
	<l2uf1b5213e1004190822zc8b7fa08la6515e9ece7826b8 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi,

After building and installing the latest svn 1.2.3 release, I'm still
struggling against the same problem.

Is there really nobody who faced this issue or has tips on that?

Here's my chilli config file:

*HS_WANIF=eth0.1            # WAN Interface toward the Internet
HS_LANIF=br-lan           # Subscriber Interface for client devices
HS_NETWORK=10.1.0.0       # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0   # HotSpot Network Netmask
HS_UAMLISTEN=10.1.0.1       # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990            # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990          # HotSpot UAM "UI" Port (on subscriber network,
for embedded portal)

HS_DNS1=8.8.8.8
HS_DNS2=8.8.8.8

HS_NASID=nas01
HS_RADIUS=radius1.domain.com
HS_RADIUS2=radius2.domain.com
HS_UAMALLOW=www.coova.org
HS_RADSECRET=secret    # Set to be your RADIUS shared secret
HS_UAMSECRET=change-me     # Set to be your UAM secret
HS_UAMALIASNAME=chilli

HS_RADPROXY=on
 HS_RADPROXY_LISTEN=127.0.0.1
 HS_RADPROXY_CLIENT=127.0.0.1
 HS_RADPROXY_PORT=1645
 HS_RADPROXY_SECRET=$HS_RADSECRET

HS_MODE=hotspot
HS_TYPE=chillispot*

and my /etc/config/wireless:

*config 'wifi-iface'
    option 'device' 'wl0'
    option 'mode' 'ap'
    option 'ssid' 'WPA'
    option 'network' 'lan'
    option 'encryption' 'wpa2'
    option 'server' '127.0.0.1'
    option 'port' '1645'
    option 'key' 'secret'
    option 'isolate' '1'
    option 'hidden' '1'

*
Regards,

Damien Courtaillier

---------- Forwarded message ----------
From: Damien Courtaillier <d.courtaillier at gmail.com>
Date: 2010/4/15
Subject: Radius Proxy
To: chilli at coova.org


Hello,

I'm trying to setup coova as a radius proxy, using radproxy options.
I use coova-chilli 1.2.3 (from the svn) on OpenWrt Kamikaze

coova runs directly on the AP that provides WPA2 wireless.

When I try to connect, I can see the Access-Accept in my radius log, but
coova never gives acces to the client.

Here is coova's output:

chilli.c: 1957: 0 (Debug) RADIUS Access-Request received
chilli.c: 1986: 0 (Debug) Calling Station ID is: 701a04a76fc3
dhcp.c: 389: 0 (Debug) DHCP newconn: 70:1a:04:a7:6f:c3
chilli.c: 3285: 0 (Debug) New DHCP request from MAC=70-1A-04-A7-6F-C3
chilli.c: 3288: 0 (Debug) New DHCP connection established
radius.c: 1446: 0 (Debug) RADIUS to 192.168.0.5:1812
chilli.c: 2792: 0 (Debug) Received access request confirmation from radius
server

chilli.c: 2828: 0 (Debug) Received access challenge from radius server
chilli.c: 920: 0 (Debug) Sending RADIUS AccessChallenge to client
chilli.c: 1957: 0 (Debug) RADIUS Access-Request received
chilli.c: 1986: 0 (Debug) Calling Station ID is: 701a04a76fc3
radius.c: 1446: 0 (Debug) RADIUS to 192.168.0.5:1812
chilli.c: 2792: 0 (Debug) Received access request confirmation from radius
server

Coova receives the dhcp request but seems not to respond to it...

when I try a chilli_query list, I get:

70-1A-04-A7-6F-C3 10.1.0.2 pass 4bc72fad44400001 1 net_test 9/0 9/0 0/0 0/0
0 0 0/0 0/0 -

It is the MAC address of my client, so chilli thinks it is connected however
it is not...

I tried giving an address directly to the client, I definitely can't
communicate with my AP.

What am  I doing wrong?

Does the WPA2 client communicate with coova's tun interface or directly with
the bridge ?
Actually, does the WPA2 clients have to be connected directly to the network
handled by coova (that is my case) or  can they connect to another network,
and coova just makes the authentication ?

Thanks for your answers.

Cheers.

Damien Courtaillier
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.coova.org/pipermail/chilli/attachments/20100419/efbbe7de/attac
hment.html>

------------------------------

Message: 2
Date: Tue, 20 Apr 2010 15:17:55 +1000
From: Jason Allen <jason at theallens.id.au>
Subject: Re: [Chilli] Squid transparent proxy on same server
To: Isidor Zeuner <chilli at quidecco.de>
Cc: chilli at coova.org
Message-ID:
	<k2k3e888d0e1004192217j54bc5511x44a96e3365773973 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

On Wed, Apr 14, 2010 at 14:42, Isidor Zeuner <chilli at quidecco.de> wrote:

> Hi Jason,
>
> >
> > Can anyone share configuration settings (or point me towards and article
> or
> > how-to), with regard to iptable rules, to ensure that port 80 traffic is
> > transparently routed through to squid? I'd need to ensure that port 80
> > traffic to the server itself is still available as the server runs
apache
> > for teh charging portal.
> >
>
> The HS_POSTAUTH_PROXY and HS_POSTAUTH_PROXYPORT configuration settings
> are there to configure a transparent proxy to handle requests after
> the user is authenticated. This is handled through chilli, not
> iptables, and does not prevent you from still running a web server.
>
> Best regards,
>
> Isidor
>

For the information of other (potential) users, I have not been able to get
this successfully work with the Squid proxy on the same server as chilli
(ie. HS_POSTAUTH_PROXY = 127.0.0.1). I have confirmed, via lynx, that squid
works fine for localhost/127.0.0.1 connections, but it does not work through
chilli for chilli authenticated clients.

Debug logs showed redirection to squid, but according to squid logs it
(squid) was not receiving the request.

Unfortunately, I'm not development minded enough to know what the problem is
or might be. If anyone has it working in this scenario, I would like to hear
from you if your willing to provide some advice on your configuration.


Thanks.

-- 
Cheers,
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.coova.org/pipermail/chilli/attachments/20100420/21d385e6/attac
hment-0001.htm>

------------------------------

Message: 3
Date: Tue, 20 Apr 2010 07:30:50 +0200 (CEST)
From: "'Isidor Zeuner'" <chilli at quidecco.de>
Subject: Re: [Chilli] R: building chilli from source (was: R: R: R:
	Chilli	Digest, Vol 7, Issue 13)
To: "Brigitta Bennici" <b.bennici at it360.it>
Cc: chilli at coova.org
Message-ID: <20100420053050.A9C237894FB at quidecco.de>
Content-Type: text/plain; charset="utf-8"

Hi Brigitta,

> sorry I did exactly that error. I attached the output as you suggested.
Hope I did fine this time. Thank you for your support.
> 

It seems like you are having the same issue as Hardy Beltran
Monasterios had the day before (probably everyone compiling on CentOS
with ssl has). You might try if my patch (attached) works for you.

Best regards,

Isidor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/x-gzip
Size: 3753 bytes
Desc: not available
URL:
<http://lists.coova.org/pipermail/chilli/attachments/20100420/abed012e/attac
hment-0001.bin>

------------------------------

_______________________________________________
Chilli mailing list
Chilli at coova.org
http://lists.coova.org/cgi-bin/mailman/listinfo/chilli


End of Chilli Digest, Vol 7, Issue 23
*************************************



More information about the Chilli mailing list