[Chilli] coova-chilli on Debian Lenny

Felipe Augusto van de Wiel felipe.wiel at hpp.org.br
Thu Apr 29 00:53:47 UTC 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 27-04-2010 18:27, SA R wrote:
> I have a Debian (Lenny) server running coova-chilli and
> have some trouble getting dhcp leases past connected AP's.

	I'm also using Debian "Lenny" and coova-chilli.
Which version of coova are you deploying?

	
> Set-up as follows:
> Modem <---> Debian server <---> AP
> 
> The AP, a wrt54gl w/Tomato firmware, is getting a dhcp lease
> from coova-chilli. Clients do not. If I connect the ethernet
> cable from the server to one of the LAN ports on the router,
> clients get ip, but is not redirected.

As mentioned by Timothy in another message on this thread
your setup is not totally clear, I'm guessing that your
modem is your router to the Internet and that your AP is
in your internal LAN.

Another point is that all three components above can
handle DHCP leases, you could even have all three of
them serving DHCP requests at the same time with
different purposes and still have a valid Coova setup.


> Since the router gets an ip, I suspect there is error(s)
> in my way of configuring the router. To clear up
> misconceptions:
> 
> * From a standalone pc running coova-chilli, should the
>   ethernet cable connect to the LAN or the WAN port of
>   the router ?

	Depends on your router's capabilities.


> * I believe the router's dhcp should be off, but how
>   should I set the router's LAN ip ?

	Yes, you should turn off the DHCP and use the
	one from Coova. The rest of the configuration
	depend on your router's model, if it is able
	to do bridge and still hold an IP, that would
	be a nice solution.


> * Should the router's gateway be set to coova-chilli ?

	Probably.


Our setup is pretty simple:

[ Coova Server ] --- Cable Modem --- [ Internet ]
|
[ Switches ] ------- Various APs

The Coova Server has two network interfaces, one of
them is connected to a cable modem from where we get
out Internet access (the public valid IPv4 address).

The other network interface is the one used by Coova
to sent IP addresses and control the access. Most of
our APs do not work as routers, so they only have
on RJ45 connection.

We do have a few wi-fi routers and we have them in
two different setups. Some of the are connected to
the Coova network on the WAN port, that means we
have a small network that is MASQed with the same
IP address to Coova, we used it in our IT office
to simplify things and do not use IPs from the
pool (we also authenticate based on MAC to make
things simpler, but it works without MAC auth).

We also have an wi-fi router working as a small hub,
we connected the Coova network to a regular port and
turned off the internal DHCP, that way it bridged
the requests and if it were a hub/switch.



> A little server info:
> Freeradius (and Daloradius) is working as it should,
> the interface facing internet gets an ip from the
> modem and the tun0 interface facing the AP is getting
> the ip 10.1.0.1 from coova-chilli. Eth1 that physically
> connects the server and the AP is not brought up and is
> not given an ip, this seem correct to me.
> 
> What I try to achieve:
> A central server + "dumb" nodes that can authenticate
> users by way of (free)radius.
> Freeradius, coova-chilli and apache in one package.
> 
> Hopefully these are trivial questions that will make you
> laugh, point and in your guruness provide a solution:)

	Hopefully the above will help you figure out what
to do. It seems more a problem of network topology than a
problem with Coova. :)

Kind regards,
- -- 
Felipe Augusto van de Wiel <felipe.wiel at hpp.org.br>
Tecnologia da Informação (TI) - Complexo Pequeno Príncipe
http://www.pequenoprincipe.org.br/    T: +55 41 3310 1747
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCgAGBQJL2NiYAAoJECCPPxLgxLxPoM0P/iwrwqCdkLLViJCwpWKGhKbL
X4N1LmGFLPKxYzItZm/G8IqNANKCUoDijcSjXOh5aMz5K0R1K4mj4L3ZOOqNCffu
RKCpsI0XVw/rzIA+/PsbF4FRmVr0OaAtl7Es2D1oJEr4fnx0hRlX3bTM38DpgOfQ
1VNpXCKvRrbAg5q6nLJzsZxiYq5chH0aVeVbj3LJWyRBcYPUIJO9qmSqMb/4NlzN
gfv8hTRNtPtaqYY+RhxqYdOfE2LUemBG8+pPND3lyEqDCP+gcgCRMx1VIugJPrvD
ahkIZ+qX03IK0ap+W0T3K/xnRv9gtlfXc5NAwUZupyrEQsHeIPO+oV/64+SYptEW
tqogdX7GW/0qPsQZ/n4D23S+SdX4xjl9aLEYLfhQrFXD7rRaL+M/Cf/5uJFbBuzf
dxHTSysxa/x4uA2ae3LsU82zPcQa3syjM6rvzsbJbWXvFCGmps8LBWbuytZgn0z0
dXoqvA/CqO9K7oLCq+wzfHNzULFYG6U/lyVotCpS5B7pcGR0s7eh3YzRcQPCteSn
7xId2hArniKuEdLlAFeObmSQ527tGcGoLlrOuWUYQM5P9xsYott9eaTfL226mfwK
Qndr2jQmYMtjc0xMw9uyn4fHHE8nNk8nkOOZSvCro1bK3PgkuEe5b20bpJWMEyZL
K0ph36VzKEd9R5uRAlbW
=2Ovg
-----END PGP SIGNATURE-----

More information about the Chilli mailing list