[Chilli] CoovaChilli 1.2.9 & AnyIP
Bojan Pogacar
bojan at gajba.net
Fri Feb 10 09:53:42 UTC 2012
Hello!
The problem since 1.2.5 is only that web page for login don't load for
users that connect to anyip coova chilli and use DHCP (if they have
static IP login page shows up and everything is workign fine). Bellow is
my wireshark analysis that I posted to the list on 4th of February:
------------
Hello!
I am still trying to fix anyip feature on my Chilli. I've analized TCP
stream when opening captive portal web page and I get:
592 117.787866 10.9.0.4 10.9.0.1 TCP 66 49713 > http
[SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
593 117.789301 10.9.0.1 10.9.0.4 TCP 66 http > 49713
[SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=256
594 117.789413 10.9.0.4 10.9.0.1 TCP 54 49713 > http
[ACK] Seq=1 Ack=1 Win=65536 Len=0
595 117.789514 10.9.0.1 10.9.0.4 TCP 66 [TCP Previous
segment lost] http > 49713 [SYN, ACK] Seq=1237032389 Ack=1 Win=14600
Len=0 MSS=1460 SACK_PERM=1 WS=256
596 117.789533 10.9.0.4 10.9.0.1 TCP 54 [TCP Dup ACK
594#1] 49713 > http [ACK] Seq=1 Ack=1 Win=65536 Len=0
597 117.790578 10.9.0.1 10.9.0.4 TCP 60 http > 49713
[RST] Seq=1 Win=0 Len=0
598 117.790719 10.9.0.1 10.9.0.4 TCP 60 http > 49713
[RST] Seq=1 Win=0 Len=0
10.9.0.4 is client IP
10.9.0.1 is chilli server
I can SSH from client to server without problems, only web pages on
10.9.0.1 don't work.
Any idea, why I get "TCP Dup ACK" and then RST ? What am I missing. Any
idea?
Could it be realted to this (duplicate entry in Unit 0 and Unit 1), when
I execute chilli_query listippool
> Unit 0 : -inuse- : 10.9.0.2 : mac=02-01-01-05-01-01 ip=10.9.0.2 age=1
> Unit 1 : -inuse- : 10.9.0.3 : mac=02-01-01-05-01-01 ip=10.9.0.2 age=1
Problem exists only if I enable anyip feature and if I use DHCP on my
client. When I use static IP (anyip) on client, it works OK.
Thanks, Bye
Dne 10.2.2012 9:52, piše David Bird:
> Hi,
>
> It has always been the case that statip is required for anyip.
> Internally, chilli has allocated 'slots' for sessions based on the dynip
> and statip ranges. The dynip, of course, is where DHCP addresses are
> pooled (in layer3 mode, this is just the slots for the in-range
> sessions, there is no DHCP allocation). Static and anyip take a slot out
> of the statip pool (even if the IP isn't in it's statip range). In the
> case of natanyip, in addition to holding a slot in the static pool, an
> NAT IP is reserved out of the dynip and there is a one-to-one NATing.
>
> Here is a working example (both clients not having problems) and the
> output of chilli_query listippool:
>
> DHCP lease time 600 sec, grace period 60 sec
> First available dynamic 2 Last 252
> First available static 254 Last 508
> List size 509
> -- Dynamic Pool
> ------------------------------------------------------------
> Unit 0 : -inuse- : 10.1.0.2 : mac=B8-FF-61-XX-XX-XX
> ip=11.11.11.11 age=172
> Unit 1 : -inuse- : 10.1.0.3 : mac=78-D6-F0-XX-XX-XX ip=10.1.0.3
> age=0
> Unit 2 : -1/ 3 : 10.1.0.4 :
> Unit 3 : 2/ 4 : 10.1.0.5 :
> Unit 4 : 3/ 5 : 10.1.0.6 :
>
> ...
> -- Static Pool
> ------------------------------------------------------------
> Unit 253 : -inuse- : 11.11.11.11 : static mac=B8-FF-61-XX-XX-XX
> ip=11.11.11.11 age=172
> Unit 254 : -1/255 : 0.0.0.0 : static
> Unit 255 : 254/256 : 0.0.0.0 : static
> ...
> Dynamic address: free 251, avail 251, used 2, err 0, sum 253/253
> Static address: free 255, avail 255, used 1, err 0, sum 256/256
>
>
> On Fri, 2012-02-10 at 18:46 +1100, Robert White wrote:
>> Hi David,
>>
>>
>> We've been using anyip WITHOUT natanyip.
>>
>>
>> The setup we are trying to achieve is as follows, perhaps you could
>> comment if we're going about this the right way:
>>
>>
>> We have a network where people connect and get an IP via DHCP - all
>> works well.
>> On the same network there are people who connect and have a static IP
>> - anyip is turned on. Chilli log shows them getting assigned a static
>> IP but they are never served the captive portal
>> On the same network there are people who have DHCP turned on and we
>> are trying to set their IP via RADIUS attributes. This has two
>> outcomes depending on whether or not we set HS_STATIP. If we dont set
>> it then chilli complains it is unable to assign a static ip. If we
>> set HS_STATIP to the subnet that RADIUS is trying to assign an IP from
>> then the RADIUS attribute for the IP address is assigned properly but
>> the Subnet mask and DNS server attributes are not. If someone with a
>> static IP tries to connect then chilli will seg fault.
>>
>>
>> David, could you clarify the use of HS_DYNIP and HS_STATIP. If they
>> are hashed out will anyip work? We've never used natanyip - does this
>> NAT a client static IP with an IP from the HS_DYNIP pool?
>>
>>
>> If you could outline the best way to achieve our scenario above we can
>> do some more testing and email through some debug info.
>>
>>
>> Thanks,
>>
>>
>> Rob White
>>
>>
>> On 10 February 2012 16:36, David Bird<david at coova.com> wrote:
>> How are you using anyip (with natanyip?) And what test are you
>> doing that is failing?
>>
>> Robert White<rwhite at globalgossip.net> wrote:
>>
>> >Bojan,
>> >
>> >Did you have any success getting AnyIP feature working?
>> >
>> >I can confirm it's not working for me in 1.2.8 or 1.2.9.
>> >
>> >Thanks,
>> >
>> >Rob
>> >
>> >On 13 January 2012 23:22, Bojan Pogacar<bojan at gajba.net>
>> wrote:
>> >
>> >> David, did you have time to take a look at my results?
>> >>
>> >> Thank you very much for your help.
>> >>
>> >>
>> >> Bye
>> >>
>> >>
>> >>
>> >> Dne 11.1.2012 10:29, piše Bojan Pogacar:
>> >>
>> >>> On chilli 1.2.9 I get:
>> >>>
>> >>> Unit 0 : -inuse- : 10.9.0.2 : mac=02-01-01-05-01-01
>> ip=10.9.0.2 age=1
>> >>> Unit 1 : -inuse- : 10.9.0.3 : mac=02-01-01-05-01-01
>> ip=10.9.0.2 age=1
>> >>> Unit 2 : -1/ 3 : 10.9.0.4 :
>> >>> Unit 3 : 2/ 4 : 10.9.0.5 :
>> >>> Unit 4 : 3/ 5 : 10.9.0.6 :
>> >>> Unit 5 : 4/ 6 : 10.9.0.7 :
>> >>> etc, ..
>> >>>
>> >>> On chilli 1.2.5 I get:
>> >>>
>> >>> Unit 0 : -inuse- : 10.9.0.2 : mac=02-01-01-05-01-01
>> ip=10.9.0.2 age=4
>> >>> Unit 1 : -1/ 2 : 10.9.0.3 :
>> >>> Unit 2 : 1/ 3 : 10.9.0.4 :
>> >>> Unit 3 : 2/ 4 : 10.9.0.5 :
>> >>> Unit 4 : 3/ 5 : 10.9.0.6 :
>> >>> Unit 5 : 4/ 6 : 10.9.0.7 :
>> >>> etc, ...
>> >>>
>> >>> Is there OK, that on 1.2.9 I get two IPs listed on same
>> MAC. Could this
>> >>> be a problem that web server terminates a connection?
>> >>>
>> >>> All IPs are fetch through DHCP. Static IPs are working.
>> >>>
>> >>> Thanks, Bojan
>> >>>
>> >>>
>> >>>
>> >>> Dne 11.1.2012 10:20, piše David Bird:
>> >>>
>> >>>> You can get perhaps a bit more info if you do:
>> >>>>
>> >>>> chilli_query listippool
>> >>>> DHCP lease time 600 sec, grace period 60 sec
>> >>>> First available dynamic 3 Last 1
>> >>>> First available static 254 Last 508
>> >>>> List size 509
>> >>>> -- Dynamic Pool
>>
>> >>>>
>> ------------------------------**------------------------------
>> >>>> Unit 0 : -inuse- : 10.1.0.2 : mac=XX-XX-XX-XX-XX-XX
>> >>>> ip=192.0.0.2 age=2
>> >>>> Unit 1 : 252/ -1 : 10.1.0.3 :
>> >>>> Unit 2 : -inuse- : 10.1.0.4 : mac=YY-YY-YY-YY-YY-YY
>> ip=10.1.0.4
>> >>>> age=241
>> >>>> ...
>> >>>>
>> >>>> above is a 192.0.0.2 anyip static IP being NATed through
>> as 10.1.0.2.
>> >>>>
>> >>>>
>> >>>> On Tue, 2012-01-10 at 23:21 +0100, Bojan Pogacar wrote:
>> >>>>
>> >>>>> Hello!
>> >>>>>
>> >>>>> I've tested 1.2.9 and it seems that DHCP is faster and
>> is running
>> >>>>> very well.
>> >>>>>
>> >>>>> I've also tested anyip feature and it still doesn't work
>> for me after
>> >>>>> 1.2.5 . Can anyone confirm that this feature wasn't
>> broken after 1.2.5.
>> >>>>>
>> >>>>> I've also described my problem at
>> http://coova.org/node/4888 . Can
>> >>>>> please anyone please take a look?
>> >>>>>
>> >>>>> Thanks David, thanks everyone!
>> >>>>>
>> >>>>> Bojan
>> >>>>>
>> >>>>>
>>
>> >>>>> ______________________________**_________________
>> >>>>> Chilli mailing list
>> >>>>> Chilli at coova.org
>> >>>>>
>> http://lists.coova.org/cgi-**bin/mailman/listinfo/chilli<http://lists.coova.org/cgi-bin/mailman/listinfo/chilli>
>> >>>>>
>> >>>>
>> >>>>
>> >>>> ______________________________**_________________
>> >>> Chilli mailing list
>> >>> Chilli at coova.org
>> >>>
>> http://lists.coova.org/cgi-**bin/mailman/listinfo/chilli<http://lists.coova.org/cgi-bin/mailman/listinfo/chilli>
>> >>>
>> >>> ______________________________**_________________
>> >> Chilli mailing list
>> >> Chilli at coova.org
>> >>
>> http://lists.coova.org/cgi-**bin/mailman/listinfo/chilli<http://lists.coova.org/cgi-bin/mailman/listinfo/chilli>
>> >>
>> >
>> >-------------------------------------------------
>> >
>> >IMPORTANT NOTICE : The information in this email is
>> confidential and may also be privileged.
>> >If you are not the intended recipient, any use or
>> dissemination of the information and any
>> >disclosure or copying of this email is unauthorised and
>> strictly prohibited. If you have received
>> >this email in error, please promptly inform us by reply email
>> or telephone. You should also delete
>> >this email and destroy any hard copies produced.
>> >
>> >_______________________________________________
>> >Chilli mailing list
>> >Chilli at coova.org
>> >http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>
>>
>>
>> -------------------------------------------------
>>
>> IMPORTANT NOTICE : The information in this email is confidential and may also be privileged.
>> If you are not the intended recipient, any use or dissemination of the information and any
>> disclosure or copying of this email is unauthorised and strictly prohibited. If you have received
>> this email in error, please promptly inform us by reply email or telephone. You should also delete
>> this email and destroy any hard copies produced.
>
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
More information about the Chilli
mailing list