[Chilli] Fwd: chilli stops responding

Jed Gainer jedgainer at gmail.com
Wed Aug 21 19:58:17 UTC 2013


I have had this issue since I started using CoovaChilli. It randomly stops
working until restarted. Here is the PKGBUILD I use to compile under Arch
Linux.

# Maintainer: Jed Gainer <jedgainer at gmail.com>
pkgname=coovachilli-git
pkgdesc="CoovaChilli is a feature rich software access controller that
provides a captive portal / walled-garden environment and uses RADIUS or a
HTTP protocol for access provisioning and accounting."
pkgver=1.3.0
pkgrel=1
license=('GNU')
arch=('i686' 'x86_64')
url="https://github.com/ehayon/Coova-Chilli"
depends=('curl' 'libpcap')
optdepends=('python')
makedepends=('git')
options=(!libtool)
source=($pkgname::git+http://github.com/ehayon/Coova-Chilli.gitdontcount.patch)
md5sums=(SKIP SKIP)
backup=('etc/chilli/config')

pkgver() {
  cd "$pkgname"
  git describe --tags | sed 's/-/./g'
}

build() {
  cd "$srcdir/$pkgname"
  # change port number in .patch to match local webserver
  # do not use 80 and a proxy or users webtraffic will not be counted
  patch -u src/chilli.c ${srcdir}/dontcount.patch
#  sh bootstrap
  export CFLAGS="-Wno-error=unused-but-set-variable"
  ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
    --enable-largelimits \
    --enable-binstatusfile \
    --enable-statusfile
  make
  rm -rf ${pkgdir}/etc/init.d
#  rmdir ${pkgdir}/usr/lib/coova-chilli
}

package() {
  make -C "$srcdir/$pkgname" PREFIX=/usr DESTDIR="$pkgdir" install
}

and the patch

--- chilli.c.orig       2013-05-13 19:11:44.477019372 -0700
+++ chilli.c    2013-05-13 20:52:12.132302496 -0700
@@ -2732,6 +2732,7 @@
 #ifdef ENABLE_UAMUIPORT
           || ipph->sport == htons(_options.uamuiport)
 #endif
+           || ipph->sport == htons(81)
           ))) {
     if (chilli_acct_tosub(appconn, ipph))
       return 0;
@@ -5617,6 +5618,7 @@
 #ifdef ENABLE_UAMUIPORT
        || ipph->dport == htons(_options.uamuiport)
 #endif
+       || ipph->dport == htons(81)
        )) {
     return tun_encaps(tun, pack, len, 0);
   }

I stream HD video to users from the server that I don't want counted
towards their limit so as far as I know the patch is necessary.

Here is my systemd service file

[Unit]
Description=Chilli
After=network.target

[Service]
Type=simple
ExecStart=/etc/chilli/start.sh

[Install]
WantedBy=multi-user.target

and start.sh

#!/bin/sh
. /etc/chilli/functions
writeconfig
radiusconfig
#ifconfig $HS_LANIF 0.0.0.0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
chilli --fg
# --debug

And my config:

# -*- mode: shell-script; -*-
#
#   Coova-Chilli Default Configurations.
#   To customize, copy this file to /etc/chilli/config
#   and edit to your liking. This is included in shell scripts
#   that configure chilli and related programs before file 'config'.

###
#   Local Network Configurations
#

HS_WANIF=eth0              # WAN Interface toward the Internet
HS_LANIF=eth1              # Subscriber Interface for client devices
HS_NETWORK=10.1.0.0        # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.0.0     # HotSpot Network Netmask
HS_UAMLISTEN=10.1.0.1      # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990            # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990          # HotSpot UAM "UI" Port (on subscriber network,
for embedded portal)

HS_DYNIP=10.1.128.0
HS_DYNIP_MASK=255.255.128.0
HS_STATIP=10.1.1.0
HS_STATIP_MASK=255.255.255.0
#HS_DNS_DOMAIN=jedgainer.me

# OpenDNS Servers
#HS_DNS1=8.8.8.8
#HS_DNS2=8.8.4.4
HS_DNS1=10.1.0.1
HS_DNS2=10.1.0.1

###
#   HotSpot settings for simple Captive Portal
#

HS_NASID=nas01
HS_RADIUS=localhost
HS_RADIUS2=localhost
HS_UAMALLOW=www.jedgainer.me
HS_RADSECRET=snip
#HS_UAMSECRET=snip
HS_UAMSECRET=snip
HS_UAMALIASNAME=chilli

#  Configure RADIUS proxy support (for 802.1x + captive portal support)
# HS_RADPROXY=on
# HS_RADPROXY_LISTEN=127.0.0.1
# HS_RADPROXY_CLIENT=127.0.0.1
# HS_RADPROXY_PORT=1645
# HS_RADPROXY_SECRET=$HS_RADSECRET
#  Example OpenWrt /etc/config/wireless entry for hostapd
#    option encryption wpa2
#    option server $HS_RADPROXY_LISTEN
#    option port $HS_RADPROXY_PORT
#    option key $HS_RADPROXY_SECRET


#   To alternatively use a HTTP URL for AAA instead of RADIUS:
# HS_UAMAAAURL=http://my-site/script.php

#   Put entire domains in the walled-garden with DNS inspection
HS_UAMDOMAINS=".paypal.com,.paypalobjects.com,.teamviewer.com,.e-junkie.com"

#   Optional initial redirect and RADIUS settings
# HS_SSID=<ssid>           # To send to the captive portal
# HS_NASMAC=<mac address>  # To explicitly set Called-Station-Id
# HS_NASIP=<ip address>    # To explicitly set NAS-IP-Address

#   The server to be used in combination with HS_UAMFORMAT to
#   create the final chilli 'uamserver' url configuration.
HS_UAMSERVER=$HS_UAMLISTEN

#   Use HS_UAMFORMAT to define the actual captive portal url.
#   Shell variable replacement takes place when evaluated, so here
#   HS_UAMSERVER is escaped and later replaced by the pre-defined
#   HS_UAMSERVER to form the actual "--uamserver" option in chilli.
HS_UAMFORMAT=http://10.1.0.1:81/uam/login.php

#   Same principal goes for HS_UAMHOMEPAGE.
HS_UAMHOMEPAGE=http://10.1.0.1:81/uam/splash.php

#   This option will be configured to be the WISPr LoginURL as well
#   as provide "uamService" to the ChilliController. The UAM Service is
#   described in: http://www.coova.org/CoovaChilli/UAMService
#
# HS_UAMSERVICE=


###
#   Features not activated per-default (default to off)
#
# HS_RADCONF=off           # Get some configurations from RADIUS or a URL
('on' and 'url' respectively)
#
# HS_ANYIP=on              # Allow any IP address on subscriber LAN
#
# HS_MACAUTH=on            # To turn on MAC Authentication
#
# HS_MACAUTHDENY=on        # Put client in 'drop' state on MAC Auth
Access-Reject
#
# HS_MACAUTHMODE=local     # To allow MAC Authentication based on
macallowed, not RADIUS
#
# HS_MACALLOW="..."      # List of MAC addresses to authenticate (comma
seperated)
#
# HS_USELOCALUSERS=on      # To use the /etc/chilli/localusers file
#
# HS_OPENIDAUTH=on         # To inform the RADIUS server to allow OpenID
Auth
#
# HS_WPAGUESTS=on          # To inform the RADIUS server to allow WPA Guests
#
# HS_DNSPARANOIA=on        # To drop DNS packets containing something other
#                          # than A, CNAME, SOA, or MX records
#
# HS_OPENIDAUTH=on         # To inform the RADIUS server to allow OpenID
Auth
#                          # Will also configure the embedded login forms
for OpenID
#
# HS_USE_MAP=on            # Short hand for allowing the required google
#                          # sites to use Google maps (adds many google
sites!)
#
###
#   Other feature settings and their defaults
#
# HS_DEFSESSIONTIMEOUT=0   # Default session-timeout if not defined by
RADIUS (0 for unlimited)
#
# HS_DEFIDLETIMEOUT=0      # Default idle-timeout if not defined by RADIUS
(0 for unlimited)
#
# HS_DEFBANDWIDTHMAXDOWN=0   # Default WISPr-Bandwidth-Max-Down if not
defined by RADIUS (0 for unlimited)
#
# HS_DEFBANDWIDTHMAXUP=0           # Default WISPr-Bandwidth-Max-Up if not
defined by RADIUS (0 for unlimited)

###
# Centralized configuration options examples
#
# HS_RADCONF=url           # requires curl
# HS_RADCONF_URL=https://coova.org/app/ap/config

# HS_RADCONF=on            # gather the ChilliSpot-Config attributes in
#                          # Administrative-User login
# HS_RADCONF_SERVER=rad01.coova.org              # RADIUS Server
# HS_RADCONF_SECRET=coova-anonymous              # RADIUS Shared Secret
# HS_RADCONF_AUTHPORT=1812                       # Auth port
# HS_RADCONF_USER=chillispot                     # Username
# HS_RADCONF_PWD=chillispot                      # Password


###
#   Firewall issues
#
# Uncomment the following to add ports to the allowed local ports list
# The up.sh script will allow these local ports to be used, while the
default
# is to block all unwanted traffic to the tun/tap.
#
HS_TCP_PORTS="81 8080"

###
#   Standard configurations
#
HS_MODE=hotspot
HS_TYPE=chillispot
# HS_RADAUTH=1812
# HS_RADACCT=1813
# HS_ADMUSR=chillispot
# HS_ADMPWD=chillispot


###
#   Post-Auth proxy settings
#
# HS_POSTAUTH_PROXY=<host or ip>
# HS_POSTAUTH_PROXYPORT=<port>
HS_LAN_ACCESS=allow
HS_POSTAUTH_PROXY=10.1.0.1
HS_POSTAUTH_PROXYPORT=8080


#   Directory specifying where internal web pages can be served
#   by chilli with url /www/<file name>. Only extentions like .html
#   .jpg, .gif, .png, .js are allowed. See below for using .chi as a
#   CGI extension.
HS_WWWDIR=/etc/chilli/www

#   Using this option assumes 'haserl' is installed per-default
#   but, and CGI type program can ran from wwwsh to process requests
#   to chilli with url /www/filename.chi
HS_WWWBIN=/etc/chilli/wwwsh

#   Some configurations used in certain user interfaces
#
HS_PROVIDER=Coova
HS_PROVIDER_LINK=http://www.coova.org/

###
#   WISPr RADIUS Attribute support
#

HS_LOC_NAME="My HotSpot"           # WISPr Location Name and used in portal

#   WISPr settings (to form a proper WISPr-Location-Id)
# HS_LOC_NETWORK="My Network"      # Network name
# HS_LOC_AC=408                    # Phone area code
# HS_LOC_CC=1                      # Phone country code
# HS_LOC_ISOCC=US                  # ISO Country code

# Embedded miniportal
# HS_REG_MODE="tos" # or self, other
# HS_RAD_PROTO="pap" # or mschapv2, chap
# HS_USE_MAP=on

I have attached the log but the only real errors I see is "redir.c: 54:
Client process timed out: 1"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20130821/95823070/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chilli2.zip
Type: application/zip
Size: 176268 bytes
Desc: not available
URL: <http://lists.coova.org/pipermail/chilli/attachments/20130821/95823070/attachment-0001.zip>


More information about the Chilli mailing list