[Chilli] Fwd: chilli stops responding
Jed Gainer
jedgainer at gmail.com
Wed Aug 21 19:58:17 UTC 2013
I have had this issue since I started using CoovaChilli. It randomly stops
working until restarted. Here is the PKGBUILD I use to compile under Arch
Linux.
# Maintainer: Jed Gainer <jedgainer at gmail.com>
pkgname=coovachilli-git
pkgdesc="CoovaChilli is a feature rich software access controller that
provides a captive portal / walled-garden environment and uses RADIUS or a
HTTP protocol for access provisioning and accounting."
pkgver=1.3.0
pkgrel=1
license=('GNU')
arch=('i686' 'x86_64')
url="https://github.com/ehayon/Coova-Chilli"
depends=('curl' 'libpcap')
optdepends=('python')
makedepends=('git')
options=(!libtool)
source=($pkgname::git+http://github.com/ehayon/Coova-Chilli.gitdontcount.patch)
md5sums=(SKIP SKIP)
backup=('etc/chilli/config')
pkgver() {
cd "$pkgname"
git describe --tags | sed 's/-/./g'
}
build() {
cd "$srcdir/$pkgname"
# change port number in .patch to match local webserver
# do not use 80 and a proxy or users webtraffic will not be counted
patch -u src/chilli.c ${srcdir}/dontcount.patch
# sh bootstrap
export CFLAGS="-Wno-error=unused-but-set-variable"
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
--enable-largelimits \
--enable-binstatusfile \
--enable-statusfile
make
rm -rf ${pkgdir}/etc/init.d
# rmdir ${pkgdir}/usr/lib/coova-chilli
}
package() {
make -C "$srcdir/$pkgname" PREFIX=/usr DESTDIR="$pkgdir" install
}
and the patch
--- chilli.c.orig 2013-05-13 19:11:44.477019372 -0700
+++ chilli.c 2013-05-13 20:52:12.132302496 -0700
@@ -2732,6 +2732,7 @@
#ifdef ENABLE_UAMUIPORT
|| ipph->sport == htons(_options.uamuiport)
#endif
+ || ipph->sport == htons(81)
))) {
if (chilli_acct_tosub(appconn, ipph))
return 0;
@@ -5617,6 +5618,7 @@
#ifdef ENABLE_UAMUIPORT
|| ipph->dport == htons(_options.uamuiport)
#endif
+ || ipph->dport == htons(81)
)) {
return tun_encaps(tun, pack, len, 0);
}
I stream HD video to users from the server that I don't want counted
towards their limit so as far as I know the patch is necessary.
Here is my systemd service file
[Unit]
Description=Chilli
After=network.target
[Service]
Type=simple
ExecStart=/etc/chilli/start.sh
[Install]
WantedBy=multi-user.target
and start.sh
#!/bin/sh
. /etc/chilli/functions
writeconfig
radiusconfig
#ifconfig $HS_LANIF 0.0.0.0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
chilli --fg
# --debug
And my config:
# -*- mode: shell-script; -*-
#
# Coova-Chilli Default Configurations.
# To customize, copy this file to /etc/chilli/config
# and edit to your liking. This is included in shell scripts
# that configure chilli and related programs before file 'config'.
###
# Local Network Configurations
#
HS_WANIF=eth0 # WAN Interface toward the Internet
HS_LANIF=eth1 # Subscriber Interface for client devices
HS_NETWORK=10.1.0.0 # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.0.0 # HotSpot Network Netmask
HS_UAMLISTEN=10.1.0.1 # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990 # HotSpot UAM "UI" Port (on subscriber network,
for embedded portal)
HS_DYNIP=10.1.128.0
HS_DYNIP_MASK=255.255.128.0
HS_STATIP=10.1.1.0
HS_STATIP_MASK=255.255.255.0
#HS_DNS_DOMAIN=jedgainer.me
# OpenDNS Servers
#HS_DNS1=8.8.8.8
#HS_DNS2=8.8.4.4
HS_DNS1=10.1.0.1
HS_DNS2=10.1.0.1
###
# HotSpot settings for simple Captive Portal
#
HS_NASID=nas01
HS_RADIUS=localhost
HS_RADIUS2=localhost
HS_UAMALLOW=www.jedgainer.me
HS_RADSECRET=snip
#HS_UAMSECRET=snip
HS_UAMSECRET=snip
HS_UAMALIASNAME=chilli
# Configure RADIUS proxy support (for 802.1x + captive portal support)
# HS_RADPROXY=on
# HS_RADPROXY_LISTEN=127.0.0.1
# HS_RADPROXY_CLIENT=127.0.0.1
# HS_RADPROXY_PORT=1645
# HS_RADPROXY_SECRET=$HS_RADSECRET
# Example OpenWrt /etc/config/wireless entry for hostapd
# option encryption wpa2
# option server $HS_RADPROXY_LISTEN
# option port $HS_RADPROXY_PORT
# option key $HS_RADPROXY_SECRET
# To alternatively use a HTTP URL for AAA instead of RADIUS:
# HS_UAMAAAURL=http://my-site/script.php
# Put entire domains in the walled-garden with DNS inspection
HS_UAMDOMAINS=".paypal.com,.paypalobjects.com,.teamviewer.com,.e-junkie.com"
# Optional initial redirect and RADIUS settings
# HS_SSID=<ssid> # To send to the captive portal
# HS_NASMAC=<mac address> # To explicitly set Called-Station-Id
# HS_NASIP=<ip address> # To explicitly set NAS-IP-Address
# The server to be used in combination with HS_UAMFORMAT to
# create the final chilli 'uamserver' url configuration.
HS_UAMSERVER=$HS_UAMLISTEN
# Use HS_UAMFORMAT to define the actual captive portal url.
# Shell variable replacement takes place when evaluated, so here
# HS_UAMSERVER is escaped and later replaced by the pre-defined
# HS_UAMSERVER to form the actual "--uamserver" option in chilli.
HS_UAMFORMAT=http://10.1.0.1:81/uam/login.php
# Same principal goes for HS_UAMHOMEPAGE.
HS_UAMHOMEPAGE=http://10.1.0.1:81/uam/splash.php
# This option will be configured to be the WISPr LoginURL as well
# as provide "uamService" to the ChilliController. The UAM Service is
# described in: http://www.coova.org/CoovaChilli/UAMService
#
# HS_UAMSERVICE=
###
# Features not activated per-default (default to off)
#
# HS_RADCONF=off # Get some configurations from RADIUS or a URL
('on' and 'url' respectively)
#
# HS_ANYIP=on # Allow any IP address on subscriber LAN
#
# HS_MACAUTH=on # To turn on MAC Authentication
#
# HS_MACAUTHDENY=on # Put client in 'drop' state on MAC Auth
Access-Reject
#
# HS_MACAUTHMODE=local # To allow MAC Authentication based on
macallowed, not RADIUS
#
# HS_MACALLOW="..." # List of MAC addresses to authenticate (comma
seperated)
#
# HS_USELOCALUSERS=on # To use the /etc/chilli/localusers file
#
# HS_OPENIDAUTH=on # To inform the RADIUS server to allow OpenID
Auth
#
# HS_WPAGUESTS=on # To inform the RADIUS server to allow WPA Guests
#
# HS_DNSPARANOIA=on # To drop DNS packets containing something other
# # than A, CNAME, SOA, or MX records
#
# HS_OPENIDAUTH=on # To inform the RADIUS server to allow OpenID
Auth
# # Will also configure the embedded login forms
for OpenID
#
# HS_USE_MAP=on # Short hand for allowing the required google
# # sites to use Google maps (adds many google
sites!)
#
###
# Other feature settings and their defaults
#
# HS_DEFSESSIONTIMEOUT=0 # Default session-timeout if not defined by
RADIUS (0 for unlimited)
#
# HS_DEFIDLETIMEOUT=0 # Default idle-timeout if not defined by RADIUS
(0 for unlimited)
#
# HS_DEFBANDWIDTHMAXDOWN=0 # Default WISPr-Bandwidth-Max-Down if not
defined by RADIUS (0 for unlimited)
#
# HS_DEFBANDWIDTHMAXUP=0 # Default WISPr-Bandwidth-Max-Up if not
defined by RADIUS (0 for unlimited)
###
# Centralized configuration options examples
#
# HS_RADCONF=url # requires curl
# HS_RADCONF_URL=https://coova.org/app/ap/config
# HS_RADCONF=on # gather the ChilliSpot-Config attributes in
# # Administrative-User login
# HS_RADCONF_SERVER=rad01.coova.org # RADIUS Server
# HS_RADCONF_SECRET=coova-anonymous # RADIUS Shared Secret
# HS_RADCONF_AUTHPORT=1812 # Auth port
# HS_RADCONF_USER=chillispot # Username
# HS_RADCONF_PWD=chillispot # Password
###
# Firewall issues
#
# Uncomment the following to add ports to the allowed local ports list
# The up.sh script will allow these local ports to be used, while the
default
# is to block all unwanted traffic to the tun/tap.
#
HS_TCP_PORTS="81 8080"
###
# Standard configurations
#
HS_MODE=hotspot
HS_TYPE=chillispot
# HS_RADAUTH=1812
# HS_RADACCT=1813
# HS_ADMUSR=chillispot
# HS_ADMPWD=chillispot
###
# Post-Auth proxy settings
#
# HS_POSTAUTH_PROXY=<host or ip>
# HS_POSTAUTH_PROXYPORT=<port>
HS_LAN_ACCESS=allow
HS_POSTAUTH_PROXY=10.1.0.1
HS_POSTAUTH_PROXYPORT=8080
# Directory specifying where internal web pages can be served
# by chilli with url /www/<file name>. Only extentions like .html
# .jpg, .gif, .png, .js are allowed. See below for using .chi as a
# CGI extension.
HS_WWWDIR=/etc/chilli/www
# Using this option assumes 'haserl' is installed per-default
# but, and CGI type program can ran from wwwsh to process requests
# to chilli with url /www/filename.chi
HS_WWWBIN=/etc/chilli/wwwsh
# Some configurations used in certain user interfaces
#
HS_PROVIDER=Coova
HS_PROVIDER_LINK=http://www.coova.org/
###
# WISPr RADIUS Attribute support
#
HS_LOC_NAME="My HotSpot" # WISPr Location Name and used in portal
# WISPr settings (to form a proper WISPr-Location-Id)
# HS_LOC_NETWORK="My Network" # Network name
# HS_LOC_AC=408 # Phone area code
# HS_LOC_CC=1 # Phone country code
# HS_LOC_ISOCC=US # ISO Country code
# Embedded miniportal
# HS_REG_MODE="tos" # or self, other
# HS_RAD_PROTO="pap" # or mschapv2, chap
# HS_USE_MAP=on
I have attached the log but the only real errors I see is "redir.c: 54:
Client process timed out: 1"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20130821/95823070/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chilli2.zip
Type: application/zip
Size: 176268 bytes
Desc: not available
URL: <http://lists.coova.org/pipermail/chilli/attachments/20130821/95823070/attachment-0001.zip>
More information about the Chilli
mailing list