[Chilli] Coova-Chilli Multi Tenanency Mode
Russell Mike
radius.sir at gmail.com
Sun Feb 10 13:09:07 UTC 2013
Mike SAID:
Mike SAID:
Dear David B. Thank you very much for the directions for correct procedure.
so much valuable information to know. I will do this and update the status
when done.
Thanks RM ----
David Bird SAID:
To serialize the iptables, you can edit the up.sh/down.sh scripts to
> wrap all the commands inside something like:
>
>
> (
> flock -s 200
>
> # ... commands executed under lock ...
>
> ) 200>/tmp/.chilli-flock
>
> David Bird
>
>
> > Luic SAID
> >
> >
> > Hello everyone,
> >
> > 1. It could be related to iptable locking, because I've got a bit of
> > success if I add "sleep 5" on /etc/init.d/chilli after starting each
> > vlan. It's not 100% win, but at least the success rate increased.
> >
> >
> >
> > Mike SAID:
> > I can agree to your point. But i do not use different script for
> > starting multiple instances (vlans) the same "/etc/init.d/chilli
> > start" does starts everything. But i have been advised to write a
> > different script, then i will add the wait between the "start" of each
> > instance. The following line in start script just check "chilli.conf"
> > files and start everything. MULTI= $(ls
> /usr/local/etc/chilli/*/chilli.conf 2>/dev/null)
> >
> >
> >
> >
> > Luic Asked:
> > 2. The iptables file located at
> > v /usr/local/var/run/chilli.tun0.sh is it generated every time
> > chilli boots? Is it executed on chilli process startup? Could
> > that be the issue? Not giving enough time for the OS to write
> > the file, and ask it to run the script? If it’s that, that
> > would explain why is a sporadic problem happening on multi
> > chilli, because is starting several chilli processes as fast
> > as the machine is capable of.
> >
> >
> > Mike SAID:
> >
> > Yes Luic, the file, the iptables rule under "/var/run/tun*.sh
> > is created every time. Because i have seen that when there is
> > login page problem from a VLAN, i have verify that iptables
> > file exists normal for that tunnel
> > "/var/run/tun_problem_vlan.sh. Well, are you satisfied with
> > the contents for the iptables file? do you think that i still
> > need the iptable rule you advised earlier? in the above
> > section of the communication?
> >
> >
>
>
> > Ynezz SAID:
> >
> > All rules from up.sh except the following seem to get created:
> >
> > ipt_in -p tcp -m tcp --dport $UAMPORT --dst $ADDR -j ACCEPT
> >
> >
> > And sometimes some other rules :)
> >
> > It seems to only ever happen in multi-instance environments
> > so maybe
> >
> > it is something to do with iptables locking and not allowing
> > the
> >
> > insertion of the rule while another instance is trying to do
> > the same? I'm not sure.
> >
> >
> > Yes, maybe something like that, I didn't investigated it in
> > the detail either.
> >
> > I've added simple locking into the coova-chilli init.d script
> > and added wildcard system wide iptables rules like "-i tun+"
> > and it improved a lot.
> >
> > -- ynezz
> >
> >
> > Mike Wrote:
> >
> >
> > HI Yneez,
> >
> >
> > It is Fully functional UB 12.4LTS x86_64, suffering with this disease
> > only. It will help others as well, if your suggestion fixed the
> > problem. Are you willing to provide more information so that i can
> > edit the script & give a try? How the below is done you said
> >
> >
> > I've added simple locking into the coova-chilli init.d script and
> > added wildcard system wide iptables rules like "-i tun+" and it
> > improved a lot.
> >
> >
> >
> >
> >
> > Big Thanks 2 Everyone !!!!
> >
> >
> > Thanks RM --
> >
> >
> >
> >
> > _______________________________________________
> > Chilli mailing list
> > Chilli at coova.org
> > http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
> --
> --
> David Bird
> http://www.linkedin.com/in/dwbird
> https://twitter.com/wlanmac
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20130210/939f757f/attachment.html>
More information about the Chilli
mailing list