[Chilli] Coova when no wan

Bojan Pogacar bojan at gajba.net
Thu Mar 14 14:38:30 UTC 2013


Another problem with HTTPS redirection is, that google websites like 
google.com, gmail, .. in Chrome not just warns about invalid (self 
signed) certificate, but also disable redirection to captive portal. 
They report that something strange is going on and you can not click 
proceed anyway.

The problem is even bigger with Chrome 25 because all searches from 
address bar are now on https. Users are now confused and some don't try 
to open some other web site to login and just complain, that they can 
not login.

Is there any solution for that?

BR, Bojan



Dne 14.3.2013 9:01, piše Xabier Oneca -- xOneca:
> For HTTPS redirections to work, you need a valid certificate for each
> domain you want to be redirected. It would be a huge security hole, so
> you cannot do a beautiful HTTPS redirect.
>
> If you don't mind that the user gets a security warning in his browser,
> you can use --redirssl with its --ssl* config options to allow
> CoovaChilli to listen to HTTPS requests. Chilli does not do this by
> default. You will need a (self signed) certificate.
>
> HTH.
>
> --
> Xabier Oneca_,,_
>
> El 14/03/2013 08:50, "Alexandre Rubert" <alexandre.rubert at gmail.com
> <mailto:alexandre.rubert at gmail.com>> escribió:
>
>     Ok, thank for your answer. I tried with dnsmasq and now all DNS
>     request return an IP which is unauthaurized by coova, in that way
>     client is redirected to uamhomepage. That's what I want but when
>     client try to access to https, he isn't redirected. Wireshark  show
>     that client try to access to https on the redirected IP but there is
>     nothing matching it.
>     Le 14/03/2013 03:39, David Bird a écrit :
>
>         The problem with there being no WAN is that DNS will not work.
>         Without
>         DNS, you do not get a redirect since the browser times out
>         before making
>         any HTTP request. However, what you can do is use option
>         --domaindnslocal to instruct CoovaChilli to return a 'local' IP
>         for any
>         DNS request under the --domain (so, if you have domain=lan, then
>         hostname.lan would resolve in chilli to a local IP). Typically, DNS
>         systems will attempt the original hostname, then the hostname
>         under the
>         DHCP domain, searching for a result.
>
>
>         On Wed, 2013-03-13 at 15:18 +0100, Alexandre Rubert wrote:
>
>             Hello,
>             I try to configure coovachilli to redirect all client to the
>             uamhomepage
>             when there is no internet connection. But actually, it
>             doesn't work. Do
>             you have an example of a kind of configuration ?
>
>             Thanks
>             _________________________________________________
>             Chilli mailing list
>             Chilli at coova.org <mailto:Chilli at coova.org>
>             http://lists.coova.org/cgi-__bin/mailman/listinfo/chilli
>             <http://lists.coova.org/cgi-bin/mailman/listinfo/chilli>
>
>
>
>     _________________________________________________
>     Chilli mailing list
>     Chilli at coova.org <mailto:Chilli at coova.org>
>     http://lists.coova.org/cgi-__bin/mailman/listinfo/chilli
>     <http://lists.coova.org/cgi-bin/mailman/listinfo/chilli>
>
>
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>

-- 
Lep pozdrav,

Bojan Pogačar
GSM: 031 262 535


More information about the Chilli mailing list