[Chilli] Coova when no wan
Alexandre Rubert
alexandre.rubert at gmail.com
Sat Mar 16 15:33:32 UTC 2013
Ok so If there isn't any solution with coova, how do they do in Mc
Donald, or University ? What kind of soft do they use ?
Le 14/03/2013 17:29, David Bird a écrit :
> There is no elegant way to deal with https traffic... essentially,
> chilli is a man-in-the-middle and it breaks SSL security. Having users
> notified of this lack of security is a GOOD thing. My advice is to keep
> SSL blocked. What would be interesting for Chrome to integrate into
> their browser is a notice that 'Authentication is required' on the
> network -- similar to how Android will give you such a notice, etc.
>
>
> On Thu, 2013-03-14 at 15:38 +0100, Bojan Pogacar wrote:
>> Another problem with HTTPS redirection is, that google websites like
>> google.com, gmail, .. in Chrome not just warns about invalid (self
>> signed) certificate, but also disable redirection to captive portal.
>> They report that something strange is going on and you can not click
>> proceed anyway.
>>
>> The problem is even bigger with Chrome 25 because all searches from
>> address bar are now on https. Users are now confused and some don't try
>> to open some other web site to login and just complain, that they can
>> not login.
>>
>> Is there any solution for that?
>>
>> BR, Bojan
>>
>>
>>
>> Dne 14.3.2013 9:01, piše Xabier Oneca -- xOneca:
>>> For HTTPS redirections to work, you need a valid certificate for each
>>> domain you want to be redirected. It would be a huge security hole, so
>>> you cannot do a beautiful HTTPS redirect.
>>>
>>> If you don't mind that the user gets a security warning in his browser,
>>> you can use --redirssl with its --ssl* config options to allow
>>> CoovaChilli to listen to HTTPS requests. Chilli does not do this by
>>> default. You will need a (self signed) certificate.
>>>
>>> HTH.
>>>
>>> --
>>> Xabier Oneca_,,_
>>>
>>> El 14/03/2013 08:50, "Alexandre Rubert" <alexandre.rubert at gmail.com
>>> <mailto:alexandre.rubert at gmail.com>> escribió:
>>>
>>> Ok, thank for your answer. I tried with dnsmasq and now all DNS
>>> request return an IP which is unauthaurized by coova, in that way
>>> client is redirected to uamhomepage. That's what I want but when
>>> client try to access to https, he isn't redirected. Wireshark show
>>> that client try to access to https on the redirected IP but there is
>>> nothing matching it.
>>> Le 14/03/2013 03:39, David Bird a écrit :
>>>
>>> The problem with there being no WAN is that DNS will not work.
>>> Without
>>> DNS, you do not get a redirect since the browser times out
>>> before making
>>> any HTTP request. However, what you can do is use option
>>> --domaindnslocal to instruct CoovaChilli to return a 'local' IP
>>> for any
>>> DNS request under the --domain (so, if you have domain=lan, then
>>> hostname.lan would resolve in chilli to a local IP). Typically, DNS
>>> systems will attempt the original hostname, then the hostname
>>> under the
>>> DHCP domain, searching for a result.
>>>
>>>
>>> On Wed, 2013-03-13 at 15:18 +0100, Alexandre Rubert wrote:
>>>
>>> Hello,
>>> I try to configure coovachilli to redirect all client to the
>>> uamhomepage
>>> when there is no internet connection. But actually, it
>>> doesn't work. Do
>>> you have an example of a kind of configuration ?
>>>
>>> Thanks
>>> _________________________________________________
>>> Chilli mailing list
>>> Chilli at coova.org <mailto:Chilli at coova.org>
>>> http://lists.coova.org/cgi-__bin/mailman/listinfo/chilli
>>> <http://lists.coova.org/cgi-bin/mailman/listinfo/chilli>
>>>
>>>
>>>
>>> _________________________________________________
>>> Chilli mailing list
>>> Chilli at coova.org <mailto:Chilli at coova.org>
>>> http://lists.coova.org/cgi-__bin/mailman/listinfo/chilli
>>> <http://lists.coova.org/cgi-bin/mailman/listinfo/chilli>
>>>
>>>
>>>
>>> _______________________________________________
>>> Chilli mailing list
>>> Chilli at coova.org
>>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>>
More information about the Chilli
mailing list