[Chilli] Coova when no wan
David Bird
david at coova.com
Mon Mar 18 21:05:35 UTC 2013
Google for "WPAD" ...
On Sat, 2013-03-16 at 16:33 +0100, Alexandre Rubert wrote:
> Ok so If there isn't any solution with coova, how do they do in Mc
> Donald, or University ? What kind of soft do they use ?
> Le 14/03/2013 17:29, David Bird a écrit :
> > There is no elegant way to deal with https traffic... essentially,
> > chilli is a man-in-the-middle and it breaks SSL security. Having users
> > notified of this lack of security is a GOOD thing. My advice is to keep
> > SSL blocked. What would be interesting for Chrome to integrate into
> > their browser is a notice that 'Authentication is required' on the
> > network -- similar to how Android will give you such a notice, etc.
> >
> >
> > On Thu, 2013-03-14 at 15:38 +0100, Bojan Pogacar wrote:
> >> Another problem with HTTPS redirection is, that google websites like
> >> google.com, gmail, .. in Chrome not just warns about invalid (self
> >> signed) certificate, but also disable redirection to captive portal.
> >> They report that something strange is going on and you can not click
> >> proceed anyway.
> >>
> >> The problem is even bigger with Chrome 25 because all searches from
> >> address bar are now on https. Users are now confused and some don't try
> >> to open some other web site to login and just complain, that they can
> >> not login.
> >>
> >> Is there any solution for that?
> >>
> >> BR, Bojan
> >>
> >>
> >>
> >> Dne 14.3.2013 9:01, piše Xabier Oneca -- xOneca:
> >>> For HTTPS redirections to work, you need a valid certificate for each
> >>> domain you want to be redirected. It would be a huge security hole, so
> >>> you cannot do a beautiful HTTPS redirect.
> >>>
> >>> If you don't mind that the user gets a security warning in his browser,
> >>> you can use --redirssl with its --ssl* config options to allow
> >>> CoovaChilli to listen to HTTPS requests. Chilli does not do this by
> >>> default. You will need a (self signed) certificate.
> >>>
> >>> HTH.
> >>>
> >>> --
> >>> Xabier Oneca_,,_
> >>>
> >>> El 14/03/2013 08:50, "Alexandre Rubert" <alexandre.rubert at gmail.com
> >>> <mailto:alexandre.rubert at gmail.com>> escribió:
> >>>
> >>> Ok, thank for your answer. I tried with dnsmasq and now all DNS
> >>> request return an IP which is unauthaurized by coova, in that way
> >>> client is redirected to uamhomepage. That's what I want but when
> >>> client try to access to https, he isn't redirected. Wireshark show
> >>> that client try to access to https on the redirected IP but there is
> >>> nothing matching it.
> >>> Le 14/03/2013 03:39, David Bird a écrit :
> >>>
> >>> The problem with there being no WAN is that DNS will not work.
> >>> Without
> >>> DNS, you do not get a redirect since the browser times out
> >>> before making
> >>> any HTTP request. However, what you can do is use option
> >>> --domaindnslocal to instruct CoovaChilli to return a 'local' IP
> >>> for any
> >>> DNS request under the --domain (so, if you have domain=lan, then
> >>> hostname.lan would resolve in chilli to a local IP). Typically, DNS
> >>> systems will attempt the original hostname, then the hostname
> >>> under the
> >>> DHCP domain, searching for a result.
> >>>
> >>>
> >>> On Wed, 2013-03-13 at 15:18 +0100, Alexandre Rubert wrote:
> >>>
> >>> Hello,
> >>> I try to configure coovachilli to redirect all client to the
> >>> uamhomepage
> >>> when there is no internet connection. But actually, it
> >>> doesn't work. Do
> >>> you have an example of a kind of configuration ?
> >>>
> >>> Thanks
> >>> _________________________________________________
> >>> Chilli mailing list
> >>> Chilli at coova.org <mailto:Chilli at coova.org>
> >>> http://lists.coova.org/cgi-__bin/mailman/listinfo/chilli
> >>> <http://lists.coova.org/cgi-bin/mailman/listinfo/chilli>
> >>>
> >>>
> >>>
> >>> _________________________________________________
> >>> Chilli mailing list
> >>> Chilli at coova.org <mailto:Chilli at coova.org>
> >>> http://lists.coova.org/cgi-__bin/mailman/listinfo/chilli
> >>> <http://lists.coova.org/cgi-bin/mailman/listinfo/chilli>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Chilli mailing list
> >>> Chilli at coova.org
> >>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
> >>>
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
--
--
David Bird
http://www.linkedin.com/in/dwbird
https://twitter.com/wlanmac
More information about the Chilli
mailing list