[Chilli] CoovaChiili Permit Server IP

Francesc Romà i Frigolé francesc at socialandbeyond.com
Wed May 22 10:35:03 UTC 2013


Hi,

I think that what David is suggesting is to authorize the IPs syncronously,
as soon as they show up in the network, rather than polling for them every
minute. That would make the system more responsive.

What I don't understand is how would it be possible to accomplish that with
the conup script. As it is documented here
http://coova.org/CoovaChilli/chilli.conf  the conup script is executed
after a session is authorized. I wouldn't expect it to be executed when the
device shows up in the network, before is authorized.


Francesc Romà i Frigolé
CTO
Torre Telefónica Diagonal 00, planta 11, Wayra
Plaça Ernest Lluch i Martín, 5
08019 Barcelona
Tel. +34 93.1234.962
Skype: cescpak



On Wed, May 22, 2013 at 9:52 AM, Russell Mike <radius.sir at gmail.com> wrote:

> Hi Luis & David,
>
> Thanks for your inputs, discussion became very interesting. Thanks for
> sharing ideas. standing by to hear more from David. B about conup.
>
> Thanks / Regards
> --RM
>
>
>
> On Tue, May 21, 2013 at 6:10 PM, Luis Ferreira <lferreira at cabocom.cv>wrote:
>
>> **
>>
>> Hi David,
>>
>> Can you clarify on the conup?
>>
>> From what I understood, you are saying that is a script that is run every
>> time a client connects to the network. (correct?)
>>
>> If true, will that work in my case, with another server running ISC-DHCP?
>>
>> Where can I configure it? Where is it located?
>>
>> Regards,
>>
>> Luis
>>
>> -----Mensagem original-----
>> De: chilli-bounces at coova.org [mailto:chilli-bounces at coova.org<chilli-bounces at coova.org>]
>> Em nome de David Bird
>> Enviada: terça-feira, 21 de Maio de 2013 16:01
>> Para: chilli at coova.org
>> Assunto: Re: [Chilli] CoovaChiili Permit Server IP
>>
>> There could be an option similar to macallowed (plus macallowlocal) but
>> for layer3 mode using ip addresses. Using a script like the one suggested
>> would also work - though, I think you'd want 'authorize'
>>
>> instead of 'login' since you don't have RADIUS. You can also do something
>> similar from the conup script so that as soon as the station connects, you
>> authorize it.
>>
>> On Tue, 2013-05-21 at 09:23 -0100, Luis Ferreira wrote:
>>
>> > Hi Russell,
>>
>> >
>>
>> >
>>
>> >
>>
>> > Here we had the same problem, and were able to fix it with the
>>
>> > following script:
>>
>> >
>>
>> >
>>
>> >
>>
>> > #!/bin/bash
>>
>> >
>>
>> >
>>
>> >
>>
>> > usercheck=$(/usr/local/sbin/chilli_query
>>
>> > -s /usr/local/var/run/chilli.vlanxx.sock list |grep -c "1
>>
>> > accountusername ")
>>
>> >
>>
>> >
>>
>> >
>>
>> > if [ $usercheck = '0' ];
>>
>> >
>>
>> > then
>>
>> >
>>
>> >         echo "Logging in accountname"
>>
>> >
>>
>> >         /usr/local/sbin/chilli_query
>>
>> > -s /usr/local/var/run/chilli.vlanxx.sock login ip 192.168.10.251
>>
>> > username accountusername password accountpassword
>>
>> >
>>
>> > fi
>>
>> >
>>
>> >
>>
>> >
>>
>> >
>>
>> >
>>
>> > Replace account name, account password and IP for the correct ones.
>>
>> > Also check the location of the sock files.
>>
>> >
>>
>> >
>>
>> >
>>
>> > This script is running every minute. If the IP is not present, Chilli
>>
>> > will not perform the login and ignore it. But if it is present (client
>>
>> > connected) it will trigger the account login.
>>
>> >
>>
>> >
>>
>> >
>>
>> > This is a very dirty hack, but we have been using it for more than 2
>>
>> > years and it never failed (except when the account would ran out of
>>
>> > credit J ).
>>
>> >
>>
>> >
>>
>> >
>>
>> > Btw, if someone as a different (and less hacked) way of doing this on
>>
>> > layer 3, please share it.
>>
>> >
>>
>> >
>>
>> >
>>
>> > Regards,
>>
>> >
>>
>> > Luis
>>
>> >
>>
>> >
>>
>> >
>>
>> >
>>
>> >
>>
>> > Dear Coova Gurus,
>>
>> >
>>
>> >
>>
>> >
>>
>> >
>>
>> > CoovaChilli Layer3, Working great. But for some days now, i am working
>>
>> > CoovaChilli to allow some devices to allow access without
>>
>> > authentication AND have Static IP address. (Servers, IP phones, Apple
>>
>> > TV etc..).
>>
>> >
>>
>> >
>>
>> >
>>
>> >
>>
>> >
>>
>> > MAC auth do not help because of L3 setup. Have anyone got the idea.
>>
>> > How can configure coovachilli to allow access 10 static ip address out
>>
>> > of a subnet by default.
>>
>> >
>>
>> >
>>
>> >
>>
>> >
>>
>> >
>>
>> > Thanks in advance.
>>
>> >
>>
>> >
>>
>> >
>>
>> >
>>
>> >
>>
>> > Thanks / Regards
>>
>> >
>>
>> >
>>
>> > _______________________________________________
>>
>> > Chilli mailing list
>>
>> > Chilli at coova.org
>>
>> > http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>
>> --
>>
>> --
>>
>> David Bird
>>
>> http://www.linkedin.com/in/dwbird/
>>
>> _______________________________________________
>>
>> Chilli mailing list
>>
>> Chilli at coova.org
>>
>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>
>> _______________________________________________
>> Chilli mailing list
>> Chilli at coova.org
>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>
>>
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20130522/b8e84119/attachment.html>


More information about the Chilli mailing list