[Chilli] CoovaChiili Permit Server IP
David Bird
david at coova.com
Wed May 22 14:42:42 UTC 2013
Yes, sorry, I confused conup and macup since macup wouldn't be available
in layer3 mode. Hmm... perhaps for layer3 there could be an option
similar to macup but for ip-only (not to confuse with ipup which runs
when chilli sets up the tun interface).
On Wed, 2013-05-22 at 13:23 +0200, Xabier Oneca -- xOneca wrote:
> Maybe he meant 'macup'. This *does* run after the initial DHCP
> request, but I'm afraid won't work if you have an external DHCP server
> set-up... Neither know when was implemented, as it doesn't still
> appear in the online manual page...
>
> --
> Xabier Oneca_,,_
>
> El 22/05/2013 12:59, "Francesc Romà i Frigolé"
> <francesc at socialandbeyond.com> escribió:
> Hi,
>
>
> I think that what David is suggesting is to authorize the IPs
> syncronously, as soon as they show up in the network, rather
> than polling for them every minute. That would make the system
> more responsive.
>
>
> What I don't understand is how would it be possible to
> accomplish that with the conup script. As it is documented
> here http://coova.org/CoovaChilli/chilli.conf the conup
> script is executed after a session is authorized. I wouldn't
> expect it to be executed when the device shows up in the
> network, before is authorized.
>
>
>
> Francesc Romà i Frigolé
>
> CTO
>
> Torre Telefónica Diagonal 00, planta 11, Wayra
> Plaça Ernest Lluch i Martín, 5
>
> 08019 Barcelona
>
> Tel. +34 93.1234.962
>
> Skype: cescpak
>
>
>
>
> On Wed, May 22, 2013 at 9:52 AM, Russell Mike
> <radius.sir at gmail.com> wrote:
> Hi Luis & David,
>
>
> Thanks for your inputs, discussion became very
> interesting. Thanks for sharing ideas. standing by to
> hear more from David. B about conup.
>
>
> Thanks / Regards
> --RM
>
>
>
> On Tue, May 21, 2013 at 6:10 PM, Luis Ferreira
> <lferreira at cabocom.cv> wrote:
> Hi David,
>
> Can you clarify on the conup?
>
> From what I understood, you are saying that is
> a script that is run every time a client
> connects to the network. (correct?)
>
> If true, will that work in my case, with
> another server running ISC-DHCP?
>
> Where can I configure it? Where is it located?
>
> Regards,
>
> Luis
>
> -----Mensagem original-----
> De: chilli-bounces at coova.org
> [mailto:chilli-bounces at coova.org] Em nome de
> David Bird
> Enviada: terça-feira, 21 de Maio de 2013 16:01
> Para: chilli at coova.org
> Assunto: Re: [Chilli] CoovaChiili Permit
> Server IP
>
> There could be an option similar to macallowed
> (plus macallowlocal) but for layer3 mode using
> ip addresses. Using a script like the one
> suggested would also work - though, I think
> you'd want 'authorize'
>
> instead of 'login' since you don't have
> RADIUS. You can also do something similar from
> the conup script so that as soon as the
> station connects, you authorize it.
>
>
> On Tue, 2013-05-21 at 09:23 -0100, Luis
> Ferreira wrote:
>
> > Hi Russell,
>
> >
>
> >
>
> >
>
> > Here we had the same problem, and were able
> to fix it with the
>
> > following script:
>
> >
>
> >
>
> >
>
> > #!/bin/bash
>
> >
>
> >
>
> >
>
> > usercheck=$(/usr/local/sbin/chilli_query
>
> > -s /usr/local/var/run/chilli.vlanxx.sock
> list |grep -c "1
>
> > accountusername ")
>
> >
>
> >
>
> >
>
> > if [ $usercheck = '0' ];
>
> >
>
> > then
>
> >
>
> > echo "Logging in accountname"
>
> >
>
> > /usr/local/sbin/chilli_query
>
> > -s /usr/local/var/run/chilli.vlanxx.sock
> login ip 192.168.10.251
>
> > username accountusername password
> accountpassword
>
> >
>
> > fi
>
> >
>
> >
>
> >
>
> >
>
> >
>
> > Replace account name, account password and
> IP for the correct ones.
>
> > Also check the location of the sock files.
>
> >
>
> >
>
> >
>
> > This script is running every minute. If the
> IP is not present, Chilli
>
> > will not perform the login and ignore it.
> But if it is present (client
>
> > connected) it will trigger the account
> login.
>
> >
>
> >
>
> >
>
> > This is a very dirty hack, but we have been
> using it for more than 2
>
> > years and it never failed (except when the
> account would ran out of
>
> > credit J ).
>
> >
>
> >
>
> >
>
> > Btw, if someone as a different (and less
> hacked) way of doing this on
>
> > layer 3, please share it.
>
> >
>
> >
>
> >
>
> > Regards,
>
> >
>
> > Luis
>
> >
>
> >
>
> >
>
> >
>
> >
>
> > Dear Coova Gurus,
>
> >
>
> >
>
> >
>
> >
>
> > CoovaChilli Layer3, Working great. But for
> some days now, i am working
>
> > CoovaChilli to allow some devices to allow
> access without
>
> > authentication AND have Static IP address.
> (Servers, IP phones, Apple
>
> > TV etc..).
>
> >
>
> >
>
> >
>
> >
>
> >
>
> > MAC auth do not help because of L3 setup.
> Have anyone got the idea.
>
> > How can configure coovachilli to allow
> access 10 static ip address out
>
> > of a subnet by default.
>
> >
>
> >
>
> >
>
> >
>
> >
>
> > Thanks in advance.
>
> >
>
> >
>
> >
>
> >
>
> >
>
> > Thanks / Regards
>
> >
>
> >
>
> >
> _______________________________________________
>
> > Chilli mailing list
>
> > Chilli at coova.org
>
> >
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
> --
>
> --
>
> David Bird
>
> http://www.linkedin.com/in/dwbird/
>
> _______________________________________________
>
> Chilli mailing list
>
> Chilli at coova.org
>
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
>
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
>
>
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
>
>
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
More information about the Chilli
mailing list