[Chilli] CoovaChiili Permit Server IP
Xabier Oneca -- xOneca
xoneca at gmail.com
Wed May 22 15:55:22 UTC 2013
Maybe a pre-authentication hook, or something like that?
--
Xabier Oneca_,,_
El 22/05/2013 16:42, "David Bird" <david at coova.com> escribió:
> Yes, sorry, I confused conup and macup since macup wouldn't be available
> in layer3 mode. Hmm... perhaps for layer3 there could be an option
> similar to macup but for ip-only (not to confuse with ipup which runs
> when chilli sets up the tun interface).
>
> On Wed, 2013-05-22 at 13:23 +0200, Xabier Oneca -- xOneca wrote:
> > Maybe he meant 'macup'. This *does* run after the initial DHCP
> > request, but I'm afraid won't work if you have an external DHCP server
> > set-up... Neither know when was implemented, as it doesn't still
> > appear in the online manual page...
> >
> > --
> > Xabier Oneca_,,_
> >
> > El 22/05/2013 12:59, "Francesc Romà i Frigolé"
> > <francesc at socialandbeyond.com> escribió:
> > Hi,
> >
> >
> > I think that what David is suggesting is to authorize the IPs
> > syncronously, as soon as they show up in the network, rather
> > than polling for them every minute. That would make the system
> > more responsive.
> >
> >
> > What I don't understand is how would it be possible to
> > accomplish that with the conup script. As it is documented
> > here http://coova.org/CoovaChilli/chilli.conf the conup
> > script is executed after a session is authorized. I wouldn't
> > expect it to be executed when the device shows up in the
> > network, before is authorized.
> >
> >
> >
> > Francesc Romà i Frigolé
> >
> > CTO
> >
> > Torre Telefónica Diagonal 00, planta 11, Wayra
> > Plaça Ernest Lluch i Martín, 5
> >
> > 08019 Barcelona
> >
> > Tel. +34 93.1234.962
> >
> > Skype: cescpak
> >
> >
> >
> >
> > On Wed, May 22, 2013 at 9:52 AM, Russell Mike
> > <radius.sir at gmail.com> wrote:
> > Hi Luis & David,
> >
> >
> > Thanks for your inputs, discussion became very
> > interesting. Thanks for sharing ideas. standing by to
> > hear more from David. B about conup.
> >
> >
> > Thanks / Regards
> > --RM
> >
> >
> >
> > On Tue, May 21, 2013 at 6:10 PM, Luis Ferreira
> > <lferreira at cabocom.cv> wrote:
> > Hi David,
> >
> > Can you clarify on the conup?
> >
> > From what I understood, you are saying that is
> > a script that is run every time a client
> > connects to the network. (correct?)
> >
> > If true, will that work in my case, with
> > another server running ISC-DHCP?
> >
> > Where can I configure it? Where is it located?
> >
> > Regards,
> >
> > Luis
> >
> > -----Mensagem original-----
> > De: chilli-bounces at coova.org
> > [mailto:chilli-bounces at coova.org] Em nome de
> > David Bird
> > Enviada: terça-feira, 21 de Maio de 2013 16:01
> > Para: chilli at coova.org
> > Assunto: Re: [Chilli] CoovaChiili Permit
> > Server IP
> >
> > There could be an option similar to macallowed
> > (plus macallowlocal) but for layer3 mode using
> > ip addresses. Using a script like the one
> > suggested would also work - though, I think
> > you'd want 'authorize'
> >
> > instead of 'login' since you don't have
> > RADIUS. You can also do something similar from
> > the conup script so that as soon as the
> > station connects, you authorize it.
> >
> >
> > On Tue, 2013-05-21 at 09:23 -0100, Luis
> > Ferreira wrote:
> >
> > > Hi Russell,
> >
> > >
> >
> > >
> >
> > >
> >
> > > Here we had the same problem, and were able
> > to fix it with the
> >
> > > following script:
> >
> > >
> >
> > >
> >
> > >
> >
> > > #!/bin/bash
> >
> > >
> >
> > >
> >
> > >
> >
> > > usercheck=$(/usr/local/sbin/chilli_query
> >
> > > -s /usr/local/var/run/chilli.vlanxx.sock
> > list |grep -c "1
> >
> > > accountusername ")
> >
> > >
> >
> > >
> >
> > >
> >
> > > if [ $usercheck = '0' ];
> >
> > >
> >
> > > then
> >
> > >
> >
> > > echo "Logging in accountname"
> >
> > >
> >
> > > /usr/local/sbin/chilli_query
> >
> > > -s /usr/local/var/run/chilli.vlanxx.sock
> > login ip 192.168.10.251
> >
> > > username accountusername password
> > accountpassword
> >
> > >
> >
> > > fi
> >
> > >
> >
> > >
> >
> > >
> >
> > >
> >
> > >
> >
> > > Replace account name, account password and
> > IP for the correct ones.
> >
> > > Also check the location of the sock files.
> >
> > >
> >
> > >
> >
> > >
> >
> > > This script is running every minute. If the
> > IP is not present, Chilli
> >
> > > will not perform the login and ignore it.
> > But if it is present (client
> >
> > > connected) it will trigger the account
> > login.
> >
> > >
> >
> > >
> >
> > >
> >
> > > This is a very dirty hack, but we have been
> > using it for more than 2
> >
> > > years and it never failed (except when the
> > account would ran out of
> >
> > > credit J ).
> >
> > >
> >
> > >
> >
> > >
> >
> > > Btw, if someone as a different (and less
> > hacked) way of doing this on
> >
> > > layer 3, please share it.
> >
> > >
> >
> > >
> >
> > >
> >
> > > Regards,
> >
> > >
> >
> > > Luis
> >
> > >
> >
> > >
> >
> > >
> >
> > >
> >
> > >
> >
> > > Dear Coova Gurus,
> >
> > >
> >
> > >
> >
> > >
> >
> > >
> >
> > > CoovaChilli Layer3, Working great. But for
> > some days now, i am working
> >
> > > CoovaChilli to allow some devices to allow
> > access without
> >
> > > authentication AND have Static IP address.
> > (Servers, IP phones, Apple
> >
> > > TV etc..).
> >
> > >
> >
> > >
> >
> > >
> >
> > >
> >
> > >
> >
> > > MAC auth do not help because of L3 setup.
> > Have anyone got the idea.
> >
> > > How can configure coovachilli to allow
> > access 10 static ip address out
> >
> > > of a subnet by default.
> >
> > >
> >
> > >
> >
> > >
> >
> > >
> >
> > >
> >
> > > Thanks in advance.
> >
> > >
> >
> > >
> >
> > >
> >
> > >
> >
> > >
> >
> > > Thanks / Regards
> >
> > >
> >
> > >
> >
> > >
> > _______________________________________________
> >
> > > Chilli mailing list
> >
> > > Chilli at coova.org
> >
> > >
> >
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
> >
> > --
> >
> > --
> >
> > David Bird
> >
> > http://www.linkedin.com/in/dwbird/
> >
> > _______________________________________________
> >
> > Chilli mailing list
> >
> > Chilli at coova.org
> >
> >
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
> >
> >
> >
> > _______________________________________________
> > Chilli mailing list
> > Chilli at coova.org
> >
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
> >
> >
> >
> >
> > _______________________________________________
> > Chilli mailing list
> > Chilli at coova.org
> > http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
> >
> >
> >
> >
> > _______________________________________________
> > Chilli mailing list
> > Chilli at coova.org
> > http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
> >
> > _______________________________________________
> > Chilli mailing list
> > Chilli at coova.org
> > http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20130522/b8194c50/attachment-0001.html>
More information about the Chilli
mailing list