[Chilli] implementing "Enable Local LAN" and "Enable Hotspot Clients" options
Sourav
sourav.chakraborty at netcommwireless.com
Tue Feb 4 23:33:56 UTC 2014
Hi Guys,
We are running coova-chilli on our routers with the attached
/etc/chilli/config file --
root:/etc/cdcs/conf/mgr_templates# ifconfig
br0 Link encap:Ethernet HWaddr 00:60:64:11:11:47
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::260:64ff:fe11:1147/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3360 errors:0 dropped:0 overruns:0 frame:0
TX packets:3226 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:304231 (297.1 KiB) TX bytes:2722119 (2.5 MiB)
br0:0 Link encap:Ethernet HWaddr 00:60:64:11:11:47
inet addr:192.168.1.253 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0 Link encap:Ethernet HWaddr 00:60:64:11:11:47
inet6 addr: fe80::260:64ff:fe11:1147/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3360 errors:4 dropped:0 overruns:0 frame:0
TX packets:3240 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:351327 (343.0 KiB) TX bytes:2723067 (2.5 MiB)
Interrupt:25 Base address:0xc000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:842 errors:0 dropped:0 overruns:0 frame:0
TX packets:842 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:24418 (23.8 KiB) TX bytes:24418 (23.8 KiB)
ra0 Link encap:Ethernet HWaddr 00:60:64:11:11:48
inet6 addr: fe80::260:64ff:fe11:1148/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4678051 (4.4 MiB) TX bytes:94080 (91.8 KiB)
ra1 Link encap:Ethernet HWaddr 00:60:64:11:11:49
inet6 addr: fe80::260:64ff:fe11:1149/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ra2 Link encap:Ethernet HWaddr 00:60:64:11:11:4A
inet6 addr: fe80::260:64ff:fe11:114a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ra3 Link encap:Ethernet HWaddr 00:60:64:11:11:4B
inet6 addr: fe80::260:64ff:fe11:114b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ra4 Link encap:Ethernet HWaddr 00:60:64:11:11:4C
inet6 addr: fe80::260:64ff:fe11:114c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
*tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 **
** inet addr:10.1.0.1 P-t-P:10.1.0.1 Mask:255.255.255.0**
** UP POINTOPOINT RUNNING MTU:1500 Metric:1**
** RX packets:0 errors:0 dropped:0 overruns:0 frame:0**
** TX packets:0 errors:0 dropped:0 overruns:0 carrier:0**
** collisions:0 txqueuelen:100 **
** RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)*
wwan0 Link encap:Ethernet HWaddr 6A:0E:47:FD:01:07
inet addr:123.209.17.117 Bcast:123.255.255.255
Mask:255.255.255.255
inet6 addr: fe80::680e:47ff:fefd:107/64 Scope:Link
UP BROADCAST RUNNING NOARP MULTICAST MTU:1358 Metric:1
RX packets:45 errors:0 dropped:0 overruns:0 frame:0
TX packets:41 errors:0 dropped:4294967294 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4316 (4.2 KiB) TX bytes:3833 (3.7 KiB)
We now want to implement "Enable Local LAN" and "Enable Hotspot Clients"
options, which basically allow the clients on Local LAN(192.168.1.x) to
access clients on the wireless hotspot(10.1.0.x) and vice versa. For
this I checked the existing bridge on our router --
root:/etc/chilli# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.006064111147 no eth0
ra0
ra1
ra2
ra3
ra4
So I thought of adding the tun0 interface to the bridge br0 would solve
the purpose, but I found that tun0 can't be added to bridge. Can you
suggest how to satisfy the mentioned requirements. Also please let me
know the significance of the coova-chilli generated tun0 interface i.e
why is it created and what are the tunnel endpoints?
--
Warm Regards,
Sourav
______________________________________________________________________
This communication contains information which may be confidential or privileged. The information is intended solely for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this communication in error, please notify me by telephone immediately.
______________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20140205/db6c107f/attachment-0001.html>
-------------- next part --------------
# -*- mode: shell-script; -*-
#
# Coova-Chilli Default Configurations.
# To customize, copy this file to /etc/chilli/config
# and edit to your liking. This is included in shell scripts
# that configure chilli and related programs before file 'config'.
###
# Local Network Configurations
#
# HS_WANIF=eth0 # WAN Interface toward the Internet
HS_WANIF=wwan0 # WAN Interface toward the Internet
HS_LANIF=ra0 # Subscriber Interface for client devices
HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990 # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
#HS_STATIP=10.1.0.1
#HS_STATIP_MASK=255.255.255.0
#HS_DNS_DOMAIN=10.1.0.1
# OpenDNS Servers
#HS_DNS1=10.4.81.103
#HS_DNS1=192.168.1.1
HS_DNS1=10.1.0.1
#HS_DNS2=10.4.182.20
###
# HotSpot settings for simple Captive Portal
#
HS_NASID=ntc_30w
#HS_UAMALLOW=www.coova.org,www.bbc.com
#HS_UAMSECRET=change-me # Set to be your UAM secret
#HS_UAMSECRET="Ponutokoyu"
HS_UAMSECRET=
HS_UAMALIASNAME=chilli
# Configure RADIUS proxy support (for 802.1x + captive portal support)
#HS_RADPROXY=on
HS_RADPROXY_PORT=1645
HS_RADPROXY_MACACCEPT=on
HS_RADPROXY_LOCATTR=32
# Example OpenWrt /etc/config/wireless entry for hostapd
# option encryption wpa2
# option port $HS_RADPROXY_PORT
# option key $HS_RADPROXY_SECRET
# To alternatively use a HTTP URL for AAA instead of RADIUS:
# HS_UAMAAAURL=http://my-site/script.php
# Put entire domains in the walled-garden with DNS inspection
# HS_UAMDOMAINS=".paypal.com,.paypalobjects.com"
HS_UAMDOMAINS="coova.org,bbc.com"
# Optional initial redirect and RADIUS settings
#HS_NASMAC=00:60:64:89:20:5F # To explicitly set Called-Station-Id
# The server to be used in combination with HS_UAMFORMAT to
# create the final chilli 'uamserver' url configuration.
# Use HS_UAMFORMAT to define the actual captive portal url.
# Shell variable replacement takes place when evaluated, so here
# Same principal goes for HS_UAMHOMEPAGE.
# This option will be configured to be the WISPr LoginURL as well
# as provide "uamService" to the ChilliController. The UAM Service is
# described in: http://www.coova.org/CoovaChilli/UAMService
#
###
# Features not activated per-default (default to off)
#
# HS_RADCONF=off # Get some configurations from RADIUS or a URL ('on' and 'url' respectively)
#
HS_ANYIP=on # Allow any IP address on subscriber LAN
#
#HS_MACAUTH=on # To turn on MAC Authentication
#
# HS_MACAUTHDENY=on # Put client in 'drop' state on MAC Auth Access-Reject
#
# HS_MACAUTHMODE=local # To allow MAC Authentication based on macallowed, not RADIUS
#
# HS_MACALLOW="..." # List of MAC addresses to authenticate (comma seperated)
#
#HS_USELOCALUSERS=on # To use the /etc/chilli/localusers file
#
#HS_OPENIDAUTH=on # To inform the RADIUS server to allow OpenID Auth
#
HS_WPAGUESTS=on # To inform the RADIUS server to allow WPA Guests
#
#HS_DNSPARANOIA=on # To drop DNS packets containing something other
# # than A, CNAME, SOA, or MX records
#
#HS_OPENIDAUTH=on # To inform the RADIUS server to allow OpenID Auth
# # Will also configure the embedded login forms for OpenID
#
# HS_USE_MAP=on # Short hand for allowing the required google
# # sites to use Google maps (adds many google sites!)
#
###
# Other feature settings and their defaults
#
#HS_DEFSESSIONTIMEOUT=0 # Default session-timeout if not defined by RADIUS (0 for unlimited)
#
#HS_DEFIDLETIMEOUT=0 # Default idle-timeout if not defined by RADIUS (0 for unlimited)
#
# HS_DEFBANDWIDTHMAXDOWN=0 # Default WISPr-Bandwidth-Max-Down if not defined by RADIUS (0 for unlimited)
#
# HS_DEFBANDWIDTHMAXUP=0 # Default WISPr-Bandwidth-Max-Up if not defined by RADIUS (0 for unlimited)
###
# Centralized configuration options examples
#
# HS_RADCONF=url # requires curl
# HS_RADCONF_URL=https://coova.org/app/ap/config
#HS_RADCONF=on # gather the ChilliSpot-Config attributes in
# # Administrative-User login
# HS_RADCONF_SERVER=rad01.coova.org # RADIUS Server
#HS_RADCONF_SERVER=192.168.1.144 # RADIUS Server
#HS_RADCONF_SECRET=coova-anonymous # RADIUS Shared Secret
#HS_RADCONF_AUTHPORT=1812 # Auth port
#HS_RADCONF_USER=chillispot # Username
#HS_RADCONF_PWD=chillispot # Password
###
# Firewall issues
#
# Uncomment the following to add ports to the allowed local ports list
# The up.sh script will allow these local ports to be used, while the default
# is to block all unwanted traffic to the tun/tap.
#
HS_TCP_PORTS="80 8000 53 22 1812 1813 67 443"
###
# Standard configurations
#
HS_MODE=hotspot
HS_TYPE=chillispot
HS_RADACCT=1813
#HS_ADMUSR=chillispot
#HS_ADMPWD=chillispot
###
# Post-Auth proxy settings
#
HS_LAN_ACCESS=allow
# HS_POSTAUTH_PROXY=<host or ip>
# HS_POSTAUTH_PROXYPORT=<port>
#HS_POSTAUTH_PROXY=10.1.0.1
#HS_POSTAUTH_PROXYPORT=80
# Directory specifying where internal web pages can be served
# by chilli with url /www/<file name>. Only extentions like .html
# .jpg, .gif, .png, .js are allowed. See below for using .chi as a
# CGI extension.
HS_WWWDIR=/etc/chilli/www
# Using this option assumes 'haserl' is installed per-default
# but, and CGI type program can ran from wwwsh to process requests
# to chilli with url /www/filename.chi
HS_WWWBIN=/etc/chilli/wwwsh
# Some configurations used in certain user interfaces
#
HS_PROVIDER=Coova
HS_PROVIDER_LINK=http://www.coova.org/
###
# WISPr RADIUS Attribute support
#
#HS_LOC_NAME="My HotSpot" # WISPr Location Name and used in portal
# WISPr settings (to form a proper WISPr-Location-Id)
HS_LOC_NETWORK="My Network" # Network name
HS_LOC_AC=408 # Phone area code
HS_LOC_CC=61 # Phone country code
HS_LOC_ISOCC=AU # ISO Country code
# Embedded miniportal
# HS_REG_MODE="tos" # or self, other
# HS_RAD_PROTO="pap" # or mschapv2, chap
#HS_RAD_PROTO="mschapv2"
#HS_RAD_PROTO="chap"
HS_RAD_PROTO=pap
HS_PAP_OK=on
# HS_USE_MAP=on
HS_ACCTUPDATE=on
HS_COAPORT=3779
HS_CHALLENGETIMEOUT=40000
HS_CHALLENGETIMEOUT2=40000
HS_UAMUISSL=on
HS_REDIRSSL=on
HS_SSLKEYFILE=/etc/chilli/mycert.pem
HS_SSLCERTFILE=/etc/chilli/mycert.pem
HS_SESKEEPALIVE=on
HS_DHCPRADIUS=on
HS_WEB_ADMIN=both
HS_NATANYIP=on
HS_LAYER2=on
HS_SSID="NetComm 6648"
HS_NETWORK=10.1.0.0
HS_NETMASK=255.255.255.0
HS_UAMLISTEN=10.1.0.1
HS_DYNIP=10.1.0.1
HS_DYNIP_MASK=255.255.255.0
HS_RADPROXY_LISTEN=10.1.0.1
HS_RADPROXY_CLIENT=10.1.0.0/24
HS_NASIP=10.1.0.1
HS_UAMSERVER=10.1.0.1
HS_UAMFORMAT=http://$HS_UAMLISTEN:$HS_UAMUIPORT/www/
HS_UAMHOMEPAGE=http://$HS_UAMLISTEN:$HS_UAMUIPORT/www/
HS_UAMSERVICE=http://$HS_UAMLISTEN:$HS_UAMUIPORT/www/
HS_UAMDOMAINS=www.telegesis.com
HS_RADIUS=192.168.1.176
HS_RADIUS2=192.168.1.176
HS_RADAUTH=1813
HS_RADSECRET=testing123
More information about the Chilli
mailing list