Authentication Iphone in coova-chilli

Hello everyone. Has anyone encountered a problem on the iphone in which he makes two requests during authorization on the guest network in coova-chilli? Who solved this problem?

could this be because of the MAC randomization feature ?

I asked the tester to check
Can you explain how the randomization of the poppy address can affect the repeated authorization request?

Out of my comfort depth here, but if the client uses a random MAC, the captive portal could, at least in theory, treat every MAC as a new device, requiring authentication.

Is it possible to avoid this with coova -chilli settings?

No. chilli starts whole process based on connection initiation of a so far unknown MAC. No chance to recognize, this to be a known device already, presenting another MAC.
However, I do not see, that iphone triggers CP (captive portal) two times, using different MACs, assuming same wifi net. Certain exceptions apply, i.e. after switching private MAC to off. Configuration/programming of coova-chilli is some type of black magic, anyway, so more likely a problem of programming the backend of chilli. I.e. wrong/bad handling of the authorization, and chilli therefore is triggered for a retry.

The problem is that literally at the same moment two absolutely identical requests arrive


Same MAC in both requests, same challenge, sessionid etc.. So most likely a retry from chilli, as I already suspected. To be confirmed, using tcpdump (on the router).

Is there such a problem in the chilli.conf file? I provided it, but hid * the information on the addresses

Has (most likely) nothing to do with chilli.conf . But with the activities after UAMURL is called by chilli. Something to do on the server, after challenge received from chilli.
Anyway, this is not openwrt specific. So you should ask on chilli forum.
HINT: To make things a bit easier, try to set it up working on standard linux node, not openwrt. To avoid some openwrt specialities, i.e. firewall, to use simple iptables instead.