Coovachilli splash page not launching

MK! I started to set my AP following this tutorial:

https://openwrt.org/docs/guide-user/network/wifi/bridgedap

I have this doubt:
why should i put my interface "guest" in the wireless configuration(option network guest) if my guest doesn't have an IP adress...?

Thanks for your time.

coova-chilli does the dhcp.
Obviously, you need general know-how about coova first. So, do the setup on standard linux first, as I wrote already.

hi REINI! I'm following your advice since i wasnt able to configure this coovachilli in the router yet!

Currently following this guide https://www.radiusdesk.com/docuwiki/getting_started/install_ubuntu_coovachilli?do=export_pdf

Question... this will NOT display a captive portal right? this is just the installation of coovachilli...? considering I already have my radiusdesk server working.

THANKS

I pretend to install coovachilli following the guide that i posted and use a virtual box to initiate the radiusserver.... Am i doing it right?

The Radiusdesk machine also hosts the RADIUS server. In other words all your uamserver and radiusserver1 and radiusserver2 point at the Radiusdesk machine.

Especially when the Radiusdesk machine is a VM you need to have the network configured so the OpenWrt router can reach it. The easy way is to set the virtual network adapter in your VM hypervisor to be bridged to the LAN port of the host machine. If the VM host is running a firewall you may need to open ports.

The rest of the pdf file is about configuring coovachilli the old way with environment variables. Just for confusion, some of these files still exist in an OpenWrt chilli opkg install but are otherwise not used. The OpenWrt version of Chilli would really prefer you use the UCI system.

Hey guys, i've already install coovachilli in ubuntu 18.04 (gues so) heres a screenshot of it "running".

Whats next?

Can I install radius in ubuntu on a VIRTUAL BOX?

I mounted radiusdesk in virtual machine on ubuntu and initialize coovachilli and got this. I can’t see hotspot yet

OK I've done some testing with actual RadiusDesk (2017-0-4).

Here is the entire OpenWrt /etc/config/chilli:

config chilli
    option tundev 'tun0'
    option network 'guest'
    option debug '1'
    option radiusserver1 '192.168.22.244'
    option radiusserver2 '192.168.22.244'
    option radiussecret testing123
    option radiusnasid nas01
    option uamserver 'http://192.168.22.244/cake3/rd_cake/dynamic-details/chilli-browser-detect/'
    option uamsecret greatsecret
    option uamallowed '192.168.22.0/24'
    option dns1 '192.168.22.1'
    option ipup '/etc/chilli/up.sh'
    option ipdown '/etc/chilli/down.sh'

Now of course you also need the guest bridge network and wifi AP as previously explained, and change the IP addresses in the config to match your LAN network. It is very important that from the router CLI you must be able to ping the Radiusdesk server. If that does not work you need to fix the network.

(Spoiler alert, it doesn't (quite) work, because the RadiusDesk pages use chilli's JSON API, which is not compiled into the released OpenWrt builds-- though it really should be)

To get close to working (but not actually, that would require recompiling chilli) you need to do two configs to Radiusdesk. First go to the gears on the left side and click dynamic login pages on the top, then dynamic keys, and add one of type nasid with your nasid (nas01 here). Or you could have set nasid in the chilli config to one of the existing example ones.

Then after trying to log in, click the bullseye on the left side (radius), dynamic clients, unknown clients tab, you should see your AP has tried to contact, so select it and hit the paperclip to make your client known. For security RADIUS will not answer unknown clients.

Then you should see a bunch of pictures but also red error messages because there's no JSON. That should be fixable if you have a build system.

Note also that the Radiusdesk VM has a chilli instance running, though you will need to somehow set up two independent network interfaces in your hypervisor (that lead to actual hardware) to make it work. Which is not an OpenWrt subject at all.

Thanks a lot Mike! Let me try again with this...

Just for your info MIke, i was following this tutorial when installing all the stuff in TPLINK AC1750:

https://gremaudpi.emf-informatique.ch/how-to-build-a-captive-portal-with-radiusdesk-and-coova-chilli-on-raspberry-pi-running-openwrt/

That's for the radius and coovachilli part...

In that tutorial they guide you to another one which is this one:

https://gremaudpi.emf-informatique.ch/create-a-routed-access-point-with-raspberry-pi-and-openwrt/

this second part of the tutorial tries to teach you how to set the NAS device as an access point... Followed it that way and had NO success.

I think I maybe have the problem setting up the network because in the tutorial you need to configure firewall and all that stuff...

Let me try following your advice and I'll keep in touch. Thanks you mike!

Hi Mike, i'm having trouble setting up the 'guest' network.

Here's how it looks in LUCI WEB

THe way i did it is I just created a INTERFACE with this parameters you gave me:

config interface 'guest'
        option type 'bridge'
        option ifname 'eth0.3'
        option proto 'none'

Then, created a Wireless extension and associated to 'guest' just as you told me here "Also make a wifi AP and attach it to guest with option network guest in the AP's block in /etc/config/wireless."... what am I doing wrong?

Thanks

Get a basic routed guest access point working first before trying anything with Chilli. You have to understand how the systems work rather than following recipes blindly.

2 Likes

Hi Mike!

Ready, i have a routed AP working now, network is in another subnet and i can navigate through internet fine. First part work fine.

ROUTED AP WITH INTERNET ACCESS AND UNDER THE NET 192.168.2.0/24
MY MAIN NETWORK (ISP MODEM) IS 192.168.15.1

Now, i'm trying to configure coovachilli with radiusdesk and used this config file:

config chilli
    option tundev 'tun0'
    option network 'OpenWrt'
    option debug '1'
    option radiusserver1 '192.168.15.16'
    option radiusserver2 '192.168.15.16'
    option radiussecret testing123
    option radiusnasid ap001
    option uamserver 'http://192.168.15.16/cake3/rd_cake/dynamic-details/chilli-browser-detect/'
    option uamsecret greatsecret
    option uamallowed '192.168.2.0/24'
    option dns1 '192.168.2.1'
    option ipup '/etc/chilli/up.sh'
    option ipdown '/etc/chilli/down.sh'

and my radiusDESK VM in ubuntu looks like this when IFCONFIG:

Everything seems to be fine... but when i try to access to a webpage on my browser i don't see the splash page... It just goes to google or any webpage directly...

Thanks in advance

UPDATE:

Now i can see a portal, but it's a little strange because when connecting to the network via LAPTOP (MY MACBOOK) i get this:

This is the IP that the network gave me with coovachilli and the captive portal...

The strange thing is when i connect with my cellphone i dont see the captive portal and i have internet access

But of course, in my mac now i can't navigate... do you know what im doing wrong????

Good that you have a routed AP working now, but next you would tear part of it down or set it aside. Chilli is going to do the routing, so remove OpenWrt's DNS server and the firewall rules on the guest network, or create a new guest network which has no firewall rules or DNS server.

The overall flow is
LAN (192.168.15.0) -->eth0-->OpenWrt kernel-->tun0 (192.168.182.0)-->chilli-->br-guest-->wifi AP-->hotspot user

When a guest is not logged in, Chilli redirects them to the Radiusdesk server so they can see the login page. uamallowed must include the Radiusdesk server. There are still 192.168.2 addresses in there, it should be 15. Also dns1 should probably be your LAN's main router which is likely 192.168.15.1, or a public DNS server like 8.8.8.8.

HI mike, and thanks for the answer.

Why should i disable all the firewall settings? i've done that and messed up the routed AP (it doesnt gives internet access anymore)...

I'm quite confused on why the network keeps giving 10.1.0.x on MACBOOK if the guest network is suposed to be 192.168.2.x....??

I dont know what the problem is... but when i turn off raiuds server (running in a virtual machine) i get a 192.168.2.x IP when trying to connect to guest network...

but as soon as i turn un the virtual machine server i get 10.1.0.x IP's, and get the splash "login" page from radiusdesk but not able to access to internet....

I think the problem is tun0 from the radius server that is setted on 10.1.0.1, any ideas???

thanks in advance

Do not refer to tun0 in any OpenWrt configs other than /etc/config/chilli. Chilli will assign the IP address.

ip addr show should show that tun0 has one and only one IP -- 192.168.182.1, and the guest bridge has no IP.

root@OpenWrt:/ip addr show
...
13: tun0: <POINTOPOINT,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN qlen 100
    link/[65534] 
    inet 192.168.182.1/24 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::992a::<REDACTED>/64 scope link 
       valid_lft forever preferred_lft forever
...
23: br-guest: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 00:16:fb:b6:cf:b4 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::216:<REDACTED>/64 scope link 
       valid_lft forever preferred_lft forever

The up.sh will configure tun0 for forwarding using direct iptable calls. This works instead of setting up a firewall with /etc/config/firewall. It would be more OpenWrt friendly to not do that, but that is an advanced topic. It does "just work" using up.sh.

Looks like this DiegoTrug here is the albin.jose, who asked me lot of other questions regarding chilli. I
Even did online bug tracing on his system, investing several hours of time.
And, after figuring out his bug, he not even bothered to say "Thank You".
So, be carful when helping in coova-chilli, for free. As it most often is used in commercial systems.
Leechers like to pick up detailed info for free on this forum, to use it in a paid-for system.

2 Likes

Two more (obvious) threads exist: