HELP: Coovachilli captive portal not working in OpenWrt

vipin · November 17, 2020, 5:06pm

I am trying to install captive portal using coovachilli package in an access point running openwrt os. Using external radius server for authentication. Very new to this captive portal concept and implementation and getting confused with many documentations and different explanations. Currently I am in a stage where the package installation is successful but still having some doubts. Using CoovChilli version1.4.0 and installed it in the access point.

Question1:
I am aware of the concept of uamserver but still not clear whether we have to develop a custom login page and host it and then give the URL in the uamserver option. Or is it possible to develop a page and open locally without hosting it. Please help me if someone aware of it.

Question2:
Using /etc/config/chilli file as mentioned in the openwrt wiki page https://oldwiki.archive.openwrt.org/doc/howto/wireless.hotspot.coova-chilli with minor modifications and getting below error (Bad argument 'DROP')in the syslog. Is this an error or expected message ?

Nov 16 22:02:51 chilli[16434]: chilli[16434]: (Re)processing options [/var/run/chilli.16434.cfg.bin]
Nov 16 22:02:51 chilli[16434]: chilli[16436]: running chilli_opt on /var/run/chilli.16434.cfg.bin
Nov 16 22:02:58 : PID 16436 saving options to /var/run/chilli.16434.cfg.bin
Nov 16 22:02:58 chilli[16434]: chilli[16434]: PID 16434 rereading binary file /var/run/chilli.16434.cfg.bin
Nov 16 22:02:58 chilli[16434]: chilli[16434]: PID 16434 reloaded binary options file
Nov 16 22:02:58 chilli[16434]: CoovaChilli 1.4. Copyright 2002-2005 Mondru AB. Licensed under GPL. Copyright 2006-2012 David Bird (Coova Techn.
Nov 16 22:02:58 chilli[16434]: TX queue length set to 100
Nov 16 22:02:58 chilli[16434]: Bad argument `DROP'
Nov 16 22:02:58 chilli[16434]: Try `iptables -h' or 'iptables --help' for more information.
Nov 16 22:02:58 chilli[16434]: Bad argument `ACCEPT'
Nov 16 22:02:58 chilli[16434]: Try `iptables -h' or 'iptables --help' for more information.

IP address of my Access point: 192.168.1.1
IP address of my freeradius server: 192.168.1.94
secret of the radius server: testing123

/etc/config/chilli file:

config chilli

option radiusnasid 		"xxxxxxxxx"
option radiussecret		"xxxxxxxxx"
option uamsecret		"xxxxxxxxx"


option locationname 		"<human readible location name>"
option radiuslocationname 	"<SSID>,<sub-ID>"
option radiuslocationid 	"isocc=<cc>,cc=<idd>,ac=<ac>,network=<SSID>"

option radiusserver1		192.168.1.94
option radiusserver2		192.168.1.94

option dhcpif 			br-lan		# Subscriber Interface for client devices

option dns1			8.8.8.8
option dns2			8.8.4.4
    
option tundev 			'tun0'
option net			192.168.1.0/22	# For 1000 addresses. Default is 182/24 subnet
option uamlisten		192.168.1.1	# keep it at 182.1 despite the 180/22 subnet
option lease			86400		# 1 day
option leaseplus		600		# plus 10 minutes

# Universal access method (UAM) parameters
option uamserver		"https://www.google.com"
option uamuiport 		4990		# HotSpot UAM "UI" Port (on subscriber network)
option uamanydns		1
option	uamaliasip 		1.0.0.1		# default: http://1.0.0.1 will goto login page
option uamaliasname 		login		#          http://login will goto login page
option nouamsuccess		1		# no success page, to original requested URL

option uamallowed	"customer.hotspotsystem.com,www.directebanking.com,betalen.rabobank.nl,ideal.ing.nl,ideal.abnamro.nl,www.ing.nl"

option uamdomain	".paypal.com,.paypalobjects.com,.worldpay.com,.rbsworldpay.com,.adyen.com,.hotspotsystem.com"

option swapoctets		1		# swap input and output octets
option interval 		3600		# config file and host lookup refresh

option ipup '/etc/chilli/up.sh'
option ipdown '/etc/chilli/down.sh'

reinerotto · November 17, 2020, 6:52pm

still not clear whether we have to develop a custom login page and host it and then give the URL in the uamserver option. Or is it possible to develop a page and open locally without hosting it.<
Both variants possible.
However, correct config of coova-chilli is (almost) black magic. Lot of outdated or incomplete docs floating around on the web. And even more complicated config, when openwrt-specialities to be considered. I strongly suggest, first to get coova-chilli up and running on standard linux. And then to do the port to openwrt.
BTW, according to your uam-settings, it looks like some commercial system to be set up. Feel free to PM me for commercial support

vipin · November 18, 2020, 4:41am

I believe there are lot of difference between setting up standard linux and openwrt system. Still I can give a try on that. Could you please help me with any links which gives more clarity on how to do it on the linux system ? How can I contact you ?

reinerotto · November 18, 2020, 5:02am

You can contact me via augustus_meyer@yahoo.de
First to start using coova-chilli on plain LINUX gives you more insight into the operation of coova. Which is complicated enough. Before fighting the openwrt-specialities.

tmomas · November 18, 2020, 7:45am

New URL: https://openwrt.org/docs/guide-user/services/captive-portal/wireless.hotspot.coova-chilli

The old page is for archival purposes only and does not receive updates any more.

vipin · November 18, 2020, 8:58am

Tried this also. Could you please help me on my queries ?