Install CoovaChilli parallell with private lan

Installing and Using OpenWrt
1

Hi!

I'm trying to setup Coovachilli so it's connected to own zone/interface and bridged to a VLAN. However, I cant get it to work. No splash screen and no Internet connection. I guess it's because clients can't connect to DNS servers. This device also is not directly connected to Internet, but to another router.

My private lan is at VLAN3 and guest which should use CoovaChilli is at VLAN 4

/etc/config/network (partly)

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ifname 'eth0.3'
        option ipaddr '192.168.10.2'
        option gateway '192.168.10.254'
        option dns '192.168.10.254'

config interface 'guest'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option stp '1'
        option ipaddr '10.100.0.2'
        option delegate '0'
        option ifname 'eth0.4'

/etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '36'
        option hwmode '11a'
        option path 'pci0000:00/0000:00:00.0'
        option legacy_rates '1'
        option htmode 'VHT40'
        option country 'FI'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11g'
        option path 'platform/qca956x_wmac'
        option legacy_rates '1'
        option channel '7'
        option country 'FI'
        option htmode 'HT20'

config wifi-iface 'priv2G'
        option device 'radio1'
        option mode 'ap'
        option encryption 'psk2'
        option key 'verysecret123'
        option network 'lan'
        option ssid 'Private'
        option isolate '1'

config wifi-iface
        option device 'radio1'
        option mode 'ap'
        option ssid 'Guest'
        option isolate '1'
        option network 'guest'
        option encryption 'none'

DHCP disabled on all interfaces as the main router is the DHCP server.

/etc/config/chilli

config chilli
    option tundev 'tun0'
    option network ''
    option debug 9
    option radiusserver1 radius.my2domain.com
    option radiusserver2 radius.my2domain.com
    option radiussecret testing123
    option dhcpif br-guest
    option lease 600
    option uamserver https://www.mydomain.com/hotspotlogin
    option uamsecret ################
    # allow all DNS while testing
    option uamanydns

Any tutorials that could cover this kind of setups. Or any updated for normal setups?

2

Have you consulted the guide in Openwrt documentation?
Or maybe this guide?

Are the clients able to connect on the wifi and get dhcp settings?

3

Yes, I have. With no success.

Tried to make it more simple too, but no success. dhcpif=wlan1-2 straight to wireless without bridge.

I drew a sketch:
CoovaChilli%20network

Config:

config chilli
    option tundev 'tun0'
    option network ''
    option debug 9
    option dns1 10.100.0.254
    option dns2 10.100.0.254
    option radiusserver1 radius.external-domain.fi
    option radiusserver2 radius.external-domain.fi
    option radiussecret testing123
    option radiusnasid nas01
    option radiuslocationid isocc=fi,cc=1,ac=408,network=ACMEWISP_NewarkAirport
    option radiuslocationname ACMEWISP,Gate_14_Terminal_C_of_Newark_Airport

    option dhcpif br-coova
    option lease 600

    option uamserver https://www.another-domain.fi/hotspotlogin
    option uamsecret hidden_secret
    option uamallowed www.chillispot.org,10.100.0.0/24
    option uamdomain .chillispot.org,.coova.org
    option uamanydns

    option ipup '/etc/chilli/up.sh'
    option ipdown '/etc/chilli/down.sh'

But no network so no DNS resolves. Clients do get IPs from 192.168.182.0 network.

Perhaps a so basic issue that I do not see it. Bridging wlan1-2 straight to br-guest and everything works, so nothing wrong there. I do not think it is a masquerading issue either.

4

Well, I hope you got it figured out in the last 5 years, but to any that have this problem in the future,the behavior in coovachilli is correct (getting ips from 192.168.182.0 network but no network no dns)... unless you have line in /etc/chilli/config that says

hs_lan_access="allow"

then it works ok.

1 Like