coova chilli with local authentification
After much research I did not get anything that would lead me to run a hotspot with internal authentication in Openwrt.
After several fruitless days, there is no other option unless ask for the teachings of the forum experts
This topic explains how to use chilli with free radius, however, I believe that just like me, many would like to use the tool with local authentification:
https://wiki.openwrt.org/doc/howto/wire … ova-chilli
config chilli
# option disabled 1
# Your HotSpotSystem account details
option radiusnasid "xxxxxxxxx"
option radiussecret "xxxxxxxxx"
option uamsecret "xxxxxxxxx"
# WISPr settings
# It is possible your provider has specific demands on these values. But for WISPr the values are
# as shown below. (cc=2-digit ISO country; idd=phone-country;ac=phone-area-code)
# example: "isocc=se,cc=46,ac=584,network=CampingTiveden"
# the <SSID> does not actually need to be the SSID, but WISPr RFC calls it SSID
# the <sub-id> is just so you know which device on your network gave the problem. Can be Alfanumeric.
option locationname "<human readible location name>"
option radiuslocationname "<SSID>,<sub-ID>"
option radiuslocationid "isocc=<cc>,cc=<idd>,ac=<ac>,network=<SSID>"
# Radius parameters (change to the one for your provider)
option radiusserver1 radius.hotspotsystem.com
option radiusserver2 radius2.hotspotsystem.com
# Your device's LAN interface on which to put the hotspot
option dhcpif br-lan # Subscriber Interface for client devices
# set DNS to whatever is fastest. On slow saturated lines, best use your local router for caching.
# on fast & wide lines, use or Google or your ISP's dns, whichever is fastest
option dns1 8.8.8.8
option dns2 8.8.4.4
# Tunnel and Subnet
option tundev 'tun0'
option net 192.168.180.0/22 # For 1000 addresses. Default is 182/24 subnet
option uamlisten 192.168.182.1 # keep it at 182.1 despite the 180/22 subnet
option lease 86400 # 1 day
option leaseplus 600 # plus 10 minutes
# Universal access method (UAM) parameters
option uamserver "https://customer.hotspotsystem.com/customer/hotspotlogin.php"
option uamuiport 4990 # HotSpot UAM "UI" Port (on subscriber network)
option uamanydns 1
#option uamaliasip 1.0.0.1 # default: http://1.0.0.1 will goto login page
option uamaliasname login # http://login will goto login page
#option uamlogoutip 1.0.0.0 # default: http://1.0.0.0 will logout
# # default: http://logout will logout
option nouamsuccess 1 # no success page, to original requested URL
# Hosts; services; network segments the client can access without first authenticating (walled garden)
# Hosts are evaluated every 'interval', but this does not work well on multi-homed (multi-IP'ed) hosts, use IP instead.
option uamallowed "customer.hotspotsystem.com,www.directebanking.com,betalen.rabobank.nl,ideal.ing.nl,ideal.abnamro.nl,www.ing.nl"
# Domain suffixes the client can access without first authenticating (walled garden)
# Host on the domain are checked by spying on DNS requests, so this does work for multi-homed hosts too.
option uamdomain ".paypal.com,.paypalobjects.com,.worldpay.com,.rbsworldpay.com,.adyen.com,.hotspotsystem.com"
# Various debug and optimization values
option swapoctets 1 # swap input and output octets
option interval 3600 # config file and host lookup refresh
# Add the chilli firewall rules
option ipup '/etc/chilli/up.sh'
option ipdown '/etc/chilli/down.sh'In my searches, I found the mention of the localuser option that supposedly would activate the feature but could not make it work, and did not see any login page.
option localusers '/etc/chilli/localusers'
option radiusserver1 '127.0.0.1'vi /etc/chilli/localusers
user:password
Could someone explain what could be done? I'm sure it would help countless people use this great feature in Openwrt.
(Last edited by murilo.xd on 7 Oct 2017, 17:06)