OpenWrt Forum Archive

Topic: Any one has experience on how to setup chilli on kamikaze?

The content of this topic has been archived on 21 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Any one has experience on how to setup chilli on kamikaze?

Does anybody know this?

Thanks.

i just began to look into this..will see how far i can get.
so far after installing chillispot, i need put a hotspotlogin under /www, i install freeradius locally as well.

Hi guys
I'm new on this world, I'm not a guru, I'm starting with ervery  this of embed linux and linux, so take care, I did install the chilli without problems, but remember, I don't have enough knowledge.

Ok I did this....
first time edit /etc/config/network
and modify the vlan configuration
here is mi file

 
#### VLAN configuration 
config switch eth0
    option vlan0    "1 2 3 5*"
    option vlan1    "4 5"
    option vlan2    "0 5"

#### Loopback configuration
config interface loopback
    option ifname    "lo"
    option proto    static
    option ipaddr    127.0.0.1
    option netmask    255.0.0.0


#### LAN configuration
config interface lan
    option type     bridge
    option ifname    "eth0.0"
    option proto    static
    option ipaddr    192.168.1.1
    option netmask    255.255.255.0


#### WAN configuration
config interface    wan
    option ifname    "eth0.1"
    option proto    dhcp

here is my /etc/config/wireless too, take a look, you need comment option network

config wifi-device  wl0
    option type     broadcom
    option channel  5

    # REMOVE THIS LINE TO ENABLE WIFI:
    option disabled 0

config wifi-iface
    option device   wl0
#    option network    lan
    option mode     adhoc
    option ssid     OpenWrt
    option encryption none

I did use option mode adhoc because i trying to run olsrd to with all this, but you can use "option mode ap"

next we need change the firewall rules, I did the easy job, only copy the configuration of lan for wifi
so edit /etc/firewall.user to add the lines
here is my /etc/firewall.user

#!/bin/sh
# Copyright (C) 2006 OpenWrt.org

iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule

# The following chains are for traffic directed at the IP of the 
# WAN interface

iptables -F input_wan
iptables -F forwarding_wan
iptables -t nat -F prerouting_wan

### Open port to WAN
## -- This allows port 22 to be answered by (dropbear on) the router
# iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT 
# iptables        -A input_wan      -p tcp --dport 22 -j ACCEPT

### Port forwarding
## -- This forwards port 8080 on the WAN to port 80 on 192.168.1.2
# iptables -t nat -A prerouting_wan -p tcp --dport 8080 -j DNAT --to 192.168.1.2:80
# iptables        -A forwarding_wan -p tcp --dport 80 -d 192.168.1.2 -j ACCEPT

### DMZ
## -- Connections to ports not handled above will be forwarded to 192.168.1.2
# iptables -t nat -A prerouting_wan -j DNAT --to 192.168.1.2
# iptables        -A forwarding_wan -d 192.168.1.2 -j ACCEPT
### Chilli
WIFI="wl0"
iptables -A INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT

iptables -N WIFI_ACCEPT
[ -z "$WAN" ] || iptables -A WIFI_ACCEPT -i "$WAN" -j RETURN
[ -z "$WANDEV" -o "$WANDEV" = "$WAN" ] || iptables -A WIFI_ACCEPT -i "$WANDEV" -j RETURN
iptables -A WIFI_ACCEPT -j ACCEPT

iptables -A INPUT -j WIFI_ACCEPT    # allow from lan/wifi interfaces 

iptables -A FORWARD -i $WIFI -o $WIFI -j ACCEPT
[ -z "$WAN" ] || iptables -A FORWARD -i $WIFI -o $WAN -j ACCEPT

after is more easy job, install the chilli and configure it

ipkg update
ipkg install chillispot

edit /etc/chilli.conf
the more important is the interface of wireless. In my case is wl0 because I have a linksys WRT54GL, take care with other routers maybe you need change that.

dhcpif wl0

and remember put the right uamsecret and radiussecret

here is my file

##############################################################################
#
# Sample ChilliSpot configuration file
#
##############################################################################

# TAG: fg
# Include this flag if process is to run in the foreground
#fg

# TAG: debug
# Include this flag to include debug information.
#debug

# TAG: interval
# Re-read configuration file at this interval. Will also cause new domain
# name lookups to be performed. Value is given in seconds.
#interval 3600

# TAG: pidfile
# File to store information about the process id of the program.
# The program must have write access to this file/directory.
#pidfile /var/run/chilli.pid

# TAG: statedir
# Directory to use for nonvolatile storage.
# The program must have write access to this directory.
# This tag is currently ignored
#statedir ./


# TUN parameters

# TAG: net
# IP network address of external packet data network
# Used to allocate dynamic IP addresses and set up routing.
# Normally you do not need to uncomment this tag.
#net 192.168.182.0/24

# TAG: dynip
# Dynamic IP address pool
# Used to allocate dynamic IP addresses to clients.
# If not set it defaults to the net tag.
# Do not uncomment this tag unless you are an experienced user!
#dynip 192.168.182.0/24

# TAG: statip
# Static IP address pool
# Used to allocate static IP addresses to clients.
# Do not uncomment this tag unless you are an experienced user!
#statip 192.168.182.0/24


# TAG: dns1
# Primary DNS server.
# Will be suggested to the client. 
# If omitted the system default will be used.
# Normally you do not need to uncomment this tag.
dns1 172.16.0.5

# TAG: dns2
# Secondary DNS server.
# Will be suggested to the client.
# If omitted the system default will be used.
# Normally you do not need to uncomment this tag.
dns2 172.16.0.6

# TAG: domain
# Domain name
# Will be suggested to the client.
# Normally you do not need to uncomment this tag.
#domain key.chillispot.org

# TAG: ipup
# Script executed after network interface has been brought up.
# Executed with the following parameters: <devicename> <ip address>
# <mask>
# Normally you do not need to uncomment this tag.
#ipup /etc/chilli.ipup

# TAG: ipdown
# Script executed after network interface has been taken down.
# Executed with the following parameters: <devicename> <ip address>
# <mask>
# Normally you do not need to uncomment this tag.
#ipdown /etc/chilli.ipdown

# TAG: conup
# Script executed after a user has been authenticated.
# Executed with the following parameters: <devicename> <ip address>
# <mask> <user ip address> <user mac address> <filter ID>
# Normally you do not need to uncomment this tag.
#conup /etc/chilli.conup

# TAG: conup
# Script executed after a user has disconnected.
# Executed with the following parameters: <devicename> <ip address>
# <mask> <user ip address> <user mac address> <filter ID>
# Normally you do not need to uncomment this tag.
#conup /etc/chilli.condown


# Radius parameters

# TAG: radiuslisten
# IP address to listen to
# Normally you do not need to uncomment this tag.
#radiuslisten 127.0.0.1

# TAG: radiusserver1
# IP address of radius server 1
# For most installations you need to modify this tag.
#radiusserver1 rad01.chillispot.org
#You can use an IP
radiusserver1 rad01.YourRadiusServer.org

# TAG: radiusserver2
# IP address of radius server 2
# If you have only one radius server you should set radiusserver2 to the
# same value as radiusserver1.
# For most installations you need to modify this tag.
#radiusserver2 rad02.chilispot.org
#You can use an IP
radiusserver2 rad02.YourRadiusServer.org

# TAG: radiusauthport
# Radius authentication port
# The UDP port number to use for radius authentication requests.
# The same port number is used for both radiusserver1 and radiusserver2.
# Normally you do not need to uncomment this tag.
#radiusauthport 1812

# TAG: radiusacctport
# Radius accounting port
# The UDP port number to use for radius accounting requests.
# The same port number is used for both radiusserver1 and radiusserver2.
# Normally you do not need to uncomment this tag.
#radiusacctport 1813

# TAG: radiussecret
# Radius shared secret for both servers
# For all installations you should modify this tag.
#radiussecret testing123
radiussecret YourRadiusSecret

# TAG: radiusnasid
# Radius NAS-Identifier
# Normally you do not need to uncomment this tag.
#radiusnasid nas01

# TAG: radiusnasip
# Radius NAS-IP-Address
# Normally you do not need to uncomment this tag.
#radiusnasip 127.0.0.1

# TAG: radiuscalled
# Radius Called-Station-ID
# Normally you do not need to uncomment this tag.
#radiuscalled 00133300

# TAG: radiuslocationid
# WISPr Location ID. Should be in the format: isocc=<ISO_Country_Code>,
# cc=<E.164_Country_Code>,ac=<E.164_Area_Code>,network=<ssid/ZONE>
# Normally you do not need to uncomment this tag.
#radiuslocationid isocc=us,cc=1,ac=408,network=ACMEWISP_NewarkAirport

# TAG: radiuslocationname
# WISPr Location Name. Should be in the format: 
# <HOTSPOT_OPERATOR_NAME>,<LOCATION>
# Normally you do not need to uncomment this tag.
#radiuslocationname ACMEWISP,Gate_14_Terminal_C_of_Newark_Airport


# Radius proxy parameters

# TAG: proxylisten
# IP address to listen to
# Normally you do not need to uncomment this tag.
#proxylisten 10.0.0.1

# TAG: proxyport
# UDP port to listen to. 
# If not specified a port will be selected by the system
# Normally you do not need to uncomment this tag.
#proxyport 1645

# TAG: proxyclient
# Client(s) from which we accept radius requests
# Normally you do not need to uncomment this tag.
#proxyclient 10.0.0.1/24

# TAG: proxysecret
# Radius proxy shared secret for all clients
# If not specified defaults to radiussecret
# Normally you do not need to uncomment this tag.
#proxysecret testing123


# Remote configuration management

# TAG: confusername
# If confusername is specified together with confpassword chillispot
# will at regular intervals specified by the interval option query the
# radius server for configuration information.
# Normally you do not need to uncomment this tag.
#confusername conf

# TAG: confpassword
# If confusername is specified together with confpassword chillispot
# will at regular intervals specified by the interval option query the
# radius server for configuration information.
# Normally you do not need to uncomment this tag.
#confpassword secret


# DHCP Parameters

# TAG: dhcpif
# Ethernet interface to listen to.
# This is the network interface which is connected to the access points.
# In a typical configuration this tag should be set to eth1.
dhcpif wl0

# TAG: dhcpmac
# Use specified MAC address.
# An address in the range  00:00:5E:00:02:00 - 00:00:5E:FF:FF:FF falls
# within the IANA range of addresses and is not allocated for other
# purposes.
# Normally you do not need to uncomment this tag.
#dhcpmac 00:00:5E:00:02:00

# TAG: lease
# Time before DHCP lease expires
# Normally you do not need to uncomment this tag.
#lease 600


# Universal access method (UAM) parameters

# TAG: uamserver
# URL of web server handling authentication.
#uamserver http://www.internet-wifi.com.ar/hotspotlogin_m.php
uamserver https://your.uamserver/hotspotlogin

# TAG: uamhomepage
# URL of welcome homepage.
# Unauthenticated users will be redirected to this URL. If not specified
# users will be redirected to the uamserver instead.
# Normally you do not need to uncomment this tag.
#uamhomepage http://192.168.182.1/welcome.html

# TAG: uamsecret
# Shared between chilli and authentication web server
#uamsecret ht2eb8ej6s4et3rg1ulp
uamsecret YourUamSecret

# TAG: uamlisten
# IP address to listen to for authentication requests
# Do not uncomment this tag unless you are an experienced user!
#uamlisten 192.168.182.1

# TAG: uamport
# TCP port to listen to for authentication requests
# Do not uncomment this tag unless you are an experienced user!
#uamport 3990

# TAG: uamallowed
# Comma separated list of domain names, IP addresses or network segments
# the client can access without first authenticating.
# It is possible to specify this tag multiple times.
# Normally you do not need to uncomment this tag.
#uamallowed www.chillispot.org,10.11.12.0/24
#uamallowed www.internet-wifi.com.ar,10.0.0.0/8,172.16.0.0/24
uamallowed www.yoursallowedsi.sites,10.0.0.0/8,172.16.0.0/24

# TAG: uamanydns
# If this flag is given unauthenticated users are allowed to use
# any DNS server.
# Normally you do not need to uncomment this tag.
#uamanydns
uamanydns


# MAC authentication

# TAG: macauth
# If this flag is given users will be authenticated only on their MAC
# address.
# Normally you do not need to uncomment this tag.
#macauth

# TAG: macallowed
# List of MAC addresses.
# The MAC addresses specified in this list will be authenticated only on
# their MAC address.
# This tag is ignored if the macauth tag is given.
# It is possible to specify this tag multiple times.
# Normally you do not need to uncomment this tag.
#macallowed 00-0A-5E-AC-BE-51,00-30-1B-3C-32-E9

# TAG: macpasswd
# Password to use for MAC authentication.
# Normally you do not need to uncomment this tag.
#macpasswd password

# TAG: macsuffix
# Suffix to add to MAC address in order to form the username.
# Normally you do not need to uncomment this tag.
#macsuffix suffix

Ok, guys that's it...
with this every work, but remember, maybe I did something wron

Good luck

I installed and configured Chillispot on my AP, in order to let it act as an hotspot.

Everything seems to be ok, except a not so little problem: Chillispot is unable to dinamically assign an IP to an associate device. More precisely, running Chillispot in debug mode, it says the address has been successfully assigned, but on the device side no IP has been got.
If I try to statically assign the mentioned IP to the device, Chillispot correctly forwards every packet received from it to link layer.

I also tried to stop Chillispot and run udhcp in order to check if my AP was able to dinamically assign an IP with the same Iptables rules (all INPUT, OUTPUT and FORWARD traffic allowed and /proc/sys/net/ipv4/ip_forward file set to 1), and udhcp correctly ran.
DNS IP addresses are correctly running and set both in /etc/config/network and /etc/resolv.conf.

What are the most frequent causes of dhcp requests failure on Chillispot?
Any help is appreciated.
Thank you

N.B. I'm using a Meraki Mini. The almost whole part of the examples I saw deals with Linksys WRT54 series...

(Last edited by ggp81 on 10 Sep 2007, 17:20)

The chilli do not work if in anothe dhcp is working on chillispot-interface, so you must be sure what dhcp don´t see the chillispot-interface in your case ath0
But anyway if your ath0 is in same vlan than your lan the remote device get an IP from lan and the remote client can´t  work.

Please check if your tun0 ifup.
I had that problem only when the tun0 is not running.

If tun0 is not runnig, your dhcpif seting it's wrong.

tun0 is up sad

root@OpenWrt:~# ifconfig

ath0      Link encap:Ethernet  HWaddr 00:18:**:**:**:**
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

ath1      Link encap:Ethernet  HWaddr 06:18:**:**:**:**
          UP BROADCAST RUNNING MULTICAST  MTU:2290  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0      Link encap:Ethernet  HWaddr 00:18:**:**:**:**
          inet addr:10.20.20.100  Bcast:10.255.255.255  Mask:255.0.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:453 errors:0 dropped:0 overruns:0 frame:0
          TX packets:276 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:47417 (46.3 KiB)  TX bytes:39925 (38.9 KiB)
          Interrupt:4 Base address:0x1000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:28 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1815 (1.7 KiB)  TX bytes:1815 (1.7 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.101.101.1  P-t-P:10.101.101.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wifi0     Link encap:Ethernet  HWaddr 00:18:**:**:**:**
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2219 errors:0 dropped:0 overruns:0 frame:620
          TX packets:143 errors:32 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:199
          RX bytes:182128 (177.8 KiB)  TX bytes:17882 (17.4 KiB)
          Interrupt:3 Memory:b0000000-b00ffffc

I will need to create a bridge between eth0 and ath0, but at first I would like to fix dhcp problem. Dhcp doesn't run with the mentioned bridge enabled

(Last edited by ggp81 on 11 Sep 2007, 09:02)

Hi ggp81,
No, if you create a bridge betwen your lan and your wifi, chilli's DHCP will not work.
What I did to find the way to run chilli.
1. Install a clean firmware from Openwrt.
2. With basic configuration, I did change the VLAN configuration until wifi don´t give me an IP address.
3. Install chilli and configure it,
   In your case I guess you need in dhcpif wifi0

Ok, I'm not sure what is each interface in your hardware, but I gues the problem is in your network configuration, try with anothe Mask in your eth0 something like 255.255.255.0, or in chilli configuration change the network configuration.
I'm speak spanish, If my english is not easy to understand maybe you understand spanish...
I guess is a good idea, if you try to put to work everything with basic configuration first and after change IP's and everything.

I understood your English without problems, so you can speak English. We have anyway to speak English as the rules of this forum say.
The chilli.conf seems to be ok, because I tested it on DD-WRT on the same device and works correctly (so "dhcpif ath0" is correct).

I tried with an almost basic OpenWrt (I just edited and tested /etc/config/network and /etc/config/wireless, and they would not have problems). Maybe I lack some iptables rules or modules?

#!/bin/sh

iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ath0 -j MASQUERADE
iptables -A INPUT -i eth0 -p icmp -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

Thanks

Ok.
First remember DD-WRT is WhiteRussian distrubution and DD-WRT define the interface as his way and It define others bridges.
I´m looking your iptables and I don´t understand...
Your WAN interface is ath0?
I guess your WAN interface is eth0...
Anyway take a look to my firewall

fofware wrote:

Ok.
First remember DD-WRT is WhiteRussian distrubution and DD-WRT define the interface as his way and It define others bridges.

DD-WRT defines br0 interface which is a bridge between eth0 and ath0. I don't need this bridge, so I removed it.

fofware wrote:

I´m looking your iptables and I don´t understand...

These rules work for me on DD-WRT:

iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -A PREROUTING -p tcp -m tcp -d 10.20.20.100 --dport 8989 -j DNAT --to-destination 192.168.1.1:443
iptables -t nat -A PREROUTING -p icmp -d 10.20.20.100 -j DNAT --to-destination 192.168.1.1
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -I INPUT -m state --state NEW -i tun0 -j ACCEPT
iptables -I FORWARD -s 192.168.1.0/255.255.255.0 -d  0/0 -j REJECT
fofware wrote:

Your WAN interface is ath0?
I guess your WAN interface is eth0...
Anyway take a look to my firewall

ath0 (192.168.1.1) is Wi-Fi. My aim is to set ath0 as dhcpif (Wi-Fi association).
My AP is on the same LAN of the gateway, so that it can connect itself to Internet. So eth0 (LAN) is set to 10.20.20.100, and i put my test RADIUS server on the same 10.20.20.* network.
But the rules would be ok, because they correctly work on the DD-WRT. I don't think this is my problem.

Thanks.

It sounds like a Kamikaze-2.6 issue, because I tried Chillispot on a brcm-2.4 and I had not this problem!
Does anybody tried to run Chillispot on an OpenWrt box and 2.6 kernel?
Thanks

Hi ggp81

Your iptables masquerading all trafic from 192.168.1.0/24 to your ath0. This interface is your wifi
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ath0 -j MASQUERADE

I guess you need masquerading all trafic to your bridge
like DD-WRT, and me
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


I guess is the same for all plataform

It sounds to be an issue dealing with the platform.
With the same settings DHCP works on Linksys WRT54GL and on Compex WP54, but doesn't appear to work on Meraki Mini sad

I did find a mistake in my configuration
In /etc/config/network the vlan2 is not necessary

so the good /etc/config/network is

#### VLAN configuration 
config switch eth0
    option vlan0    '0 1 2 3 5*'
    option vlan1    '4 5'

#### Loopback configuration
config interface loopback
    option ifname    "lo"
    option proto    static
    option ipaddr    127.0.0.1
    option netmask    255.0.0.0


#### LAN configuration
config interface lan
    option type     bridge
    option ifname    "eth0.0"
    option proto    static
    option ipaddr    192.168.1.1
    option netmask    255.255.255.0


#### WAN configuration
config interface    wan
    option ifname    "eth0.1"
    option proto    dhcp

The discussion might have continued from here.