Coova chilli [RESOLVIDO]

Krusth
(usa Fedora)

Enviado em 27/10/2015 - 09:42h

Pessoal estou com o seguinte problema, tenho um portal captivo "funcionando" toda solicitação http redireciona para minha landing page. digamos que quase todas.
o problema esta no android, nas url's que ele solicita para verificar se existe internet ou não.
Pelo meu proxy transparente vi que o coova chilli não esta interceptando essas solicitações que o android faz, ai não acontece o pop-up para fazer login na minha rede.
No exemplo do android essas solicitações passando pelo portal captivo o android não identifica que esta no portal. A solicitação que o windows faz para os mesmos fins estão sendo interceptadas pelo coova chilli.
Sei que posso fazer esse redirect pelo iptables, mas ai ficaria uma gambiarra né.

As url's que estão passando pelo chilli são essas a baixo:
1445883036.189 40 10.20.30.11 TCP_MISS/204 247 GET http://clients3.google.com/generate_204 - DIRECT/201.21.215.109 -
1445883090.815 48 10.20.30.11 TCP_MISS/204 247 GET http://201.21.215.118/generate_204 - DIRECT/201.21.215.118 -

assim esta minha config do coova chilli:

#####################################################################################
# Local Network Configurations
#

HS_WANIF=eth0 # WAN Interface toward the Internet
HS_LANIF=wlan0 # Subscriber Interface for client devices
#HS_LANIF=br-lan # Subscriber Interface for client devices
HS_NETWORK=10.20.30.0 # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0 # HotSpot Network Netmask
HS_UAMLISTEN=10.20.30.1 # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990 # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)

#Start IP Address form chilli (DHCP) 10.20.30.10 - 10.20.30.254
HS_DYNIP=10.20.30.10
HS_DYNIP_MASK=255.255.255.0
#Start IP Address form chilli (Fix IP Address) 10.20.30.2 - 10.20.30.9
HS_STATIP=10.20.30.2
HS_STATIP_MASK=255.255.255.0
#Domain name. It is used to inform the client about the domain name to use for DNS lookups.
#HS_DNS_DOMAIN=

# OpenDNS Servers
HS_DNS1=10.20.30.1
#HS_DNS2=8.8.8.8

###
# HotSpot settings for simple Captive Portal
#
HS_NASID=wifi
HS_RADIUS=127.0.0.1
HS_RADIUS2=127.0.0.1

#--uamallowed=STRING Domain names exempt from access check
#--uamdomain=STRING Domain name allowed (active dns filtering; one per line!)
#HS_UAMALLOW=" "
#HS_UAMALLOW=" "
# Put entire domains in the walled-garden with DNS inspection
#HS_UAMDOMAINS=".paypal.com,.paypalobjects.com"
#HS_UAMDOMAINS=".facebook.com,.facebook.net,.meudominio.com.br"

HS_RADSECRET=pass # Set to be your RADIUS shared secret
HS_UAMSECRET=pass # Set to be your UAM secret
HS_UAMALIASNAME=chilli

# Configure RADIUS proxy support (for 802.1x + captive portal support)
# HS_RADPROXY=on
# HS_RADPROXY_LISTEN=127.0.0.1
# HS_RADPROXY_CLIENT=127.0.0.1
# HS_RADPROXY_PORT=1645
# HS_RADPROXY_SECRET=$HS_RADSECRET
# Example OpenWrt /etc/config/wireless entry for hostapd
# option encryption wpa2
# option server $HS_RADPROXY_LISTEN
# option port $HS_RADPROXY_PORT
# option key $HS_RADPROXY_SECRET


# To alternatively use a HTTP URL for AAA instead of RADIUS:
# HS_UAMAAAURL=http://my-site/script.php

# Optional initial redirect and RADIUS settings
HS_SSID="wifi" # To send to the captive portal
HS_NASMAC=01 # To explicitly set Called-Station-Id
# HS_NASIP=<ip address> # To explicitly set NAS-IP-Address

# The server to be used in combination with HS_UAMFORMAT to
# create the final chilli 'uamserver' url configuration.
HS_UAMSERVER=$HS_UAMLISTEN

# Use HS_UAMFORMAT to define the actual captive portal url.
# Shell variable replacement takes place when evaluated, so here
# HS_UAMSERVER is escaped and later replaced by the pre-defined
# HS_UAMSERVER to form the actual "--uamserver" option in chilli.
#HS_UAMFORMAT=http://\$HS_UAMLISTEN:\$HS_UAMUIPORT/www/index.html

#HS_UAMFORMAT=http://107.170.185.35/cake2/rd_cake/dynamic_details/chilli_browser_detect/
HS_UAMFORMAT=http://devel.meudominio.com.br/

# Same principal goes for HS_UAMHOMEPAGE.
#HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
#HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/index.html
HS_UAMHOMEPAGE=http://devel.meudominio.com.br/

# This option will be configured to be the WISPr LoginURL as well
# as provide "uamService" to the ChilliController. The UAM Service is
# described in: http://www.coova.org/CoovaChilli/UAMService
#
# HS_UAMSERVICE=


###
# Features not activated per-default (default to off)
#
# HS_RADCONF=off # Get some configurations from RADIUS or a URL ('on' and 'url' respectively)
#
HS_ANYIP=on # Allow any IP address on subscriber LAN
#
HS_MACAUTH=on # To turn on MAC Authentication
#
# HS_MACAUTHDENY=on # Put client in 'drop' state on MAC Auth Access-Reject
#
# HS_MACAUTHMODE=local # To allow MAC Authentication based on macallowed, not RADIUS
#
# HS_MACALLOW="..." # List of MAC addresses to authenticate (comma seperated)
#
# HS_USELOCALUSERS=on # To use the /etc/chilli/localusers file
#
# HS_OPENIDAUTH=on # To inform the RADIUS server to allow OpenID Auth
#
# HS_WPAGUESTS=on # To inform the RADIUS server to allow WPA Guests
#
# HS_DNSPARANOIA=on # To drop DNS packets containing something other
# # than A, CNAME, SOA, or MX records
#
# HS_OPENIDAUTH=on # To inform the RADIUS server to allow OpenID Auth
# # Will also configure the embedded login forms for OpenID
#
# HS_USE_MAP=on # Short hand for allowing the required google
# # sites to use Google maps (adds many google sites!)
#
###
# Other feature settings and their defaults
#
# HS_DEFSESSIONTIMEOUT=600 # Default session-timeout if not defined by RADIUS (0 for unlimited)
#
HS_DEFIDLETIMEOUT=1800 # Default idle-timeout if not defined by RADIUS (0 for unlimited)
#
# HS_DEFBANDWIDTHMAXDOWN=0 # Default WISPr-Bandwidth-Max-Down if not defined by RADIUS (0 for unlimited)
#
# HS_DEFBANDWIDTHMAXUP=0 # Default WISPr-Bandwidth-Max-Up if not defined by RADIUS (0 for unlimited)

###
# Centralized configuration options examples
#
# HS_RADCONF=url # requires curl
# HS_RADCONF_URL=https://coova.org/app/ap/config

# HS_RADCONF=on # gather the ChilliSpot-Config attributes in
# # Administrative-User login
# HS_RADCONF_SERVER=rad01.coova.org # RADIUS Server
# HS_RADCONF_SECRET=coova-anonymous # RADIUS Shared Secret
# HS_RADCONF_AUTHPORT=1812 # Auth port
# HS_RADCONF_USER=chillispot # Username
# HS_RADCONF_PWD=chillispot # Password


###
# Firewall issues
#
# Uncomment the following to add ports to the allowed local ports list
# The up.sh script will allow these local ports to be used, while the default
# is to block all unwanted traffic to the tun/tap.
#
HS_TCP_PORTS="80 443 22 1812 67 8000 53 3128"

###
# Standard configurations
#
HS_MODE=hotspot
HS_TYPE=chillispot
# HS_RADAUTH=1812
# HS_RADACCT=1813
# HS_ADMUSR=chillispot
# HS_ADMPWD=chillispot


###
# Post-Auth proxy settings
#
#HS_POSTAUTH_PROXY=10.20.30.1
#HS_POSTAUTH_PROXYPORT=3128

# http://coova.org/node/4244
# http://blog.trifork.com/2013/01/15/building-a-captive-portal-controlling-access-to-the-internet-from...
# http://uz.sns.it/~enrico/wordpress/category/networking/coova-chilli/
#HS_UAMUISSL=on
#HS_REDIRSSL=on
#HS_SSLKEYFILE='/etc/chilli/ssl/teste.pem'
#HS_SSLCERTFILE='/etc/chilli/ssl/teste.pem'

# Directory specifying where internal web pages can be served
# by chilli with url /www/<file name>. Only extentions like .html
# .jpg, .gif, .png, .js are allowed. See below for using .chi as a
# CGI extension.
HS_WWWDIR=/etc/chilli/www

# Using this option assumes 'haserl' is installed per-default
# but, and CGI type program can ran from wwwsh to process requests
# to chilli with url /www/filename.chi
HS_WWWBIN=/etc/chilli/wwwsh

# Some configurations used in certain user interfaces
#
HS_PROVIDER=RADIUSdesk
HS_PROVIDER_LINK=http:/www.meudominio.com.br/


###
# WISPr RADIUS Attribute support
#

HS_LOC_NAME="Wifi" # WISPr Location Name and used in portal

# WISPr settings (to form a proper WISPr-Location-Id)
HS_LOC_NETWORK="Wifi_Network" # Network name
HS_LOC_AC=234 # Phone area code
HS_LOC_CC=1 # Phone country code
HS_LOC_ISOCC=BR # ISO Country code

HS_COAPORT=3799

# Embedded miniportal
# HS_REG_MODE="tos" # or self, other
# HS_RAD_PROTO="pap" # or mschapv2, chap
# HS_USE_MAP=on

# Config adicional em teste
# http://coova.org/node/4756
# default do chilli é layer 2, usando MAC, com modo layer 3 ele usa os IPs
# http://www.coova.org/node/4656
# Layer3 Only = While discussing new features, one that is maturing nicely is Layer3 Only operation.
# Traditionally, CoovaChilli only operated at a Layer2 level - directly handling all ARP and DHCP.
# Internally, chilli maintains a one-to-one relationship between MAC address and IP address of subscribers.
# When you build with --enable-layer3 (and run with run-time argument --layer3) this all changes.
# CoovaChilli will no longer handle Layer2 and will only track subscriber sessions based on IP address.
HS_LAYER3=off
#####################################################################################


Desde já agradeço se aguem puder dar um luz.

Krusth
(usa Fedora)

Enviado em 29/10/2015 - 11:30h

Foi adicionada as seguintes linhas no /etc/chilli/functions

addconfig1 "dnsparanoia"
addconfig1 "redirdnsreq"

No arquivo de configuração do chilli você não vai encontrar essas opções , mas se executar o comando
#:chilli --help

irá listar todas opções e nelas se encontra essas linhas que foi adicionadas.

edipox
(usa Outra)

Enviado em 19/05/2016 - 17:13h

Krusth meu amigo, voce poderia me ajudar? Aonde exatamente dentro de /etc/chilli/functions voce agregou essas linhas?

Krusth
(usa Fedora)

Enviado em 20/05/2016 - 22:04h

Executa o comando #chilli --help primeiro para ver se a opção aparece para vc.
As linhas são adicionadas no /etc/chilli/config