Line 1: |
Line 1: |
| {{Languages}} | | {{Languages}} |
| + | |
| + | |
| ===Maintainer=== | | ===Maintainer=== |
− | [[User:VIP-ire|Daniel B.]]<br/> | + | [mailto:daniel@firewall-services.com[[User:VIP-ire|Daniel B.]]] from [http://www.firewall-services.com Firewall Services] |
− | [http://www.firewall-services.com Firewall Services]<br> | + | |
− | mailto:daniel@firewall-services.com
| + | === Version === |
| + | |
| + | {{ #smeversion: smeserver-coova-chilli }} |
| + | {{ #smeversion: coova-chilli }} |
| | | |
| === Description === | | === Description === |
Line 51: |
Line 56: |
| *Attach an AP | | *Attach an AP |
| | | |
− | The final step is to connect an AP on the NIC. I'm talking about a AP and not a router. If you have a WiFi router, it is possible to work if these conditions are met: | + | The final step is to connect an AP on the NIC. I'm talking about a AP and not a router. If you have a WiFi router, it is possible to make it work if these conditions are met: |
| | | |
| **Dhcp is disabled on the router | | **Dhcp is disabled on the router |
Line 60: |
Line 65: |
| | | |
| *Login | | *Login |
− | Connect a client, and try to open a web page, you should fall on a page like this: | + | Connect a client, and try to open a web page, you should be redirected on a page like this one: |
| | | |
| [[Image:ChilliLogin-noguest.jpg]] | | [[Image:ChilliLogin-noguest.jpg]] |
Line 91: |
Line 96: |
| *'''net''': the network range to use. The server uses the first IP available from the network (and thus default 10.1.0.1) and provide clients with addresses in this range. | | *'''net''': the network range to use. The server uses the first IP available from the network (and thus default 10.1.0.1) and provide clients with addresses in this range. |
| | | |
− | *'''status''': there's no trap that defined the state of service, and whether it should be started when the server boots up. | + | *'''status''': there's no trap, this key defines the state of service, and whether it should be started when the server boots up. |
| | | |
| *'''tundev''': defines the tun interface to use (chilli mask the real interface eth2 and the system sees the traffic as comming from a tun interface). | | *'''tundev''': defines the tun interface to use (chilli mask the real interface eth2 and the system sees the traffic as comming from a tun interface). |
| By default, tun0, you can change if tun0 is already used for a VPN for example. | | By default, tun0, you can change if tun0 is already used for a VPN for example. |
| + | |
| + | *'''uamhomepage''': URL of homepage to redirect unauthenticated users to. If not specified this defaults to the login page |
| | | |
| *'''uamallowed''': A list of host that will be accessible before authentication. It can be a simple list of host, or a list of the form host:port, or protocol:host, or protocol:host:port | | *'''uamallowed''': A list of host that will be accessible before authentication. It can be a simple list of host, or a list of the form host:port, or protocol:host, or protocol:host:port |
Line 116: |
Line 123: |
| | | |
| *'''guestUpLink''': if guestAccess is enabled, this will limit the uplink bandwidth for guest user (in kbps) | | *'''guestUpLink''': if guestAccess is enabled, this will limit the uplink bandwidth for guest user (in kbps) |
| + | |
| + | *'''noc2c''': can be enabled or disabled (default is enabled). If enabled, clients will get a /32 netmask, and a special route will be added so they can contact the gateway. This prevent direct client to client communication. Note that it's a layer 3 isolation, a better way to prevent client to client is a layer 2 isolation, some AP and switch provides this. |
| + | |
| + | *'''macallowed''': A comma separated list of MAC addresses which won't need to authenticate |
| | | |
| After you've changed the configuration, just run the command | | After you've changed the configuration, just run the command |
Line 162: |
Line 173: |
| $uplink = $uplink * 1000; | | $uplink = $uplink * 1000; |
| $OUT =<<END; | | $OUT =<<END; |
− | guest NAS-Identify == "chilli", Auth-Type: = Local User-Password == 'guest' | + | guest NAS-Identify == "localhost", Auth-Type: = Local User-Password == 'guest' |
| WISPr-Bandwidth-Max-Down = $downlink, WISPr-Bandwidth-Max-Up = $uplink | | WISPr-Bandwidth-Max-Down = $downlink, WISPr-Bandwidth-Max-Up = $uplink |
| END | | END |
| if (($chilli{'status'} || 'disabled') eq' enabled ') { | | if (($chilli{'status'} || 'disabled') eq' enabled ') { |
| $OUT = <<END; | | $OUT = <<END; |
− | DEFAULT Group == "chilli", NAS-Identify == "chilli", Auth-Type: = unix | + | DEFAULT Group == "chilli", NAS-Identify == "localhost", Auth-Type: = unix |
| # WISPr-Bandwidth-Max-Down = 512000, WISPr-Bandwidth-Max-Up = 128000 | | # WISPr-Bandwidth-Max-Down = 512000, WISPr-Bandwidth-Max-Up = 128000 |
| | | |
− | DEFAULT Group! = "chilli", NAS-Identify == "chilli", Auth-Type: Reject = | + | DEFAULT Group! = "chilli", NAS-Identify == "localhost", Auth-Type: Reject = |
| Reply Message = "Your are not allowed member of the group" | | Reply Message = "Your are not allowed member of the group" |
| END | | END |
Line 186: |
Line 197: |
| $uplink = $uplink * 1000; | | $uplink = $uplink * 1000; |
| $OUT =<<END; | | $OUT =<<END; |
− | guest NAS-Identify == "chilli", Auth-Type: = Local User-Password == 'guest' | + | guest NAS-Identify == "localhost", Auth-Type: = Local User-Password == 'guest' |
| WISPr-Bandwidth-Max-Down = $downlink, WISPr-Bandwidth-Max-Up = $uplink | | WISPr-Bandwidth-Max-Down = $downlink, WISPr-Bandwidth-Max-Up = $uplink |
| END | | END |
| if (($chilli{'status'} || 'disabled') eq' enabled ') { | | if (($chilli{'status'} || 'disabled') eq' enabled ') { |
| $OUT = <<END; | | $OUT = <<END; |
− | DEFAULT Group == "'''wifi'''", NAS-Identify == "chilli", Auth-Type: = unix | + | DEFAULT Group == "'''wifi'''", NAS-Identify == "localhost", Auth-Type: = unix |
| # WISPr-Bandwidth-Max-Down = 512000, WISPr-Bandwidth-Max-Up = 128000 | | # WISPr-Bandwidth-Max-Down = 512000, WISPr-Bandwidth-Max-Up = 128000 |
− | DEFAULT Group! = "'''wifi'''", NAS-Identify == "chilli", Auth-Type: Reject = | + | DEFAULT Group! = "'''wifi'''", NAS-Identify == "localhost", Auth-Type: Reject = |
| Reply Message = "Your are not allowed member of the group" | | Reply Message = "Your are not allowed member of the group" |
| END | | END |
Line 217: |
Line 228: |
| {{Note box|This will just open the corresponding port(s), you need to make sure the service listen on the correct interface.}} | | {{Note box|This will just open the corresponding port(s), you need to make sure the service listen on the correct interface.}} |
| | | |
− | *AllowedOutgoing will allow more outgoing traffic. It's list of proto/host/port clients will be able to contact on the internet (These rules only apply to forwarded traffic, nothing will be allowed to the private network). Wildcard '*' (or keyword any) can replace host or port. Eg: | + | *AllowedOutgoing will allow more outgoing traffic. It's a list of proto/host/port clients will be able to contact on the internet (These rules only apply to forwarded traffic, nothing will be allowed to the private network). Wildcard '*' (or keyword 'any') can replace host or port. Eg: |
− | db configuration setprop AllowedOutgoing tcp:56.23.41.1:25,udp:*:1194,tcp:4.5.6.7:any,tcp:any:123 | + | db configuration setprop chilli AllowedOutgoing tcp:56.23.41.1:25,udp:*:1194,tcp:4.5.6.7:any,tcp:any:123 |
| | | |
| This will allow: | | This will allow: |
Line 252: |
Line 263: |
| yum remove smeserver-coova-chilli coova-chilli | | yum remove smeserver-coova-chilli coova-chilli |
| | | |
− | === Source ===
| |
− | The source for this contrib can be found in the smeserver [http://smeserver.cvs.sourceforge.net/smeserver/smeserver-coova-chilli/ CVS] on sourceforge.
| |
| === Bugs === | | === Bugs === |
| Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] | | Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] |
| and select the smeserver-coova-chilli component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-coova-chilli|title=this link}} | | and select the smeserver-coova-chilli component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-coova-chilli|title=this link}} |
| | | |
| + | {{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-coova-chilli|noresultsmessage="No open bugs found."}} |
| + | |
| + | |
| + | ===Changelog=== |
| + | Only versions released in smecontrib are listed here. |
| + | |
| + | {{#smechangelog: smeserver-coova-chilli}} |
| ---- | | ---- |
| [[Category:Contrib]] | | [[Category:Contrib]] |
| + | [[Category:Administration:Remote Access]] |