Line 96: |
Line 96: |
| *'''net''': the network range to use. The server uses the first IP available from the network (and thus default 10.1.0.1) and provide clients with addresses in this range. | | *'''net''': the network range to use. The server uses the first IP available from the network (and thus default 10.1.0.1) and provide clients with addresses in this range. |
| | | |
− | *'''status''': there's no trap that defined the state of service, and whether it should be started when the server boots up. | + | *'''status''': there's no trap, this key defines the state of service, and whether it should be started when the server boots up. |
| | | |
| *'''tundev''': defines the tun interface to use (chilli mask the real interface eth2 and the system sees the traffic as comming from a tun interface). | | *'''tundev''': defines the tun interface to use (chilli mask the real interface eth2 and the system sees the traffic as comming from a tun interface). |
| By default, tun0, you can change if tun0 is already used for a VPN for example. | | By default, tun0, you can change if tun0 is already used for a VPN for example. |
| + | |
| + | *'''uamhomepage''': URL of homepage to redirect unauthenticated users to. If not specified this defaults to the login page |
| | | |
| *'''uamallowed''': A list of host that will be accessible before authentication. It can be a simple list of host, or a list of the form host:port, or protocol:host, or protocol:host:port | | *'''uamallowed''': A list of host that will be accessible before authentication. It can be a simple list of host, or a list of the form host:port, or protocol:host, or protocol:host:port |
Line 123: |
Line 125: |
| | | |
| *'''noc2c''': can be enabled or disabled (default is enabled). If enabled, clients will get a /32 netmask, and a special route will be added so they can contact the gateway. This prevent direct client to client communication. Note that it's a layer 3 isolation, a better way to prevent client to client is a layer 2 isolation, some AP and switch provides this. | | *'''noc2c''': can be enabled or disabled (default is enabled). If enabled, clients will get a /32 netmask, and a special route will be added so they can contact the gateway. This prevent direct client to client communication. Note that it's a layer 3 isolation, a better way to prevent client to client is a layer 2 isolation, some AP and switch provides this. |
| + | |
| + | *'''macallowed''': A comma separated list of MAC addresses which won't need to authenticate |
| | | |
| After you've changed the configuration, just run the command | | After you've changed the configuration, just run the command |
Line 225: |
Line 229: |
| | | |
| *AllowedOutgoing will allow more outgoing traffic. It's a list of proto/host/port clients will be able to contact on the internet (These rules only apply to forwarded traffic, nothing will be allowed to the private network). Wildcard '*' (or keyword 'any') can replace host or port. Eg: | | *AllowedOutgoing will allow more outgoing traffic. It's a list of proto/host/port clients will be able to contact on the internet (These rules only apply to forwarded traffic, nothing will be allowed to the private network). Wildcard '*' (or keyword 'any') can replace host or port. Eg: |
− | db configuration setprop AllowedOutgoing tcp:56.23.41.1:25,udp:*:1194,tcp:4.5.6.7:any,tcp:any:123 | + | db configuration setprop chilli AllowedOutgoing tcp:56.23.41.1:25,udp:*:1194,tcp:4.5.6.7:any,tcp:any:123 |
| | | |
| This will allow: | | This will allow: |
Line 234: |
Line 238: |
| | | |
| {{ Note box|proto can be tcp or udp only for now, there's now way to add icmp rules with db commands.}} | | {{ Note box|proto can be tcp or udp only for now, there's now way to add icmp rules with db commands.}} |
− |
| |
− | === Bypass authentication for a list of Mac addresses ===
| |
− |
| |
− | CoovaChilli has an interesting features which allow the authentication to be bypassed for a list of mac addresses. It can be useful if you want to connect devices without any browser (playstation etc...)
| |
− | To enable this feature, you'll have to create a custom template:
| |
− |
| |
− | mkdir -p /etc/e-smith/templates-custom/etc/chilli.conf
| |
− | vim /etc/e-smith/templates-custom/etc/chilli.conf/99MacAuth
| |
− |
| |
− | And put something like this
| |
− | macallowed 0022431665B3
| |
− | macallowed 0045EF1AF9CC
| |
− | macallowlocal
| |
− |
| |
− | You can use one macallowed directive per mac address, or specify multiple mac addresses, separated by a comma.
| |
− | Once you saved this file, restart chilli with:
| |
− | signal-event chilli-update
| |
− |
| |
− | Now the devices you've specified will be able to connect without authenticating. You should see a line like this one in /var/log/messages when one of this device is connecting:
| |
− | Jun 21 19:36:47 smetest coova-chilli[25483]: chilli.c: 2746: Granted MAC=00-22-47-16-29-AB with IP=10.1.0.10 access without radius auth
| |
| | | |
| === Troubleshoot === | | === Troubleshoot === |
Line 283: |
Line 267: |
| and select the smeserver-coova-chilli component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-coova-chilli|title=this link}} | | and select the smeserver-coova-chilli component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-coova-chilli|title=this link}} |
| | | |
| + | {{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-coova-chilli|noresultsmessage="No open bugs found."}} |
| + | |
| + | |
| + | ===Changelog=== |
| + | Only versions released in smecontrib are listed here. |
| + | |
| + | {{#smechangelog: smeserver-coova-chilli}} |
| ---- | | ---- |
| [[Category:Contrib]] | | [[Category:Contrib]] |
| + | [[Category:Administration:Remote Access]] |