coova chili mac allowed

tropicalview

196
+0/-0

Dear all,

I'm very happy with the coovachili accesspoint feeding.
but now we would like to have one pc that does not have to authenticate to get to the internet and does not have any time limits.
so i hoped that the macallow function would work
see:
http://wiki.contribs.org/CoovaChilli
macallowed: A comma separated list of MAC addresses which won't need to authenticate

but that does not seem to work, when i search the internet about it i saw serveral fix things, how can i upgrade the version of coova chilli and did anyone test the mac allow already?

Hope someone can help me out here.

Kind regards,

RIk Kroon

Logged

The sky is not the limit, But when I reach the sky, for sure I will not try to go to the limit.... (donated $25,- upto now)

tropicalview

196
+0/-0

Re: coova chili mac allowed

« Reply #1 on: March 29, 2011, 06:20:24 AM »

for if someone ask for the configuration of coova chili, i just noticed that it's possible to get a properties extract:

Code: [Select]

db configuration show chilli
chilli=service
    AllowedOutgoing=tcp:any:443
    AllowedServices=sshd,openvpn-bridge
    TCPPort=3990
    WebRequests=direct
    access=private
    defidletimeout=900
    defsessiontimeout=7200
    dhcpend=254
    dhcpif=eth2
    dhcpstart=10
    dns1=212.73.209.226
    dns2=194.206.120.1
    guestAccess=disabled
    guestDownLink=400
    guestUpLink=64
    macallowed=00:0C:29:84:41:71
    net=10.1.0.0/255.255.255.0
    noc2c=enabled
    status=enabled
    tundev=tun0
    uamallowed=
    uamsecret=GjL/rvoutZzF6r0MlsKux+keURYfDhReYPJZjkQqHt4yv0XKCZ9eVnSDDWtO4ojMGR                                                                             jTzp4CC61EH0iW

Hope this give any hint.
the MAC address seems to be correct.

Logged

The sky is not the limit, But when I reach the sky, for sure I will not try to go to the limit.... (donated $25,- upto now)

Daniel B.

1,699
+0/-0

Re: coova chili mac allowed

« Reply #2 on: March 29, 2011, 09:03:44 AM »

Hi. Which version of coova-chilli and smeserver-coovachilli are you running ?

Code: [Select]

rpm -q coova-chilli smeserver-coova-chilli

Logged

C'est la fin du monde !!!

tropicalview

196
+0/-0

Re: coova chili mac allowed

« Reply #3 on: March 29, 2011, 01:11:42 PM »

Hi VIP-ire,

thank you for your reply.
the outcome of your command is:

Code: [Select]

# rpm -q coova-chilli smeserver-coova-chilli
coova-chilli-1.0.13-2.el4.sme
smeserver-coova-chilli-0.2-15.el4.sme

Logged

The sky is not the limit, But when I reach the sky, for sure I will not try to go to the limit.... (donated $25,- upto now)

Daniel B.

1,699
+0/-0

Re: coova chili mac allowed

« Reply #4 on: March 29, 2011, 01:17:49 PM »

smeserver-coova-chilli-0.2-15 is quite old. The macallowed prop has only been implemented in 0.2-18. The latest available in smecontribs is 0.2-19. Please update smeserver-coova-chilli like this:

Code: [Select]

yum --enablerepo=smecontribs update smeserver-coova-chilli
signal-event chilli-update

You should always check you're running the latest version if you have a problem.

Regards, Daniel

Logged

C'est la fin du monde !!!

tropicalview

196
+0/-0

Re: coova chili mac allowed

« Reply #5 on: March 29, 2011, 03:06:52 PM »

Hi VIP-ire,

You're just great......

I did execute the update command and it worked directly afterwards.

Code: [Select]

rpm -q coova-chilli smeserver-coova-chilli
coova-chilli-1.0.13-2.el4.sme
smeserver-coova-chilli-0.2-19.el4.sme

Thank you...

Logged

The sky is not the limit, But when I reach the sky, for sure I will not try to go to the limit.... (donated $25,- upto now)

tropicalview

196
+0/-0

Re: coova chili mac allowed

« Reply #6 on: April 05, 2011, 07:42:19 AM »

Dear All

please see below our network configuration

Code: [Select]




			|--------------|                                      |-----------|
Internet 190.x.x.1xx ---|Student  SME  |-------student network 192.168.1.x ---|Admin SME  |---Admin Network 192.168.x.x (OpenVPN on prt:200x)
                        |--------------|                                      |-----------| 
                                |
                                |
                                |----> Wireless via Chili

I would like to connect from the wireless via chili to the admin network with openVPN on port 200x
therefore i did all configuration i think is required, but i noticed that the service of chili does crash when i try to connect to the own internet IP.

Code: [Select]

/etc/init.d/chilli restart
Shutting down chilli:                                      [FAILED]
Starting chilli:                                           [  OK  ]

but if there was no connection to the own external IP address it restarts without problem:

Code: [Select]

 /etc/init.d/chilli restart
Shutting down chilli:                                      [  OK  ]
Starting chilli:                                           [  OK  ]

when i look in the messages i notice this:

Code: [Select]

Apr 5 01:11:24 studenten-srv kernel: divert: not allocating divert_blk for non-ethernet device tun0
to be complete:

Code: [Select]

Apr  5 01:11:00 studenten-srv coova-chilli[18684]: net.c: 33: 13 (Permission denied) ioctl(SIOCSIFFLAGS) failed
Apr  5 01:11:00 studenten-srv chilli: chilli shutdown succeeded
Apr  5 01:11:00 studenten-srv kernel: divert: no divert_blk to free, tun0 not ethernet
Apr  5 01:11:01 studenten-srv coova-chilli[19149]: CoovaChilli(ChilliSpot) 1.0.13. Copyright 2002-2005 Mondru AB. Licensed under GPL. Copyright 2006-2008 David Bird <dbird@acm.org>. Licensed under GPL. See http://coova.org/ for details.
Apr  5 01:11:01 studenten-srv kernel: divert: not allocating divert_blk for non-ethernet device tun0
Apr  5 01:11:01 studenten-srv coova-chilli[19149]: tun.c: 515: TX queue length set to 100
Apr  5 01:11:01 studenten-srv chilli: chilli startup succeeded
Apr  5 01:11:01 studenten-srv udevd[1207]: udev done!
Apr  5 01:11:01 studenten-srv coova-chilli[19149]: chilli.c: 3766: 1 (Operation not permitted) setgid(455) failed while running with gid = 0 
Apr  5 01:11:03 studenten-srv coova-chilli[19149]: net.c: 33: 13 (Permission denied) ioctl(SIOCSIFFLAGS) failed
Apr  5 01:11:03 studenten-srv kernel: divert: no divert_blk to free, tun0 not ethernet
Apr  5 01:11:04 studenten-srv chilli: chilli shutdown succeeded
Apr  5 01:11:05 studenten-srv coova-chilli[19264]: CoovaChilli(ChilliSpot) 1.0.13. Copyright 2002-2005 Mondru AB. Licensed under GPL. Copyright 2006-2008 David Bird <dbird@acm.org>. Licensed under GPL. See http://coova.org/ for details.
Apr  5 01:11:05 studenten-srv kernel: divert: not allocating divert_blk for non-ethernet device tun0
Apr  5 01:11:05 studenten-srv coova-chilli[19264]: tun.c: 515: TX queue length set to 100
Apr  5 01:11:05 studenten-srv chilli: chilli startup succeeded
Apr  5 01:11:05 studenten-srv coova-chilli[19264]: chilli.c: 3766: 1 (Operation not permitted) setgid(455) failed while running with gid = 0 
Apr  5 01:11:16 studenten-srv coova-chilli[19264]: chilli.c: 2822: New DHCP request from MAC=00-0C-29-84-41-71
Apr  5 01:11:16 studenten-srv coova-chilli[19264]: chilli.c: 2746: Granted MAC=00-0C-29-84-41-71 with IP=10.1.0.47 access without radius auth
Apr  5 01:11:23 studenten-srv coova-chilli[19264]: net.c: 33: 13 (Permission denied) ioctl(SIOCSIFFLAGS) failed
Apr  5 01:11:23 studenten-srv kernel: divert: no divert_blk to free, tun0 not ethernet
Apr  5 01:11:23 studenten-srv chilli: chilli shutdown failed
Apr  5 01:11:24 studenten-srv coova-chilli[19437]: CoovaChilli(ChilliSpot) 1.0.13. Copyright 2002-2005 Mondru AB. Licensed under GPL. Copyright 2006-2008 David Bird <dbird@acm.org>. Licensed under GPL. See http://coova.org/ for details.
Apr  5 01:11:24 studenten-srv kernel: divert: not allocating divert_blk for non-ethernet device tun0
Apr  5 01:11:24 studenten-srv coova-chilli[19437]: tun.c: 515: TX queue length set to 100
Apr  5 01:11:24 studenten-srv chilli: chilli startup succeeded
Apr  5 01:11:24 studenten-srv coova-chilli[19437]: chilli.c: 3766: 1 (Operation not permitted) setgid(455) failed while running with gid = 0 
Apr  5 01:11:25 studenten-srv coova-chilli[19437]: chilli.c: 2822: New DHCP request from MAC=00-0C-29-84-41-71
Apr  5 01:11:25 studenten-srv coova-chilli[19437]: chilli.c: 2746: Granted MAC=00-0C-29-84-41-71 with IP=10.1.0.47 access without radius auth

Is my assumption correct that the Chili service does crash on request to the local IP address?
What can be done to change this??

extra information:

Code: [Select]

db configuration show chilli
chilli=service
    AllowedOutgoing=udp:any:200x,tcp:any:200x,tcp:domainname.com:200x,tcp:domainname.com:80,tcp:internetIP:any,udp:domain.com:200x,udp:any:200x
    AllowedServices=udp:200x,tcp:200x,200x
    TCPPort=3990
    WebRequests=direct
    access=private
    defidletimeout=900
    defsessiontimeout=7200
    dhcpend=254
    dhcpif=eth2
    dhcpstart=10
    dns1=212.73.209.226
    dns2=194.206.120.1
    guestAccess=disabled
    guestDownLink=400
    guestUpLink=64
    macallowed=xx:xx:xx:84:41:71
    net=10.1.0.0/255.255.255.0
    noc2c=enabled
    status=enabled
    tundev=tun0
    uamallowed=
    uamsecret=GjL/rvoutZzF6r0MlsKux+keURYfDhReYPJZjkQqHt4yv0XKCZ9eVnSDDWtO4ojMGRjTzp4CC61EH0iW

version via "rpm -q coova-chilli smeserver-coova-chilli"

Code: [Select]

rpm -q coova-chilli smeserver-coova-chilli
coova-chilli-1.0.13-2.el4.sme
smeserver-coova-chilli-0.2-19.el4.sme

Logged

The sky is not the limit, But when I reach the sky, for sure I will not try to go to the limit.... (donated $25,- upto now)