Koozali.org: home of the SME Server

[ANNOUNCE] smeserver-coova-chilli beta

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
[ANNOUNCE] smeserver-coova-chilli beta
« on: April 08, 2008, 11:19:25 AM »
Hi everyone.
I post here to announce a new contrib: smeserver-coova-chilli. Coova-Chilli is a captive portal based on chilliSpot. It'll configure a 3rd interface on your SME server (works only in server&gateway). Then, just plug an AP on this new interface, and your done. Users will have to enter credentials in order to have http/https access. You can also control the bandwidth used. The how-to is here:
http://sme.firewall-services.com/spip.php?article61 and some doc here http://sme.firewall-services.com/spip.php?article62. Both are in french for now. I'll translate it latter, when it'll be mature enaugh, and I'll add it in the wiki. If someone wants to help me with the translation, I'm interested.

For now, do not install on production servers, just test machines (in server&gateway).

If some security experts could look at it, i'd be glad. I think it's ok, I have been very carefull, but I'd like some other advices.

Cheers, Daniel
C'est la fin du monde !!! :lol:

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
Re: [ANNOUNCE] smeserver-coova-chilli beta
« Reply #1 on: April 08, 2008, 04:47:17 PM »
Excellent!

So with this I can replace my microtik?
With this I can share two internet connections with an extra NIC?

Thank you
« Last Edit: April 08, 2008, 04:51:11 PM by Normando »

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: [ANNOUNCE] smeserver-coova-chilli beta
« Reply #2 on: April 08, 2008, 04:59:22 PM »
I'm not sure what a microtik is (a kind of Wireless router with a captive portal like the fonAP?). Anyway, this contrib needs a 3rd nic on your server, but you cannot connect a second internet connection on it, it's just for wifi users (you plug a standard AP on this 3rd nic, and users will have http/https access only if they have valid credentials, their traffic will filtered by SME, and will go through the wan NIC)
C'est la fin du monde !!! :lol:

Offline nakor_au

  • 18
  • +0/-0
Re: [ANNOUNCE] smeserver-coova-chilli beta
« Reply #3 on: April 10, 2008, 04:07:35 AM »
looking forward to an english wiki, ive been waiting for a captive portal with a 3rd nic for a while now. :)
ive put in the 3rd nic allready now ;)
« Last Edit: April 10, 2008, 04:09:28 AM by nakor_au »

Offline saleh

  • *
  • 21
  • +0/-0
Re: [ANNOUNCE] smeserver-coova-chilli beta
« Reply #4 on: April 10, 2008, 12:02:06 PM »
Hello VIP-ire,

Is a excellent work!! Congratulations! =)
looking forward to an english wiki

Saleh

Offline brianr

  • *
  • 988
  • +2/-0
Re: [ANNOUNCE] smeserver-coova-chilli beta
« Reply #5 on: April 10, 2008, 12:11:54 PM »
Hi

Am I correct in understanding that this will work without a Wireless AP?  That is  if I plug the 3rd NIC into a "second" LAN, then the clients on that LAN will be subject to the management?

In both forms (wireless and non wireless) it could prove very useful. 

I can just about understand the French instructions, so I'll try to get some time to try it shortly.

Brian j Read
(retired, for a second time, still got 2 installations though)
The instrument I am playing is my favourite Melodeon.
.........

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: [ANNOUNCE] smeserver-coova-chilli beta
« Reply #6 on: April 10, 2008, 12:16:24 PM »
You're right, it can work with wired clients, as well as with wireless. But, once again, I repeat, please, install it on test servers, this morning, I've just found a security breach (users can access internet if they manually set their browser to use proxy 10.1.0.1:3128, so they can bypass the auth). This problem will be corrected as soon as I can (I've allready found a solution).
C'est la fin du monde !!! :lol:

Offline brianr

  • *
  • 988
  • +2/-0
Re: [ANNOUNCE] smeserver-coova-chilli beta
« Reply #7 on: April 10, 2008, 12:35:42 PM »
You're right, it can work with wired clients, as well as with wireless. But, once again, I repeat, please, install it on test servers

Good news, and I will be trying it on a test system.

One question - does it use the "usual" DHCP, i.e. are the Ip addresses which are allocated in the normal LAN subnet, or are they from a separate subnet?
Brian j Read
(retired, for a second time, still got 2 installations though)
The instrument I am playing is my favourite Melodeon.
.........

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: [ANNOUNCE] smeserver-coova-chilli beta
« Reply #8 on: April 10, 2008, 12:41:13 PM »
coova-chilli will act as a dhcp server for clients connected on the 3rd interface (either wireless or wired). You need the clients connected directly to the new interface (I mean, switch and AP are ok, routers are not because they won't let pass broadcast messages like dhcp requests).
The default is to assign addresses in the range 10.1.0.0/24 for the clients. This lan is totally separated from the private lan. No communication between the two lan are allowed
C'est la fin du monde !!! :lol:

Offline brianr

  • *
  • 988
  • +2/-0
Re: [ANNOUNCE] smeserver-coova-chilli beta
« Reply #9 on: April 10, 2008, 01:38:54 PM »
That's even better news! Thanks for the info.
Brian j Read
(retired, for a second time, still got 2 installations though)
The instrument I am playing is my favourite Melodeon.
.........

Offline saleh

  • *
  • 21
  • +0/-0
Re: [ANNOUNCE] smeserver-coova-chilli beta
« Reply #10 on: April 10, 2008, 07:21:52 PM »
Hello VIP-ire,

Can We Do That?

1) editing coova-chilli configuration via SME Server Manager
2) online users via SME Server Manager

Thanks,
Saleh

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: [ANNOUNCE] smeserver-coova-chilli beta
« Reply #11 on: April 10, 2008, 07:50:15 PM »
For now, no. But configuration is quite simple, only with some db comands. I'll write detailed instruction in english when I can. For the online users, you can do on the command line
Code: [Select]
chilli_query list to have the list of the actual users online. Maybe I'll write a simple panel latter, when the contrib is more mature
C'est la fin du monde !!! :lol:

Offline crazybob

  • ****
  • 894
  • +0/-0
    • Stalzer R&D
Re: [ANNOUNCE] smeserver-coova-chilli beta
« Reply #12 on: April 26, 2008, 04:01:42 PM »
Any further development on this?  :-P

Bob

If you think you know whats going on, you obviously have no idea whats going on!

Offline crazybob

  • ****
  • 894
  • +0/-0
    • Stalzer R&D
Re: [ANNOUNCE] smeserver-coova-chilli beta
« Reply #13 on: April 27, 2008, 11:46:19 PM »
VIP-ire,

Is the fix for by passing the portal an easy fix? I think I have a use for this, but want to make sure they have to use the portal.

Thanks

Bob     

« Last Edit: April 27, 2008, 11:48:19 PM by crazybob »
If you think you know whats going on, you obviously have no idea whats going on!

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: [ANNOUNCE] smeserver-coova-chilli beta
« Reply #14 on: April 28, 2008, 08:54:31 AM »
Yes, this issue has been fixed in release 0.1-1. You can now find the latest release in smetest repo. I have some idea to enhance the contrib (mainly at the firewall level). When this is be done, I'll write a how-to in the wiki
C'est la fin du monde !!! :lol: