2016-05-14 - Re: [GRASE-Hotspot] Re: UAM redirection

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: 651e22c2f0b374e79352499297363548599fde976926a32d09e1d127304cd8ed
Message ID: <CAESLx0JUS9j=MOwL_nc0TvCzxJnWNZ5pUyobRm4eOx79JtM_=g@mail.gmail.com>
Reply To: <1de8672c-5834-4502-8014-7205a69b647d@grasehotspot.org>
UTC Datetime: 2016-05-14 04:38:18 UTC
Raw Date: Sat, 14 May 2016 21:38:18 +1000

Raw message 

Hi José

Finally replicated this. And it hints of a big bug somewhere, just got to
work out where. Figured I'd do a scientific test to only change 1 thing at
a time to work out the issue. Finally got it after about the 12th time of
connecting/disconnect. And looking at the packet captures there is
something disturbing. The request to
http://connectivitycheck.gstatic.com/generate_204 to check for connectivity
gets through.
I tested further, and even though that request got through, seconds later
attempting to connect to yahoo.com fails.

I only have Android Nexus5X running marshmallow to test. I assume the
reason this works for iPhones is that they use a different mechanism for
checking if the internet works.

I'll keep digging and see if I can work out what causes it. At this stage
it appears to be a Coova Chilli bug, where, I have no idea.

Tim

On Sat, May 14, 2016 at 1:21 AM, José Borges <jo***s@algardata.pt>
wrote:

> It applied to ALL DEVICES prior to me adding this:
>
> "I use this HS_REDIRDNSREQ=on on /etc/chilli/config, but sometimes it
> works sometimes it doesnt."
>
> Before none opened the Browser, now ONLY iphones open always. Android only
> opens on first connection to WIFI.
>
> quinta-feira, 12 de Maio de 2016 às 18:36:51 UTC+1, Henry Terkura Swende
> escreveu:
>>
>> Ok, I think I didn't get the full  picture, thought the problem applied
>> to all devices you were using .....but now I think it's device specific.
>> On May 12, 2016 6:12 PM, "José Borges" <jo***.@algardata.pt> wrote:
>>
>> Ooookkkk... Testing time then...
>>
>> I did what you mention...
>>
>> Made chilli *local.conf* with* lease=10* and then tested.
>>
>> I was given the same IP address even after *chilli_query *stopped
>> listing me in *chilli_query dhcp-list*
>>
>> Meaning, that 5 minutes after i had my DCHP release, the IP i was given
>> again was the same, and i did try to conect another device prior, to see if
>> i was given the first available ip from the ippool...
>>
>> So no luck there... No Browser was open again (on second connection to
>> wifi, which was 5 minutes after i disconected the wireless).
>>
>> my chilli.conf
>>
>> interval=60
>> nousergardendata
>> defidletimeout=604800
>> dhcpstart=2
>> lease=10
>>
>> output of chilli_query dhcp-list (theres a 60 seconds lease grace period,
>> that why the 19/10 on bold line).
>>
>> 18-1E-B0-BE-68-2B 10.1.0.6 dnat 1/10
>> *80-65-6D-2C-BE-49 10.1.0.2 dnat 19/10*
>> 00-90-FB-42-65-4D 10.1.0.5 dnat 9/10
>>
>> Im tearing my hair out... since i tried with three diferent versions of
>> android (5, 5.1.1, 4) but only the iphones worked!!! connect /disconnect /
>> connect / disconnect ... it always shows the UAM on the iphones (i cant
>> believe i am saying this).
>>
>>
>>
>> quinta-feira, 12 de Maio de 2016 às 15:33:59 UTC+1, Henry Terkura Swende
>> escreveu:
>>
>>> I think the reason it gives you the uam login page first time is because
>>> dhcp lease for that IP had expired and was assigned as new dhcp request...
>>> Hence when you disconnect from wifi and reconnect before the dhcp lease
>>> expires you'll have to navigate to a non HTTPS website to get the uam login
>>> page. I think it has a lot to do with how coovachilli works .....you get
>>> blocked when you try to access services not allowed without authentication
>>> and authorization..... My observations over time
>>> On May 12, 2016 3:14 PM, "José Borges" <jo***.@algardata.pt> wrote:
>>>
>>>> Unfortunately this does bother me and i have been searching for an
>>>> answer for months... because mobile clients fire up they wifi, connect to
>>>> the open wifi hotspot and launch facebook... and they dont understand they
>>>> have to go to http://10.1.0.1 and do a login... i keep getting asked
>>>> why doesnt it show the UAM login when i connect to the wifi as other
>>>> solutions do. I did a fresh install of grase hotspot and it happens the
>>>> same thing, so it isn't anything i changed by myself.
>>>>
>>>> Everyone has this behaviour or could it be a hardware (hotspot server)
>>>> issue?
>>>>
>>>> quinta-feira, 12 de Maio de 2016 às 12:30:05 UTC+1, Emmanuel Nyachoke
>>>> escreveu:
>>>>>
>>>>> I think I noticed this even with windows clients but it seemed
>>>>> irregular in my case the very first time I connected the client I got the
>>>>> message 'additional login my be required' but did not see the message
>>>>> subsequently. This does not bother me  much but other hotspot management
>>>>> systems do this consistently.
>>>>>
>>>>> On Wednesday, 11 May 2016 19:38:40 UTC+3, José Borges wrote:
>>>>>>
>>>>>>
>>>>>> How on earth i make the browser open the UAM upon the user connecting
>>>>>> to the wireless network?
>>>>>>
>>>>>>    1. User turns on WIFI on the smartphone (android/ios)
>>>>>>    2. User selects correct WIFI SSID
>>>>>>    3. User taps LOGIN to connect to WIFI
>>>>>>    4. ... Chilli/FreeRadius/Chilli do their stuff ...
>>>>>>    5. Browser open with the UAM url in it
>>>>>>    6. User can then type his username/password to access internet.
>>>>>>
>>>>>> I'm only missing step 5... The browser wont open... :(
>>>>>>
>>>>>>
>>>>>> I use this HS_REDIRDNSREQ=on on /etc/chilli/config, but sometimes it
>>>>>> works sometimes it doesnt.
>>>>>>
>>>>>>
>>>>>> Any advise?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Here's my /etc/chilli/config
>>>>>>
>>>>>> GRASE_VARS=$(cat /etc/dnsmasq.d/01-grasehotspot | grep #)
>>>>>> HS_NETWORK=$(echo "$GRASE_VARS" |grep chilli_network|awk '{print
>>>>>> $2}');
>>>>>> HS_NETMASK=$(echo "$GRASE_VARS" |grep chilli_netmask|awk '{print
>>>>>> $2}');
>>>>>> HS_UAMLISTEN=$(echo "$GRASE_VARS" |grep chilli_lanip|awk '{print
>>>>>> $2}');
>>>>>> HS_WANIF=$(echo "$GRASE_VARS" |grep chilli_wanif|awk '{print $2}');
>>>>>> HS_LANIF=$(echo "$GRASE_VARS" |grep chilli_lanif|awk '{print $2}');
>>>>>> HS_REDIRDNSREQ=on
>>>>>> HS_WANIF=${HS_WANIF:-eth0}
>>>>>> HS_LANIF=${HS_LANIF:-eth1}
>>>>>> HS_NETWORK=${HS_NETWORK:-10.1.0.0}
>>>>>> HS_NETMASK=${HS_NETMASK:-255.255.255.0}
>>>>>> HS_UAMLISTEN=${HS_UAMLISTEN:-10.1.0.1}
>>>>>> HS_UAMPORT=3990
>>>>>> HS_UAMUIPORT=4990
>>>>>> HS_DNS_DOMAIN=hotspot.lan
>>>>>> HS_DNS1=$HS_UAMLISTEN
>>>>>> HS_DNS2=$HS_UAMLISTEN
>>>>>> HS_MAXCLIENTS=65000
>>>>>> HS_NASID=nas01
>>>>>> HS_RADIUS=localhost
>>>>>> HS_RADIUS2=localhost
>>>>>> HS_UAMALLOW=$HS_UAMLISTEN
>>>>>> HS_RADSECRET=SuperSpecialSecret
>>>>>> HS_UAMALIASNAME=grase
>>>>>> HS_UAMDOMAINS=".google-analytics.com,.googletagmanager.com,.
>>>>>> gstatic.com,.googleapis.com"
>>>>>> HS_UAMSERVER=$HS_UAMLISTEN
>>>>>> HS_UAMFORMAT=http://\$HS_UAMSERVER/grase/uam/hotspot
>>>>>> HS_UAMHOMEPAGE=http://\$HS_UAMSERVER/grase/uam/hotspot
>>>>>> HS_MACAUTH=on
>>>>>>
>>>>>> HS_TCP_PORTS="80 443 22 2812 53 3990 3128"
>>>>>> HS_MODE=hotspot
>>>>>> HS_TYPE=chillispot
>>>>>> HS_ADMUSR=CoovaChilli
>>>>>> HS_ADMPWD=radmin
>>>>>> HS_DEFINTERIMINTERVAL=150
>>>>>> HS_WWWDIR=/etc/chilli/www
>>>>>> HS_WWWBIN=/etc/chilli/wwwsh
>>>>>> HS_PROVIDER=Grase
>>>>>> HS_PROVIDER_LINK=http://hotspot.purewhite.id.au/
>>>>>> HS_LOC_NAME="GRASE HotSpot"
>>>>>>
>>>>> --
>>>> This mailing list is for the Grase Hotspot Project
>>>> http://grasehotspot.org
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Grase Hotspot" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to gr***.@grasehotspot.org.
>>>> To post to this group, send email to gr***.@grasehotspot.org.
>>>>
>>>> Visit this group at
>>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1f09a37e-45b1-47e4-a3dc-69dbcb114d2b%40grasehotspot.org
>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1f09a37e-45b1-47e4-a3dc-69dbcb114d2b%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>> --
>> This mailing list is for the Grase Hotspot Project
>> http://grasehotspot.org
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Grase Hotspot" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to gr***.@grasehotspot.org.
>> To post to this group, send email to gr***.@grasehotspot.org.
>> Visit this group at
>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>> To view this discussion on the web visit
>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/6e988722-0fe6-4488-958e-b9512a1a5b85%40grasehotspot.org
>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/6e988722-0fe6-4488-958e-b9512a1a5b85%40grasehotspot.org?utm_medium=email&utm_source=footer>
>> .
>>
>> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at
> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1de8672c-5834-4502-8014-7205a69b647d%40grasehotspot.org
> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1de8672c-5834-4502-8014-7205a69b647d%40grasehotspot.org?utm_medium=email&utm_source=footer>
> .
>

Thread