2016-05-24 - Re: [GRASE-Hotspot] Re: UAM redirection

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: 67f623d1d12a561d4286b5d6b0f7d971271b77c9451fe3792da9521a4be39045
Message ID: <CAESLx0JunXxDG7wtEzwCvF9SZL5aFQ0d+9mEqUJoNpXbRAnBRw@mail.gmail.com>
Reply To: <CAESLx0LQ68zTgq9r8Dgr_LWPacgGtrhzRM-t84Sqgiqb=ZLhfQ@mail.gmail.com>
UTC Datetime: 2016-05-24 04:58:54 UTC
Raw Date: Tue, 24 May 2016 21:58:54 +1000

Raw message

I'm going to make these nightly packages live in the stable build now. The
ARM ones will have to wait until I can build them.

Tim

On Sat, May 14, 2016 at 10:25 PM, Timothy White <ti***8@gmail.com>
wrote:

> Please test the coova packages in nightly.
>
> http://nightly.packages.grasehotspot.org/pool/main/c/coova-chilli/coova-chilli_1.3.0-22-g39df09b_i386.deb
> or
> http://nightly.packages.grasehotspot.org/pool/main/c/coova-chilli/coova-chilli_1.3.0-22-g39df09b_amd64.deb
> I've not built the ARM packages. Let me know if these work before I spend
> time building the arm ones. If they are good I'll promote them to stable!
>
> Regards
>
> On Sat, May 14, 2016 at 9:43 PM, Timothy White <ti***8@gmail.com>
> wrote:
>
>> And just like that, I've found the issue.
>> At some point the coova project moved to Github, and appear to maybe use
>> Google domains to redirect www.coova.org to the new url. www.coova.org
>> is in the uamallowed list. Sometimes to connectivitycheck.gstatic.com
>> address resolves to the same IP as www.coova.org, which means that the
>> generate_204 is allowed through!
>>
>> Why is www.coova.org in the uamallowed list? It's been there for years
>> because it's part of the defaults of coova chilli.
>>
>> I'll aim to get an updated coovachilli package built in the next few days
>> and into the nighlies so people can test it. At some point I do need to
>> update to the latest version, but I'll do that as a separate package.
>>
>> That was pure luck discovering the reason!
>>
>> On Sat, May 14, 2016 at 9:38 PM, Timothy White <ti***8@gmail.com>
>> wrote:
>>
>>> Hi José
>>>
>>> Finally replicated this. And it hints of a big bug somewhere, just got
>>> to work out where. Figured I'd do a scientific test to only change 1 thing
>>> at a time to work out the issue. Finally got it after about the 12th time
>>> of connecting/disconnect. And looking at the packet captures there is
>>> something disturbing. The request to
>>> http://connectivitycheck.gstatic.com/generate_204 to check for
>>> connectivity gets through.
>>> I tested further, and even though that request got through, seconds
>>> later attempting to connect to yahoo.com fails.
>>>
>>> I only have Android Nexus5X running marshmallow to test. I assume the
>>> reason this works for iPhones is that they use a different mechanism for
>>> checking if the internet works.
>>>
>>> I'll keep digging and see if I can work out what causes it. At this
>>> stage it appears to be a Coova Chilli bug, where, I have no idea.
>>>
>>> Tim
>>>
>>> On Sat, May 14, 2016 at 1:21 AM, José Borges <jo***s@algardata.pt>
>>> wrote:
>>>
>>>> It applied to ALL DEVICES prior to me adding this:
>>>>
>>>> "I use this HS_REDIRDNSREQ=on on /etc/chilli/config, but sometimes it
>>>> works sometimes it doesnt."
>>>>
>>>> Before none opened the Browser, now ONLY iphones open always. Android
>>>> only opens on first connection to WIFI.
>>>>
>>>> quinta-feira, 12 de Maio de 2016 às 18:36:51 UTC+1, Henry Terkura
>>>> Swende escreveu:
>>>>>
>>>>> Ok, I think I didn't get the full  picture, thought the problem
>>>>> applied to all devices you were using .....but now I think it's device
>>>>> specific.
>>>>> On May 12, 2016 6:12 PM, "José Borges" <jo***.@algardata.pt> wrote:
>>>>>
>>>>> Ooookkkk... Testing time then...
>>>>>
>>>>> I did what you mention...
>>>>>
>>>>> Made chilli *local.conf* with* lease=10* and then tested.
>>>>>
>>>>> I was given the same IP address even after *chilli_query *stopped
>>>>> listing me in *chilli_query dhcp-list*
>>>>>
>>>>> Meaning, that 5 minutes after i had my DCHP release, the IP i was
>>>>> given again was the same, and i did try to conect another device prior, to
>>>>> see if i was given the first available ip from the ippool...
>>>>>
>>>>> So no luck there... No Browser was open again (on second connection to
>>>>> wifi, which was 5 minutes after i disconected the wireless).
>>>>>
>>>>> my chilli.conf
>>>>>
>>>>> interval=60
>>>>> nousergardendata
>>>>> defidletimeout=604800
>>>>> dhcpstart=2
>>>>> lease=10
>>>>>
>>>>> output of chilli_query dhcp-list (theres a 60 seconds lease grace
>>>>> period, that why the 19/10 on bold line).
>>>>>
>>>>> 18-1E-B0-BE-68-2B 10.1.0.6 dnat 1/10
>>>>> *80-65-6D-2C-BE-49 10.1.0.2 dnat 19/10*
>>>>> 00-90-FB-42-65-4D 10.1.0.5 dnat 9/10
>>>>>
>>>>> Im tearing my hair out... since i tried with three diferent versions
>>>>> of android (5, 5.1.1, 4) but only the iphones worked!!! connect /disconnect
>>>>> / connect / disconnect ... it always shows the UAM on the iphones (i cant
>>>>> believe i am saying this).
>>>>>
>>>>>
>>>>>
>>>>> quinta-feira, 12 de Maio de 2016 às 15:33:59 UTC+1, Henry Terkura
>>>>> Swende escreveu:
>>>>>
>>>>>> I think the reason it gives you the uam login page first time is
>>>>>> because dhcp lease for that IP had expired and was assigned as new dhcp
>>>>>> request... Hence when you disconnect from wifi and reconnect before the
>>>>>> dhcp lease expires you'll have to navigate to a non HTTPS website to get
>>>>>> the uam login page. I think it has a lot to do with how coovachilli works
>>>>>> .....you get blocked when you try to access services not allowed without
>>>>>> authentication and authorization..... My observations over time
>>>>>> On May 12, 2016 3:14 PM, "José Borges" <jo***.@algardata.pt> wrote:
>>>>>>
>>>>>>> Unfortunately this does bother me and i have been searching for an
>>>>>>> answer for months... because mobile clients fire up they wifi, connect to
>>>>>>> the open wifi hotspot and launch facebook... and they dont understand they
>>>>>>> have to go to http://10.1.0.1 and do a login... i keep getting
>>>>>>> asked why doesnt it show the UAM login when i connect to the wifi as other
>>>>>>> solutions do. I did a fresh install of grase hotspot and it happens the
>>>>>>> same thing, so it isn't anything i changed by myself.
>>>>>>>
>>>>>>> Everyone has this behaviour or could it be a hardware (hotspot
>>>>>>> server) issue?
>>>>>>>
>>>>>>> quinta-feira, 12 de Maio de 2016 às 12:30:05 UTC+1, Emmanuel
>>>>>>> Nyachoke escreveu:
>>>>>>>>
>>>>>>>> I think I noticed this even with windows clients but it seemed
>>>>>>>> irregular in my case the very first time I connected the client I got the
>>>>>>>> message 'additional login my be required' but did not see the message
>>>>>>>> subsequently. This does not bother me  much but other hotspot management
>>>>>>>> systems do this consistently.
>>>>>>>>
>>>>>>>> On Wednesday, 11 May 2016 19:38:40 UTC+3, José Borges wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> How on earth i make the browser open the UAM upon the user
>>>>>>>>> connecting to the wireless network?
>>>>>>>>>
>>>>>>>>>    1. User turns on WIFI on the smartphone (android/ios)
>>>>>>>>>    2. User selects correct WIFI SSID
>>>>>>>>>    3. User taps LOGIN to connect to WIFI
>>>>>>>>>    4. ... Chilli/FreeRadius/Chilli do their stuff ...
>>>>>>>>>    5. Browser open with the UAM url in it
>>>>>>>>>    6. User can then type his username/password to access internet.
>>>>>>>>>
>>>>>>>>> I'm only missing step 5... The browser wont open... :(
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I use this HS_REDIRDNSREQ=on on /etc/chilli/config, but sometimes
>>>>>>>>> it works sometimes it doesnt.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Any advise?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Here's my /etc/chilli/config
>>>>>>>>>
>>>>>>>>> GRASE_VARS=$(cat /etc/dnsmasq.d/01-grasehotspot | grep #)
>>>>>>>>> HS_NETWORK=$(echo "$GRASE_VARS" |grep chilli_network|awk '{print
>>>>>>>>> $2}');
>>>>>>>>> HS_NETMASK=$(echo "$GRASE_VARS" |grep chilli_netmask|awk '{print
>>>>>>>>> $2}');
>>>>>>>>> HS_UAMLISTEN=$(echo "$GRASE_VARS" |grep chilli_lanip|awk '{print
>>>>>>>>> $2}');
>>>>>>>>> HS_WANIF=$(echo "$GRASE_VARS" |grep chilli_wanif|awk '{print $2}');
>>>>>>>>> HS_LANIF=$(echo "$GRASE_VARS" |grep chilli_lanif|awk '{print $2}');
>>>>>>>>> HS_REDIRDNSREQ=on
>>>>>>>>> HS_WANIF=${HS_WANIF:-eth0}
>>>>>>>>> HS_LANIF=${HS_LANIF:-eth1}
>>>>>>>>> HS_NETWORK=${HS_NETWORK:-10.1.0.0}
>>>>>>>>> HS_NETMASK=${HS_NETMASK:-255.255.255.0}
>>>>>>>>> HS_UAMLISTEN=${HS_UAMLISTEN:-10.1.0.1}
>>>>>>>>> HS_UAMPORT=3990
>>>>>>>>> HS_UAMUIPORT=4990
>>>>>>>>> HS_DNS_DOMAIN=hotspot.lan
>>>>>>>>> HS_DNS1=$HS_UAMLISTEN
>>>>>>>>> HS_DNS2=$HS_UAMLISTEN
>>>>>>>>> HS_MAXCLIENTS=65000
>>>>>>>>> HS_NASID=nas01
>>>>>>>>> HS_RADIUS=localhost
>>>>>>>>> HS_RADIUS2=localhost
>>>>>>>>> HS_UAMALLOW=$HS_UAMLISTEN
>>>>>>>>> HS_RADSECRET=SuperSpecialSecret
>>>>>>>>> HS_UAMALIASNAME=grase
>>>>>>>>> HS_UAMDOMAINS=".google-analytics.com,.googletagmanager.com,.
>>>>>>>>> gstatic.com,.googleapis.com"
>>>>>>>>> HS_UAMSERVER=$HS_UAMLISTEN
>>>>>>>>> HS_UAMFORMAT=http://\$HS_UAMSERVER/grase/uam/hotspot
>>>>>>>>> HS_UAMHOMEPAGE=http://\$HS_UAMSERVER/grase/uam/hotspot
>>>>>>>>> HS_MACAUTH=on
>>>>>>>>>
>>>>>>>>> HS_TCP_PORTS="80 443 22 2812 53 3990 3128"
>>>>>>>>> HS_MODE=hotspot
>>>>>>>>> HS_TYPE=chillispot
>>>>>>>>> HS_ADMUSR=CoovaChilli
>>>>>>>>> HS_ADMPWD=radmin
>>>>>>>>> HS_DEFINTERIMINTERVAL=150
>>>>>>>>> HS_WWWDIR=/etc/chilli/www
>>>>>>>>> HS_WWWBIN=/etc/chilli/wwwsh
>>>>>>>>> HS_PROVIDER=Grase
>>>>>>>>> HS_PROVIDER_LINK=http://hotspot.purewhite.id.au/
>>>>>>>>> HS_LOC_NAME="GRASE HotSpot"
>>>>>>>>>
>>>>>>>> --
>>>>>>> This mailing list is for the Grase Hotspot Project
>>>>>>> http://grasehotspot.org
>>>>>>> ---
>>>>>>> You received this message because you are subscribed to the Google
>>>>>>> Groups "Grase Hotspot" group.
>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>> send an email to gr***.@grasehotspot.org.
>>>>>>> To post to this group, send email to gr***.@grasehotspot.org.
>>>>>>>
>>>>>>> Visit this group at
>>>>>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>>>>>> To view this discussion on the web visit
>>>>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1f09a37e-45b1-47e4-a3dc-69dbcb114d2b%40grasehotspot.org
>>>>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1f09a37e-45b1-47e4-a3dc-69dbcb114d2b%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>>>>>> .
>>>>>>>
>>>>>> --
>>>>> This mailing list is for the Grase Hotspot Project
>>>>> http://grasehotspot.org
>>>>> ---
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Grase Hotspot" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to gr***.@grasehotspot.org.
>>>>> To post to this group, send email to gr***.@grasehotspot.org.
>>>>> Visit this group at
>>>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/6e988722-0fe6-4488-958e-b9512a1a5b85%40grasehotspot.org
>>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/6e988722-0fe6-4488-958e-b9512a1a5b85%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>> --
>>>> This mailing list is for the Grase Hotspot Project
>>>> http://grasehotspot.org
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Grase Hotspot" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to gr***e@grasehotspot.org.
>>>> To post to this group, send email to gr***t@grasehotspot.org.
>>>> Visit this group at
>>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1de8672c-5834-4502-8014-7205a69b647d%40grasehotspot.org
>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1de8672c-5834-4502-8014-7205a69b647d%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>
>>>
>>
>

Thread