2016-05-14 - Re: [GRASE-Hotspot] Re: UAM redirection

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: b8746e992fb5ae17d5b8c93e30fd465a174039d91fd8b492d3b89eb7bd859e7f
Message ID: <CAESLx0LQ68zTgq9r8Dgr_LWPacgGtrhzRM-t84Sqgiqb=ZLhfQ@mail.gmail.com>
Reply To: <CAESLx0LFwVp2x_X8o52AsOe7F-Mer8rZKbEYsHi57-Z+wVaXtA@mail.gmail.com>
UTC Datetime: 2016-05-14 05:25:13 UTC
Raw Date: Sat, 14 May 2016 22:25:13 +1000

Raw message 

Please test the coova packages in nightly.
http://nightly.packages.grasehotspot.org/pool/main/c/coova-chilli/coova-chilli_1.3.0-22-g39df09b_i386.deb
or
http://nightly.packages.grasehotspot.org/pool/main/c/coova-chilli/coova-chilli_1.3.0-22-g39df09b_amd64.deb
I've not built the ARM packages. Let me know if these work before I spend
time building the arm ones. If they are good I'll promote them to stable!

Regards

On Sat, May 14, 2016 at 9:43 PM, Timothy White <ti***8@gmail.com> wrote:

> And just like that, I've found the issue.
> At some point the coova project moved to Github, and appear to maybe use
> Google domains to redirect www.coova.org to the new url. www.coova.org is
> in the uamallowed list. Sometimes to connectivitycheck.gstatic.com
> address resolves to the same IP as www.coova.org, which means that the
> generate_204 is allowed through!
>
> Why is www.coova.org in the uamallowed list? It's been there for years
> because it's part of the defaults of coova chilli.
>
> I'll aim to get an updated coovachilli package built in the next few days
> and into the nighlies so people can test it. At some point I do need to
> update to the latest version, but I'll do that as a separate package.
>
> That was pure luck discovering the reason!
>
> On Sat, May 14, 2016 at 9:38 PM, Timothy White <ti***8@gmail.com>
> wrote:
>
>> Hi José
>>
>> Finally replicated this. And it hints of a big bug somewhere, just got to
>> work out where. Figured I'd do a scientific test to only change 1 thing at
>> a time to work out the issue. Finally got it after about the 12th time of
>> connecting/disconnect. And looking at the packet captures there is
>> something disturbing. The request to
>> http://connectivitycheck.gstatic.com/generate_204 to check for
>> connectivity gets through.
>> I tested further, and even though that request got through, seconds later
>> attempting to connect to yahoo.com fails.
>>
>> I only have Android Nexus5X running marshmallow to test. I assume the
>> reason this works for iPhones is that they use a different mechanism for
>> checking if the internet works.
>>
>> I'll keep digging and see if I can work out what causes it. At this stage
>> it appears to be a Coova Chilli bug, where, I have no idea.
>>
>> Tim
>>
>> On Sat, May 14, 2016 at 1:21 AM, José Borges <jo***s@algardata.pt>
>> wrote:
>>
>>> It applied to ALL DEVICES prior to me adding this:
>>>
>>> "I use this HS_REDIRDNSREQ=on on /etc/chilli/config, but sometimes it
>>> works sometimes it doesnt."
>>>
>>> Before none opened the Browser, now ONLY iphones open always. Android
>>> only opens on first connection to WIFI.
>>>
>>> quinta-feira, 12 de Maio de 2016 às 18:36:51 UTC+1, Henry Terkura Swende
>>> escreveu:
>>>>
>>>> Ok, I think I didn't get the full  picture, thought the problem applied
>>>> to all devices you were using .....but now I think it's device specific.
>>>> On May 12, 2016 6:12 PM, "José Borges" <jo***.@algardata.pt> wrote:
>>>>
>>>> Ooookkkk... Testing time then...
>>>>
>>>> I did what you mention...
>>>>
>>>> Made chilli *local.conf* with* lease=10* and then tested.
>>>>
>>>> I was given the same IP address even after *chilli_query *stopped
>>>> listing me in *chilli_query dhcp-list*
>>>>
>>>> Meaning, that 5 minutes after i had my DCHP release, the IP i was given
>>>> again was the same, and i did try to conect another device prior, to see if
>>>> i was given the first available ip from the ippool...
>>>>
>>>> So no luck there... No Browser was open again (on second connection to
>>>> wifi, which was 5 minutes after i disconected the wireless).
>>>>
>>>> my chilli.conf
>>>>
>>>> interval=60
>>>> nousergardendata
>>>> defidletimeout=604800
>>>> dhcpstart=2
>>>> lease=10
>>>>
>>>> output of chilli_query dhcp-list (theres a 60 seconds lease grace
>>>> period, that why the 19/10 on bold line).
>>>>
>>>> 18-1E-B0-BE-68-2B 10.1.0.6 dnat 1/10
>>>> *80-65-6D-2C-BE-49 10.1.0.2 dnat 19/10*
>>>> 00-90-FB-42-65-4D 10.1.0.5 dnat 9/10
>>>>
>>>> Im tearing my hair out... since i tried with three diferent versions of
>>>> android (5, 5.1.1, 4) but only the iphones worked!!! connect /disconnect /
>>>> connect / disconnect ... it always shows the UAM on the iphones (i cant
>>>> believe i am saying this).
>>>>
>>>>
>>>>
>>>> quinta-feira, 12 de Maio de 2016 às 15:33:59 UTC+1, Henry Terkura
>>>> Swende escreveu:
>>>>
>>>>> I think the reason it gives you the uam login page first time is
>>>>> because dhcp lease for that IP had expired and was assigned as new dhcp
>>>>> request... Hence when you disconnect from wifi and reconnect before the
>>>>> dhcp lease expires you'll have to navigate to a non HTTPS website to get
>>>>> the uam login page. I think it has a lot to do with how coovachilli works
>>>>> .....you get blocked when you try to access services not allowed without
>>>>> authentication and authorization..... My observations over time
>>>>> On May 12, 2016 3:14 PM, "José Borges" <jo***.@algardata.pt> wrote:
>>>>>
>>>>>> Unfortunately this does bother me and i have been searching for an
>>>>>> answer for months... because mobile clients fire up they wifi, connect to
>>>>>> the open wifi hotspot and launch facebook... and they dont understand they
>>>>>> have to go to http://10.1.0.1 and do a login... i keep getting asked
>>>>>> why doesnt it show the UAM login when i connect to the wifi as other
>>>>>> solutions do. I did a fresh install of grase hotspot and it happens the
>>>>>> same thing, so it isn't anything i changed by myself.
>>>>>>
>>>>>> Everyone has this behaviour or could it be a hardware (hotspot
>>>>>> server) issue?
>>>>>>
>>>>>> quinta-feira, 12 de Maio de 2016 às 12:30:05 UTC+1, Emmanuel Nyachoke
>>>>>> escreveu:
>>>>>>>
>>>>>>> I think I noticed this even with windows clients but it seemed
>>>>>>> irregular in my case the very first time I connected the client I got the
>>>>>>> message 'additional login my be required' but did not see the message
>>>>>>> subsequently. This does not bother me  much but other hotspot management
>>>>>>> systems do this consistently.
>>>>>>>
>>>>>>> On Wednesday, 11 May 2016 19:38:40 UTC+3, José Borges wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> How on earth i make the browser open the UAM upon the user
>>>>>>>> connecting to the wireless network?
>>>>>>>>
>>>>>>>>    1. User turns on WIFI on the smartphone (android/ios)
>>>>>>>>    2. User selects correct WIFI SSID
>>>>>>>>    3. User taps LOGIN to connect to WIFI
>>>>>>>>    4. ... Chilli/FreeRadius/Chilli do their stuff ...
>>>>>>>>    5. Browser open with the UAM url in it
>>>>>>>>    6. User can then type his username/password to access internet.
>>>>>>>>
>>>>>>>> I'm only missing step 5... The browser wont open... :(
>>>>>>>>
>>>>>>>>
>>>>>>>> I use this HS_REDIRDNSREQ=on on /etc/chilli/config, but sometimes
>>>>>>>> it works sometimes it doesnt.
>>>>>>>>
>>>>>>>>
>>>>>>>> Any advise?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Here's my /etc/chilli/config
>>>>>>>>
>>>>>>>> GRASE_VARS=$(cat /etc/dnsmasq.d/01-grasehotspot | grep #)
>>>>>>>> HS_NETWORK=$(echo "$GRASE_VARS" |grep chilli_network|awk '{print
>>>>>>>> $2}');
>>>>>>>> HS_NETMASK=$(echo "$GRASE_VARS" |grep chilli_netmask|awk '{print
>>>>>>>> $2}');
>>>>>>>> HS_UAMLISTEN=$(echo "$GRASE_VARS" |grep chilli_lanip|awk '{print
>>>>>>>> $2}');
>>>>>>>> HS_WANIF=$(echo "$GRASE_VARS" |grep chilli_wanif|awk '{print $2}');
>>>>>>>> HS_LANIF=$(echo "$GRASE_VARS" |grep chilli_lanif|awk '{print $2}');
>>>>>>>> HS_REDIRDNSREQ=on
>>>>>>>> HS_WANIF=${HS_WANIF:-eth0}
>>>>>>>> HS_LANIF=${HS_LANIF:-eth1}
>>>>>>>> HS_NETWORK=${HS_NETWORK:-10.1.0.0}
>>>>>>>> HS_NETMASK=${HS_NETMASK:-255.255.255.0}
>>>>>>>> HS_UAMLISTEN=${HS_UAMLISTEN:-10.1.0.1}
>>>>>>>> HS_UAMPORT=3990
>>>>>>>> HS_UAMUIPORT=4990
>>>>>>>> HS_DNS_DOMAIN=hotspot.lan
>>>>>>>> HS_DNS1=$HS_UAMLISTEN
>>>>>>>> HS_DNS2=$HS_UAMLISTEN
>>>>>>>> HS_MAXCLIENTS=65000
>>>>>>>> HS_NASID=nas01
>>>>>>>> HS_RADIUS=localhost
>>>>>>>> HS_RADIUS2=localhost
>>>>>>>> HS_UAMALLOW=$HS_UAMLISTEN
>>>>>>>> HS_RADSECRET=SuperSpecialSecret
>>>>>>>> HS_UAMALIASNAME=grase
>>>>>>>> HS_UAMDOMAINS=".google-analytics.com,.googletagmanager.com,.
>>>>>>>> gstatic.com,.googleapis.com"
>>>>>>>> HS_UAMSERVER=$HS_UAMLISTEN
>>>>>>>> HS_UAMFORMAT=http://\$HS_UAMSERVER/grase/uam/hotspot
>>>>>>>> HS_UAMHOMEPAGE=http://\$HS_UAMSERVER/grase/uam/hotspot
>>>>>>>> HS_MACAUTH=on
>>>>>>>>
>>>>>>>> HS_TCP_PORTS="80 443 22 2812 53 3990 3128"
>>>>>>>> HS_MODE=hotspot
>>>>>>>> HS_TYPE=chillispot
>>>>>>>> HS_ADMUSR=CoovaChilli
>>>>>>>> HS_ADMPWD=radmin
>>>>>>>> HS_DEFINTERIMINTERVAL=150
>>>>>>>> HS_WWWDIR=/etc/chilli/www
>>>>>>>> HS_WWWBIN=/etc/chilli/wwwsh
>>>>>>>> HS_PROVIDER=Grase
>>>>>>>> HS_PROVIDER_LINK=http://hotspot.purewhite.id.au/
>>>>>>>> HS_LOC_NAME="GRASE HotSpot"
>>>>>>>>
>>>>>>> --
>>>>>> This mailing list is for the Grase Hotspot Project
>>>>>> http://grasehotspot.org
>>>>>> ---
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "Grase Hotspot" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to gr***.@grasehotspot.org.
>>>>>> To post to this group, send email to gr***.@grasehotspot.org.
>>>>>>
>>>>>> Visit this group at
>>>>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1f09a37e-45b1-47e4-a3dc-69dbcb114d2b%40grasehotspot.org
>>>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1f09a37e-45b1-47e4-a3dc-69dbcb114d2b%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>>
>>>>> --
>>>> This mailing list is for the Grase Hotspot Project
>>>> http://grasehotspot.org
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Grase Hotspot" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to gr***.@grasehotspot.org.
>>>> To post to this group, send email to gr***.@grasehotspot.org.
>>>> Visit this group at
>>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/6e988722-0fe6-4488-958e-b9512a1a5b85%40grasehotspot.org
>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/6e988722-0fe6-4488-958e-b9512a1a5b85%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>> --
>>> This mailing list is for the Grase Hotspot Project
>>> http://grasehotspot.org
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "Grase Hotspot" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to gr***e@grasehotspot.org.
>>> To post to this group, send email to gr***t@grasehotspot.org.
>>> Visit this group at
>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1de8672c-5834-4502-8014-7205a69b647d%40grasehotspot.org
>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1de8672c-5834-4502-8014-7205a69b647d%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
>>
>

Thread