2016-05-16 - Re: [GRASE-Hotspot] Re: UAM redirection

Header Data

From: José Borges <jo***s@algardata.pt>
Message Hash: d6d982b1d758f37e609cd0f19fdd13ccd17475ef4b0f9e6143d9297eac0bf82e
Message ID: <15356e57-f298-4f02-9947-60b66cc7d05a@grasehotspot.org>
Reply To: <7715d020-3bf1-4be1-a1ae-02e1608064d4@grasehotspot.org>
UTC Datetime: 2016-05-16 10:03:15 UTC
Raw Date: Mon, 16 May 2016 10:03:15 -0700

Raw message

Anyone with a KINDLE could provide feedback if the GRASE HOTSPOT works fine 
with that OS?

segunda-feira, 16 de Maio de 2016 às 15:54:04 UTC+1, José Borges escreveu:
>
> Hi Tim
>
> First of all, thank you for taking up your time with this.
>
> After checking your nightly, on a new grase install, I double checked 
> what's changed and applied those changes to my box.
>  
> I only noticed a change in the functions chilli file (should there be more 
> please let me know):
>
> FROM MINE
>
> *uamallowed "www.coova.org 
> <http://www.coova.org>${HS_UAMSERVER:+,$HS_UAMSERVER}$webadmin$uamallow"*
>
>  
>
> TO YOURS
>
> *uamallowed "${HS_UAMSERVER:+$HS_UAMSERVER}$webadmin$uamallow"*
>
>
>
> What im guessing, no time to test yet, is that the DHCP RELEASE time is 
> also important.
>
> What i noticed, based on your feedback, about the CAPTIVE PORTAL checking 
> url... im our android (v5) the url is 
> connectivitycheck.android.com/generate_204 (for instance on my Samsung 
> Note 4) and not connectivitycheck.gstatic.com as you mention on your 
> NEXUS 5X. Probably, it has to do with the android version of the device. 
> removing the gstatic.com domain from the uamallowed started to show the 
> UAM consistently, but on older android versions like 4 the url is 
> http://clients3.google.com/generate_204, but no UAM is shown still. 
>
> Apple has its own captivel portal url, doing a simple google search is 
> easy to figure out which.
>
> To test everything i commented the HS_UAMDOMAINS line in Chilli config 
> file.
>
> But better results no doubt... still not perfect... but better.
>
>
>
> sábado, 14 de Maio de 2016 às 13:25:15 UTC+1, timwhite88 escreveu:
>>
>> Please test the coova packages in nightly.
>>
>> http://nightly.packages.grasehotspot.org/pool/main/c/coova-chilli/coova-chilli_1.3.0-22-g39df09b_i386.deb 
>> or 
>> http://nightly.packages.grasehotspot.org/pool/main/c/coova-chilli/coova-chilli_1.3.0-22-g39df09b_amd64.deb
>> I've not built the ARM packages. Let me know if these work before I spend 
>> time building the arm ones. If they are good I'll promote them to stable!
>>
>> Regards
>>
>> On Sat, May 14, 2016 at 9:43 PM, Timothy White <ti***.@gmail.com> 
>> wrote:
>>
>>> And just like that, I've found the issue.
>>> At some point the coova project moved to Github, and appear to maybe use 
>>> Google domains to redirect www.coova.org to the new url. www.coova.org 
>>> is in the uamallowed list. Sometimes to connectivitycheck.gstatic.com 
>>> address resolves to the same IP as www.coova.org, which means that the 
>>> generate_204 is allowed through!
>>>
>>> Why is www.coova.org in the uamallowed list? It's been there for years 
>>> because it's part of the defaults of coova chilli.
>>>
>>> I'll aim to get an updated coovachilli package built in the next few 
>>> days and into the nighlies so people can test it. At some point I do need 
>>> to update to the latest version, but I'll do that as a separate package.
>>>
>>> That was pure luck discovering the reason!
>>>
>>> On Sat, May 14, 2016 at 9:38 PM, Timothy White <ti***.@gmail.com> 
>>> wrote:
>>>
>>>> Hi José
>>>>
>>>> Finally replicated this. And it hints of a big bug somewhere, just got 
>>>> to work out where. Figured I'd do a scientific test to only change 1 thing 
>>>> at a time to work out the issue. Finally got it after about the 12th time 
>>>> of connecting/disconnect. And looking at the packet captures there is 
>>>> something disturbing. The request to 
>>>> http://connectivitycheck.gstatic.com/generate_204 to check for 
>>>> connectivity gets through.
>>>> I tested further, and even though that request got through, seconds 
>>>> later attempting to connect to yahoo.com fails.
>>>>
>>>> I only have Android Nexus5X running marshmallow to test. I assume the 
>>>> reason this works for iPhones is that they use a different mechanism for 
>>>> checking if the internet works.
>>>>
>>>> I'll keep digging and see if I can work out what causes it. At this 
>>>> stage it appears to be a Coova Chilli bug, where, I have no idea.
>>>>
>>>> Tim
>>>>
>>>> On Sat, May 14, 2016 at 1:21 AM, José Borges <jo***.@algardata.pt> 
>>>> wrote:
>>>>
>>>>> It applied to ALL DEVICES prior to me adding this:
>>>>>
>>>>> "I use this HS_REDIRDNSREQ=on on /etc/chilli/config, but sometimes it 
>>>>> works sometimes it doesnt."
>>>>>
>>>>> Before none opened the Browser, now ONLY iphones open always. Android 
>>>>> only opens on first connection to WIFI.
>>>>>
>>>>> quinta-feira, 12 de Maio de 2016 às 18:36:51 UTC+1, Henry Terkura 
>>>>> Swende escreveu:
>>>>>>
>>>>>> Ok, I think I didn't get the full  picture, thought the problem 
>>>>>> applied to all devices you were using .....but now I think it's device 
>>>>>> specific.
>>>>>> On May 12, 2016 6:12 PM, "José Borges" <jo***.@algardata.pt> wrote:
>>>>>>
>>>>>> Ooookkkk... Testing time then...
>>>>>>
>>>>>> I did what you mention...
>>>>>>
>>>>>> Made chilli *local.conf* with* lease=10* and then tested.
>>>>>>
>>>>>> I was given the same IP address even after *chilli_query *stopped 
>>>>>> listing me in *chilli_query dhcp-list*
>>>>>>
>>>>>> Meaning, that 5 minutes after i had my DCHP release, the IP i was 
>>>>>> given again was the same, and i did try to conect another device prior, to 
>>>>>> see if i was given the first available ip from the ippool...
>>>>>>
>>>>>> So no luck there... No Browser was open again (on second connection 
>>>>>> to wifi, which was 5 minutes after i disconected the wireless).
>>>>>>
>>>>>> my chilli.conf
>>>>>>
>>>>>> interval=60
>>>>>> nousergardendata
>>>>>> defidletimeout=604800
>>>>>> dhcpstart=2
>>>>>> lease=10
>>>>>>
>>>>>> output of chilli_query dhcp-list (theres a 60 seconds lease grace 
>>>>>> period, that why the 19/10 on bold line).
>>>>>>
>>>>>> 18-1E-B0-BE-68-2B 10.1.0.6 dnat 1/10
>>>>>> *80-65-6D-2C-BE-49 10.1.0.2 dnat 19/10*
>>>>>> 00-90-FB-42-65-4D 10.1.0.5 dnat 9/10
>>>>>>
>>>>>> Im tearing my hair out... since i tried with three diferent versions 
>>>>>> of android (5, 5.1.1, 4) but only the iphones worked!!! connect /disconnect 
>>>>>> / connect / disconnect ... it always shows the UAM on the iphones (i cant 
>>>>>> believe i am saying this).
>>>>>>
>>>>>>
>>>>>>
>>>>>> quinta-feira, 12 de Maio de 2016 às 15:33:59 UTC+1, Henry Terkura 
>>>>>> Swende escreveu:
>>>>>>
>>>>>>> I think the reason it gives you the uam login page first time is 
>>>>>>> because dhcp lease for that IP had expired and was assigned as new dhcp 
>>>>>>> request... Hence when you disconnect from wifi and reconnect before the 
>>>>>>> dhcp lease expires you'll have to navigate to a non HTTPS website to get 
>>>>>>> the uam login page. I think it has a lot to do with how coovachilli works 
>>>>>>> .....you get blocked when you try to access services not allowed without 
>>>>>>> authentication and authorization..... My observations over time
>>>>>>> On May 12, 2016 3:14 PM, "José Borges" <jo***.@algardata.pt> 
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Unfortunately this does bother me and i have been searching for an 
>>>>>>>> answer for months... because mobile clients fire up they wifi, connect to 
>>>>>>>> the open wifi hotspot and launch facebook... and they dont understand they 
>>>>>>>> have to go to http://10.1.0.1 and do a login... i keep getting 
>>>>>>>> asked why doesnt it show the UAM login when i connect to the wifi as other 
>>>>>>>> solutions do. I did a fresh install of grase hotspot and it happens the 
>>>>>>>> same thing, so it isn't anything i changed by myself. 
>>>>>>>>
>>>>>>>> Everyone has this behaviour or could it be a hardware (hotspot 
>>>>>>>> server) issue?
>>>>>>>>
>>>>>>>> quinta-feira, 12 de Maio de 2016 às 12:30:05 UTC+1, Emmanuel 
>>>>>>>> Nyachoke escreveu:
>>>>>>>>>
>>>>>>>>> I think I noticed this even with windows clients but it seemed 
>>>>>>>>> irregular in my case the very first time I connected the client I got the 
>>>>>>>>> message 'additional login my be required' but did not see the message 
>>>>>>>>> subsequently. This does not bother me  much but other hotspot management 
>>>>>>>>> systems do this consistently. 
>>>>>>>>>
>>>>>>>>> On Wednesday, 11 May 2016 19:38:40 UTC+3, José Borges wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> How on earth i make the browser open the UAM upon the user 
>>>>>>>>>> connecting to the wireless network?
>>>>>>>>>>
>>>>>>>>>>    1. User turns on WIFI on the smartphone (android/ios)
>>>>>>>>>>    2. User selects correct WIFI SSID
>>>>>>>>>>    3. User taps LOGIN to connect to WIFI
>>>>>>>>>>    4. ... Chilli/FreeRadius/Chilli do their stuff ...
>>>>>>>>>>    5. Browser open with the UAM url in it
>>>>>>>>>>    6. User can then type his username/password to access 
>>>>>>>>>>    internet.
>>>>>>>>>>
>>>>>>>>>> I'm only missing step 5... The browser wont open... :(
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> I use this HS_REDIRDNSREQ=on on /etc/chilli/config, but 
>>>>>>>>>> sometimes it works sometimes it doesnt.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Any advise?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Here's my /etc/chilli/config
>>>>>>>>>>
>>>>>>>>>> GRASE_VARS=$(cat /etc/dnsmasq.d/01-grasehotspot | grep #)
>>>>>>>>>> HS_NETWORK=$(echo "$GRASE_VARS" |grep chilli_network|awk '{print 
>>>>>>>>>> $2}');
>>>>>>>>>> HS_NETMASK=$(echo "$GRASE_VARS" |grep chilli_netmask|awk '{print 
>>>>>>>>>> $2}');
>>>>>>>>>> HS_UAMLISTEN=$(echo "$GRASE_VARS" |grep chilli_lanip|awk '{print 
>>>>>>>>>> $2}');
>>>>>>>>>> HS_WANIF=$(echo "$GRASE_VARS" |grep chilli_wanif|awk '{print 
>>>>>>>>>> $2}');
>>>>>>>>>> HS_LANIF=$(echo "$GRASE_VARS" |grep chilli_lanif|awk '{print 
>>>>>>>>>> $2}');
>>>>>>>>>> HS_REDIRDNSREQ=on
>>>>>>>>>> HS_WANIF=${HS_WANIF:-eth0}
>>>>>>>>>> HS_LANIF=${HS_LANIF:-eth1}
>>>>>>>>>> HS_NETWORK=${HS_NETWORK:-10.1.0.0}
>>>>>>>>>> HS_NETMASK=${HS_NETMASK:-255.255.255.0}
>>>>>>>>>> HS_UAMLISTEN=${HS_UAMLISTEN:-10.1.0.1}
>>>>>>>>>> HS_UAMPORT=3990
>>>>>>>>>> HS_UAMUIPORT=4990
>>>>>>>>>> HS_DNS_DOMAIN=hotspot.lan
>>>>>>>>>> HS_DNS1=$HS_UAMLISTEN
>>>>>>>>>> HS_DNS2=$HS_UAMLISTEN
>>>>>>>>>> HS_MAXCLIENTS=65000
>>>>>>>>>> HS_NASID=nas01
>>>>>>>>>> HS_RADIUS=localhost
>>>>>>>>>> HS_RADIUS2=localhost
>>>>>>>>>> HS_UAMALLOW=$HS_UAMLISTEN
>>>>>>>>>> HS_RADSECRET=SuperSpecialSecret 
>>>>>>>>>> HS_UAMALIASNAME=grase
>>>>>>>>>> HS_UAMDOMAINS=".google-analytics.com,.googletagmanager.com,.
>>>>>>>>>> gstatic.com,.googleapis.com"
>>>>>>>>>> HS_UAMSERVER=$HS_UAMLISTEN
>>>>>>>>>> HS_UAMFORMAT=http://\$HS_UAMSERVER/grase/uam/hotspot
>>>>>>>>>> HS_UAMHOMEPAGE=http://\$HS_UAMSERVER/grase/uam/hotspot
>>>>>>>>>> HS_MACAUTH=on
>>>>>>>>>>
>>>>>>>>>> HS_TCP_PORTS="80 443 22 2812 53 3990 3128"
>>>>>>>>>> HS_MODE=hotspot
>>>>>>>>>> HS_TYPE=chillispot
>>>>>>>>>> HS_ADMUSR=CoovaChilli
>>>>>>>>>> HS_ADMPWD=radmin
>>>>>>>>>> HS_DEFINTERIMINTERVAL=150
>>>>>>>>>> HS_WWWDIR=/etc/chilli/www
>>>>>>>>>> HS_WWWBIN=/etc/chilli/wwwsh
>>>>>>>>>> HS_PROVIDER=Grase
>>>>>>>>>> HS_PROVIDER_LINK=http://hotspot.purewhite.id.au/
>>>>>>>>>> HS_LOC_NAME="GRASE HotSpot"
>>>>>>>>>>
>>>>>>>>> -- 
>>>>>>>> This mailing list is for the Grase Hotspot Project 
>>>>>>>> http://grasehotspot.org
>>>>>>>> --- 
>>>>>>>> You received this message because you are subscribed to the Google 
>>>>>>>> Groups "Grase Hotspot" group.
>>>>>>>> To unsubscribe from this group and stop receiving emails from it, 
>>>>>>>> send an email to gr***.@grasehotspot.org.
>>>>>>>> To post to this group, send email to gr***.@grasehotspot.org.
>>>>>>>>
>>>>>>>> Visit this group at 
>>>>>>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>>>>>>> To view this discussion on the web visit 
>>>>>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1f09a37e-45b1-47e4-a3dc-69dbcb114d2b%40grasehotspot.org 
>>>>>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1f09a37e-45b1-47e4-a3dc-69dbcb114d2b%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>>>>>>> .
>>>>>>>>
>>>>>>> -- 
>>>>>> This mailing list is for the Grase Hotspot Project 
>>>>>> http://grasehotspot.org
>>>>>> --- 
>>>>>> You received this message because you are subscribed to the Google 
>>>>>> Groups "Grase Hotspot" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it, 
>>>>>> send an email to gr***.@grasehotspot.org.
>>>>>> To post to this group, send email to gr***.@grasehotspot.org.
>>>>>> Visit this group at 
>>>>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>>>>> To view this discussion on the web visit 
>>>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/6e988722-0fe6-4488-958e-b9512a1a5b85%40grasehotspot.org 
>>>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/6e988722-0fe6-4488-958e-b9512a1a5b85%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>>
>>>>>> -- 
>>>>> This mailing list is for the Grase Hotspot Project 
>>>>> http://grasehotspot.org
>>>>> --- 
>>>>> You received this message because you are subscribed to the Google 
>>>>> Groups "Grase Hotspot" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send 
>>>>> an email to gr***.@grasehotspot.org.
>>>>> To post to this group, send email to gr***.@grasehotspot.org.
>>>>> Visit this group at 
>>>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>>>> To view this discussion on the web visit 
>>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1de8672c-5834-4502-8014-7205a69b647d%40grasehotspot.org 
>>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/1de8672c-5834-4502-8014-7205a69b647d%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>
>>>>
>>>
>>

Thread