2018-06-12 - Re: Static IP Problem

Header Data

From: Sergen Çolak <se***7@gmail.com>
Message Hash: dfed534b2a73889d8f8fe3ae99f1f3626aa053dbc877f3b0a4b9ceaa219c8ed8
Message ID: <0264aca3-91f8-470e-a9df-94293a075ba0@grasehotspot.org>
Reply To: <28827e04-5104-4f8b-9c75-5ebbf78870b7@grasehotspot.org>
UTC Datetime: 2018-06-12 03:10:05 UTC
Raw Date: Tue, 12 Jun 2018 03:10:05 -0700

Raw message 

Hi Tim,
This is my chillis config file. 
# -*- mode: shell-script; -*-
#
#   Coova-Chilli Default Grase Configurations. 
#   To customize, copy this file to @ETCCHILLI@/config
#   and edit to your liking. This is included in shell scripts
#   that configure chilli and related programs before file 'config'. 

### Get dynamic vars from Grase Hotspot
GRASE_VARS=$(cat /etc/dnsmasq.d/01-grasehotspot | grep \#)

HS_NETWORK=$(echo "$GRASE_VARS" |grep chilli_network|awk '{print $2}');
HS_NETMASK=$(echo "$GRASE_VARS" |grep chilli_netmask|awk '{print $2}');
HS_UAMLISTEN=$(echo "$GRASE_VARS" |grep chilli_lanip|awk '{print $2}');
HS_WANIF=$(echo "$GRASE_VARS" |grep chilli_wanif|awk '{print $2}');
HS_LANIF=$(echo "$GRASE_VARS" |grep chilli_lanif|awk '{print $2}');
#HS_POSTAUTH_PROXY=$(echo "$GRASE_VARS" |grep chilli_proxy|awk '{print 
$2}');
#HS_POSTAUTH_PROXYPORT=$(echo "$GRASE_VARS" |grep chilli_proxyport|awk 
'{print $2}');

###
#   Local Network Configurations
# 

HS_WANIF=${HS_WANIF:-eth0}            # WAN Interface toward the Internet
HS_LANIF=${HS_LANIF:-eth1}    # Subscriber Interface for client devices
#HS_LANIF=$(cat /proc/net/dev|grep -o eth.|grep -v $(route -n|grep 
'^0.0.0.0'|head -n1|awk '{print $8}') | sort| head -n1)        # 
Dynamically get unused network interface for LAN side
HS_NETWORK=${HS_NETWORK:-10.1.0.0}         # HotSpot Network (must include 
HS_UAMLISTEN)
HS_NETMASK=${HS_NETMASK:-255.255.255.0}    # HotSpot Network Netmask
HS_UAMLISTEN=${HS_UAMLISTEN:-10.1.0.1}     # HotSpot IP Address (on 
subscriber network)
HS_UAMPORT=3990            # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990          # HotSpot UAM "UI" Port (on subscriber network, 
for embedded portal)

# HS_DYNIP=
# HS_DYNIP_MASK=255.255.255.0
HS_STATIP=10.10.0.5
HS_STATIP_MASK=255.255.240.0
HS_DNS_DOMAIN=hotspot.lan
HS_MAXCLIENTS=65532

# OpenDNS Servers
#HS_DNS1=208.67.222.222
#HS_DNS2=208.67.220.220
HS_DNS2=$HS_UAMLISTEN
HS_DNS1=$HS_UAMLISTEN

###
#   HotSpot settings for simple Captive Portal
#
HS_NASID=nas01
HS_RADIUS=localhost
HS_RADIUS2=localhost
HS_UAMALLOW=$HS_UAMLISTEN,purewhite.id.au,hotspot.purewhite.id.au
HS_RADSECRET=slc    # Set to be your RADIUS shared secret
HS_UAMSECRET=sergen                 # Set to be your UAM secret
HS_UAMALIASNAME=grase

#  Configure RADIUS proxy support (for 802.1x + captive portal support)
# HS_RADPROXY=on
# HS_RADPROXY_LISTEN=127.0.0.1
# HS_RADPROXY_CLIENT=127.0.0.1
# HS_RADPROXY_PORT=1645
# HS_RADPROXY_SECRET=$HS_RADSECRET
#  Example OpenWrt /etc/config/wireless entry for hostapd
#    option encryption wpa2
#    option server $HS_RADPROXY_LISTEN
#    option port $HS_RADPROXY_PORT
#    option key $HS_RADPROXY_SECRET


#   To alternatively use a HTTP URL for AAA instead of RADIUS:
# HS_UAMAAAURL=http://my-site/script.php

#   Put entire domains in the walled-garden with DNS inspection
# HS_UAMDOMAINS=".paypal.com,.paypalobjects.com"
# HS_UAMDOMAINS=".avast.com"

#   Optional initial redirect and RADIUS settings
# HS_SSID=<ssid>    # To send to the captive portal
# HS_NASMAC=<mac address>  # To explicitly set Called-Station-Id
# HS_NASIP=<ip address>    # To explicitly set NAS-IP-Address

#   The server to be used in combination with HS_UAMFORMAT to 
#   create the final chilli 'uamserver' url configuration.
HS_UAMSERVER=$HS_UAMLISTEN

#   Use HS_UAMFORMAT to define the actual captive portal url.
#   Shell variable replacement takes place when evaluated, so here
#   HS_UAMSERVER is escaped and later replaced by the pre-defined 
#   HS_UAMSERVER to form the actual "--uamserver" option in chilli.
HS_UAMFORMAT=http://\$HS_UAMSERVER/admin/uam/hotspot

#   Same principal goes for HS_UAMHOMEPAGE.
HS_UAMHOMEPAGE=http://\$HS_UAMSERVER/admin/uam/hotspot

#   This option will be configured to be the WISPr LoginURL as well
#   as provide "uamService" to the ChilliController. The UAM Service is
#   described in: http://www.coova.org/CoovaChilli/UAMService
#
# HS_UAMSERVICE=


###
#   Features not activated per-default (default to off)
#
# HS_RADCONF=off    # Get some configurations from RADIUS or a URL ('on' 
and 'url' respectively)
#
# HS_ANYIP=on    # Allow any IP address on subscriber LAN
#
HS_MACAUTH=on    # To turn on MAC Authentication
HS_MACPASSWD="password"
#
# HS_MACAUTHDENY=on    # Put client in 'drop' state on MAC Auth 
Access-Reject
#
# HS_MACAUTHMODE=local    # To allow MAC Authentication based on 
macallowed, not RADIUS
#
# HS_MACALLOW="..."      # List of MAC addresses to authenticate (comma 
seperated)
#
# HS_USELOCALUSERS=on      # To use the @ETCCHILLI@/localusers file
#
# HS_OPENIDAUTH=on    # To inform the RADIUS server to allow OpenID Auth
#
# HS_WPAGUESTS=on    # To inform the RADIUS server to allow WPA Guests
#
# HS_DNSPARANOIA=on    # To drop DNS packets containing something other
#    # than A, CNAME, SOA, or MX records
#
# HS_OPENIDAUTH=on    # To inform the RADIUS server to allow OpenID Auth
#    # Will also configure the embedded login forms for OpenID
#
# HS_USE_MAP=on    # Short hand for allowing the required google
#    # sites to use Google maps (adds many google sites!)
#
###
#   Other feature settings and their defaults
#
# HS_DEFSESSIONTIMEOUT=0   # Default session-timeout if not defined by 
RADIUS (0 for unlimited)
#
# HS_DEFIDLETIMEOUT=600    # Default idle-timeout if not defined by RADIUS 
(0 for unlimited)
#
# HS_DEFBANDWIDTHMAXDOWN=0   # Default WISPr-Bandwidth-Max-Down if not 
defined by RADIUS (0 for unlimited)
#
# HS_DEFBANDWIDTHMAXUP=0    # Default WISPr-Bandwidth-Max-Up if not defined 
by RADIUS (0 for unlimited)
HS_LEASE=14400
###
# Centralized configuration options examples
# 
# HS_RADCONF=url    # requires curl
# HS_RADCONF_URL=https://coova.org/app/ap/config

# HS_RADCONF=on    # gather the ChilliSpot-Config attributes in
#    # Administrative-User login
# HS_RADCONF_SERVER=rad01.coova.org # RADIUS Server
# HS_RADCONF_SECRET=coova-anonymous # RADIUS Shared Secret 
# HS_RADCONF_AUTHPORT=1812 # Auth port
# HS_RADCONF_USER=chillispot # Username
# HS_RADCONF_PWD=chillispot # Password


###
#   Firewall issues
#
# Uncomment the following to add ports to the allowed local ports list
# The up.sh script will allow these local ports to be used, while the 
default
# is to block all unwanted traffic to the tun/tap. 
#
# HS_TCP_PORTS="80 443"
HS_TCP_PORTS="80 443 21 22 2812 53 3990 3128 3306"

###
#   Standard configurations
#
HS_MODE=hotspot
HS_TYPE=chillispot
# HS_RADAUTH=1812
# HS_RADACCT=1813
HS_ADMUSR=CoovaChilli
HS_ADMPWD=radmin

# RADIUS Account update interval
HS_DEFINTERIMINTERVAL=150

###
#   Post-Auth proxy settings
#
#HS_POSTAUTH_PROXY=${HS_POSTAUTH_PROXY:-$HS_UAMLISTEN}
#HS_POSTAUTH_PROXYPORT=${HS_POSTAUTH_PROXYPORT:-3128}

#   Directory specifying where internal web pages can be served
#   by chilli with url /www/<file name>. Only extentions like .html
#   .jpg, .gif, .png, .js are allowed. See below for using .chi as a
#   CGI extension.
HS_WWWDIR=/etc/chilli/www

#   Using this option assumes 'haserl' is installed per-default
#   but, and CGI type program can ran from wwwsh to process requests
#   to chilli with url /www/filename.chi
HS_WWWBIN=/etc/chilli/wwwsh

#   Some configurations used in certain user interfaces
#
HS_PROVIDER=Grase
HS_PROVIDER_LINK=http://hotspot.purewhite.id.au/


###
#   WISPr RADIUS Attribute support
#

HS_LOC_NAME="GRASE HotSpot"    # WISPr Location Name and used in portal

#   WISPr settings (to form a proper WISPr-Location-Id)
# HS_LOC_NETWORK="My Network"    # Network name
# HS_LOC_AC=408    # Phone area code
# HS_LOC_CC=1    # Phone country code
# HS_LOC_ISOCC=US    # ISO Country code


However, the guest is able to define 192.168.80.1 from Static IP. When you 
do this, there is a conflict. Login screen does not appear. I guess there's 
no way to prevent that.

31 Mayıs 2018 Perşembe 12:43:08 UTC+3 tarihinde Sergen Çolak yazdı:
>
> Hello there,
> I have a problem with Static IP.
> This is my chili config file.
> Network = 192.168.80.0
> LAN = 192.168.80.1/20
> HS_STATIP = 192.168.80.4 / 28
> HS_STATIP_MASK = 255.255.240
> However, Static IP 192.168.80.1 can be received and IP conflict occurs. 
> Login screen does not appear. How can I prevent this. I want the static IP 
> to be between 192.168.80.4 & 192.168.80.14. How do I do that?
> Thank you for your help
>

Thread