search

coova / coova-chilli

CoovaChilli is an open-source software access controller for captive portal hotspots.
Other
516 stars 258 forks source link

Use of a HTTP AAA proxy and/or chilli_proxy #467

Open pihomeserver opened 5 years ago

pihomeserver commented 5 years ago

Hello

I would like to use my own AAA service. Then i created a config file in /etc/chilli with following options : 

HS_LANIF=ens37
HS_WANIF=ens33
HS_NETWORK=172.16.1.0
HS_NETMASK=255.255.255.0
HS_UAMLISTEN=172.16.1.129
HS_NASID="KUPIKI"
HS_RADIUS=localhost
HS_RADIUS2=localhost
HS_RADSECRET=blJt5vyBxgkPVTw93XrCk0fvEoUzlf4z
HS_UAMSECRET=
HS_UAMALLOW=172.16.1.0/24
HS_UAMFORMAT=http:\/\/172.16.1.129:80
HS_UAMHOMEPAGE=
HS_MODE=hotspot
HS_TYPE=chillispot
HS_LOC_NAME=kupikihotspot
HS_LAN_ACCESS=off
HS_SSID=kupikihotspot
HS_TCP_PORTS=80
HS_COAPORT=3799
HS_MACAUTH=off
HS_MACPASSWD=
HS_UAMDOMAINS=

It works with FR behind Then i added the next two lines at the beginning of the config file : 

HS_AAA=http
HS_UAMAAAURL=http://127.0.0.1:3000/

I created a very basic node server running on port 3000 : 

import http from 'http';
import express from 'express';

let app = express();
app.server = http.createServer(app);

app.all("*", function (req, res) {
    console.log('New request')
    res.send({Auth: 1})
})

app.get('/', function (req, res) {
    console.log('Hello world - GET')
    res.send({Auth: 1})
})

app.post('/', function (req, res) {
    console.log('Hello world - POST')
    res.send({Auth: 1})
})

app.server.listen(process.env.PORT || 3000, () => {
    console.log(`Started on port ${app.server.address().port}`);
});

export default app;

And after a restart of coova, no request is sent to the proxy as expected (a local curl on the node server works)

Also i tried to run chilli_proxy --register user "toto" pass "toto" but the command never ends

Any idea how to make it works ? (i use the documentation here : https://web.archive.org/web/20150806175644/http://coova.org:80/CoovaChilli/Proxy)

pihomeserver commented 5 years ago

Made it work. Now my issue is that the answer from node is always received by Coova as a "Access-Reject" even if end by res.send({Auth: 1})

karlovalentin commented 5 years ago

How do you make it work? I also want to enable http AAA, and also I'd like to have a pre-auth message send by chilli to the AAA before showing the captive portal, so i can detect if this user already have an active session let them pass through without the need to login again in the portal.

pihomeserver commented 5 years ago

I changed the way to have a register function with a dedicated backend script that will create the user in the db and send the user back to the login page Coova should be able to manage the already opened session timeout without a proxy

Madcat148 commented 3 years ago

Made it work. Now my issue is that the answer from node is always received by Coova as a "Access-Reject" even if end by res.send({Auth: 1})

@pihomeserver Could you please explain a bit more here: why Coova process Auth: 1 as Access-Reject?

pihomeserver commented 3 years ago

@pihomeserver Could you please explain a bit more here: why Coova process Auth: 1 as Access-Reject?

Ouch ... so long time ago. If i remember good the answer (auth : 1) was wrongly formatted. Can't find the source of the test i made to paste it here. Sorry