I have a server that installed with FreeRadius and the kernel already compiled so i can enable the PF. I have done all of the configuration and no error shown but I don't know why the client still can not get IP address from the server.
this is the configuration i use.
pf.conf
This is the configuration for chilli.conf
I think all of them works fine because when I use [cmd=]$ cat /etc/services | grep radius[/cmd] it gives a reply
when I test the radius with [cmd=]radtest jancuk jancuk12345 localhost 1812 s3cr3t[/cmd] it gives an answer
and when I check the status of chillispot with [cmd=]/usr/local/etc/rc.d/chillispot status[/cmd] it gives an answer
So can anybody help me with this situation? Because I really don't know why the client can get an IP address from the server. I used Linksys WRT54GL as the AP and I have turned off the dhcp client from the AP.
Best regards,
Ryuu
this is the configuration i use.
pf.conf
Code:
#
# Basic Chillispot PF Config
# A tweak of Example 1 from the PF FAQ
# [url]http://www.openbsd.org/faq/pf/example1.html[/url]
# By Venture37
# [email]venture37@geeklan.co.uk[/email]
# [url]http://www.geeklan.co.uk[/url]
# macros
int_if = "em0"
ext_if = "em1"
chilli_if = "tun0"
tcp_services = "{ 25, 53, 80, 110, 113, 143, 443 }"
icmp_types = "echoreq"
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/24, 192.168.1.0/24, 192.168.10.0/24 }"
# options
set block-policy return
set loginterface $ext_if
# scrub
scrub in all
# nat/rdr
nat on $ext_if from $chilli_if:network to any -> ($ext_if)
# filter rules
block all
pass quick on lo0 all
pass out quick on $inf_if proto tcp from any port $tcp_services to any keep state
pass in quick on $inf_if proto tcp from any to any port $tcp_services keep state
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
block drop on $int_if all
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $chilli_if from $chilli_if:network to any keep state
pass out on $chilli_if from any to $chilli_if:network keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep stateThis is the configuration for chilli.conf
Code:
#TAG: fg
#fg
# TAG: debug
#debug
# TAG: interval
#interval 3600
# TAG: pidfile
#pidfile /var/run/chilli.pid
# TAG: statedir
#statedir ./
# TUN parameters
# TAG: net
net 192.168.182.0/24
# TAG: dynip
dynip 192.168.182.0/24
# TAG: statip
statip 192.168.182.0/24
# TAG: dns1
#dns1 172.16.0.5
# TAG: dns2
#dns2 172.16.0.6
# TAG: domain
#domain key.chillispot.info
# TAG: ipup
#ipup /etc/chilli.ipup
# TAG: ipdown
#ipdown /etc/chilli.ipdown
# Radius parameters
# TAG: radiuslisten
#radiuslisten 127.0.0.1
# TAG: radiusserver1
radiusserver1 127.0.0.1
# TAG: radiusserver2
radiusserver2 127.0.0.1
# TAG: radiusauthport
#radiusauthport 1812
# TAG: radiusacctport
#radiusacctport 1813
# TAG: radiussecret
radiussecret rainbow
# TAG: radiusnasid
#radiusnasid nas01
# TAG: radiuslocationid
#radiuslocationid isocc=us,cc=1,ac=408,network=ACMEWISP_NewarkAirport
# TAG: radiuslocationname
#radiuslocationname ACMEWISP,Gate_14_Terminal_C_of_Newark_Airport
# Radius proxy parameters
# TAG: proxylisten
#proxylisten 10.0.0.1
# TAG: proxyport
#proxyport 1645
# TAG: proxyclient
#proxyclient 10.0.0.1/24
# TAG: proxysecret
#proxysecret testing123
# DHCP Parameters
# TAG: dhcpif
dhcpif rl0
# TAG: dhcpmac
#dhcpmac 00:00:5E:00:02:00
# TAG: lease
#lease 600
# Universal access method (UAM) parameters
# TAG: uamserver
uamserver [url]http://192.168.182.1/cgi-bin/hotspotlogin.cgi[/url]
# TAG: uamhomepage
#uamhomepage [url]http://192.168.182.1/welcome.html[/url]
# TAG: uamsecret
#uamsecret ht2eb8ej6s4et3rg1ulp
# TAG: uamlisten
#uamlisten 192.168.182.1
# TAG: uamport
#uamport 3990
# TAG: uamallowed
#uamallowed [url]www.chillispot.org,10.11.12.0/24[/url]
# TAG: uamanydns
#uamanydns
# MAC authentication
# TAG: macauth
#macauth
# TAG: macallowed
#macallowed 00-0A-5E-AC-BE-51,00-30-1B-3C-32-E9
# TAG: macpasswd
#macpasswd password
# TAG: macsuffix
#macsuffix suffixI think all of them works fine because when I use [cmd=]$ cat /etc/services | grep radius[/cmd] it gives a reply
Code:
# IMPORTANT NOTE: Ports 1645/1646 are the traditional radius ports used by
#radius 1645/udp #RADIUS authentication protocol (old)
radius 1812/udp #RADIUS authentication protocol (IANA sanctioned)when I test the radius with [cmd=]radtest jancuk jancuk12345 localhost 1812 s3cr3t[/cmd] it gives an answer
Code:
Sending Access-Request of id 188 to 127.0.0.1 port 1812
User-Name = "jancuk"
User-Password = "jancuk12345"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=250, length=106
Class = 0x30373032333435363738
Session-Timeout = 3600
Idle-Timeout = 600
Acct-Interim-Interval = 60
WISPr-Redirection-URL = "http://www.geeklan.co.uk"
WISPr-Bandwidth-Max-Up = 128000
WISPr-Bandwidth-Max-Down = 512000and when I check the status of chillispot with [cmd=]/usr/local/etc/rc.d/chillispot status[/cmd] it gives an answer
Code:
chillispot is running as pid 1620So can anybody help me with this situation? Because I really don't know why the client can get an IP address from the server. I used Linksys WRT54GL as the AP and I have turned off the dhcp client from the AP.
Best regards,
Ryuu