Agus Priyadi and Mafia.Or.ID

blog all about (brains colocations)

Setting up Chillispot on DD-WRT

Posted by mafiaid on 6 September 2007

Setting up Chillispot on DD-WRT


Chillispot on DD-WRT does not work out of the box ie. Chillispot is not self contained but requires external web server (and RADIUS server) to operate. Let’s put it together.

1. Set up your RADIUS server. This is how you set up RADIUS server with OpenLDAP.

2. Set up a web server on a PC (it could be the same machine as the RADIUS server depending on your security paranoia)

3. Install Chillispot on that PC and configure hotspotlogin.cgi. From another machine on your network open up following URL https://webserver/cgi-bin/hotspotlogin.cgi. You should be greeted with following message.

Login Failed

Login must be performed through Chillispot daemon.
That is a good sign🙂.

4. Log into the admin interface on DD-WRT. Turn off DD-WRT’s DHCP server. This may not be required but I would see funny behavior when I would reboot the router. ChilliSpot has a built-in DHCP server so it is better to lessen the confusion.

5. Go to the Administration page and configure Chillispot ie.

  • Primary Radius Server IP – RADIUS server IP
  • Backup Radius Server IP – If you don’t have backup put the same IP address as the Primary
  • DNS – IP address of your DNS server
  • Redirect URL – This is the URL we tried above ie. https://webserver/cgi-bin/hotspotlogin.cgi
  • Shared Key – This is the RADIUS shared secret
  • DHCP Interfaces – Do you want ChilliSpot to apply to only wired ports, wireless or both

You could also configure additional Chillispot options  e.g. if you want to allow people to be able to access certain IP addresses or ranges you can add

uamallowed 192.168.182.1,192.168.0.0/16

6. Only other gotcha is if you are using RADIUS to authenticate against e.g. /etc/passwd, YP/NIS or LDAP with MD5/SHA1 hashes you will need to configure hotspotlogin.cgi on external webserver as follows

# Uncomment the following line if you want to use ordinary user-password
# for radius authentication. Must be used together with $uamsecret.
$userpassword=1;
$uamsecret=”testing123″;

And add

uamsecret testing123


Under DD-WRT Chillispot additional options.

7. If you are curious about mechanics of this configuration please check out following post

In short Damjan says (spelling corrected)

5.6.7.8 doesn’t communicate with the radius on 1.2.3.4, 5.6.7.8 sends a HTML response to the client, but in that response there’s also a hidden XML part. Since this response passes through chillispot, chillispot parses that XML, decodes the username and the password (either plain text or CHAP-challenge,CHAP-password), and then chillispot itself communicates with the radius server on 1.2.3.4. BTW.

I too was wondering the same questions, since chillispot documentation doesn’t describe how it operates, so I started debugging with Firefox, LiveHTTPHeaders, netcat etc..



Last Update: $Date$ Author: Vladimir Vuksan E-mail me

source http://vuksan.com/linux/chillispot/dd-wrt-chillispot.html

Tags: , ,

One Response to “Setting up Chillispot on DD-WRT”

  1. femi said

    I wonder if you could help me; i have a linksys wrt54gl, i have flashed ddwrt v23sp2, i have freeradius.net for windows and apache 2.2.14 with openssl and mysql server 5.1.38. I need to configure my setup such that wireless and wired clients on my LAN are authenticated via a splash page before accessing the Internet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: