aboutsummaryrefslogtreecommitdiff
path: root/net/coova-chilli/files
diff options
context:
space:
mode:
Diffstat (limited to 'net/coova-chilli/files')
-rw-r--r--net/coova-chilli/files/chilli.config230
-rw-r--r--net/coova-chilli/files/chilli.firewall41
-rw-r--r--net/coova-chilli/files/chilli.init61
3 files changed, 332 insertions, 0 deletions
diff --git a/net/coova-chilli/files/chilli.config b/net/coova-chilli/files/chilli.config
new file mode 100644
index 000000000..6aa98373d
--- /dev/null
+++ b/net/coova-chilli/files/chilli.config
@@ -0,0 +1,230 @@
+#
+# Sample Coova-Chilli configuration file
+#
+
+config chilli
+ # disable to running chilli. remove this option before running.
+ option disabled 1
+
+ # name of TUN device name. required.
+ option tundev 'tun0'
+
+ # Include this flag if process is to run in the foreground
+ #option fg
+
+ # Include this flag to include debug information.
+ #option debug 9
+
+ # Re-read configuration file at this interval. Will also cause new domain
+ # name lookups to be performed. Value is given in seconds.
+ #option interval 3600
+
+ # File to store information about the process id of the program.
+ # The program must have write access to this file/directory.
+ #option pidfile /var/run/chilli.pid
+
+ # Directory to use for nonvolatile storage.
+ # The program must have write access to this directory.
+ # this option is currently ignored
+ #option statedir ./
+
+
+ # TUN parameters
+
+ # IP network address of external packet data network
+ # Used to allocate dynamic IP addresses and set up routing.
+ # Normally you do not need to uncomment this option.
+ #option net 192.168.182.0/24
+
+ # Dynamic IP address pool
+ # Used to allocate dynamic IP addresses to clients.
+ # If not set it defaults to the net tag.
+ # Do not uncomment this option unless you are an experienced user!
+ #option dynip 192.168.182.0/24
+
+ # Static IP address pool
+ # Used to allocate static IP addresses to clients.
+ # Do not uncomment this option unless you are an experienced user!
+ #option statip 192.168.182.0/24
+
+
+ # Primary DNS server.
+ # Will be suggested to the client.
+ # If omitted the system default will be used.
+ # Normally you do not need to uncomment this option.
+ #option dns1 172.16.0.5
+
+ # Secondary DNS server.
+ # Will be suggested to the client.
+ # If omitted the system default will be used.
+ # Normally you do not need to uncomment this option.
+ #option dns2 172.16.0.6
+
+ # Domain name
+ # Will be suggested to the client.
+ # Normally you do not need to uncomment this option.
+ #option domain key.chillispot.org
+
+ # Script executed after network interface has been brought up.
+ # Executed with the following parameters: <devicename> <ip address>
+ # <mask>
+ # Normally you do not need to uncomment this option.
+ #option ipup /etc/chilli.ipup
+
+ # Script executed after network interface has been taken down.
+ # Executed with the following parameters: <devicename> <ip address>
+ # <mask>
+ # Normally you do not need to uncomment this option.
+ #option ipdown /etc/chilli.ipdown
+
+
+ # Radius parameters
+
+ # IP address to listen to
+ # Normally you do not need to uncomment this option.
+ #option radiuslisten 127.0.0.1
+
+ # IP address of radius server 1
+ # For most installations you need to modify this option.
+ radiusserver1 rad01.chillispot.org
+
+ # IP address of radius server 2
+ # If you have only one radius server you should set radiusserver2 to the
+ # same value as radiusserver1.
+ # For most installations you need to modify this option.
+ radiusserver2 rad02.chillispot.org
+
+ # Radius authentication port
+ # The UDP port number to use for radius authentication requests.
+ # The same port number is used for both radiusserver1 and radiusserver2.
+ # Normally you do not need to uncomment this option.
+ #option radiusauthport 1812
+
+ # Radius accounting port
+ # The UDP port number to use for radius accounting requests.
+ # The same port number is used for both radiusserver1 and radiusserver2.
+ # Normally you do not need to uncomment this option.
+ #option radiusacctport 1813
+
+ # Radius shared secret for both servers
+ # For all installations you should modify this option.
+ #option radiussecret testing123
+
+ # Radius NAS-Identifier
+ # Normally you do not need to uncomment this option.
+ #option radiusnasid nas01
+
+ # WISPr Location ID. Should be in the format: isocc=<ISO_Country_Code>,
+ # cc=<E.164_Country_Code>,ac=<E.164_Area_Code>,network=<ssid/ZONE>
+ # Normally you do not need to uncomment this option.
+ #option radiuslocationid isocc=us,cc=1,ac=408,network=ACMEWISP_NewarkAirport
+
+ # WISPr Location Name. Should be in the format:
+ # <HOTSPOT_OPERATOR_NAME>,<LOCATION>
+ # Normally you do not need to uncomment this option.
+ #option radiuslocationname ACMEWISP,Gate_14_Terminal_C_of_Newark_Airport
+
+
+ # Radius proxy parameters
+
+ # IP address to listen to
+ # Normally you do not need to uncomment this option.
+ #option proxylisten 10.0.0.1
+
+ # UDP port to listen to.
+ # If not specified a port will be selected by the system
+ # Normally you do not need to uncomment this option.
+ #option proxyport 1645
+
+ # Client(s) from which we accept radius requests
+ # Normally you do not need to uncomment this option.
+ #option proxyclient 10.0.0.1/24
+
+ # Radius proxy shared secret for all clients
+ # If not specified defaults to radiussecret
+ # Normally you do not need to uncomment this option.
+ #option proxysecret testing123
+
+
+ # DHCP Parameters
+
+ # Ethernet interface to listen to.
+ # This is the network interface which is connected to the access points.
+ # In a typical configuration this option should be set to eth1.
+ dhcpif eth1
+
+ # Use specified MAC address.
+ # An address in the range 00:00:5E:00:02:00 - 00:00:5E:FF:FF:FF falls
+ # within the IANA range of addresses and is not allocated for other
+ # purposes.
+ # Normally you do not need to uncomment this option.
+ #option dhcpmac 00:00:5E:00:02:00
+
+ # Time before DHCP lease expires
+ # Normally you do not need to uncomment this option.
+ #option lease 600
+
+
+ # Universal access method (UAM) parameters
+
+ # URL of web server handling authentication.
+ uamserver https://radius.chillispot.org/hotspotlogin
+
+ # URL of welcome homepage.
+ # Unauthenticated users will be redirected to this URL. If not specified
+ # users will be redirected to the uamserver instead.
+ # Normally you do not need to uncomment this option.
+ #option uamhomepage http://192.168.182.1/welcome.html
+
+ # Shared between chilli and authentication web server
+ #option uamsecret ht2eb8ej6s4et3rg1ulp
+
+ # IP address to listen to for authentication requests
+ # Do not uncomment this option unless you are an experienced user!
+ #option uamlisten 192.168.182.1
+
+ # TCP port to listen to for authentication requests
+ # Do not uncomment this option unless you are an experienced user!
+ #option uamport 3990
+
+ # Comma separated list of domain names, IP addresses or network segments
+ # the client can access without first authenticating.
+ # It is possible to specify this option multiple times.
+ # Normally you do not need to uncomment this option.
+ #option uamallowed www.chillispot.org,10.11.12.0/24
+
+ # Comma separated list of domain names
+ # the client can access without first authenticating.
+ # It is possible to specify this option multiple times.
+ # Normally you do not need to uncomment this option.
+ #option uamdomain .chillispot.org,.coova.org
+
+ # If this flag is given unauthenticated users are allowed to use
+ # any DNS server.
+ # Normally you do not need to uncomment this option.
+ #option uamanydns
+
+
+ # MAC authentication
+
+ # If this flag is given users will be authenticated only on their MAC
+ # address.
+ # Normally you do not need to uncomment this option.
+ #option macauth
+
+ # List of MAC addresses.
+ # The MAC addresses specified in this list will be authenticated only on
+ # their MAC address.
+ # this option is ignored if the macauth tag is given.
+ # It is possible to specify this option multiple times.
+ # Normally you do not need to uncomment this option.
+ #option macallowed 00-0A-5E-AC-BE-51,00-30-1B-3C-32-E9
+
+ # Password to use for MAC authentication.
+ # Normally you do not need to uncomment this option.
+ #option macpasswd password
+
+ # Suffix to add to MAC address in order to form the username.
+ # Normally you do not need to uncomment this option.
+ #option macsuffix suffix
+
diff --git a/net/coova-chilli/files/chilli.firewall b/net/coova-chilli/files/chilli.firewall
new file mode 100644
index 000000000..a5b1d001e
--- /dev/null
+++ b/net/coova-chilli/files/chilli.firewall
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+chilli_firewall() {
+ local cfg="$1"
+
+ local network ifname tun
+
+ config_get network "$cfg" network
+
+ . /lib/functions/network.sh
+ network_get_device ifname ${network:-lan}
+
+ if [ "$ifname" = "" ]
+ then
+ config_get ifname "$cfg" dhcpif
+ fi
+
+ config_get tun "$cfg" tundev
+
+ for n in ACCEPT DROP REJECT
+ do
+ iptables -F zone_${network}_${n}
+ iptables -I zone_${network}_${n} -i $tun -j $n
+ iptables -I zone_${network}_${n} -o $tun -j $n
+ done
+
+ iptables -D forward -i ${ifname} -j zone_${network}_forward
+ iptables -A forward -i ${ifname} -j DROP
+ iptables -A forward -i $tun -j zone_${network}_forward
+
+ iptables -D input -i ${ifname} -j zone_${network}
+ iptables -A input -i $tun -j zone_${network}
+
+ iptables -I zone_${network} -p tcp --dport 3990 -j ACCEPT
+ iptables -I zone_${network} -p tcp --dport 3991 -j ACCEPT
+}
+
+chilli_post_core_cb() {
+ config_load chilli
+ config_foreach chilli_firewall chilli
+}
diff --git a/net/coova-chilli/files/chilli.init b/net/coova-chilli/files/chilli.init
new file mode 100644
index 000000000..15b79af37
--- /dev/null
+++ b/net/coova-chilli/files/chilli.init
@@ -0,0 +1,61 @@
+#!/bin/sh /etc/rc.common
+
+START=30
+STOP=90
+
+config_cb() {
+ chilli_inst=$2
+ if [ "$chilli_inst" != "" ]
+ then
+ rm -f /var/run/chilli_${chilli_inst}*
+ chilli_conf=/var/run/chilli_${chilli_inst}.conf
+ eval "start_chilli_$chilli_inst=1"
+ fi
+}
+
+option_cb() {
+ case "$1" in
+ # UCI settings
+ network)
+ . /lib/functions/network.sh
+ local ifname
+ network_get_device ifname $2
+ echo "dhcpif=\"$ifname\"" >> $chilli_conf
+ ;;
+ disabled)
+ eval "start_chilli_$chilli_inst=0"
+ ;;
+ # boolean settings
+ dhcpbroadcast|nodynip|vlanlocation|locationstopstart|locationcopycalled|locationimmediateupdate|locationopt82|coanoipcheck|noradallow|proxymacaccept|proxyonacct|dhcpmacset|dhcpradius|noc2c|eapolenable|uamanydns|uamanyip|uamnatanyip|nouamsuccess|nowispr1|nowispr2|domaindnslocal|radsec|macauth|macreauth|macauthdeny|macallowlocal|strictmacauth|strictdhcp|ieee8021q|only8021q|radiusoriginalurl|swapoctets|statusfilesave|wpaguests|openidauth|papalwaysok|mschapv2|chillixml|acctupdate|dnsparanoia|seskeepalive|usetap|noarpentries|framedservice|scalewin|redir|injectwispr|redirurl|routeonetone|nousergardendata|uamgardendata|uamotherdata|withunixipc|uamallowpost|redirssl|uamuissl|layer3|patricia|redirdnsreq|dhcpnotidle|ipv6|ipv6only)
+ [ "$2" = "true" -o "$2" = "1" ] && echo "$1" >> $chilli_conf
+ ;;
+ *)
+ echo "$1=\"$2\"" >> $chilli_conf
+ ;;
+ esac
+}
+
+start_chilli() {
+ local cfg="$1"
+ local start_chilli=$(eval "echo \$start_chilli_$cfg")
+ [ "$start_chilli" = "0" ] && return
+ local base=/var/run/chilli_${cfg}
+ chilli -c ${base}.conf \
+ --pidfile ${base}.pid \
+ --cmdsocket ${base}.sock \
+ --unixipc ${base}.ipc &
+}
+
+start() {
+ config_load chilli
+ config_foreach start_chilli chilli
+}
+
+stop() {
+ ls /var/run/chilli*.pid 2>/dev/null && {
+ kill $(cat /var/run/chilli*.pid)
+ sleep 1
+ killall -9 chilli
+ rm -f /var/run/chilli*
+ }
+}
Powered by cgit, Themed by Ted Yin.