• Registered: 2007-11-13
  • Posts: 15

Topic: Chillispot and WPA enterprise

Hi,

I have chillispot 1.0 on OpenWRT, working with freeradius 1.17 and mysql 5.0 driving a hotspot solution. I only use use the following attributes:
User-Password
Simultaneous-Use
Max-All-Session
Expiration
It all works fine, but I have no encryption on the wifi connection. Can I use chillispot in conjunction with wpa enterprise? If so, what would I need to configure on OpenWRT and/or the freeradius server and/or chillispot?
If this is not feasible, what other options do I have to encrypt wifi traffic without a key that people have to manually type in (as with normal WPA is the case)?
Any input welcome.

Thanks

*************
Auckland, New Zealand

  • From: Worthing
  • Registered: 2007-09-28
  • Posts: 72

Re: Chillispot and WPA enterprise

chilli does WPA-Enterprise out of the box with radius, just enable 3 options in the /etc/chilli.conf   - they are


eapolenable
coaport 3799
coanoipcheck


your freeradius or whatever radius you are using needs to be setup correctly. My Vista workstation tells me using "netsh" that i am using WPA-Enterprise, and i cant sniff user traffic.

Regards. .

simplywifi's Website

  • Registered: 2007-11-13
  • Posts: 15

Re: Chillispot and WPA enterprise

Thanks for the reply.
Can you expand a bit on 'the freeradius server needs to be set up correctly'?
What reply parameters does chilli need to work? Which authentication methods need to be activated on the radius server (PAP, CHAP, others) or is this irrelevant?
Most importantly, does there need to be any installation on the client, i.e. laptop? Is a preshared key required? Or is this provided by the radius server on authentication? If so, again, what parameter is used to do that?

Any thoughts/input?

*************

  • From: Worthing
  • Registered: 2007-09-28
  • Posts: 72

Re: Chillispot and WPA enterprise

without going into too much detail as its detailed elsewhere on the forum,

enable SQL auth/logging etc get users from MySQL i use this in a table -

PAP and CHAP and EAP - EAP-TTLS with Cert for auth, i disabled most everything else.

i have chilli working with freeradius1 and freeradius2beta

goto sourceforge and search for wifipaypal smile its execlent, i made a few mods to it and now it uses WISPr-Session-Terminate-Time my clients signup for 24 hours, 7 days or 1 month and WISPr-Session-Terminate-Time takes care of the rest.

i give users 2mb down and 256k up for bandwidth...

in place of Max-All-Session and Expiration  i use WISPr-Session-Terminate-Time this works perfect...

SAMPLE for a 1 day user created on the 30/01/2008 at 09:50:31, i allow for 2 hours extra on any signup as a period of grace. from RADCHECK table in Radius......

| 249 | cetrab14  | User-Password                | := | lutdukad                        |
| 250 | cetrab14  | Simultaneous-Use             | := | 1                               |
| 251 | cetrab14  | WISPr-Session-Terminate-Time | := | 2008-01-31T9:50:31+02:00        |
| 252 | cetrab14  | WISPr-Bandwidth-Max-Up       | := | 262144                          |
| 253 | cetrab14  | WISPr-Bandwidth-Max-Down     | := | 2621440       

nothing is needed on client pc/laptop its all done by chilli / freeradius, but you MUST include the chilli dictonary file in radius dictonary file.


to see what wifipaypal is like goto https://secure.simplywifi.co.uk/wifipay/  its not live yet so feel free to paypal me

simplywifi's Website

  • Registered: 2007-11-13
  • Posts: 15

Re: Chillispot and WPA enterprise

Hi Andrew,
thanks for your reply. I have all this running now quite well, too.
The question about the freeradius setup was not coined towards the WISPr or Chillispot parameters, but how did you set it up to enable Enterprise WAP? Is it really just those three parameters in chillispot? Nothing to be done on freeradius?
Can you confirm this is so and what you meant?
Thanks
*************

  • Registered: 2007-11-13
  • Posts: 15

Re: Chillispot and WPA enterprise

Hi,
as per my other post I cannot confirm that setting the three parameters

eapolenable
coaport 3799
coanoipcheck

in /etc/chilli.conf enable WPA enterprise on their own. My Vista client still shows the Hotspot as 'Unsecured Network'. Some other configuration seems to be missing. 

Any other input/ideas anyone?

Cheers

*************

  • From: Worthing
  • Registered: 2007-09-28
  • Posts: 72

Re: Chillispot and WPA enterprise

ive reinstalled my server with Centos4 i was FC3 before, its not working now, im even testing TLS and TTLS but i just cant yet make it work, 3 years of no other traffic on my network now i can sniff other users, i hate it when i fix it ill let you know. . .

simplywifi's Website