blob: fbbe22bc629bcc9729c47d1d9e45957515bf4d20 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
|
##############################################################################
#
# Sample ChilliSpot configuration file
#
##############################################################################
# General settings
config general
# Enable this flag to include debug information.
option debug 0
# Re-read configuration file at this interval. Will also cause new domain
# name lookups to be performed. Value is given in seconds.
option interval 3600
# File to store information about the process id of the program.
# The program must have write access to this file/directory.
option pidfile /var/run/chilli.pid
# Directory to use for nonvolatile storage.
# The program must have write access to this directory.
# This tag is currently ignored
#option statedir ./
# Remote configuration management
config remoteconfig
# If confusername is specified together with confpassword chillispot
# will at regular intervals specified by the interval option query the
# radius server for configuration information.
# Normally you do not need to uncomment this tag.
option confusername ""
# If confusername is specified together with confpassword chillispot
# will at regular intervals specified by the interval option query the
# radius server for configuration information.
# Normally you do not need to uncomment this tag.
option confpassword ""
# TUN parameters
config tun
# IP network address of external packet data network
# Used to allocate dynamic IP addresses and set up routing.
# Normally you do not need to uncomment this tag.
option net 192.168.182.0/24
# Dynamic IP address pool
# Used to allocate dynamic IP addresses to clients.
# If not set it defaults to the net tag.
# Do not uncomment this tag unless you are an experienced user!
#option dynip 192.168.182.0/24
# Static IP address pool
# Used to allocate static IP addresses to clients.
# Do not uncomment this tag unless you are an experienced user!
#option statip 192.168.182.0/24
# Primary DNS server.
# Will be suggested to the client.
# If omitted the system default will be used.
# Normally you do not need to uncomment this tag.
#option dns1 172.16.0.5
# Secondary DNS server.
# Will be suggested to the client.
# If omitted the system default will be used.
# Normally you do not need to uncomment this tag.
#option dns2 172.16.0.6
# Domain name
# Will be suggested to the client.
# Normally you do not need to uncomment this tag.
option domain key.chillispot.org
# Script executed after network interface has been brought up.
# Executed with the following parameters: <devicename> <ip address> <mask>
# Normally you do not need to uncomment this tag.
#option ipup /etc/chilli.ipup
# Script executed after network interface has been taken down.
# Executed with the following parameters: <devicename> <ip address> <mask>
# Normally you do not need to uncomment this tag.
#option ipdown /etc/chilli.ipdown
# Script executed after a user has been authenticated.
# Executed with the following parameters: <devicename> <ip address>
# <mask> <user ip address> <user mac address> <filter ID>
# Normally you do not need to uncomment this tag.
#option conup /etc/chilli.conup
# Script executed after a user has disconnected.
# Executed with the following parameters: <devicename> <ip address>
# <mask> <user ip address> <user mac address> <filter ID>
# Normally you do not need to uncomment this tag.
#option condown /etc/chilli.condown
# DHCP Parameters
config dhcp
# Ethernet interface to listen to.
# This is the network interface which is connected to the access points.
# In a typical configuration this tag should be set to eth1.
option dhcpif eth1
# Use specified MAC address.
# An address in the range 00:00:5E:00:02:00 - 00:00:5E:FF:FF:FF falls
# within the IANA range of addresses and is not allocated for other
# purposes.
# Normally you do not need to uncomment this tag.
#option dhcpmac 00:00:5E:00:02:00
# Time before DHCP lease expires
# Normally you do not need to uncomment this tag.
#option lease 600
# Radius parameters
config radius
# IP address to listen to
# Normally you do not need to uncomment this tag.
#option radiuslisten 127.0.0.1
# IP address of radius server 1
# For most installations you need to modify this tag.
option radiusserver1 rad01.chillispot.org
# IP address of radius server 2
# If you have only one radius server you should set radiusserver2 to the
# same value as radiusserver1.
# For most installations you need to modify this tag.
option radiusserver2 rad02.chillispot.org
# Radius authentication port
# The UDP port number to use for radius authentication requests.
# The same port number is used for both radiusserver1 and radiusserver2.
# Normally you do not need to uncomment this tag.
#option radiusauthport 1812
# Radius accounting port
# The UDP port number to use for radius accounting requests.
# The same port number is used for both radiusserver1 and radiusserver2.
# Normally you do not need to uncomment this tag.
#option radiusacctport 1813
# Radius shared secret for both servers
# For all installations you should modify this tag.
#option radiussecret testing123
# Radius NAS-Identifier
# Normally you do not need to uncomment this tag.
#option radiusnasid nas01
# Radius NAS-IP-Address
# Normally you do not need to uncomment this tag.
#option radiusnasip 127.0.0.1
# Radius Called-Station-ID
# Normally you do not need to uncomment this tag.
#option radiuscalled 00133300
# WISPr Location ID. Should be in the format: isocc=<ISO_Country_Code>,
# cc=<E.164_Country_Code>,ac=<E.164_Area_Code>,network=<ssid/ZONE>
# Normally you do not need to uncomment this tag.
#option radiuslocationid isocc=us,cc=1,ac=408,network=ACMEWISP_NewarkAirport
# WISPr Location Name. Should be in the format:
# <HOTSPOT_OPERATOR_NAME>,<LOCATION>
# Normally you do not need to uncomment this tag.
#option radiuslocationname ACMEWISP,Gate_14_Terminal_C_of_Newark_Airport
# Radius proxy parameters
config proxy
# IP address to listen to
# Normally you do not need to uncomment this tag.
#option proxylisten 10.0.0.1
# UDP port to listen to.
# If not specified a port will be selected by the system
# Normally you do not need to uncomment this tag.
#option proxyport 1645
# Client(s) from which we accept radius requests
# Normally you do not need to uncomment this tag.
#option proxyclient 10.0.0.1/24
# Radius proxy shared secret for all clients
# If not specified defaults to radiussecret
# Normally you do not need to uncomment this tag.
#option proxysecret testing123
# Universal access method (UAM) parameters
config uam
# URL of web server handling authentication.
option uamserver https://radius.chillispot.org/hotspotlogin
# URL of welcome homepage.
# Unauthenticated users will be redirected to this URL. If not specified
# users will be redirected to the uamserver instead.
# Normally you do not need to uncomment this tag.
#option uamhomepage http://192.168.182.1/welcome.html
# Shared between chilli and authentication web server
#option uamsecret ht2eb8ej6s4et3rg1ulp
# IP address to listen to for authentication requests
# Do not uncomment this tag unless you are an experienced user!
#option uamlisten 192.168.182.1
# TCP port to listen to for authentication requests
# Do not uncomment this tag unless you are an experienced user!
#option uamport 3990
# Comma separated list of domain names, IP addresses or network segments
# the client can access without first authenticating.
# It is possible to specify this tag multiple times.
# Normally you do not need to uncomment this tag.
#list uamallowed www.chillispot.org
#list uamallowed 10.11.12.0/24
# If this flag is given unauthenticated users are allowed to use
# any DNS server.
# Normally you do not need to uncomment this tag.
#uamanydns
# MAC authentication
config macauth
# If this flag is given users will be authenticated only on their MAC
# address.
# Normally you do not need to enable this flag.
option macauth 0
# List of MAC addresses.
# The MAC addresses specified in this list will be authenticated only on
# their MAC address.
# This tag is ignored if the macauth tag is given.
# It is possible to specify this tag multiple times.
# Normally you do not need to uncomment this tag.
#list macallowed 00-0A-5E-AC-BE-51
#list macallowed 00-30-1B-3C-32-E9
# Password to use for MAC authentication.
# Normally you do not need to uncomment this tag.
#option macpasswd password
# Suffix to add to MAC address in order to form the username.
# Normally you do not need to uncomment this tag.
#option macsuffix suffix
|
