From timwhite88 at gmail.com Wed Sep 7 21:51:05 2016 From: timwhite88 at gmail.com (Timothy White) Date: Thu, 8 Sep 2016 06:51:05 +1000 Subject: [CoovaChilli] HTTP AAA replacing RADIUS question Message-ID: >From my reading of the docs, it appears that replacing RADIUS with HTTP AAA might be very useful and improve the flexibility of my systems. However, I believe we'd lose the ability to send CoA packets, as HTTP AAA is very one way. Are there plans for anything to replace the CoA packets? One idea I had was that we could use accounting packets to send back updated params, the lack of updated params would indicate no CoA, but if we sent back updated params we'd have to include all session params so a CoA could occur. Any thoughts? Regards Tim From denis.dorigo at ddinternet.com Tue Sep 13 09:07:24 2016 From: denis.dorigo at ddinternet.com (Denis Dorigo) Date: Tue, 13 Sep 2016 11:07:24 +0300 Subject: [CoovaChilli] Chrome on Android (https) Message-ID: <85d2bb6e020da740a6a72226fc01a9fd@mail.gmail.com> Good day all, I have just noticed that if the default browser on android is google Chorme, the sign in process does not work as www.googe.com eventually becomes https://www.google.com. What can I do? We have coova in public places?. Thank you in advance. From maxxer at ufficyo.com Sat Sep 17 09:58:40 2016 From: maxxer at ufficyo.com (Lorenzo Milesi) Date: Sat, 17 Sep 2016 10:58:40 +0200 (CEST) Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: <85d2bb6e020da740a6a72226fc01a9fd@mail.gmail.com> References: <85d2bb6e020da740a6a72226fc01a9fd@mail.gmail.com> Message-ID: <268530099.63406.1474102720734.JavaMail.zimbra@yetopen.it> > What can I do? We have coova in public places?. Enable HTTPS redirect in Coova https://uz.sns.it/~enrico/wordpress/2014/04/enabling-https-redirect-in-coova-chilli/ -- Lorenzo Milesi - lorenzo.milesi at yetopen.it YetOpen S.r.l. - http://www.yetopen.it/ From venture37 at geeklan.co.uk Sun Sep 18 20:40:37 2016 From: venture37 at geeklan.co.uk (Sevan Janiyan) Date: Sun, 18 Sep 2016 20:40:37 +0100 Subject: [CoovaChilli] strace zine Message-ID: <6b15f6b7-e10a-a6d7-b6d8-82191cb2b168@geeklan.co.uk> Hello, Something to start the foundations of debugging and apply it to Coova. http://jvns.ca/strace-zine-unfolded.pdf Sevan From jobezic at gmail.com Mon Sep 19 09:22:07 2016 From: jobezic at gmail.com (Giovanni Bez) Date: Mon, 19 Sep 2016 10:22:07 +0200 Subject: [CoovaChilli] strace zine In-Reply-To: <6b15f6b7-e10a-a6d7-b6d8-82191cb2b168@geeklan.co.uk> References: <6b15f6b7-e10a-a6d7-b6d8-82191cb2b168@geeklan.co.uk> Message-ID: Nice! 2016-09-18 21:40 GMT+02:00 Sevan Janiyan : > Hello, > Something to start the foundations of debugging and apply it to Coova. > http://jvns.ca/strace-zine-unfolded.pdf > > > > Sevan > _______________________________________________ > CoovaChilli mailing list > CoovaChilli at brightonchilli.org.uk > https://www.brightonchilli.org.uk/mailman/listinfo/coovachilli > From denis.dorigo at waveloc.com Tue Sep 20 12:46:45 2016 From: denis.dorigo at waveloc.com (Denis Dorigo) Date: Tue, 20 Sep 2016 14:46:45 +0300 Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: <268530099.63406.1474102720734.JavaMail.zimbra@yetopen.it> References: <85d2bb6e020da740a6a72226fc01a9fd@mail.gmail.com> <268530099.63406.1474102720734.JavaMail.zimbra@yetopen.it> Message-ID: <2e0788c40a67dd917acbb3a549c81caf@mail.gmail.com> Thank you Enrico, If it was just as easy! Chrome just throws an invalid certificate error and does not allow to move on. But since the "SIGN IN TO WIFI" process redirects to www.google.com I was hoping that coova could catch it before Chrome converts it to https. Please see this video... and check when Chrome lauches (compared to firefox) https://drive.google.com/file/d/0B0tIo4L0lOvqS2FVLVUxNzVfVVU/view?usp=sharing Denis -----Original Message----- From: CoovaChilli [mailto:coovachilli-bounces at brightonchilli.org.uk] On Behalf Of Lorenzo Milesi Sent: 17 September 2016 11:59 To: coovachilli at brightonchilli.org.uk Subject: Re: [CoovaChilli] Chrome on Android (https) > What can I do? We have coova in public places?. Enable HTTPS redirect in Coova https://uz.sns.it/~enrico/wordpress/2014/04/enabling-https-redirect-in-coova-chilli/ -- Lorenzo Milesi - lorenzo.milesi at yetopen.it YetOpen S.r.l. - http://www.yetopen.it/ _______________________________________________ CoovaChilli mailing list CoovaChilli at brightonchilli.org.uk https://www.brightonchilli.org.uk/mailman/listinfo/coovachilli From denis.dorigo at waveloc.com Tue Sep 20 13:26:52 2016 From: denis.dorigo at waveloc.com (Denis Dorigo) Date: Tue, 20 Sep 2016 15:26:52 +0300 Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: 2e0788c40a67dd917acbb3a549c81caf@mail.gmail.com References: <85d2bb6e020da740a6a72226fc01a9fd@mail.gmail.com> <268530099.63406.1474102720734.JavaMail.zimbra@yetopen.it> 2e0788c40a67dd917acbb3a549c81caf@mail.gmail.com Message-ID: Lorenzo, My apologies for "wrong name".. One of those days... Denis From venture37 at geeklan.co.uk Tue Sep 20 13:36:05 2016 From: venture37 at geeklan.co.uk (Sevan Janiyan) Date: Tue, 20 Sep 2016 13:36:05 +0100 Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: <2e0788c40a67dd917acbb3a549c81caf@mail.gmail.com> References: <85d2bb6e020da740a6a72226fc01a9fd@mail.gmail.com> <268530099.63406.1474102720734.JavaMail.zimbra@yetopen.it> <2e0788c40a67dd917acbb3a549c81caf@mail.gmail.com> Message-ID: On 20/09/2016 12:46, Denis Dorigo wrote: > Chrome just throws an invalid certificate error and does not allow to move > on. > > But since the "SIGN IN TO WIFI" process redirects to www.google.com I was > hoping that coova could catch it before Chrome converts it to https. > > Please see this video... and check when Chrome lauches (compared to firefox) > > https://drive.google.com/file/d/0B0tIo4L0lOvqS2FVLVUxNzVfVVU/view?usp=sharing Are you using a certificate signed by a 3rd party CA or self signed certificate? Sevan From denis.dorigo at ddinternet.com Tue Sep 20 13:40:01 2016 From: denis.dorigo at ddinternet.com (Denis Dorigo) Date: Tue, 20 Sep 2016 15:40:01 +0300 Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: References: <85d2bb6e020da740a6a72226fc01a9fd@mail.gmail.com> <268530099.63406.1474102720734.JavaMail.zimbra@yetopen.it> <2e0788c40a67dd917acbb3a549c81caf@mail.gmail.com> Message-ID: <157479c30e8.27ce.f5c7468b5012a7afd1e3f776bb64eebf@ddinternet.com> it's self signed. ------------------ Best regards Denis Dorigo (sent from mobile device) From maxxer at ufficyo.com Tue Sep 20 13:47:37 2016 From: maxxer at ufficyo.com (Lorenzo Milesi) Date: Tue, 20 Sep 2016 14:47:37 +0200 (CEST) Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: <2e0788c40a67dd917acbb3a549c81caf@mail.gmail.com> References: <85d2bb6e020da740a6a72226fc01a9fd@mail.gmail.com> <268530099.63406.1474102720734.JavaMail.zimbra@yetopen.it> <2e0788c40a67dd917acbb3a549c81caf@mail.gmail.com> Message-ID: <1296514816.124356.1474375657408.JavaMail.zimbra@yetopen.it> > If it was just as easy! > > Chrome just throws an invalid certificate error and does not allow to move > on. There's no other way to do that... In order to intercept SSL traffic and redirect the user to the captive portal you are doing a MITM, so the cert will always be wrong. I've seen other captive portals from Fortinet and Cisco, and they behave the same. -- Lorenzo Milesi - lorenzo.milesi at yetopen.it YetOpen S.r.l. - http://www.yetopen.it/ From jose.borges at algardata.pt Tue Sep 20 13:49:03 2016 From: jose.borges at algardata.pt (=?iso-8859-1?Q?Jos=E9_Borges?=) Date: Tue, 20 Sep 2016 13:49:03 +0100 Subject: [CoovaChilli] Chrome on Android (https) Message-ID: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1CC@ALGEX01.algardata.net> I have solved the Chrome https://www.google.com issue simply by: HS_DNS1=37.235.1.174 HS_DNS2=37.235.1.17 And Removing all domains that resolve to google.com, namely Google-Analytics e o GoogleTagManager Or commenting #HS_UAMDOMAINS= In coovachilli config file. From denis.dorigo at waveloc.com Tue Sep 20 14:02:13 2016 From: denis.dorigo at waveloc.com (Denis Dorigo) Date: Tue, 20 Sep 2016 16:02:13 +0300 Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1CC@ALGEX01.algardata.net> References: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1CC@ALGEX01.algardata.net> Message-ID: <90b6fb63a1acbfafab54df593cc747f4@mail.gmail.com> THANK YOU! Clearing the history from phone and applying HS_DNS1=37.235.1.174 HS_DNS2=37.235.1.17 Seems to have worked. Will this be a permanent solution? From jose.borges at algardata.pt Tue Sep 20 14:03:56 2016 From: jose.borges at algardata.pt (=?iso-8859-1?Q?Jos=E9_Borges?=) Date: Tue, 20 Sep 2016 14:03:56 +0100 Subject: [CoovaChilli] Chrome on Android (https) Message-ID: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1CF@ALGEX01.algardata.net> I have it like that for over a year now, in about 30 hotspots without any glitches. Where users have iphones, android, windows, kindler, ipads, etc etc. From jose.borges at algardata.pt Tue Sep 20 14:04:54 2016 From: jose.borges at algardata.pt (=?iso-8859-1?Q?Jos=E9_Borges?=) Date: Tue, 20 Sep 2016 14:04:54 +0100 Subject: [CoovaChilli] Chrome on Android (https) Message-ID: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1D1@ALGEX01.algardata.net> As long as you dont change the CONFIG file, its permanent. From tluiz at yahoo.com Tue Sep 20 14:16:06 2016 From: tluiz at yahoo.com (Tiago Teodoro) Date: Tue, 20 Sep 2016 13:16:06 +0000 (UTC) Subject: [CoovaChilli] tips for downloading an all-ready coova build References: <2071971124.1505237.1474377366217.ref@mail.yahoo.com> Message-ID: <2071971124.1505237.1474377366217@mail.yahoo.com> Hi team,I was wondering if there is out there a coova build (VMDK or OVF) ready to roll.been looking at implementing a captive portal between our cisco WLC 5508 and the internet for guest users.any tips, pointers appreciated.thanks a lot. ?Atenciosamente, Best Regards, Tiago Luiz Teodoro From denis.dorigo at waveloc.com Mon Sep 26 08:28:19 2016 From: denis.dorigo at waveloc.com (Denis Dorigo) Date: Mon, 26 Sep 2016 10:28:19 +0300 Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1CC@ALGEX01.algardata.net> References: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1CC@ALGEX01.algardata.net> Message-ID: Unfortunately it does not work! Clearing the Chrome cache solves the problem, but then it returns! From denis.dorigo at waveloc.com Mon Sep 26 09:07:06 2016 From: denis.dorigo at waveloc.com (Denis Dorigo) Date: Mon, 26 Sep 2016 11:07:06 +0300 Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: cf5171b49a4d0736b38c1698c0fae708@mail.gmail.com References: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1CC@ALGEX01.algardata.net> cf5171b49a4d0736b38c1698c0fae708@mail.gmail.com Message-ID: <562593f0fbd3fbcc61396c9ee79e1ae3@mail.gmail.com> I have the feeling that this is the cause! https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security But only chrome seems to "act" on it! Am I the only one seeing this?? From venture37 at geeklan.co.uk Mon Sep 26 14:55:11 2016 From: venture37 at geeklan.co.uk (Sevan Janiyan) Date: Mon, 26 Sep 2016 14:55:11 +0100 Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: <562593f0fbd3fbcc61396c9ee79e1ae3@mail.gmail.com> References: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1CC@ALGEX01.algardata.net> <562593f0fbd3fbcc61396c9ee79e1ae3@mail.gmail.com> Message-ID: On 26/09/2016 09:07, Denis Dorigo wrote: > I have the feeling that this is the cause! > > https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security > > But only chrome seems to "act" on it! > > Am I the only one seeing this?? Also lookup certificate pinning. You're not going to work around this, the "right" thing to do is to buy a cert which will allow you to present yourself as such domains, I can't locate a vendor with such a product at the moment, but such facilities are available to "enterprises" which provide access via a proxy. Sevan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From denis.dorigo at waveloc.com Mon Sep 26 16:34:18 2016 From: denis.dorigo at waveloc.com (Denis Dorigo) Date: Mon, 26 Sep 2016 18:34:18 +0300 Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: References: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1CC@ALGEX01.algardata.net> <562593f0fbd3fbcc61396c9ee79e1ae3@mail.gmail.com> Message-ID: Thank you Sevan. I will try and look into this... but somehow I doubt that you can buy certificates for domains you don't own! But I have tried to search high and low via google (with valid certificate) and no one is reporting this issue with coovachilli? It's either that no one is actually checking their installations properly or I am the only one?? Jose, did you actually check your installations with a Samsung phone? One with Chrome installed? They redirect to www.google.com and chrome converts via HST to https://www.google.com. The only way to bypass this ( a few times) is to clear the cache. Thank you all From jose.borges at algardata.pt Mon Sep 26 16:41:33 2016 From: jose.borges at algardata.pt (=?utf-8?B?Sm9zw6kgQm9yZ2Vz?=) Date: Mon, 26 Sep 2016 16:41:33 +0100 Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: References: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1CC@ALGEX01.algardata.net> <562593f0fbd3fbcc61396c9ee79e1ae3@mail.gmail.com> Message-ID: <5E84749AEB3F724DBB27FA1322B64DAA6E5D4467E0@ALGEX01.algardata.net> > Jose, did you actually check your installations with a Samsung phone? One > with Chrome installed? > > They redirect to www.google.com and chrome converts via HST to > https://www.google.com. > > The only way to bypass this ( a few times) is to clear the cache. [Jos? Borges] As mentioned before this is own i have it setup at several hotspots, and until now its working. The browser opens, the www.google.com gets redirected to https://www.google.com, but since the DNS1 and DNS2 entry are not Google's, the customer gets redirected to the UAM portal. From jobezic at gmail.com Mon Sep 26 16:49:39 2016 From: jobezic at gmail.com (Giovanni Bez) Date: Mon, 26 Sep 2016 17:49:39 +0200 Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: <5E84749AEB3F724DBB27FA1322B64DAA6E5D4467E0@ALGEX01.algardata.net> References: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1CC@ALGEX01.algardata.net> <562593f0fbd3fbcc61396c9ee79e1ae3@mail.gmail.com> <5E84749AEB3F724DBB27FA1322B64DAA6E5D4467E0@ALGEX01.algardata.net> Message-ID: Hello Denis, yes i was getting in trouble with this issue but i think the right approach is to avoid the redirect.. for example to get the captive portal screen we use "Access to the wifi network" capability for the mobile when the device detects an hotspot wifi network.. 2016-09-26 17:41 GMT+02:00 Jos? Borges : > > Jose, did you actually check your installations with a Samsung phone? One > > with Chrome installed? > > > > They redirect to www.google.com and chrome converts via HST to > > https://www.google.com. > > > > The only way to bypass this ( a few times) is to clear the cache. > > [Jos? Borges] > As mentioned before this is own i have it setup at several hotspots, and > until now its working. > > The browser opens, the www.google.com gets redirected to > https://www.google.com, but since the DNS1 and DNS2 entry are not > Google's, the customer gets redirected to the UAM portal. > > > > > _______________________________________________ > CoovaChilli mailing list > CoovaChilli at brightonchilli.org.uk > https://www.brightonchilli.org.uk/mailman/listinfo/coovachilli > From denis.dorigo at waveloc.com Mon Sep 26 16:54:31 2016 From: denis.dorigo at waveloc.com (Denis Dorigo) Date: Mon, 26 Sep 2016 18:54:31 +0300 Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: <5E84749AEB3F724DBB27FA1322B64DAA6E5D4467E0@ALGEX01.algardata.net> References: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1CC@ALGEX01.algardata.net> <562593f0fbd3fbcc61396c9ee79e1ae3@mail.gmail.com> <5E84749AEB3F724DBB27FA1322B64DAA6E5D4467E0@ALGEX01.algardata.net> Message-ID: Hi Jose, That?s exactly what I did, and the result came back after the clearing the cache. Reading about it, it has nothing to do with DNS but what the site "throws" at the browser. I am sure you have the same problem... you just have not seen it personally yet! QUOTE from WIKI (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections,[1] and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797. UNQUOTE From denis.dorigo at waveloc.com Mon Sep 26 16:56:37 2016 From: denis.dorigo at waveloc.com (Denis Dorigo) Date: Mon, 26 Sep 2016 18:56:37 +0300 Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: References: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1CC@ALGEX01.algardata.net> <562593f0fbd3fbcc61396c9ee79e1ae3@mail.gmail.com> <5E84749AEB3F724DBB27FA1322B64DAA6E5D4467E0@ALGEX01.algardata.net> Message-ID: <83bb054285804ceae660739234382d31@mail.gmail.com> Hi Giovanni, Thank you, but I do not fully understand... should we take the redirect off?? Did you see my video? https://drive.google.com/file/d/0B0tIo4L0lOvqS2FVLVUxNzVfVVU/view?usp=sharing What do we do against this?? Waveloc ?????? ???????????? Phone: (+30) 2111980738 - 2111980092 Cell: (+30) 6940115120 -----Original Message----- From: CoovaChilli [mailto:coovachilli-bounces at brightonchilli.org.uk] On Behalf Of Giovanni Bez Sent: 26 September 2016 18:50 To: coovachilli at brightonchilli.org.uk Subject: Re: [CoovaChilli] Chrome on Android (https) Hello Denis, yes i was getting in trouble with this issue but i think the right approach is to avoid the redirect.. for example to get the captive portal screen we use "Access to the wifi network" capability for the mobile when the device detects an hotspot wifi network.. 2016-09-26 17:41 GMT+02:00 Jos? Borges : > > Jose, did you actually check your installations with a Samsung > > phone? One with Chrome installed? > > > > They redirect to www.google.com and chrome converts via HST to > > https://www.google.com. > > > > The only way to bypass this ( a few times) is to clear the cache. > > [Jos? Borges] > As mentioned before this is own i have it setup at several hotspots, > and until now its working. > > The browser opens, the www.google.com gets redirected to > https://www.google.com, but since the DNS1 and DNS2 entry are not > Google's, the customer gets redirected to the UAM portal. > > > > > _______________________________________________ > CoovaChilli mailing list > CoovaChilli at brightonchilli.org.uk > https://www.brightonchilli.org.uk/mailman/listinfo/coovachilli > _______________________________________________ CoovaChilli mailing list CoovaChilli at brightonchilli.org.uk https://www.brightonchilli.org.uk/mailman/listinfo/coovachilli From jose.borges at algardata.pt Mon Sep 26 17:00:32 2016 From: jose.borges at algardata.pt (=?utf-8?B?Sm9zw6kgQm9yZ2Vz?=) Date: Mon, 26 Sep 2016 17:00:32 +0100 Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: References: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1CC@ALGEX01.algardata.net> <562593f0fbd3fbcc61396c9ee79e1ae3@mail.gmail.com> <5E84749AEB3F724DBB27FA1322B64DAA6E5D4467E0@ALGEX01.algardata.net> Message-ID: <5E84749AEB3F724DBB27FA1322B64DAA6E5D4467FB@ALGEX01.algardata.net> Yes I had this problem BEFORE i changed the DNS1 and DNS2, and removed anything related to Google (DNS's) from my UAMDOMAINS in the chilli config. Now when I connect to the WIFI, I get a "YOU NEED TO START A SESSION" in the WIFI android list, and when I click it and choose CONNECT, the Chrome opens and after a few seconds (trying to open www.google.com) the browser shows the UAM page OR a icon saying CHECK YOUR INTERNET CONNECTION (open your browser to conclude the connection) which then opens the UAM page. > -----Mensagem original----- > De: Denis Dorigo [mailto:denis.dorigo at waveloc.com] > Enviada: 26 de setembro de 2016 16:55 > Para: Jos? Borges ; Sevan Janiyan > ; coovachilli at brightonchilli.org.uk > Assunto: RE: [CoovaChilli] Chrome on Android (https) > > Hi Jose, > > That?s exactly what I did, and the result came back after the clearing the > cache. > > Reading about it, it has nothing to do with DNS but what the site "throws" > at the browser. > > I am sure you have the same problem... you just have not seen it personally > yet! > > QUOTE from WIKI > (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) > > HTTP Strict Transport Security (HSTS) is a web security policy mechanism > which helps to protect websites against protocol downgrade attacks and > cookie hijacking. It allows web servers to declare that web browsers (or > other complying user agents) should only interact with it using secure HTTPS > connections,[1] and never via the insecure HTTP protocol. HSTS is an IETF > standards track protocol and is specified in RFC 6797. > > UNQUOTE > From denis.dorigo at waveloc.com Mon Sep 26 17:19:46 2016 From: denis.dorigo at waveloc.com (Denis Dorigo) Date: Mon, 26 Sep 2016 19:19:46 +0300 Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: <5E84749AEB3F724DBB27FA1322B64DAA6E5D4467FB@ALGEX01.algardata.net> References: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1CC@ALGEX01.algardata.net> <562593f0fbd3fbcc61396c9ee79e1ae3@mail.gmail.com> <5E84749AEB3F724DBB27FA1322B64DAA6E5D4467E0@ALGEX01.algardata.net> <5E84749AEB3F724DBB27FA1322B64DAA6E5D4467FB@ALGEX01.algardata.net> Message-ID: This is my config.... After I clear the Chrome cache all works ok... for a few times.. then back to https! HS_LANIF=ra0 HS_NETWORK=192.168.182.0HS_NETMASK=255.255.255.0 HS_UAMLISTEN=192.168.182.1HS_UAMPORT=3990 HS_UAMUIPORT=4990 HS_DYNIP=192.168.182.1HS_DYNIP_MASK=255.255.255.0 HS_DNS1=37.235.1.174 HS_DNS2=37.235.1.17 HS_NASID=WAVELOC-DEMO5 HS_RADIUS=XXXXXXXX.WAVELOC.COM HS_RADIUS2=XXXXXXXX.WAVELOC.COM HS_UAMALLOW=XXXXXXXXXX.waveloc.com,drink-and-food.com HS_RADSECRET=XXXXXXXXXXXX HS_UAMSECRET=XXXXXXXXXXXXX HS_REDIRSSL=on HS_SSLKEYFILE=/etc/chilli/mycert.pem HS_SSLCERTFILE=/etc/chilli/mycert.pem HS_UAMSERVER=$HS_UAMLISTEN HS_UAMFORMAT=http://XXXXXXX.waveloc.com/cake2/rd_cake/dynamic_details/chilli_browser_detect/ HS_MACAUTH=on HS_PROVIDER=Coova HS_PROVIDER_LINK=http://www.waveloc.com/ HS_LOC_NAME="My HotSpot" From ffichter at mac.com Mon Sep 26 20:16:51 2016 From: ffichter at mac.com (Frederic Fichter) Date: Mon, 26 Sep 2016 21:16:51 +0200 Subject: [CoovaChilli] Event-Timestamp is wrong Message-ID: <20160926191651.GA2553@smallfry.home> Hello Coovachilli fans, Small but significant problem with my Coovachilli setup on OpenWRT (Bleeding Edge). Although timezone is correctly defined in /etc/config/system and the system time is OK, the Event-Timestamp sent by Coovachilli is vastly off. How shall I tackle this problem ? Thanks much for your help ! Fred From venture37 at geeklan.co.uk Mon Sep 26 23:02:18 2016 From: venture37 at geeklan.co.uk (Sevan Janiyan) Date: Mon, 26 Sep 2016 23:02:18 +0100 Subject: [CoovaChilli] Chrome on Android (https) In-Reply-To: References: <5E84749AEB3F724DBB27FA1322B64DAA6E5D3AF1CC@ALGEX01.algardata.net> <562593f0fbd3fbcc61396c9ee79e1ae3@mail.gmail.com> Message-ID: On 26/09/2016 16:34, Denis Dorigo wrote: > Thank you Sevan. > > I will try and look into this... but somehow I doubt that you can buy > certificates for domains you don't own! Don't worry about a specific domain, it's a intermediate CA cert. :) eg http://www.securitycurmudgeon.com/2016/05/bluecoat-has-intermediate-ca-signed-by.html Sevan From ffichter at me.com Mon Sep 26 20:09:30 2016 From: ffichter at me.com (Frederic Fichter) Date: Mon, 26 Sep 2016 19:09:30 -0000 Subject: [CoovaChilli] Event-Timestamp is wrong Message-ID: <20160926191142.GA2398@smallfry.home> Hello Coovachilli fans, Small but significant problem with my Coovachilli setup on OpenWRT (Bleeding Edge). Although timezone is correctly defined in /etc/config/system and the system time is OK, the Event-Timestamp sent by Coovachilli is vastly off. How shall I tackle this problem ? Thanks much for your help ! Fred From ffichter at me.com Mon Sep 26 20:12:43 2016 From: ffichter at me.com (Frederic Fichter) Date: Mon, 26 Sep 2016 19:12:43 -0000 Subject: [CoovaChilli] Event-Timestamp is wrong Message-ID: <20160926191500.GA2492@smallfry.home> Hello Coovachilli fans, Small but significant problem with my Coovachilli setup on OpenWRT (Bleeding Edge). Although timezone is correctly defined in /etc/config/system and the system time is OK, the Event-Timestamp sent by Coovachilli is vastly off. How shall I tackle this problem ? Thanks much for your help ! Fred