[CoovaChilli] 802.1x captive portal with AWS

Karen Sittig kasittig at gmail.com
Fri May 26 19:54:49 BST 2017


Hey all,

I have a (hopefully quick) question about configuring my CoovaChilli
install to use a captive portal with wpaguests enabled and cert-based
authentication.

My captive portal link contains a workflow where users can download
certificates. I've verified that my RADIUS authentication works properly
(users can authenticate with a known good username / password or with
certificates).

Here's an example accept with a known good username and password:

(131) Sent Access-Accept Id 142 from 172.31.28.194:1812 to
199.201.65.144:5190 length 0
(131)   MS-MPPE-Recv-Key =
0x6c359f0f93f9ebe53298a5e96540f4039caf6da76b8163e041cdc67be22ba11b
(131)   MS-MPPE-Send-Key =
0x739d044e6fe9bbf50dc30833e1bfacb1ff0fcced73dc6ccd46baf99b454b5481
(131)   EAP-Message = 0x03f60004
(131)   Message-Authenticator = 0x00000000000000000000000000000000
(131)   User-Name = "testing"
(131)   ChilliSpot-Config += "require-uam-auth"

Accepts with certificates don't include a 'ChilliSpot-Config' parameter.

My problem is that all users get captive portaled by CoovaChilli, even when
they've successfully authenticated with certificates and there is no
'require-uam-auth' parameter in the RADIUS response. I believe this is
because I haven't configured my proxy parameters correctly.

My RADIUS server is running on an AWS server with internal IP 1.2.3.4 and
external IP 5.6.7.8.

My access point is running CoovaChilli. CoovaChilli gives an address of
192.168.182.1 for the router, and the address of the interface itself is
9.10.11.12.

What should the values for proxyhost and proxyclient be in my config so
that things work correctly and my captive portal doesn't pop up for every
user?

Thanks!
-Karen


More information about the CoovaChilli mailing list