[CoovaChilli] 802.1x captive portal with AWS
kasittig at gmail.com
Fri May 26 19:54:49 BST 2017
I have a (hopefully quick) question about configuring my CoovaChilli
install to use a captive portal with wpaguests enabled and cert-based
My captive portal link contains a workflow where users can download
certificates. I've verified that my RADIUS authentication works properly
(users can authenticate with a known good username / password or with
Here's an example accept with a known good username and password:
(131) Sent Access-Accept Id 142 from 172.31.28.194:1812 to
22.214.171.124:5190 length 0
(131) MS-MPPE-Recv-Key =
(131) MS-MPPE-Send-Key =
(131) EAP-Message = 0x03f60004
(131) Message-Authenticator = 0x00000000000000000000000000000000
(131) User-Name = "testing"
(131) ChilliSpot-Config += "require-uam-auth"
Accepts with certificates don't include a 'ChilliSpot-Config' parameter.
My problem is that all users get captive portaled by CoovaChilli, even when
they've successfully authenticated with certificates and there is no
'require-uam-auth' parameter in the RADIUS response. I believe this is
because I haven't configured my proxy parameters correctly.
My RADIUS server is running on an AWS server with internal IP 126.96.36.199 and
external IP 188.8.131.52.
My access point is running CoovaChilli. CoovaChilli gives an address of
192.168.182.1 for the router, and the address of the interface itself is
What should the values for proxyhost and proxyclient be in my config so
that things work correctly and my captive portal doesn't pop up for every
More information about the CoovaChilli