[CoovaChilli] 802.1x captive portal with AWS

Karen Sittig kasittig at gmail.com
Fri May 26 19:54:49 BST 2017

Hey all,

I have a (hopefully quick) question about configuring my CoovaChilli
install to use a captive portal with wpaguests enabled and cert-based

My captive portal link contains a workflow where users can download
certificates. I've verified that my RADIUS authentication works properly
(users can authenticate with a known good username / password or with

Here's an example accept with a known good username and password:

(131) Sent Access-Accept Id 142 from to length 0
(131)   MS-MPPE-Recv-Key =
(131)   MS-MPPE-Send-Key =
(131)   EAP-Message = 0x03f60004
(131)   Message-Authenticator = 0x00000000000000000000000000000000
(131)   User-Name = "testing"
(131)   ChilliSpot-Config += "require-uam-auth"

Accepts with certificates don't include a 'ChilliSpot-Config' parameter.

My problem is that all users get captive portaled by CoovaChilli, even when
they've successfully authenticated with certificates and there is no
'require-uam-auth' parameter in the RADIUS response. I believe this is
because I haven't configured my proxy parameters correctly.

My RADIUS server is running on an AWS server with internal IP and
external IP

My access point is running CoovaChilli. CoovaChilli gives an address of for the router, and the address of the interface itself is

What should the values for proxyhost and proxyclient be in my config so
that things work correctly and my captive portal doesn't pop up for every


More information about the CoovaChilli mailing list