Chillispot

From DD-WRT Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 22:06, 19 May 2006 (edit)
69.138.0.32 (Talk)

← Previous diff
Current revision (00:08, 6 September 2021) (edit) (undo)
Kernel-panic69 (Talk | contribs)

 
(132 intermediate revisions not shown.)
Line 1: Line 1:
-'''You are here: ''' '''[[Main Page]]'''/'''[[DD-WRT Docu (EN)]]'''/'''[[Chillispot]]'''+{{languages|Chillispot}}
 +<!-- Note to ChilliSpot Service Providers: -->
-This is an infant wiki! Help finish it!+<!-- Advertisements (links to your service) go in the Link Section at the bottom. -->
-==Introduction==+== ChilliSpot Is Now CoovaChilli ==
-Chillispot can be used for hotspot management. It requires a separate webserver to host the redirect url and a separate radius server (these may be installed on the same machine, of course).+'''NOTE: ChilliSpot [https://svn.dd-wrt.com/search?q=coova&noquickjump=1&changeset=on was replaced in DD-WRT] by CoovaChilli. The webUI naming schema was [https://svn.dd-wrt.com/changeset/43205 officially changed] in builds after 43192. For posterity reasons, references to ''ChilliSpot'' shall remain in the wiki until a future edit.'''
----- copied from http://www.jml.lalley.com/chillispot_howto.cfm+[https://coova.github.io/CoovaChilli/ CoovaChilli] is an open-source software access controller, based on the popular, but now defunct, ChilliSpot project, and is actively maintained by an original ChilliSpot contributor. Released under the GNU General Public License (GPL). CoovaChilli is a feature rich software access controller that provides a captive portal / walled-garden environment and uses RADIUS or a HTTP protocol for access provisioning and accounting.
-Draft Configuration Guide for WRT54G using DD-WRT as a Hot Spot +=== Important Note ===
-Please direct comments to lalley@clarityconnect.com+There have been ongoing issues with ChilliSpot functionality throughout development history in DD-WRT. Firmware versions 44236 and newer should be fully functional.
 +----
 +(Old Note)''It Seems that no firmware including ChilliSpot after DD-WRT V24 SP2 SVN 15506 works due to a compiler syntax bug. If you need to use ChilliSpot and if your device support it you should try a firmware release between SVN 14896 and SVN 15506''
-September 3, 2005 +== Brief introduction ==
 +=== Executive summary ===
 +ChilliSpot is a way to
 +* Easily make the wireless or LAN-connected computers display a "landing page" on users' browsers.
 +* Redirection occurs on the first Web page, and until the user clicks through (I Agree/Login).
 +* Optionally earn revenue from your hotspot.
 +* Provide a Wi-Fi usage agreement, advertising or other neighbourhood or commercial activities.
 +* Proactive overuse prevention:
 +* Limit the bandwidth, up and down, hotspot-connected laptops or desktops can use.
 +* Limit the number of times within a given period hotspot users can log in.
 +* Other fine-grained limitations.
-If OS on Linksys is some prior version of DD-WRT, telnet or SSH to router. +ChilliSpot can be used for single router, or extended with the use of external services to cover an entire metropolitan area.
-The following commands will erase the nvram. This means you must be able to connect to the router via the lan port of the WLAN port to do any further configuration.+
- mtd erase nvram +
- reboot +
-*Connect to the router. The password is now admin +=== Technical description ===
-*Upload the version of DD-WRT that you plan to use (Note: Although it seems to indicate otherwise, the VPN variety of version 23 of the firmware does not seem to contain the chilli executable). +ChilliSpot is an open source [[Captive Portal]] wireless or local area network (LAN) access point controller. It is used for authenticating users. It supports Web-based login, which is today's standard for public hotspots. Authentication, Authorization and Accounting (AAA) is handled by an on-line provider, or a local radius service you provide.
-*Repeat step 2. (the commands above)+
-*Set the IP address on the WAN port to a static IP Address or somehow be able to know the IP address +
-*Configure the router for remote management. +
-*Reconnect to the router and upload the firmware. See below. +
-*Reconnect to the router via the WAN port. This is required because you will now disable DHCP on the Main setting page. +
-*Disable DHCP on the Main setting page +
-*Reconnect to the router, set the output power to 250mw using the Wireless Advanced Settings page +
-*Reconnect to the router, disable Block Anonymous ICMP Requests and disable the Firewall +
-*Reconnect to the router +
-*enable SSH and/or telnet +
-*enable reboot at 3:00 AM +
-*configure Chillispot as follows:+
- set Radius server 1 to be the ip address of a your primary radius server +
- set Radius server 2 to be the ip address of a your secondary radius server (use the same as server 1 if you only have one) +
- set dns server to be the ip address of a dns server +
- set radius secret to be your radius secret password +
- set dhcp interface to be LAN and WLAN +
-*paste these entries into the additional Chillispot options:+
- radiuslisten the ipaddress set in step 4 +
- radiusauthport 1812+
- radiusacctport 1813+
-*macauth required if you want to use the mac address as the username +
-*macsuffix @some_name - This will be the realm used in RADIUS authentication+
-*macpasswd some value if you want to pass this parameter +
-*radiusnasid some_name_with_no_spaces+
-*net 10.186.179.0/24 any net of your choosing. This is the net assigned to Wireless Clients +
-*domain the domain name supplied by the Chillispot DHCP server +
-*uam Allowed any web address allowed without RADIUS authentication +
-*dns2 the ip address of a dns server - optional +
-*Make changes to radius listen port ip so that it matches the WAN port address set in step 4 above +
-*Change the entry for net if desired. This is the DHCP network clients are assigned to when they connect +
-*DO NOT enable Chillispot. Save setting and reboot router +
-*Now enable Chillispot and reboot router +
-*Go to Settings/Advanced Routing/Show Routing Tables. If Chillispot started, you should see the net specified in step 13(i). +
-*Chillispot will not start unless it can see the dns server specified in step 11(f). +
-*Other considerations +
-*Update the RADIUS clients on your radius server +
 +ChilliSpot cannot work alone and needs two (2) additional services, provided externally:
 +* A Web Portal to which users are redirected. This portal can provide any mean of access control service such as user login, on-line billing, etc...
 +* A Radius service for authentication and accounting. Most of the time, the Radius server and the Web server will be tightly integrated to offer advanced services.
 +* There are several on-line providers (ChilliSpot Service Provider, CSP) that have the additional services needed to make ChilliSpot work: See [[Captive Portal#Provider]]
 +* The advantage of a CSP is your ChilliSpot hotspot can operational within minutes.
-----[http://www.chillispot.org/ Chillispot info]+Chillispot.info Web site redirects to chillispot.org Web site. ChilliSpot is now defunct and was replaced by CoovaChilli (see point 1 at the top of the wiki).
-If DD-WRT works with chillispot that is a key feature which should be built in and fully explained.+== Terms and definitions ==
 +* DD-WRT device: Your DD-WRT-flashed device!
 +* ChilliSpot Account: Your [free] account on WorldSpot.net or [[Captive Portal|another online provider of ChilliSpot services[[.
 +* ChilliSpot Service Provider (CSP): An on-line (Internet-based) provider of the necessary back-end services for the DD-WRT device running ChilliSpot. The major contributor to this Wiki and other authors use Worldspot.net, but other CSP's are available. If you have good success and are familiar with Wiki-editing and Chilli, please update this Wiki with your preferred provider. A list of CSP's is at the bottom.
-Does it? (If so I'll try to write it up when I get it working ;-)+== Prerequisites ==
 +* '''A DD-WRT-Compatible device programmed with a distribution of DD-WRT containing Chilli.''' Highly recommend build 13064 (10/10/09) or the latest BETA. See general flashing instructions elsewhere in the DD-WRT Wiki.
 +* '''For those using a CSP (ChilliSpot Service Provider, see above), the DD-WRT device ''must'' already have Internet access.'''
 +** Check that a wireless laptop is connected through the DD-WRT device and receiving Web pages.
 +* Important: For easy setup within the scope of this wiki article, Internet should come from the WAN (Internet) port of the router (normal router mode), not from the LAN port (router in AP-only mode).
 +* '''If you are adding the DD-WRT device to an existing private subnet to introduce ChilliSpot services''', and your existing network has a subnet of 192.168.1.X, there is a conflict with the DD-WRT device default LAN subnet. For the specific issue, you must change the DD-WRT LAN IP address to another subnet, like 192.168.2.x.
 +** If you chain your hotspot off your existing LAN, so the ChilliSpot users are a separate, private subnet of your existing LAN, the DD-WRT WAN interface is facing the LAN. It is recommended that you open management interfaces on DD-WRT to the WAN-side so you can control the DD-WRT telnet/ssh/Web interface from your existing network.
 +* Create a ChilliSpot Account on a CSP.
 +** After signing up, the CSP should show you a convenient customized screen-image displaying the entries for the DD-WRT device.
 +* '''An Ethernet cable''' to connect your laptop LAN port to a LAN port on the DD-WRT device.
 +* '''The DD-WRT device's Web Management Interface must work.''' You should be able to connect to at http://192.168.x.1/, or whatever LAN IP you have set your DD-WRT device. Later, for memory consumption and performance of the DD-WRT device, the Web Manager's service can be disabled and run only when needed.
 +* Set-up your DD-WRT device's Wireless LAN, but disable encryption for the Wi-Fi for now. This greatly simplifies resolving issues.
 +* The simplest instructions here assume your DD-WRT device currently provides your clients a single private subnet. If this sounds technical, it is the default setup of DD-WRT. By factory setup, a DD-WRT device uses 192.168.1.1 as a LAN IP, and all clients are assigned an address automatically of 192.168.1.x. While other configurations are possible, the easiest examples used here assume your DD-WRT device is using the default settings.
 +* http://192.168.1.1: The assumed LAN IP address of your DD-WRT device's Web Management. If you have changed this number, use the new number.
 +* '''Experts''': When using ChilliSpot ''without'' using a CSP, you must provide your own '''Web Server''' to host the redirect Web site and a '''Radius Server''' for accounting. The Web Server and Radius Server may be installed on the same machine, but generally not the DD-WRT device. Installation and Set-up of ChilliSpot without a CSP is beyond the scope of this Wiki article.
 +* (old) '''V23SP2 Introduces the option of Enabling "Separation of Wifi from the LAN Bridge": having ChilliSpot control only wireless clients.''' The existing DD-WRT device settings are only used for the LAN. Clients behave as if the Wi-Fi and LAN connections are separate networks completely. Most guides including the WorldSpot.net guide, assume this 'Separate Wi-Fi' configuration is Enabled.<br />However, new configurations are available with this option:
 +** If you have Secondary Access Points specifically to increase the Wi-Fi coverage, and these SAP's are physically wired into the LAN ports, then '''on the main ChilliSpot'ed DD-WRT device, you do not want to 'Separate Wifi from the LAN Bridge'.''' Configurations A or B is recommended.
 +** If you have "public-access terminals" that are wired LAN computers, such as at a library, connected to the DD-WRT device, and you want these clients to now be directed to the ChilliSpot Authentication Splash Page, you also do not want to "Separate Wifi from the LAN Bridge". Configuration A is recommended.
 +** If you want to maintain a single, homogeneous network [all Internet-connected devices shares the same private subnet], of wireless and wired clients, '''and your wired clients have been made secure from wireless attacks''' [outside of the scope of this guide], then you do not want to "Separate Wifi from the LAN Bridge". Configuration B is recommended.
-If not, I won't have time to checkout DD-WRT.+=== Additional prerequisites for older firmware ===
 +* Highly-recommended to have firmware build 14929 as the running firmware.
 +* Firmware V23xx: If you haven't reset to factory settings after installation, do it, then reboot once more.
-Hotspot Newbie+:''Anyone familiar with the V23-series firmware, please change the above point if this is only needed on specific revisions''
-September 3, 2005+* Resetting to factory defaults is NOT needed for V24Final and later.
-Here is a draft configuration guide for using your WRT54G as a Hot Spot+
-http://www.jml.lalley.com/chillispot_howto.cfm+== Configuration ==
 +'''After carefully following the above sections:'''
-I welcome your comments.+Three (3) options:
 +* New Hotspot Introduction: Hang a new DD-WRT device with Chilli, off an existing LAN. Existing LAN is left completely alone. If you have a DHCP server or some custom corporate setup and you don't want to change or alter it, this is the best way.
 +* One (1) network: Put both the wireless local area network (WLAN) and LAN clients on the Chillspot. This is good for people who want to switch entirely over to ChilliSpot on their LAN and WLAN.
 +* Two (2) networks: Keep the existing LAN clients on normal services while splitting off the WLAN clients to chilli. This is okay if you already have a DD-WRT box managing services, and you only want the WLAN clients to go to the ChilliSpot portal page.
-Joe+=== Configuration A: Add new Chilli-powered hotspot to existing non-DD-WRT subnet ===
--------+Add chilli hotspot services to an existing network.
-DD-WRT is basically a prepackaged version OpenWRT white russian that includes the chillispot software, among others. I have enabled the chillispot config on a linksys WRT54G successfully in conjunction with freeradius and apache located on a separate Debian linux installation in my DMZ. For kicks, I also have squid running on that Debian box. All works well except when I turn off ip forwarding in the hopes of just using squid in transparent proxy mode. In that case so far the connections drop from time to time. Anyway, the bottom line is "yes" it does work!+The existing network is not changed at all.
--jcypher+All existing clients operate as before.
 +A connection from the existing network is plugged into the WAN port on the DD-WRT device. Besides changing the DD-WRT device to allow WAN access to SSHd and the Web interface, the steps are nearly identical to "One Network Subnet". New library access terminals, for instance, can be connected to the LAN ports on the DD-WRT device.
-----+=== Configuration B: One network subnet, move all clients to ChilliSpot ===
 +Keep your pre-Chilli setup throughout. Move all clients to Chilli. The LAN ports and Wi-Fi are bridged together and are seen as a single network managed by ChilliSpot.
 +:Also known as, "Separate WLAN from LAN" - Disable.
 + 
 +It is strongly recommended that before doing this, you should access DD-WRT's Web interface from the WAN port. If you have a configuration problem with ChilliSpot, you will still be able to access the configuration interface.
 + 
 +This setup is mandatory if you want to use the WDS feature (Wi-Fi repeaters to extend the Wi-Fi range)
 + 
 +ChilliSpot has its own DHCP Server. '''If "Separate Wi-Fi from LAN Bridge" is disabled, the DD-WRT device's normal DHCP Server must be off.'''
 + 
 +Your existing LAN subnet was 192.168.1.x and your DD-WRT device LAN IP was 192.168.1.1. You have a conflict, as DD-WRT's WAN will be your LAN. So you must change DD-WRT's LAN IP to another subnet.
 + 
 +# From the DD-WRT Web Setup page, change the DD-WRT device LAN IP to another subnet, such as 192.168.2.1 & press Apply.
 +# Reconfigure your LAN client with 192.168.2.10, and reconnect to the Administration Web Site of the DD-WRT device on 192.168.2.1.
 +# From the Setup (Main page) of the Web Interface, turn off the DD-WRT DHCP Server.
 +:Now, clients are '''temporarily''' no longer receiving a DHCP assignment. After enabling and configuration of ChilliSpot (covered later), ChilliSpot will create a virtual LAN interface at 192.168.1.1 and provides DHCP Services again on 192.168.1.x for all your Wireless and Wired clients.
 + 
 +:Enable ChilliSpot options:
 +## With build 13064/v24: Services, Hotspot - ChilliSpot section. or
 +## With v23xx: Administration, Hotspot - ChilliSpot section.
 +#'''DHCP Interface''': select "LAN" this is the bridge between your LAN ports and the wifi.
 +# Fill in the information provided by the CSP
 +# Enable ChilliSpot
 +# Continue on to the next section, "ChilliSpot setup, detailed options".
 + 
 +=== Configuration C: Existing DD-WRT router, ChilliSpot manages only Wi-Fi clients. The existing LAN, after some interruptions, operates as before (same IPs, DHCP services) ===
 +Two Networks, Wi-Fi separated from LAN. Existing DD-WRT device as a Router, adding ChilliSpot duties
 + 
 +:Example: the existing DD-WRT set-up uses 192.168.1.0/24 as the IP range and the DD-WRT device is at 192.168.1.1. Substitute your own numbers if there is a difference.
 + 
 +# "Separate Wi-Fi from the LAN Bridge" — ENABLE
 +# Enable ChilliSpot
 +# For build 13064 (10/10/09), '''DHCP Interface''' - leave at LAN. Older builds may have to select WLAN.
 + 
 +:The previous three steps create a configuration called "Bridge Separation". It makes ChilliSpot control only your DD-WRT device's wireless/Wi-Fi. The LAN continues to function without being diverted to ChilliSpot, just as before. Your LAN ports are also inaccessible by the Wi-Fi-connected computers.
 + 
 +=== Configuration D: Extend the network to regular neighbours and momentary roaming users (draft) ===
 +'''The actual instructions presented have not been polished in their formatting and presentation.
 +''' And some additional testing is required (2011-12-06... having a bit of difficulty getting it working properly)<br />
 + 
 +;A DD-WRT box performs two functions — both an access point (AP), and a ChilliSpot in this example.
 + 
 +Like the other examples above and by the main author of this wiki, Configuration D is written and done with actual hardware and a successful, stable setup, running DD-WRT, in this case WHR-HP-G54 Buffalo-brand routers. For this case, there is a 50/10 backhaul (megabits) over VDSL2, a main wired LAN and a/n 5ghz separate wireless provided directly from the VDSL2 box (not DD-WRT). The particular model of DD-WRT-enabled box could not handle that level of traffic due to hardware limitations. A dedicated VDSL2 Fritzbox 7570 handles DSL conversion, connection to internal servers, and telephone devices. The DD-WRT box functions as a passthrough device to provide wide-coverage signal for regular neighbours who need more than what ChilliSpot provides, and casual users who only need to operate as clients, to check email for instance. Heavy wireless traffic goes directly through an 802.11a/n 5ghz signal provided directly from the Fritzbox 7570. This solution is an excellent way to provide secondary services to widespread users. A dedicated, modern DD-WRT box could potentially provide all network services and main routing functions, however, in this case a good quality router is rented directly from the telephone company and does the job.
 + 
 +;All existing clients operate as before.
 + 
 +The desire is to have an added, encrypted WLAN signal, and add Chilli also as a second WLAN signal.
 +Only some of the ''possible'' reasons for the configuration are:
 +# Allow casual roaming users 15 minutes of access AND
 +# Introduece the policy of the encrypted WLAN with the Chilli splash page WHILE
 +# Having local, non-roaming users, approach the hotspot operator physically and hand over donations to access the primary direct-to-backhaul, encrypted WLAN signal:
 +## Locals like cash and no specific logins.
 +## UPNP and port forwarding available: UPNP is blocked by Chilli (currently)
 +## Burst access: No limitation to bandwidth. Operator must trust each user to not hog bandwidth.
 +### Collect the emails of every user and all MAC addresses. If one is hogging bandwidth uncontrollably, email the other users and change the encrypted SSID password.
 +## More private: Encryption WPA2-AES for local regulars.
 +# You may have your own reasons!
 + 
 +;Hardware: WHR-HP-G54
 +DDNS: opendns.com (restricts, ''e.g.'', pornosurfing through Chilli), provides dynamic DNS services more reliable than dyndns imho<br />
 +DD-WRT Build: 14929
 + 
 +'''The rest of this Configuration D text is a DRAFT format. There are some persistent issues yet. As more practical experience is gained and more time is possible to edit this, the text will be "dressed up". For now, it is raw text.'''
 + 
 +Latest tip: Hook the backhaul (local LAN) cable into a LAN port, and patch over to the WAN port. This has not been verified — and it seems the source is the need to be able to configure chilli to pull network from the LAN instead of the WAN interface.
 + 
 +<tt>These are the direct notes for setting up a chilli router with a private, encrypted wlan cloud as an alternate.
 +The chilli cloud gets 15 minute access per day per client.
 +Visit worldspot.net and set up your account. access points and profiles there before doing any of the following.
 + 
 +'''Please note''', if the upstream Internet has "died" for any reason, it can take the hotspot ''five (5) minutes'' to get a new upstream Internet address. If you have not waited ''five (5) minutes'', please do so now.
 + 
 +If you have performed a complete reset on the router, OK, otherwise push and hold the button for 30 seconds or perform a Factory Reset from the Web interface, then:
 + 
 +Use a LAN cable, not wireless, when doing any of this! Plug into a LAN port on the DD-WRT box.
 +If your main LAN Ethernet IP address is not already 192.168.1.x, must manually add an IP to your LAN card to be something like 192.168.1.5, temporarily to be able to connect.
 +Leave your existing IP, as we are going to use that also, later.
 + 
 +Presumptions: your local LAN operates on 192.168.2.x with 192.168.2.8 as the main router for LAN-->ISP.
 +Alternate these for your specific setup. Usually I set the main LAN to be something other than 192.168.0.x or 192.168.1.x as it seems almost all new or reset router devices have that as a default IP, and I don't want them to conflict with the main LAN. I also like to make the main router something other than x.x.x.1.
 + 
 +If your main LAN is 192.168.1.x and your main router is 192.168.1.1, DO NOT plug your main LAN into the DD-WRT box at all; only plug your laptop into the ports on the DD-WRT box as indicated until you have decided on substitutes for the DD-WRT box IPs.
 + 
 +Plug in your LAN cable from the laptop into a LAN port on the DD-WRT box.
 + 
 +Start, Run... http://192.168.1.1 or open the address in the Firefox browser.
 + 
 +;IMPORTANT<nowiki>:</nowiki> Leave all settings alone unless they are specifically mentioned below.
 + 
 +Main DD-WRT box page: Make your new login and password. For now, use "root" and a password of your choosing.
 + 
 +;Setup, Basic:
 +Connection type: Static IP (this points to the private LAN main router)
 +WLAN IP 192.168.2.1, SUB 255.255.255.0, GW 192.168.2.8 (IP of main VDSL2 router) & DNS1 of 192.168.2.8, DNS2 4.2.2.4 (or other suitable secondary DNS)
 + 
 +Router name: Chillibrains or something useful to help you remember
 +Host Name: chillibrains
 +Domain: local
 + 
 +;Network setup:
 +Router IP: 192.168.1.1
 +(this is the default IP, and for LAN-port access. It must be a different subnet than the WAN IP above! And different than the ChilliSpot subnet!)
 +(for now, we will continue to use 192.168.1.1... later-on change this if you wish)
 + 
 +DHCP Server: Disable (chilli has its own dhcp module)
 + 
 +;Time settings:
 +Server IP: 192.168.2.5 (local server IP)
 +or 0.pool.ntp.org
 + 
 +Click SAVE, wait a second. Do not apply or reboot yet.
 + 
 +;Setup, DDNS:
 +(we are using DNSOMATIC, part of opendns)
 +DDNS Service: Custom
 +DYNDNS Server: updates.dnsomatic.com
 +/ or for DynDns.org members.dyndns.org
 +User Name: your username
 +Password: your password
 +Host Name: all.dnsomatic.com
 +/ or for Dyndns.org yourdomainname.dyndns.org
 +URL: /nic/update?
 +Additional DDNS options:
 +[none for dnsomatic]
 +/ or for Dyndns.org try:
 +--dyndns_system dyndns@dyndns.org --ip_server_name ip1.dynupdate.no-ip.com:8245 /
 +(DynDNS service has had a problem with a non-reachable (down) checkip.dyndns.org)
 + 
 +Click SAVE, wait a second. Then click:
 +MAC Address Clone: (optional)
 +12:34:xx or your chosen MAC
 +12:34:xx or your chosen MAC
 +(Here we are only changing the first two number sets for setup.)
 + 
 +Click SAVE, wait.
 + 
 +;Wireless, Basic Settings:
 +Wireless Network Name (SSID): PrivatWLAN (Or your wireless cloud name for private LAN access.)
 +Wireless Channel: 13
 +Sensitivity Range: 0 (suggested)
 +(optional G-only) (This affects BOTH WLAN clouds)
 + 
 +Click SAVE, wait a bit.
 +Click Add interface:
 +15minWLAN
 +AP isolation Enabled
 +Network configuration (leave at) bridged.
 + 
 +SAVE
 + 
 +;Wireless security:
 +WPA2 Personal (WPA2-AES) for the primary WLAN
 +NO SECURITY for the secondary (chilli) wlan.
 +SAVE
 + 
 +Back to:
 +Setup, networking
 +Create bridge (ADD), Bridge 0 name br1, SAVE
 +IP Address 192.168.181.0/255.255.255.0 SAVE
 +Assign to bridge>
 +Assignment 0: br0 interface eth1
 +Assignment 1: br1 interface wl0.1
 +You might have to toy with saving the settings a few times to get all the correct bridges to appear.
 +SAVE
 + 
 +;Wireless, advanced settings:
 +[note these settings are specific to your radio. add or change as necessary]
 +Wireless TX power will be at 28, I set to 251 and later the startup commands set higher. (Only the WHR-HP-G54 with hardware mods.)
 +You can turn off Wireless GUI access for security if you like...
 +Shortslot override Short
 +Preamble Auto
 +Frame burst disable
 +Afterburner disable
 +---
 +Scroll down to "Wireless Multimedia Support Settings" WMM support. Turn this off. Seems to work poorly with multiple clients connected (on the WHR-HP-G54).
 +Click SAVE, wait a second.
 + 
 +;Services, Services:
 +Disable ttraff to save RAM
 +WAN Traffic Counter: Disable
 +Click SAVE, wait.
 + 
 +;Services, Hotspot:
 +ChilliSpot:
 +Enable
 +Separate Yes, br1
 +Primary Radius: radius.worldspot.net
 +Secondary Radius: radius2.worldspot.net
 +"Remote Network": net 192.168.182.0/24 (This is the same thing as the "net" declaration)
 +DNS IP (OpenDNS primary): 208.67.222.222
 +Redirect URL: https://secure.worldspot.net/wk/Uam
 +(secure is the europe one, secure2 is the north american server.)
 +The above Redirect URL is *CASE SENSITIVE* and must be entered exactly as shown above, in the box).
 +Shared Key yoursharedkeyfrom worldspot
 +Radius NAS ID: yourradiusnasid from worldspot
 +UAM Secret: your UAM secret value from worldspot
 +UAM Any DNS: 0 (leave at default)
 +UAM Allowed: www.paypal.com,www.paypalobjects.com,paypal.112.2o7.net
 +Additional ChilliSpot Options:
 +domain local
 +dns2 208.67.220.220
 +dynip 192.168.182.128/26
 +uamallowed 66.211.168.0/24,64.4.241.0/24,216.113.188.0/24
 +uamallowed 88.221.0.0/16,84.53.0.0/16,67.133.200.0/22,72.246.0.0/15
 +uamallowed 216.52.17.0/24,70.42.134.0/24,128.242.125.0/24
 +Click SAVE, wait.
 +(dynip is '''not neccessary''', as there are no static IPs in the same subnet as chilli in this tutorial)
 + 
 +;Security, Firewall:
 +Uncheck "Filter multicast" and "Filter ident." and "Filter anonymous ping"
 +SAVE, wait.
 + 
 +;Access restrictions, WAN access:
 +Status: Enable
 +Policy Name: Block164x
 +Deny (this means Internet access...)
 +<nowiki>***</nowiki> SCROLL DOWN CLICK "SAVE" <nowiki>***</nowiki>
 +Save, wait a second...
 +<nowiki>***</nowiki> scroll back up <nowiki>***</nowiki>
 +Edit list of clients
 +Enter the IP Range of the clients 192.168.164.2 – 192.168.164.254
 +Block access from all IPs of 2 through 254.
 +SAVE, then CLOSE
 + 
 +The goal is to block all computers that are not using ChilliSpot attempting from using the main subnet router directly on 2.x. Chilli blocks unauthorized access on the 182.x range, but not on the upstream WAN side of 2.x /
 +Note: Otherwise, manually-configured wireless clients could potentially use a 2.x address to get online outside of chilli, crowding out other clients.
 +[This theory is still being tested. Your results may vary.]
 +SAVE then CLOSE
 +SAVE
 + 
 +(We perform the next step NOW to make sure the DD-WRT box is accessible from the WAN port)
 +;Administration, Management:
 +Web Access: Uncheck Protocol HTTP (Do not auto-load Web management interface)
 +Disable Info Site
 +Remote access:
 +Web Gui management enable
 +web gui port 80
 +Telnet enable
 + 
 +CRON (Reboot periodically, 2x a month, at 2&nbsp;a.m. on the 1st and 15th. addresses leaks.)
 +0 2 1 * * root /sbin/reboot
 +0 2 15 * * root /sbin/reboot
 + 
 +;IP Filter Settings
 +4096
 +TCP Timeout 500
 +UDP Timeout 90
 + 
 +'''Click SAVE, then wait.'''
 + 
 +;NAT QoS, QoS:
 +W/VDSL2 50/10: (we split the bandwidth here between internal use and external users. '''External users''' are DD-WRT box primary WLAN cloud + ChilliSpot users.)
 +2500 / 25000
 +SAVE
 +Select: http, click Add
 +Skypeout, Add
 +SkypetoSkype, Add
 +Set http Express, Skypexxx protocols Premium
 +(can add others here like NTP, DNS, RSTP)
 + 
 +'''Don't be surprised if the router locks out here for a bit.''' Wait. You may have to reboot it then plug into the WAN port, and communicate with it over the WAN IP. To restart the management Web interface, telnet into it, and run 'httpd' and continue..
 + 
 +Save, wait a second.
 + 
 +;Administration, Commands:
 +#fixes bug with ChilliSpot and MTU
 +/usr/sbin/iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1441:65535 -j TCPMSS --clamp-mss-to-pmtu
 +Save Firewall.
 +---
 +;Startup:
 +# enables WOL from Internet
 +#ip neigh change 192.168.178.5 lladdr 00:1B:21:02:EE:4F nud permanent dev br0
 +#ip neigh add 192.168.178.5 lladdr 00:1B:21:02:EE:4F nud permanent dev br0
 +# turns on noack (optional)
 +wl noack 1
 +# increases power to maximum (only on WHR-HP-G54 Buffalo/updated routers with hardware modification)
 +wl txpwr1 31
 +Save Startup
 +</tt><!-- End plaintext draft section -->
 + 
 +=== ChilliSpot setup: detailed options ===
 +* '''RADIUS Server 1''' As assigned by CSP. the name or IP address of the primary RADIUS server.
 +* '''RADIUS Server 2''' As assigned by CSP. the name or IP address of the secondary RADIUS server.
 +** If you have only one Radius Server, leave as 0.0.0.0 or specify the same field value of Radius Server 1.
 +* '''DNS IP''' Your Internet provider's 1st DNS Server. This is available on the DD-WRT device Status page.
 +* '''Remote Network''' <sup>(1)</sup> (AD20110108: bug noted, option missing in build 14929)
 +:* For One Network, change the default to 192.168.1.0/24, or your old subnet.
 +:* For Two Networks, it's 192.168.182.0/24 here by default.
 +::* One could choose something else, like 192.168.155.0/24, so long as it is not the existing DD-WRT LAN subnet.
 +* '''Redirect URL''' As given by your CSP. The address of the UAM Server, the Web authentication portal.
 +* '''Shared Key''' As given by your CSP. It's also called your RADIUS secret password
 +* '''RADIUS NAS ID''' As given by your CSP. The RADIUS name of your Hotspot
 +* '''UAM Secret''' is a secret password between the Redirect URL and the Hotspot. Given by the CSP.
 +* '''UAM AnyDNS''' Allows Clients to use their own DNS servers. Allows ANY traffic through port 53. Only set this to 1 if you know what you are doing, and can reconfigure IPTABLES properly!
 +* '''UAM Allowed''' is a list of Web sites that unauthenticated users are allowed to access.
 +* '''MacAUTH''' Enabled or Disabled. Allows authentication of clients by their WLAN or LAN card MAC (hardware) address. Not used in this guide.
 +* '''Additional ChilliSpot Options'''
 +** If your local domain is 'local', then<br /><tt>domain local</tt>
 +** Your provider may offer another, optional setting for domain.
 +** If your second Internet provider's DNS is for example 4.2.2.4, then for redundancy<br /><tt>dns2 4.2.2.4</tt>
 +** To tell ChilliSpot to limit DHCP addresses to be part of the entire subnet:
 +::* <tt>dynip 192.168.1.128/26</tt> <sup>(2)</sup>
 +::* Can be most helpful in a 'one network' subnet setup.
 +::* Allows fixed IP's to exist from 192.168.1.2 through 127 for your existing devices.
 + 
 +* Apply Changes/Save, and if needed, reboot your DD-WRT device.
 +* Your ChilliSpot Hotspot should work now. If you tested your wireless client device before setting up ChilliSpot, right-click and 'Repair' the Wi-Fi connection in XP to get a new ChilliSpot-provided IP address.
 + 
 +<sup>(1)</sup> Remote Network is the same as the <tt>net</tt> command, found on the Internet, elsewhere in references to ChilliSpot configuration and chilli.conf. <tt>net</tt> defines the ChilliSpot network. In DD-WRT, the field is called Remote Network, but it is the same setting as <tt>net</tt>.
 + 
 +<sup>(2)</sup> <tt>dynip</tt> configures ChilliSpot to use a limited range of IP's within the <tt>net</tt> parameter, as the client DHCP pool, instead of using the entire <tt>net</tt> range. In this example, address assignments from 192.168.1.128 to 192.168.1.191 are assigned to clients. IP's from 2 through 127 are left for fixed assignments, and can be further specified by <tt>statip</tt> if DHCP clients come on the network needing a specific address from the ChilliSpot DHCP service.
 + 
 +=== Tips ===
 +If you are not knowledgeable about your LAN security, or have poorly configured insecure XP devices on your LAN, to reduce possible attacks from wireless clients, you can enable the option: "Separate Wi-Fi from the LAN Bridge" (your LAN won't be visible to wireless clients). If you are certain your LAN is configured as secure, which it should be anyway, and you want to have access to your LAN equipment from your Wi-Fi, then leave "Separate..." Disabled.
 + 
 +* ChilliSpot will not start unless it can see the DNS Server specified the ChilliSpot settings.
 +* Note that after reboot, it can take a certain time before a wireless client receives an IP address. Don't forget to switch back to automatic IP assignment (DHCP) on your client when testing!
 + 
 +== Troubleshooting ==
 +=== Your client gets a ChilliSpot IP, but no welcome page, or certain Web sites don't open (MTU Bug) ===
 +Maybe you are using a PPPOE modem and you are experiencing the MTU bug?
 + 
 +Add this to your Firewall Commands (Administration tab in the Web Interface, Commands sub-tab):
 +Changes MSS to fit inside ChilliSpot tunnel. Important so some Web sites work properly, otherwise "MTU Bug"
 + 
 +<code>/usr/sbin/iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1421:65535 -j TCPMSS --clamp-mss-to-pmtu</code>
 + 
 +More information [http://www.chillispot.org/forum/viewtopic.php?t=1038 in this forum post]
 + 
 +=== ChilliSpot fails after a while, **memory full on router** on low-RAM units ===
 +'''This is a common problem when the infrequently-used Web Interface (httpd) is left running.'''
 +* On a hotspot (DD-WRT device) with 16 (or less) megabytes of RAM, the ''chilli'' process uses 19%.
 +* The Web Interface process, httpd, uses 19% also. About 3 megabytes!
 +* Newer builds of Chilli are supposed to use less RAM, although DD-WRT may not have these yet.
 +* The Web Interface uses a lot of RAM, and in any case, should not be left running on a production router.
 + 
 +==== Solution 1: SSHd (run HTTPD only when necessary) ====
 +:This is most suitable when no secured or direct, wired connection to the hotspot is available. or the hotspot is to be administered over the Internet. In this case, an encrypted tunnel is desired to administer the hotspot.
 + 
 +# On the hotspot Web onterface, go to "Services, Services, Secure Shell", and turn on SSHd, and turn off Telnet.
 +# On "Administration, Management, Web Access", turn off HTTP Access (httpd).
 +# Make sure access to the hotspot WAN port is available if your setup is ''Configuration A: Hotspot Only.'' (See above)
 +# Save/Apply/Reboot as needed.
 + 
 +To use the Web Interface:
 +# For ''Configuration A'', physically plug your laptop into the existing network.
 +# For ''Configuration B'' or ''C'', physically plug your laptop into a LAN port on the DD-WRT device.
 +## Open your browser and log in to the ChilliSpot page as if you want to use the Internet, as Chilli's firewall rules will block your client from connecting to the DD-WRT device/hotspot otherwise.
 +# Putty (SSH) into the DD-WRT device.
 +## The command may look like "putty 192.168.182.1" or
 +## "putty 192.168.182.1 -P ''60000''", where ''60000'' is the chosen port number, if you changed the SSH port.
 +# Enter "httpd". (The command to restart httpd is different on older versions of DD-WRT (v23sp2))
 +# Open the Web Interface address on your client's browser.
 +# When you are finished, enter "killall httpd".
 + 
 +==== Solution 2: Telnetd alternate, in place of SSHd. Added: 2009.11.11 ====
 +:Telnetd uses less RAM than SSHd, however it is a completely insecure (clear-text) method to connect to the hotspot.
 + 
 +:The solution requires a direct, wired connection to the hotspot for administration.
 + 
 +# Bring up the Web Interface of the DD-WRT device.
 +# In "Administration, Management, Web Access", turn off HTTP Access (httpd).
 +# In "Services, Services, Secure Shell": Turn off SSHd.
 +# Scroll down and turn on Telnet (telnetd).
 +# '''Save changes'''
 + 
 +To use the Web Interface:
 +# Make sure your workstation or laptop data is secure to the hotspot.
 +## Anyone who can monitor the traffic can see the root password sent to the hotspot
 +# From a cmd prompt (Windows) or Linux: "telnet routerip"
 +# Enter "httpd" (only current versions of DD-WRT. v23sp2 requires a different command to start HTTPd.)
 +# In your browser: http://routerip. Log in.
 +# When finished, at the telnet prompt type: "killall httpd" <enter>
 + 
 +==== Use the "top" command to check memory usage ====
 +After using ''Solution 2'', here is the "top" output:
 + 
 +<tt>Mem: 9012K used, 3992K free, 0K shrd, 1136K buff, 2836K cached
 +CPU: 0.1% usr 2.9% sys 0.0% nic 96.8% idle 0.0% io 0.0% irq 0.0% sirq
 +Load average: 0.72 0.29 0.10 1/22 778<br />PID PPID USER STAT VSZ %MEM %CPU COMMAND
 + 417 214 root R 1184 9.0 0.4 top
 + 500 1 root S 2500 19.1 0.2 chilli -c /tmp/chilli.conf
 + 157 1 root S 1176 9.0 0.2 telnetd
 + 210 1 root S 1660 12.7 0.0 pppd file /tmp/ppp/options.pppoe
 + 211 1 root S 1504 11.5 0.0 /tmp/ppp/redial 30
 + 14 1 root S 1504 11.5 0.0 watchdog
 + 1 0 root S 1468 11.2 0.0 /sbin/init noinitrd
 + 454 1 root S 1460 11.1 0.0 process_monitor
 + 221 1 root S 1460 11.1 0.0 ttraff
 + 739 1 root S 1460 11.1 0.0 wland
 + 214 157 root S 1196 9.1 0.0 -sh
 + 511 1 root S 1176 9.0 0.0 syslogd -R 192.168.xxx.xxx
 + 515 1 root S 1176 9.0 0.0 klogd
 + 505 1 root S 820 6.2 0.0 inadyn --input_file /tmp/ddns/inadyn.conf
 + 756 1 root S 692 5.3 0.0 igmprt
 + 10 1 root SW 0 0.0 0.0 [mtdblockd]
 + 545 505 root Z 0 0.0 0.0 [sh]
 + 2 1 root SW 0 0.0 0.0 [keventd]
 + 6 1 root SW 0 0.0 0.0 [kupdated]
 + 3 1 root SWN 0 0.0 0.0 [ksoftirqd_CPU0]
 + 4 1 root SW 0 0.0 0.0 [kswapd]
 + 5 1 root SW 0 0.0 0.0 [bdflush]</tt>
 + 
 +=== DD-WRT Firmware: Administration/Hotspot/ChilliSpot tab does not show ===
 +Make sure you are using a package that includes ChilliSpot. ChilliSpot is not in the micro and mini versions of dd-wrt (consult [[What_is_%22DD-WRT%22%3F#File_Versions|this table]]).
 + 
 +=== Connection Failed on v24-SP2 Firmware(from SVN 14896 to SVN 15506) ===
 +if your settings seems to be correct but ChilliSpot don't start. It could come from a too long uamallowed list. Don't put more than three doamin name in this field. If you have more domain to add leave the Uamallowed field empty, and add your uamallowed domains in "Additional ChilliSpot Options" field.
 + 
 +=== Connection Failed on v23 Firmware ===
 +If your client does not recieve a ChilliSpot IP address you may have changed the ChilliSpot DHCP Interface. On older versions of DD-WRT Firmware, touching this setting breaks ChilliSpot. A fix is to reset to factory defaults and re-enter all your settings or use newer firmware.
 + 
 +If the UAM Secret you entered in ChilliSpot Settings is incorrect, you will have an authentication failure.
 + 
 +If the RADIUS Shared Secret is incorrect, the login process will hang.
 + 
 +=== More troubleshooting tips ===
 +If it does not work, you must connect with ssh or telnet to your router.
 + 
 + login: root
 + password: <your password>
 + 
 +First, check that you have Internet access:
 + 
 + ping google.com
 + 
 +Worldspot Users: If you don't have any ping return, check the output of "ifconfig" and post it on the [http://worldspot.net/forum/ WorldSpot forum].
-Es importante conciderar tambien que para usar Chillispot en DD-WRT es necesario tener los IP del servidor de chillispot los cuales le doy en este momento mas que todo si va ha configurar con el radius gratuito de chillispot:+If Internet works from your router, but you don't have ChilliSpot working, check first that the chilli process is launched with
-radiusserver1 rad01.chillispot.org = 213.66.141.115 espero que esto seha de ayuda a mis amigos de habla hispana+ ps -ef
-Rommel Salas --- WIFI+You should see a "chilli -c /tmp/chilli.conf" process. If not, recheck your ChilliSpot settings. For example, if you put a whitespace in the NAS ID, the chilli process won't launch.
-'''You are here: ''' '''[[Main Page]]'''/'''[[DD-WRT Docu (EN)]]'''/'''[[Chillispot]]'''+== For the FON Hotspot ==
 +Please see the [[FON Hotspot|FON Hotspot]] page for a guide and advice on setting up a [http://www.fon.com FON] hotspot using DD-WRT and ChilliSpot.
 +== External Links ==
 +* [http://www.chillispot.org www.chillispot.org]
-[[Category:advanced HOWTO]]+Some ChilliSpot Service Providers (CSPs):
 +* [http://www.worldspot.net Worldspot.net]
 +* [http://www.hotspotsystem.com Hotspotsystem.com]
 +* [http://www.engagehotspots.com EngageHotspots.com]
-[[Category:English documentation]]+[[Category:Applications]]
 +[[Category:Advanced tutorials]]

Current revision


Contents

[edit] ChilliSpot Is Now CoovaChilli

NOTE: ChilliSpot was replaced in DD-WRT by CoovaChilli. The webUI naming schema was officially changed in builds after 43192. For posterity reasons, references to ChilliSpot shall remain in the wiki until a future edit.

CoovaChilli is an open-source software access controller, based on the popular, but now defunct, ChilliSpot project, and is actively maintained by an original ChilliSpot contributor. Released under the GNU General Public License (GPL). CoovaChilli is a feature rich software access controller that provides a captive portal / walled-garden environment and uses RADIUS or a HTTP protocol for access provisioning and accounting.

[edit] Important Note

There have been ongoing issues with ChilliSpot functionality throughout development history in DD-WRT. Firmware versions 44236 and newer should be fully functional.


(Old Note)It Seems that no firmware including ChilliSpot after DD-WRT V24 SP2 SVN 15506 works due to a compiler syntax bug. If you need to use ChilliSpot and if your device support it you should try a firmware release between SVN 14896 and SVN 15506

[edit] Brief introduction

[edit] Executive summary

ChilliSpot is a way to

  • Easily make the wireless or LAN-connected computers display a "landing page" on users' browsers.
  • Redirection occurs on the first Web page, and until the user clicks through (I Agree/Login).
  • Optionally earn revenue from your hotspot.
  • Provide a Wi-Fi usage agreement, advertising or other neighbourhood or commercial activities.
  • Proactive overuse prevention:
  • Limit the bandwidth, up and down, hotspot-connected laptops or desktops can use.
  • Limit the number of times within a given period hotspot users can log in.
  • Other fine-grained limitations.

ChilliSpot can be used for single router, or extended with the use of external services to cover an entire metropolitan area.

[edit] Technical description

ChilliSpot is an open source Captive Portal wireless or local area network (LAN) access point controller. It is used for authenticating users. It supports Web-based login, which is today's standard for public hotspots. Authentication, Authorization and Accounting (AAA) is handled by an on-line provider, or a local radius service you provide.

ChilliSpot cannot work alone and needs two (2) additional services, provided externally:

  • A Web Portal to which users are redirected. This portal can provide any mean of access control service such as user login, on-line billing, etc...
  • A Radius service for authentication and accounting. Most of the time, the Radius server and the Web server will be tightly integrated to offer advanced services.
  • There are several on-line providers (ChilliSpot Service Provider, CSP) that have the additional services needed to make ChilliSpot work: See Captive Portal#Provider
  • The advantage of a CSP is your ChilliSpot hotspot can operational within minutes.

Chillispot.info Web site redirects to chillispot.org Web site. ChilliSpot is now defunct and was replaced by CoovaChilli (see point 1 at the top of the wiki).

[edit] Terms and definitions

  • DD-WRT device: Your DD-WRT-flashed device!
  • ChilliSpot Account: Your [free] account on WorldSpot.net or [[Captive Portal|another online provider of ChilliSpot services[[.
  • ChilliSpot Service Provider (CSP): An on-line (Internet-based) provider of the necessary back-end services for the DD-WRT device running ChilliSpot. The major contributor to this Wiki and other authors use Worldspot.net, but other CSP's are available. If you have good success and are familiar with Wiki-editing and Chilli, please update this Wiki with your preferred provider. A list of CSP's is at the bottom.

[edit] Prerequisites

  • A DD-WRT-Compatible device programmed with a distribution of DD-WRT containing Chilli. Highly recommend build 13064 (10/10/09) or the latest BETA. See general flashing instructions elsewhere in the DD-WRT Wiki.
  • For those using a CSP (ChilliSpot Service Provider, see above), the DD-WRT device must already have Internet access.
    • Check that a wireless laptop is connected through the DD-WRT device and receiving Web pages.
  • Important: For easy setup within the scope of this wiki article, Internet should come from the WAN (Internet) port of the router (normal router mode), not from the LAN port (router in AP-only mode).
  • If you are adding the DD-WRT device to an existing private subnet to introduce ChilliSpot services, and your existing network has a subnet of 192.168.1.X, there is a conflict with the DD-WRT device default LAN subnet. For the specific issue, you must change the DD-WRT LAN IP address to another subnet, like 192.168.2.x.
    • If you chain your hotspot off your existing LAN, so the ChilliSpot users are a separate, private subnet of your existing LAN, the DD-WRT WAN interface is facing the LAN. It is recommended that you open management interfaces on DD-WRT to the WAN-side so you can control the DD-WRT telnet/ssh/Web interface from your existing network.
  • Create a ChilliSpot Account on a CSP.
    • After signing up, the CSP should show you a convenient customized screen-image displaying the entries for the DD-WRT device.
  • An Ethernet cable to connect your laptop LAN port to a LAN port on the DD-WRT device.
  • The DD-WRT device's Web Management Interface must work. You should be able to connect to at http://192.168.x.1/, or whatever LAN IP you have set your DD-WRT device. Later, for memory consumption and performance of the DD-WRT device, the Web Manager's service can be disabled and run only when needed.
  • Set-up your DD-WRT device's Wireless LAN, but disable encryption for the Wi-Fi for now. This greatly simplifies resolving issues.
  • The simplest instructions here assume your DD-WRT device currently provides your clients a single private subnet. If this sounds technical, it is the default setup of DD-WRT. By factory setup, a DD-WRT device uses 192.168.1.1 as a LAN IP, and all clients are assigned an address automatically of 192.168.1.x. While other configurations are possible, the easiest examples used here assume your DD-WRT device is using the default settings.
  • http://192.168.1.1: The assumed LAN IP address of your DD-WRT device's Web Management. If you have changed this number, use the new number.
  • Experts: When using ChilliSpot without using a CSP, you must provide your own Web Server to host the redirect Web site and a Radius Server for accounting. The Web Server and Radius Server may be installed on the same machine, but generally not the DD-WRT device. Installation and Set-up of ChilliSpot without a CSP is beyond the scope of this Wiki article.
  • (old) V23SP2 Introduces the option of Enabling "Separation of Wifi from the LAN Bridge": having ChilliSpot control only wireless clients. The existing DD-WRT device settings are only used for the LAN. Clients behave as if the Wi-Fi and LAN connections are separate networks completely. Most guides including the WorldSpot.net guide, assume this 'Separate Wi-Fi' configuration is Enabled.
    However, new configurations are available with this option:
    • If you have Secondary Access Points specifically to increase the Wi-Fi coverage, and these SAP's are physically wired into the LAN ports, then on the main ChilliSpot'ed DD-WRT device, you do not want to 'Separate Wifi from the LAN Bridge'. Configurations A or B is recommended.
    • If you have "public-access terminals" that are wired LAN computers, such as at a library, connected to the DD-WRT device, and you want these clients to now be directed to the ChilliSpot Authentication Splash Page, you also do not want to "Separate Wifi from the LAN Bridge". Configuration A is recommended.
    • If you want to maintain a single, homogeneous network [all Internet-connected devices shares the same private subnet], of wireless and wired clients, and your wired clients have been made secure from wireless attacks [outside of the scope of this guide], then you do not want to "Separate Wifi from the LAN Bridge". Configuration B is recommended.

[edit] Additional prerequisites for older firmware

  • Highly-recommended to have firmware build 14929 as the running firmware.
  • Firmware V23xx: If you haven't reset to factory settings after installation, do it, then reboot once more.
Anyone familiar with the V23-series firmware, please change the above point if this is only needed on specific revisions
  • Resetting to factory defaults is NOT needed for V24Final and later.

[edit] Configuration

After carefully following the above sections:

Three (3) options:

  • New Hotspot Introduction: Hang a new DD-WRT device with Chilli, off an existing LAN. Existing LAN is left completely alone. If you have a DHCP server or some custom corporate setup and you don't want to change or alter it, this is the best way.
  • One (1) network: Put both the wireless local area network (WLAN) and LAN clients on the Chillspot. This is good for people who want to switch entirely over to ChilliSpot on their LAN and WLAN.
  • Two (2) networks: Keep the existing LAN clients on normal services while splitting off the WLAN clients to chilli. This is okay if you already have a DD-WRT box managing services, and you only want the WLAN clients to go to the ChilliSpot portal page.

[edit] Configuration A: Add new Chilli-powered hotspot to existing non-DD-WRT subnet

Add chilli hotspot services to an existing network.

The existing network is not changed at all.

All existing clients operate as before.

A connection from the existing network is plugged into the WAN port on the DD-WRT device. Besides changing the DD-WRT device to allow WAN access to SSHd and the Web interface, the steps are nearly identical to "One Network Subnet". New library access terminals, for instance, can be connected to the LAN ports on the DD-WRT device.

[edit] Configuration B: One network subnet, move all clients to ChilliSpot

Keep your pre-Chilli setup throughout. Move all clients to Chilli. The LAN ports and Wi-Fi are bridged together and are seen as a single network managed by ChilliSpot.

Also known as, "Separate WLAN from LAN" - Disable.

It is strongly recommended that before doing this, you should access DD-WRT's Web interface from the WAN port. If you have a configuration problem with ChilliSpot, you will still be able to access the configuration interface.

This setup is mandatory if you want to use the WDS feature (Wi-Fi repeaters to extend the Wi-Fi range)

ChilliSpot has its own DHCP Server. If "Separate Wi-Fi from LAN Bridge" is disabled, the DD-WRT device's normal DHCP Server must be off.

Your existing LAN subnet was 192.168.1.x and your DD-WRT device LAN IP was 192.168.1.1. You have a conflict, as DD-WRT's WAN will be your LAN. So you must change DD-WRT's LAN IP to another subnet.

  1. From the DD-WRT Web Setup page, change the DD-WRT device LAN IP to another subnet, such as 192.168.2.1 & press Apply.
  2. Reconfigure your LAN client with 192.168.2.10, and reconnect to the Administration Web Site of the DD-WRT device on 192.168.2.1.
  3. From the Setup (Main page) of the Web Interface, turn off the DD-WRT DHCP Server.
Now, clients are temporarily no longer receiving a DHCP assignment. After enabling and configuration of ChilliSpot (covered later), ChilliSpot will create a virtual LAN interface at 192.168.1.1 and provides DHCP Services again on 192.168.1.x for all your Wireless and Wired clients.
Enable ChilliSpot options:
    1. With build 13064/v24: Services, Hotspot - ChilliSpot section. or
    2. With v23xx: Administration, Hotspot - ChilliSpot section.
  1. DHCP Interface: select "LAN" this is the bridge between your LAN ports and the wifi.
  2. Fill in the information provided by the CSP
  3. Enable ChilliSpot
  4. Continue on to the next section, "ChilliSpot setup, detailed options".

[edit] Configuration C: Existing DD-WRT router, ChilliSpot manages only Wi-Fi clients. The existing LAN, after some interruptions, operates as before (same IPs, DHCP services)

Two Networks, Wi-Fi separated from LAN. Existing DD-WRT device as a Router, adding ChilliSpot duties

Example: the existing DD-WRT set-up uses 192.168.1.0/24 as the IP range and the DD-WRT device is at 192.168.1.1. Substitute your own numbers if there is a difference.
  1. "Separate Wi-Fi from the LAN Bridge" — ENABLE
  2. Enable ChilliSpot
  3. For build 13064 (10/10/09), DHCP Interface - leave at LAN. Older builds may have to select WLAN.
The previous three steps create a configuration called "Bridge Separation". It makes ChilliSpot control only your DD-WRT device's wireless/Wi-Fi. The LAN continues to function without being diverted to ChilliSpot, just as before. Your LAN ports are also inaccessible by the Wi-Fi-connected computers.

[edit] Configuration D: Extend the network to regular neighbours and momentary roaming users (draft)

The actual instructions presented have not been polished in their formatting and presentation. And some additional testing is required (2011-12-06... having a bit of difficulty getting it working properly)

A DD-WRT box performs two functions — both an access point (AP), and a ChilliSpot in this example.

Like the other examples above and by the main author of this wiki, Configuration D is written and done with actual hardware and a successful, stable setup, running DD-WRT, in this case WHR-HP-G54 Buffalo-brand routers. For this case, there is a 50/10 backhaul (megabits) over VDSL2, a main wired LAN and a/n 5ghz separate wireless provided directly from the VDSL2 box (not DD-WRT). The particular model of DD-WRT-enabled box could not handle that level of traffic due to hardware limitations. A dedicated VDSL2 Fritzbox 7570 handles DSL conversion, connection to internal servers, and telephone devices. The DD-WRT box functions as a passthrough device to provide wide-coverage signal for regular neighbours who need more than what ChilliSpot provides, and casual users who only need to operate as clients, to check email for instance. Heavy wireless traffic goes directly through an 802.11a/n 5ghz signal provided directly from the Fritzbox 7570. This solution is an excellent way to provide secondary services to widespread users. A dedicated, modern DD-WRT box could potentially provide all network services and main routing functions, however, in this case a good quality router is rented directly from the telephone company and does the job.

All existing clients operate as before.

The desire is to have an added, encrypted WLAN signal, and add Chilli also as a second WLAN signal. Only some of the possible reasons for the configuration are:

  1. Allow casual roaming users 15 minutes of access AND
  2. Introduece the policy of the encrypted WLAN with the Chilli splash page WHILE
  3. Having local, non-roaming users, approach the hotspot operator physically and hand over donations to access the primary direct-to-backhaul, encrypted WLAN signal:
    1. Locals like cash and no specific logins.
    2. UPNP and port forwarding available: UPNP is blocked by Chilli (currently)
    3. Burst access: No limitation to bandwidth. Operator must trust each user to not hog bandwidth.
      1. Collect the emails of every user and all MAC addresses. If one is hogging bandwidth uncontrollably, email the other users and change the encrypted SSID password.
    4. More private: Encryption WPA2-AES for local regulars.
  4. You may have your own reasons!
Hardware
WHR-HP-G54

DDNS: opendns.com (restricts, e.g., pornosurfing through Chilli), provides dynamic DNS services more reliable than dyndns imho
DD-WRT Build: 14929

The rest of this Configuration D text is a DRAFT format. There are some persistent issues yet. As more practical experience is gained and more time is possible to edit this, the text will be "dressed up". For now, it is raw text.

Latest tip: Hook the backhaul (local LAN) cable into a LAN port, and patch over to the WAN port. This has not been verified — and it seems the source is the need to be able to configure chilli to pull network from the LAN instead of the WAN interface.

These are the direct notes for setting up a chilli router with a private, encrypted wlan cloud as an alternate. The chilli cloud gets 15 minute access per day per client. Visit worldspot.net and set up your account. access points and profiles there before doing any of the following.

Please note, if the upstream Internet has "died" for any reason, it can take the hotspot five (5) minutes to get a new upstream Internet address. If you have not waited five (5) minutes, please do so now.

If you have performed a complete reset on the router, OK, otherwise push and hold the button for 30 seconds or perform a Factory Reset from the Web interface, then:

Use a LAN cable, not wireless, when doing any of this! Plug into a LAN port on the DD-WRT box. If your main LAN Ethernet IP address is not already 192.168.1.x, must manually add an IP to your LAN card to be something like 192.168.1.5, temporarily to be able to connect. Leave your existing IP, as we are going to use that also, later.

Presumptions: your local LAN operates on 192.168.2.x with 192.168.2.8 as the main router for LAN-->ISP. Alternate these for your specific setup. Usually I set the main LAN to be something other than 192.168.0.x or 192.168.1.x as it seems almost all new or reset router devices have that as a default IP, and I don't want them to conflict with the main LAN. I also like to make the main router something other than x.x.x.1.

If your main LAN is 192.168.1.x and your main router is 192.168.1.1, DO NOT plug your main LAN into the DD-WRT box at all; only plug your laptop into the ports on the DD-WRT box as indicated until you have decided on substitutes for the DD-WRT box IPs.

Plug in your LAN cable from the laptop into a LAN port on the DD-WRT box.

Start, Run... http://192.168.1.1 or open the address in the Firefox browser.

IMPORTANT: Leave all settings alone unless they are specifically mentioned below.

Main DD-WRT box page: Make your new login and password. For now, use "root" and a password of your choosing.

Setup, Basic

Connection type: Static IP (this points to the private LAN main router) WLAN IP 192.168.2.1, SUB 255.255.255.0, GW 192.168.2.8 (IP of main VDSL2 router) & DNS1 of 192.168.2.8, DNS2 4.2.2.4 (or other suitable secondary DNS)

Router name: Chillibrains or something useful to help you remember Host Name: chillibrains Domain: local

Network setup

Router IP: 192.168.1.1 (this is the default IP, and for LAN-port access. It must be a different subnet than the WAN IP above! And different than the ChilliSpot subnet!) (for now, we will continue to use 192.168.1.1... later-on change this if you wish)

DHCP Server: Disable (chilli has its own dhcp module)

Time settings

Server IP: 192.168.2.5 (local server IP) or 0.pool.ntp.org

Click SAVE, wait a second. Do not apply or reboot yet.

Setup, DDNS

(we are using DNSOMATIC, part of opendns) DDNS Service: Custom DYNDNS Server: updates.dnsomatic.com / or for DynDns.org members.dyndns.org User Name: your username Password: your password Host Name: all.dnsomatic.com / or for Dyndns.org yourdomainname.dyndns.org URL: /nic/update? Additional DDNS options: [none for dnsomatic] / or for Dyndns.org try: --dyndns_system dyndns@dyndns.org --ip_server_name ip1.dynupdate.no-ip.com:8245 / (DynDNS service has had a problem with a non-reachable (down) checkip.dyndns.org)

Click SAVE, wait a second. Then click: MAC Address Clone: (optional) 12:34:xx or your chosen MAC 12:34:xx or your chosen MAC (Here we are only changing the first two number sets for setup.)

Click SAVE, wait.

Wireless, Basic Settings

Wireless Network Name (SSID): PrivatWLAN (Or your wireless cloud name for private LAN access.) Wireless Channel: 13 Sensitivity Range: 0 (suggested) (optional G-only) (This affects BOTH WLAN clouds)

Click SAVE, wait a bit. Click Add interface: 15minWLAN AP isolation Enabled Network configuration (leave at) bridged.

SAVE

Wireless security

WPA2 Personal (WPA2-AES) for the primary WLAN NO SECURITY for the secondary (chilli) wlan. SAVE

Back to: Setup, networking Create bridge (ADD), Bridge 0 name br1, SAVE IP Address 192.168.181.0/255.255.255.0 SAVE Assign to bridge> Assignment 0: br0 interface eth1 Assignment 1: br1 interface wl0.1 You might have to toy with saving the settings a few times to get all the correct bridges to appear. SAVE

Wireless, advanced settings

[note these settings are specific to your radio. add or change as necessary] Wireless TX power will be at 28, I set to 251 and later the startup commands set higher. (Only the WHR-HP-G54 with hardware mods.) You can turn off Wireless GUI access for security if you like... Shortslot override Short Preamble Auto Frame burst disable Afterburner disable --- Scroll down to "Wireless Multimedia Support Settings" WMM support. Turn this off. Seems to work poorly with multiple clients connected (on the WHR-HP-G54). Click SAVE, wait a second.

Services, Services

Disable ttraff to save RAM WAN Traffic Counter: Disable Click SAVE, wait.

Services, Hotspot

ChilliSpot: Enable Separate Yes, br1 Primary Radius: radius.worldspot.net Secondary Radius: radius2.worldspot.net "Remote Network": net 192.168.182.0/24 (This is the same thing as the "net" declaration) DNS IP (OpenDNS primary): 208.67.222.222 Redirect URL: https://secure.worldspot.net/wk/Uam (secure is the europe one, secure2 is the north american server.) The above Redirect URL is *CASE SENSITIVE* and must be entered exactly as shown above, in the box). Shared Key yoursharedkeyfrom worldspot Radius NAS ID: yourradiusnasid from worldspot UAM Secret: your UAM secret value from worldspot UAM Any DNS: 0 (leave at default) UAM Allowed: www.paypal.com,www.paypalobjects.com,paypal.112.2o7.net Additional ChilliSpot Options: domain local dns2 208.67.220.220 dynip 192.168.182.128/26 uamallowed 66.211.168.0/24,64.4.241.0/24,216.113.188.0/24 uamallowed 88.221.0.0/16,84.53.0.0/16,67.133.200.0/22,72.246.0.0/15 uamallowed 216.52.17.0/24,70.42.134.0/24,128.242.125.0/24 Click SAVE, wait. (dynip is not neccessary, as there are no static IPs in the same subnet as chilli in this tutorial)

Security, Firewall

Uncheck "Filter multicast" and "Filter ident." and "Filter anonymous ping" SAVE, wait.

Access restrictions, WAN access

Status: Enable Policy Name: Block164x Deny (this means Internet access...) *** SCROLL DOWN CLICK "SAVE" *** Save, wait a second... *** scroll back up *** Edit list of clients Enter the IP Range of the clients 192.168.164.2 – 192.168.164.254 Block access from all IPs of 2 through 254. SAVE, then CLOSE

The goal is to block all computers that are not using ChilliSpot attempting from using the main subnet router directly on 2.x. Chilli blocks unauthorized access on the 182.x range, but not on the upstream WAN side of 2.x / Note: Otherwise, manually-configured wireless clients could potentially use a 2.x address to get online outside of chilli, crowding out other clients. [This theory is still being tested. Your results may vary.] SAVE then CLOSE SAVE

(We perform the next step NOW to make sure the DD-WRT box is accessible from the WAN port)

Administration, Management

Web Access: Uncheck Protocol HTTP (Do not auto-load Web management interface) Disable Info Site Remote access: Web Gui management enable web gui port 80 Telnet enable

CRON (Reboot periodically, 2x a month, at 2 a.m. on the 1st and 15th. addresses leaks.) 0 2 1 * * root /sbin/reboot 0 2 15 * * root /sbin/reboot

IP Filter Settings

4096 TCP Timeout 500 UDP Timeout 90

Click SAVE, then wait.

NAT QoS, QoS

W/VDSL2 50/10: (we split the bandwidth here between internal use and external users. External users are DD-WRT box primary WLAN cloud + ChilliSpot users.) 2500 / 25000 SAVE Select: http, click Add Skypeout, Add SkypetoSkype, Add Set http Express, Skypexxx protocols Premium (can add others here like NTP, DNS, RSTP)

Don't be surprised if the router locks out here for a bit. Wait. You may have to reboot it then plug into the WAN port, and communicate with it over the WAN IP. To restart the management Web interface, telnet into it, and run 'httpd' and continue..

Save, wait a second.

Administration, Commands
  1. fixes bug with ChilliSpot and MTU

/usr/sbin/iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1441:65535 -j TCPMSS --clamp-mss-to-pmtu Save Firewall. ---

Startup
  1. enables WOL from Internet
  2. ip neigh change 192.168.178.5 lladdr 00:1B:21:02:EE:4F nud permanent dev br0
  3. ip neigh add 192.168.178.5 lladdr 00:1B:21:02:EE:4F nud permanent dev br0
  4. turns on noack (optional)

wl noack 1

  1. increases power to maximum (only on WHR-HP-G54 Buffalo/updated routers with hardware modification)

wl txpwr1 31 Save Startup

[edit] ChilliSpot setup: detailed options

  • RADIUS Server 1 As assigned by CSP. the name or IP address of the primary RADIUS server.
  • RADIUS Server 2 As assigned by CSP. the name or IP address of the secondary RADIUS server.
    • If you have only one Radius Server, leave as 0.0.0.0 or specify the same field value of Radius Server 1.
  • DNS IP Your Internet provider's 1st DNS Server. This is available on the DD-WRT device Status page.
  • Remote Network (1) (AD20110108: bug noted, option missing in build 14929)
  • For One Network, change the default to 192.168.1.0/24, or your old subnet.
  • For Two Networks, it's 192.168.182.0/24 here by default.
  • One could choose something else, like 192.168.155.0/24, so long as it is not the existing DD-WRT LAN subnet.
  • Redirect URL As given by your CSP. The address of the UAM Server, the Web authentication portal.
  • Shared Key As given by your CSP. It's also called your RADIUS secret password
  • RADIUS NAS ID As given by your CSP. The RADIUS name of your Hotspot
  • UAM Secret is a secret password between the Redirect URL and the Hotspot. Given by the CSP.
  • UAM AnyDNS Allows Clients to use their own DNS servers. Allows ANY traffic through port 53. Only set this to 1 if you know what you are doing, and can reconfigure IPTABLES properly!
  • UAM Allowed is a list of Web sites that unauthenticated users are allowed to access.
  • MacAUTH Enabled or Disabled. Allows authentication of clients by their WLAN or LAN card MAC (hardware) address. Not used in this guide.
  • Additional ChilliSpot Options
    • If your local domain is 'local', then
      domain local
    • Your provider may offer another, optional setting for domain.
    • If your second Internet provider's DNS is for example 4.2.2.4, then for redundancy
      dns2 4.2.2.4
    • To tell ChilliSpot to limit DHCP addresses to be part of the entire subnet:
  • dynip 192.168.1.128/26 (2)
  • Can be most helpful in a 'one network' subnet setup.
  • Allows fixed IP's to exist from 192.168.1.2 through 127 for your existing devices.
  • Apply Changes/Save, and if needed, reboot your DD-WRT device.
  • Your ChilliSpot Hotspot should work now. If you tested your wireless client device before setting up ChilliSpot, right-click and 'Repair' the Wi-Fi connection in XP to get a new ChilliSpot-provided IP address.

(1) Remote Network is the same as the net command, found on the Internet, elsewhere in references to ChilliSpot configuration and chilli.conf. net defines the ChilliSpot network. In DD-WRT, the field is called Remote Network, but it is the same setting as net.

(2) dynip configures ChilliSpot to use a limited range of IP's within the net parameter, as the client DHCP pool, instead of using the entire net range. In this example, address assignments from 192.168.1.128 to 192.168.1.191 are assigned to clients. IP's from 2 through 127 are left for fixed assignments, and can be further specified by statip if DHCP clients come on the network needing a specific address from the ChilliSpot DHCP service.

[edit] Tips

If you are not knowledgeable about your LAN security, or have poorly configured insecure XP devices on your LAN, to reduce possible attacks from wireless clients, you can enable the option: "Separate Wi-Fi from the LAN Bridge" (your LAN won't be visible to wireless clients). If you are certain your LAN is configured as secure, which it should be anyway, and you want to have access to your LAN equipment from your Wi-Fi, then leave "Separate..." Disabled.

  • ChilliSpot will not start unless it can see the DNS Server specified the ChilliSpot settings.
  • Note that after reboot, it can take a certain time before a wireless client receives an IP address. Don't forget to switch back to automatic IP assignment (DHCP) on your client when testing!

[edit] Troubleshooting

[edit] Your client gets a ChilliSpot IP, but no welcome page, or certain Web sites don't open (MTU Bug)

Maybe you are using a PPPOE modem and you are experiencing the MTU bug?

Add this to your Firewall Commands (Administration tab in the Web Interface, Commands sub-tab): Changes MSS to fit inside ChilliSpot tunnel. Important so some Web sites work properly, otherwise "MTU Bug"

/usr/sbin/iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1421:65535 -j TCPMSS --clamp-mss-to-pmtu

More information in this forum post

[edit] ChilliSpot fails after a while, **memory full on router** on low-RAM units

This is a common problem when the infrequently-used Web Interface (httpd) is left running.

  • On a hotspot (DD-WRT device) with 16 (or less) megabytes of RAM, the chilli process uses 19%.
  • The Web Interface process, httpd, uses 19% also. About 3 megabytes!
  • Newer builds of Chilli are supposed to use less RAM, although DD-WRT may not have these yet.
  • The Web Interface uses a lot of RAM, and in any case, should not be left running on a production router.

[edit] Solution 1: SSHd (run HTTPD only when necessary)

This is most suitable when no secured or direct, wired connection to the hotspot is available. or the hotspot is to be administered over the Internet. In this case, an encrypted tunnel is desired to administer the hotspot.
  1. On the hotspot Web onterface, go to "Services, Services, Secure Shell", and turn on SSHd, and turn off Telnet.
  2. On "Administration, Management, Web Access", turn off HTTP Access (httpd).
  3. Make sure access to the hotspot WAN port is available if your setup is Configuration A: Hotspot Only. (See above)
  4. Save/Apply/Reboot as needed.

To use the Web Interface:

  1. For Configuration A, physically plug your laptop into the existing network.
  2. For Configuration B or C, physically plug your laptop into a LAN port on the DD-WRT device.
    1. Open your browser and log in to the ChilliSpot page as if you want to use the Internet, as Chilli's firewall rules will block your client from connecting to the DD-WRT device/hotspot otherwise.
  3. Putty (SSH) into the DD-WRT device.
    1. The command may look like "putty 192.168.182.1" or
    2. "putty 192.168.182.1 -P 60000", where 60000 is the chosen port number, if you changed the SSH port.
  4. Enter "httpd". (The command to restart httpd is different on older versions of DD-WRT (v23sp2))
  5. Open the Web Interface address on your client's browser.
  6. When you are finished, enter "killall httpd".

[edit] Solution 2: Telnetd alternate, in place of SSHd. Added: 2009.11.11

Telnetd uses less RAM than SSHd, however it is a completely insecure (clear-text) method to connect to the hotspot.
The solution requires a direct, wired connection to the hotspot for administration.
  1. Bring up the Web Interface of the DD-WRT device.
  2. In "Administration, Management, Web Access", turn off HTTP Access (httpd).
  3. In "Services, Services, Secure Shell": Turn off SSHd.
  4. Scroll down and turn on Telnet (telnetd).
  5. Save changes

To use the Web Interface:

  1. Make sure your workstation or laptop data is secure to the hotspot.
    1. Anyone who can monitor the traffic can see the root password sent to the hotspot
  2. From a cmd prompt (Windows) or Linux: "telnet routerip"
  3. Enter "httpd" (only current versions of DD-WRT. v23sp2 requires a different command to start HTTPd.)
  4. In your browser: http://routerip. Log in.
  5. When finished, at the telnet prompt type: "killall httpd" <enter>

[edit] Use the "top" command to check memory usage

After using Solution 2, here is the "top" output:

Mem: 9012K used, 3992K free, 0K shrd, 1136K buff, 2836K cached CPU: 0.1% usr 2.9% sys 0.0% nic 96.8% idle 0.0% io 0.0% irq 0.0% sirq Load average: 0.72 0.29 0.10 1/22 778
PID PPID USER STAT VSZ %MEM %CPU COMMAND

 417   214 root     R     1184  9.0  0.4 top
 500     1 root     S     2500 19.1  0.2 chilli -c /tmp/chilli.conf
 157     1 root     S     1176  9.0  0.2 telnetd
 210     1 root     S     1660 12.7  0.0 pppd file /tmp/ppp/options.pppoe
 211     1 root     S     1504 11.5  0.0 /tmp/ppp/redial 30
  14     1 root     S     1504 11.5  0.0 watchdog
   1     0 root     S     1468 11.2  0.0 /sbin/init noinitrd
 454     1 root     S     1460 11.1  0.0 process_monitor
 221     1 root     S     1460 11.1  0.0 ttraff
 739     1 root     S     1460 11.1  0.0 wland
 214   157 root     S     1196  9.1  0.0 -sh
 511     1 root     S     1176  9.0  0.0 syslogd -R 192.168.xxx.xxx
 515     1 root     S     1176  9.0  0.0 klogd
 505     1 root     S      820  6.2  0.0 inadyn --input_file /tmp/ddns/inadyn.conf
 756     1 root     S      692  5.3  0.0 igmprt
  10     1 root     SW       0  0.0  0.0 [mtdblockd]
 545   505 root     Z        0  0.0  0.0 [sh]
   2     1 root     SW       0  0.0  0.0 [keventd]
   6     1 root     SW       0  0.0  0.0 [kupdated]
   3     1 root     SWN      0  0.0  0.0 [ksoftirqd_CPU0]
   4     1 root     SW       0  0.0  0.0 [kswapd]
   5     1 root     SW       0  0.0  0.0 [bdflush]

[edit] DD-WRT Firmware: Administration/Hotspot/ChilliSpot tab does not show

Make sure you are using a package that includes ChilliSpot. ChilliSpot is not in the micro and mini versions of dd-wrt (consult this table).

[edit] Connection Failed on v24-SP2 Firmware(from SVN 14896 to SVN 15506)

if your settings seems to be correct but ChilliSpot don't start. It could come from a too long uamallowed list. Don't put more than three doamin name in this field. If you have more domain to add leave the Uamallowed field empty, and add your uamallowed domains in "Additional ChilliSpot Options" field.

[edit] Connection Failed on v23 Firmware

If your client does not recieve a ChilliSpot IP address you may have changed the ChilliSpot DHCP Interface. On older versions of DD-WRT Firmware, touching this setting breaks ChilliSpot. A fix is to reset to factory defaults and re-enter all your settings or use newer firmware.

If the UAM Secret you entered in ChilliSpot Settings is incorrect, you will have an authentication failure.

If the RADIUS Shared Secret is incorrect, the login process will hang.

[edit] More troubleshooting tips

If it does not work, you must connect with ssh or telnet to your router.

login: root
password: <your password>

First, check that you have Internet access:

ping google.com

Worldspot Users: If you don't have any ping return, check the output of "ifconfig" and post it on the WorldSpot forum.

If Internet works from your router, but you don't have ChilliSpot working, check first that the chilli process is launched with

ps -ef

You should see a "chilli -c /tmp/chilli.conf" process. If not, recheck your ChilliSpot settings. For example, if you put a whitespace in the NAS ID, the chilli process won't launch.

[edit] For the FON Hotspot

Please see the FON Hotspot page for a guide and advice on setting up a FON hotspot using DD-WRT and ChilliSpot.

[edit] External Links

Some ChilliSpot Service Providers (CSPs):