Basic setup question: stumped (stuck) on the Access Profile page

[dijnebbh]

Hi,

NoCatSplash is broke completely in DD-WRT v2.4 so-called 'Final', and actually has been for many months prior. It looks like I am /Forced/ to use worldspot.net for the time being.

When I am accessing the Access Profile page, it asks 'Total Allowed Connection Time in Seconds'. I want 4 days, so I put in 345600 seconds. When applying changes, the value changes to '4d'. I assume this is shorthand for 4 days. It's not documented on the page.

/Where I am stuck is:/ What is the meaning of Total Allowed Connection Time and Expiration Time After First Connection? These are not really clearly documented anywhere on the page, as to the difference of the two.

This is my setup: Free access for those in the neighbourhood. They must first look at a Terms of Service page and then press Agree or Continue. I do not need Tickets for this. After 4 days, I want the public users to be forced back to this agreement page. The Agreement Page I can change from time to time, when there is news about service changes or outtages. I do not want to limit their usage to 4days total, say, according to their MAC address. I simply want them to have to be forwarded to the Authentication Page after 4 days, where they must click I Agree again.

Thanks.

Edit: I have another question which I remember now --- I have an IP address range I already use --- how do I use my existing private IP address range instead of 192.168.182.xx?

Thanks again.

[WorldSpot]

I want 4 days, so I put in 345600 seconds. When applying changes, the value changes to '4d'. I assume this is shorthand for 4 days. It's not documented on the page.

If you click on the question mark, it is documented there
https://secure.worldspot.net/wk/Main/en/Doc?noSidebar=1#Access_profile

The "Expiration time after first connection" option disables the access after the specified amount of time after the first connection, whatever the hotspot usage.

This is my setup: Free access for those in the neighbourhood. They must first look at a Terms of Service page and then press Agree or Continue. I do not need Tickets for this. After 4 days, I want the public users to be forced back to this agreement page. The Agreement Page I can change from time to time, when there is news about service changes or outtages. I do not want to limit their usage to 4days total, say, according to their MAC address. I simply want them to have to be forwarded to the Authentication Page after 4 days, where they must click I Agree again.

You can define a "time to reset limitation". For example, set "total connection time" to 1d and "time to reset  limitation" to the same.
Then every 24h of total connection time, the user will be disconnected and can reconnect back.

I have another question which I remember now --- I have an IP address range I already use --- how do I use my existing private IP address range instead of 192.168.182.xx?

You may not mix hotspot address range, which is on a different network that is managed my chillispot, and your own private unrestricted address range.
However you can define the hotspot subnet address with the net setting

Code: [Select]

net [netaddress]
    Network address of the uplink interface (default = 192.168.182.0/24). The network address is set during initialisation when chilli establishes a tun device for the uplink interface. The network address is specified as either <address>/<netmask> (192.168.182.0/255.255.255.0) or <address>/<prefix> (192.168.182.0/24).


[dijnebbh]

Okay.

Thanks for replying.

These are my follow-up questions. I must make sure I get this right before I bring the network down to implement chillispot/worldnet.

  There are the two timeout boxes I mention in my first post. I say I am going to have the timeout of 4d, after which the user will have to be redirected to the agreements page and log in again. You use the example of 1d /I assume I can use the period of 4d with chillispot?/ And I put 4d in both of the timeout boxes on the Access Profiles screen, yes? And sorry, I did not see the question mark link for help. I will look again next time.

  You respond by writing, I cannot use the same IP address range as I am already using on my private subnet, then explain how to change the Chillispot IP range. I am confused by your statement. If I am already using 192.168.121.1-200 with NoCatSplash (current NoCat is disabled) and the Chillispot (replacement) defaults to handing out 192.168.182.x, and I want to modify Chillispot to give 192.168.121.x, this is okay, right?

There already exists a single wlan/router point with NoCatSplash; however, as written before, NoCat is broke now in current builds of v2.4 DD-WRT, so nocat is turned off. The single WLAN/router hands out addresses in the same subnet range, for both private and public users. There is only one subnet, of 192.168.121.x, and a single, open, WLAN SSID. This simplifies management. Existing users who are classified as 'private' use the same IP's as those users who are 'public'. Private users have their MAC address on an Allow list under NoCatSplash. They never have an agreements page.

I understand a similar setup, of allowing certain MAC's access without redirection, is available in Chillispot. /Yes?/

I imagine you might be considering the existence of a separate subnet, router and (encrypted) WLAN signal for 'private' users, and this is perhaps where your assumption trips up the understanding of my question. /Now the exact setup is explained, does Chillispot integrate?/

[WorldSpot]

Hi

Yes simply replace 1d to 4d and it should work.

You can also change the network subnet if you want to use the same subnet as your users.

However, it is not recommended to fix your ip address, unless you use the new anyip feature of coova chilli.

About the mac addresses that bypass chillispot, this was not a feature in chillispot. It has been done in coova-chilli.
So I strongly recommend that you use coovaAP instead of dd-wrt (or openwrt) just for this feature.

[dijnebbh]

Hi,

Are you saying I can use the same Private IP subnet range for all users on the LAN/WLAN portion of the network, and this is simply configurable as you show in your second post /Yes or No?/

What is this about a fixed IP you mention? Some of my machines have a fixed IP, yes, but they do not use the router as a gateway, they have their own Internet PVC (PPPoE connection). The internal fixed IP is only to facilitate communication with the other internal PC's and clients.

Also, are you saying I /Can not/ have a small number of regular users - those who are known to agree with the policies of the network, and so do not have to pass through the Chillispot authentication system? This is a feature of other hotspot systems, where a few machines who run things like automated services (do not have a web interface) do not have to authenticate. The alternate authentication is based on their MAC address.

If bypassing authentication for a small number of regular computers requires another firmware, I do not want to run Coova A.K.A. OpenWRT. It is a nightmare of geekish complexity, and like most things of the sort, the people who support it are snobs x100000.

[WorldSpot]

Are you saying I can use the same Private IP subnet range for all users on the LAN/WLAN portion of the network, and this is simply configurable as you show in your second post /Yes or No?/

Yes

What is this about a fixed IP you mention? Some of my machines have a fixed IP, yes, but they do not use the router as a gateway, they have their own Internet PVC (PPPoE connection). The internal fixed IP is only to facilitate communication with the other internal PC's and clients.

In this case , there is no problem. You may use high ipaddress to avoid conflict.

Also, are you saying I /Can not/ have a small number of regular users - those who are known to agree with the policies of the network, and so do not have to pass through the Chillispot authentication system? This is a feature of other hotspot systems, where a few machines who run things like automated services (do not have a web interface) do not have to authenticate. The alternate authentication is based on their MAC address.

If bypassing authentication for a small number of regular computers requires another firmware, I do not want to run Coova A.K.A. OpenWRT. It is a nightmare of geekish complexity, and like most things of the sort, the people who support it are snobs x100000.

If you have a subscription, you can use mac address authentification (server side managed) with dd-wrt.
You must use coova-chilli if not.

CoovaAP webif is just a little different that dd-wrt. But it is not "geekish".
Openwrt can be very powerful "for geeks" but now have a very simple web interface for "non geeks". Setting up your hotspot with coova is MUCH more simpler than with dd-wrt.

[dijnebbh]

Thanks.

To follow-up on your last response: 'If you have a subscription, you can use MAC authentication'

Does this mean a paying subscription? Do I have to pay to have a setup with public access, where a few computers always bypass authentication based on their MAC (or other means).

Regards.

[WorldSpot]

Yes.

This is why I suggest you use coova chilli so you don't need a subscription.

[dijnebbh]

I told my wife, 'I love this guy.' 'He's replying to my questions. I have all these technical questions and he's replying to them.'

The need for a bypass of the chillispot is mostly for my wife, who I don't want to hassle with this. I actually like to be hassled (sometimes), to know it's working: for instance, with NoCatSplash, until I figured out some work-arounds, it would crash after about 2 hours, and would stop blocking / redirecting client computers.

/ Question: / 4 days is ample time so there is no 'hassle' factor with most clients. Is it possible for a client to renew early - for instance, if we know (us clients know) we are going to be in an important business phone call - is it possible to renew ahead of time, thereby eliminating a 4-day timeout from interrupting the connection? It was possible to do this with NoCat, by going to the Authentication page and agreeing to the terms again.

BTW, when I tried to set NoCat to work with 7days, it completely stopped working after that point. Setting it back to 24 hours didn't seem to help.

Regards.

[dijnebbh]

Here's the directions from the main worldspot page on how to setup worldspot on a dd-wrt device, modified for including the LAN ports.
Tell me where I'm wrong:

1) Must turn off DHCP on the Basic settings page in the Web Interface? Because it looks like from the directions Chillispot is going to provide DHCP services.
2) Must set the LAN IP of the router to be something other than my current subnet. I think in my example I am using 192.168.121.x. So I must change the router LAN IP to 192.168.120.x, so the Chillispot can use 121.x.

#  Check that you can connect to the internet from your wireless device
# If everything works, then simply enable chillispot with the given settings in Administration/Hotspot/Chillispot

    * Enable chillispot
    * /DO NOT/ Enable "Separate wifi from the lan bridge"
    * On DHCP interface, select WLAN (and LAN?).
    * Set Radius server 1 to be the ip address of a your primary radius server
    * Set Radius server 2 to be the ip address of a your secondary radius server (use the same as server 1 or leave the zeros if you only have one)
    * Set dns server to be the ip address of a dns server
    * In Shared Key, put your radius secret password
    * Radius NASID is the radius name of your hotspot
    * Redirect Url is the address of the Uam Server, the web authentication portal.
    * UAM Secret is a secret password between the Redirect Url and the hotspot.
    * UAM Allowed is a list of website that unauthenticated users are allowed to use.

Where in these directions do I specify the subnet Chillispot is to use? Is there some chillispot configuration file for the net command?

Regards

[WorldSpot]

You can add additionnal options in "additionnal options"
for example:
net 192.168.124.0/24

[dijnebbh]

Hi,

I'm sorry. I'm no guru or geek, so I don't know some notations. What is 192.168.124.0/24 equate to? Does it mean the IP range from .0 to .24? Although I've seen your notation before in places, I've only ever used the notation 192.168.124.0/255.255.255.0, and this means any ip beginning with 192.168.124.x. To find someone else to explain could likely mean they want me to read a 5cm thick manual, just to extract one item of interest. And frankly, I don't have the time to waste. The summer is too nice

Also, as I asked before, but have yet to get a direct answer, am I going to have to change the LAN IP of the router to a different subnet than the example of what I am using now of 192.168.121.x? - so Chillispot can use that subnet? For example, right now the router is using normal DHCP to hand out IP's from 192.168.121.100 through 199. I have defined the DHCP range in the router Basic setup. Does using chillispot mean I must turn off the router DHCP and use a different subnet for the Router LAN IP in Basic Setup, like for instance, .122.x, so Chilli can now use .121.x? From what I understand so far, from reading the forum and the very limited documentation on how Chilli works, Chilli provides DHCP services.

I must understand all of this before I bring down the router for the reconfiguration. Thanks.

Regards.

[WorldSpot]

192.168.124.0/24 is a standard notation meaning the same as 192.168.124.x . 24 means "24 bits are significative"...

You must not use the same subnet for your lan and for chillispot.
Chillispot handles dhcp requests for its own subnet.

Consider your lan network separated from the chillispot network.

[dijnebbh]

Whew! A lot of Q&A. I think I finally comprehend all the bits. I'll try it and post back.

Thanks for providing real support.

[dijnebbh]

24 means "24 bits are significant"...

Goes way over my head. I have the need only to setup an access point. Thankfully, there don't appear to be any pimple-laiden linux trolls on this forum to give me a hard time for having a real life.

If 192.168.121.x = 192.168.121.0/24 in notation (computer sp..geek), /what is 192.168.121.100 - 199?/ I looked up some information online, like 'tcpip notation ip range' and only found some basic explanations of IPV4 and V6. No simple chart to explain different notation values and ranges.

I must use the /same/ ip subnet range for DHCP users as I am using already, and was using under NoCatSplash [when it worked], and can under other solutions. Some of the lower IP's in 121.x are reserved for devices on the network.