CoovaChilli is an open-source software access controller that is based on the popular but now defunct ChilliSpot project and is actively maintained by a ChilliSpot contributor. Read through this article to find out how to manually configure Chillispot.
It is a feature-rich software access controller that provides a captive portal / walled-garden environment and access provisioning and accounting via RADIUS or HTTP. Additionally, it is an essential component of the CoovaAP OpenWRT-based firmware, which is designed specifically for hotspots. See the ChangeLog for more information on how Coova’s Chilli differs from the standard ChilliSpot.
Executive Summary
ChilliSpot allows you to:
- Make wireless or LAN-connected computers display a “landing page” in users’ browsers with ease.
- The redirection takes place on the first Web page and continues until the user clicks through (I Agree/Login).
- You can optionally monetize your hotspot.
- Offer a Wi-Fi usage agreement, advertising, or other community or commercial activities.
- Overuse prevention that is proactive:
- Limit the amount of bandwidth that hotspot-connected laptops or desktops can use, both up and down.
- Limit the number of times hotspot users can log in in a given period.
- Other fine-grained restrictions.
ChilliSpot can be used for a single router or expanded to cover an entire metropolitan area by utilizing external services.
Technical Description
ChilliSpot is a free and open-source Captive Portal wireless or LAN access point controller. It is used to verify user identities. It supports Web-based login, which is the current industry standard for public hotspots. An online provider or a local radius service you provide handles authentication, authorization, and accounting (AAA).
ChilliSpot cannot function on its own and requires two (2) additional services, both of which are provided by third parties:
- Users are redirected to a Web Portal. This portal can offer any type of access control service, such as user login, online billing, and so on.
- A Radius authentication and accounting service. The Radius server and the Web server are usually tightly integrated to provide advanced services.
- There are several online providers (ChilliSpot Service Provider, CSP) who provide the additional services required for ChilliSpot to function: Captive Portal#Provider for more information.
- The benefit of using a CSP is that your ChilliSpot hotspot can be operational in minutes.
Read Also:
Process Hacker 2: 7 Most Interesting Features
Benefits of Having The Fastest Auto Clicker
Easy Python Decompiler: A Tool to Help You Reverse Engineer Programs
How do I manually configure the Coovachilli settings?
The Hotspot service can be installed on any device that can run Coovachilli. A server can even be used instead of a router.
This can be accomplished by connecting to the device via SSH and editing the configuration file with a text editor such as vi.
Copy the contents of the following window into the device’s /etc/chilli/defaults file:
# -*- mode: shell-script; -*-
#
# Coova-Chilli Default Configurations.
# To customize, copy this file to /etc/chilli/config
# and edit to your liking. This is included in shell scripts
# that configure chilli and related programs before file 'config'.
HS_LOC_ID="1"
HS_LOC_NAME="xxxxxx"
HS_NASID="xxxxx"
#############################################################
HS_WANIF=wan # WAN Interface toward the Internet
HS_LANIF=lan # Subscriber Interface for client devices
HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990 # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
# LOCAL MAC addresses
#HS_MACALLOWLOCAL=on
#HS_MACALLOW="XX-XX-XX-XX-XX-XX,XX-XX-XX-XX-XX-XX"
# Below this line is pretty much standard for HotSpotSystems
HS_DNS1=8.8.8.8
HS_DNS2=8.8.4.4
HS_NETWORK=192.168.182.0
HS_NETMASK=255.255.240.0
HS_UAMLISTEN=192.168.182.1
HS_DNS_DOMAIN=key.chillispot.info
HS_DYNIP=192.168.182.2
HS_DYNIP_MASK=255.255.240.0
HS_RADIUS=radius.hotspotsystem.com
HS_RADIUS2=radius2.hotspotsystem.com
HS_LEASE=172800
HS_SWAPOCTETS="on"
HS_UAMHOMEPAGE=""
HS_UAMFORMAT="https://customer.hotspotsystem.com/customer/hotspotlogin.php"
HS_PROVIDER="HotSpotSystem"
HS_PROVIDER_LINK="http://www.hotspotsystem.com/"
HS_MODE=hotspot
HS_TYPE=chillispot
hs_lan_access="deny"
HS_RADCONF="off"
HS_UAMSERVER="hotspotsystem.com"
HS_UAMSECRET="hotsys123"
HS_RADSECRET="hotsys123"
HS_UAMSERVER="customer.hotspotsystem.com"
HS_AAA="radius"
HS_UAMALLOW="194.149.46.0/24 198.241.128.0/17 66.211.128.0/17 216.113.128.0/17 70.42.128.0/17 \
128.242.125.0/24 216.52.17.0/24 62.249.232.74 155.136.68.77 155.136.66.34 \
66.4.128.0/17 66.211.128.0/17 66.235.128.0/17 88.221.136.146 195.228.254.149 \
195.228.254.152 203.211.140.157 203.211.150.204 \
www.paypal.com www.paypalobjects.com live.adyen.com \
www.worldpay.com select.worldpay.com secure.ims.worldpay.com \
www.rbsworldpay.com secure.wp3.rbsworldpay.com www.directebanking.com \
betalen.rabobank.nl ideal.ing.nl \
ideal.abnamro.nl www.ing.nl api.mailgun.net \
www.hotspotsystem.com customer.hotspotsystem.com tech.hotspotsystem.com \
a1.hotspotsystem.com a2.hotspotsystem.com a3.hotspotsystem.com a4.hotspotsystem.com \
a5.hotspotsystem.com a6.hotspotsystem.com a7.hotspotsystem.com a8.hotspotsystem.com \
a9.hotspotsystem.com a10.hotspotsystem.com a11.hotspotsystem.com a12.hotspotsystem.com \
a13.hotspotsystem.com a14.hotspotsystem.com a15.hotspotsystem.com a16.hotspotsystem.com \
a17.hotspotsystem.com a18.hotspotsystem.com a19.hotspotsystem.com a20.hotspotsystem.com \
a21.hotspotsystem.com a22.hotspotsystem.com a23.hotspotsystem.com a24.hotspotsystem.com \
a25.hotspotsystem.com a26.hotspotsystem.com a27.hotspotsystem.com a28.hotspotsystem.com \
a29.hotspotsystem.com a30.hotspotsystem.com"
HS_UAMDOMAINS=”paypal.com paypalobjects.com worldpay.com rbsworldpay.com adyen.com hotspotsystem.com triodos.nl asnbank.nlknab.nl regiobank.nl snsbank.nl geotrust.com”
All you have to do is change the following lines:
HS_WANIF=
HS_LANIF=
HS_NASID=
This will result in the creation of a combined splash page.
What does ‘Combined Splash Page’ mean?
When the LOGIN box is on the same page as the other modules, it is referred to as a combined splash page (Splash page is the same as the login page).
Your hotspot can operate in a combined mode, or you may prefer to keep the LOGIN section separate from the other sections of the splash page, where users can buy access, activate vouchers, and so on.
Explanation of configurable parameters in detail:
HS_NASID –> OPERATORNAME_LOC#
For example, if you created a username called “hotelhotspot” and want to configure a second location, the HS_NASID will be “hotelhotspot_2”
HS_UAMHOMEPAGE →
If you want to redirect users to a URL other than the login page, such as your own server (walled garden), enter that URL here. If you don’t want to use a combined splash page (keep the first and login pages separate), you can enter the following here: https://customer.hotspotsystem.com/customer/index.php?nasid=OPERATORNAME LOC# (replace the nasid at the end). In this case, you must also ensure that the Combined Splash Page option is not enabled in the control center.
HS_UAMFORMAT →
This is our hosted login/splash page. If you’re using a white label or want to use a server on another continent, change customer.hotspotsystem.com to another hostname in this URL.
HS_UAMALLOW →
A list of resources that the client can access without first authenticating. The list entries can be domain names, IP addresses, or network segments.
HS_UAMDOMAINS –>
One domain prefix per option use; defines a list of domain names to be added to the walled garden automatically. This is accomplished by inspecting DNS packets sent back to the subscriber.
