Setting up Chillispot on DD-WRT
Chillispot on DD-WRT does not work out of the box ie. Chillispot is not
self contained but requires external web server (and RADIUS server) to
operate. Let's put it together.
1. Set up your RADIUS server. This is how you set up RADIUS server with OpenLDAP.
2. Set up a web server on a PC (it could be the same machine as the
RADIUS server depending on your security paranoia)
3. Install Chillispot
on that PC and configure hotspotlogin.cgi. From another machine on your
network open up following URL
https://webserver/cgi-bin/hotspotlogin.cgi. You should be greeted with
Login must be performed through Chillispot daemon.
That is a good sign :-).
4. Log into the admin interface on DD-WRT. Turn off DD-WRT's DHCP
server. This may not be required but I would see funny behavior when I
would reboot the router. ChilliSpot has a built-in DHCP server so it is
better to lessen the confusion.
5. Go to the Administration page and configure Chillispot ie.
You could also configure additional Chillispot options e.g. if
you want to allow people to be able to access certain IP addresses or
ranges you can add
- Primary Radius Server IP - RADIUS server IP
- Backup Radius Server IP - If you don't have backup put the same
IP address as the Primary
- DNS - IP address of your DNS server
- Redirect URL - This is the URL we tried above ie.
- Shared Key - This is the RADIUS shared secret
- DHCP Interfaces - Do you want ChilliSpot to apply to only wired
ports, wireless or both
6. Only other gotcha is if you are using RADIUS to authenticate against
e.g. /etc/passwd, YP/NIS or LDAP with MD5/SHA1 hashes you will need to
configure hotspotlogin.cgi on external webserver as follows
Uncomment the following line if you
want to use ordinary user-password
# for radius authentication. Must be used together with $uamsecret.
Under DD-WRT Chillispot additional options.
7. If you are curious about mechanics of this configuration please
check out following post
In short Damjan says (spelling corrected)
doesn't communicate with the radius on 220.127.116.11, 18.104.22.168 sends a
HTML response to the client, but in that response there's also a hidden
part. Since this response passes through chillispot, chillispot parses
that XML, decodes the username and the password (either plain text or
CHAP-challenge,CHAP-password), and then chillispot itself communicates
with the radius server on 22.214.171.124.
I too was wondering the same
questions, since chillispot
documentation doesn't describe how it operates, so I started debugging
with Firefox, LiveHTTPHeaders, netcat etc..
Last Update: $Date$
Vladimir Vuksan E-mail me