Guest User

chilli config

a guest
Nov 4th, 2016
40
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. :~# cat /etc/chilli/defaults
  2. # -*- mode: shell-script; -*-
  3. #
  4. # Coova-Chilli Default Configurations.
  5. # To customize, copy this file to /etc/chilli/config
  6. # and edit to your liking. This is included in shell scripts
  7. # that configure chilli and related programs before file 'config'.
  8.  
  9.  
  10. ###
  11. # Local Network Configurations
  12. #
  13.  
  14. HS_WANIF=eth0 # WAN Interface toward the Internet
  15. HS_LANIF=wlan0 # Subscriber Interface for client devices
  16. HS_NETWORK=10.1.0.0 # HotSpot Network (must include HS_UAMLISTEN)
  17. HS_NETMASK=255.255.255.0 # HotSpot Network Netmask
  18. HS_UAMLISTEN=10.1.0.1 # HotSpot IP Address (on subscriber network)
  19. HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)
  20. HS_UAMUIPORT=4990 # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
  21.  
  22. # HS_DYNIP=
  23. # HS_DYNIP_MASK=255.255.255.0
  24. # HS_STATIP=
  25. # HS_STATIP_MASK=255.255.255.0
  26. # HS_DNS_DOMAIN=
  27.  
  28. # OpenDNS Servers
  29. HS_DNS1=208.67.222.222
  30. HS_DNS2=208.67.220.220
  31.  
  32. ###
  33. # HotSpot settings for simple Captive Portal
  34. #
  35. HS_NASID=nas01
  36. HS_RADIUS=localhost
  37. HS_RADIUS2=localhost
  38. # HS_UAMALLOW=www.coova.org
  39. HS_RADSECRET=testing123 # Set to be your RADIUS shared secret
  40. HS_UAMSECRET=change-me # Set to be your UAM secret
  41. HS_UAMALIASNAME=chilli
  42.  
  43. # Configure RADIUS proxy support (for 802.1x + captive portal support)
  44. # HS_RADPROXY=on
  45. # HS_RADPROXY_LISTEN=127.0.0.1
  46. # HS_RADPROXY_CLIENT=127.0.0.1
  47. # HS_RADPROXY_PORT=1645
  48. # HS_RADPROXY_SECRET=$HS_RADSECRET
  49. # Example OpenWrt /etc/config/wireless entry for hostapd
  50. # option encryption wpa2
  51. # option server $HS_RADPROXY_LISTEN
  52. # option port $HS_RADPROXY_PORT
  53. # option key $HS_RADPROXY_SECRET
  54.  
  55.  
  56. # To alternatively use a HTTP URL for AAA instead of RADIUS
  57. # Enable http for AAA and then specify the url to send the AAA Request
  58. # HS_AAA=http
  59. # HS_UAMAAAURL=http://my-site/script.php
  60.  
  61. # Put entire domains in the walled-garden with DNS inspection
  62. # HS_UAMDOMAINS=".paypal.com,.paypalobjects.com"
  63.  
  64. # Optional initial redirect and RADIUS settings
  65. # HS_SSID=<ssid> # To send to the captive portal
  66. # HS_NASMAC=<mac address> # To explicitly set Called-Station-Id
  67. # HS_NASIP=<ip address> # To explicitly set NAS-IP-Address
  68.  
  69. # The server to be used in combination with HS_UAMFORMAT to
  70. # create the final chilli 'uamserver' url configuration.
  71. HS_UAMSERVER=$HS_UAMLISTEN
  72.  
  73. # Use HS_UAMFORMAT to define the actual captive portal url.
  74. # Shell variable replacement takes place when evaluated, so here
  75. # HS_UAMSERVER is escaped and later replaced by the pre-defined
  76. # HS_UAMSERVER to form the actual "--uamserver" option in chilli.
  77. HS_UAMFORMAT=http://\$HS_UAMLISTEN:\$HS_UAMUIPORT/www/login.chi
  78.  
  79. # Same principal goes for HS_UAMHOMEPAGE.
  80. HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
  81.  
  82. # This option will be configured to be the WISPr LoginURL as well
  83. # as provide "uamService" to the ChilliController. The UAM Service is
  84. # described in: http://www.coova.org/CoovaChilli/UAMService
  85. #
  86. # HS_UAMSERVICE=
  87.  
  88.  
  89. ###
  90. # Features not activated per-default (default to off)
  91. #
  92. # HS_RADCONF=off # Get some configurations from RADIUS or a URL ('on' and 'url' respectively)
  93. #
  94. # HS_ANYIP=on # Allow any IP address on subscriber LAN
  95. #
  96. # HS_MACAUTH=on # To turn on MAC Authentication
  97. #
  98. # HS_MACAUTHDENY=on # Put client in 'drop' state on MAC Auth Access-Reject
  99. #
  100. # HS_MACAUTHMODE=local # To allow MAC Authentication based on macallowed, not RADIUS
  101. #
  102. # HS_MACALLOW="..." # List of MAC addresses to authenticate (comma seperated)
  103. #
  104. # HS_USELOCALUSERS=on # To use the /etc/chilli/localusers file
  105. #
  106. # HS_OPENIDAUTH=on # To inform the RADIUS server to allow OpenID Auth
  107. #
  108. # HS_WPAGUESTS=on # To inform the RADIUS server to allow WPA Guests
  109. #
  110. # HS_DNSPARANOIA=on # To drop DNS packets containing something other
  111. # # than A, CNAME, SOA, or MX records
  112. #
  113. # HS_OPENIDAUTH=on # To inform the RADIUS server to allow OpenID Auth
  114. # # Will also configure the embedded login forms for OpenID
  115. #
  116. # HS_USE_MAP=on # Short hand for allowing the required google
  117. # # sites to use Google maps (adds many google sites!)
  118. #
  119. ###
  120. # Other feature settings and their defaults
  121. #
  122. # HS_DEFSESSIONTIMEOUT=0 # Default session-timeout if not defined by RADIUS (0 for unlimited)
  123. #
  124. # HS_DEFIDLETIMEOUT=0 # Default idle-timeout if not defined by RADIUS (0 for unlimited)
  125. #
  126. # HS_DEFBANDWIDTHMAXDOWN=0 # Default WISPr-Bandwidth-Max-Down if not defined by RADIUS (0 for unlimited)
  127. #
  128. # HS_DEFBANDWIDTHMAXUP=0 # Default WISPr-Bandwidth-Max-Up if not defined by RADIUS (0 for unlimited)
  129.  
  130. ###
  131. # Centralized configuration options examples
  132. #
  133. # HS_RADCONF=url # requires curl
  134. # HS_RADCONF_URL=https://coova.org/app/ap/config
  135.  
  136. # HS_RADCONF=on # gather the CoovaChilli-Config attributes in
  137. # # Administrative-User login
  138. # HS_RADCONF_SERVER=rad01.coova.org # RADIUS Server
  139. # HS_RADCONF_SECRET=coova-anonymous # RADIUS Shared Secret
  140. # HS_RADCONF_AUTHPORT=1812 # Auth port
  141. # HS_RADCONF_USER=coovachilli # Username
  142. # HS_RADCONF_PWD=coovachilli # Password
  143.  
  144.  
  145. ###
  146. # Firewall issues
  147. #
  148. # Uncomment the following to add ports to the allowed local ports list
  149. # The up.sh script will allow these local ports to be used, while the default
  150. # is to block all unwanted traffic to the tun/tap.
  151. #
  152. HS_TCP_PORTS="22 8081"
  153. # HS_UDP_PORTS="1701"
  154.  
  155. ###
  156. # Standard configurations
  157. #
  158. HS_MODE=hotspot
  159. HS_TYPE=coovachilli
  160. HS_RADAUTH=1812
  161. HS_RADACCT=1813
  162. # HS_ADMUSR=coovachilli
  163. # HS_ADMPWD=coovachilli
  164.  
  165.  
  166. ###
  167. # Post-Auth proxy settings
  168. #
  169. # HS_POSTAUTH_PROXY=<host or ip>
  170. # HS_POSTAUTH_PROXYPORT=<port>
  171.  
  172. # Directory specifying where internal web pages can be served
  173. # by chilli with url /www/<file name>. Only extentions like .html
  174. # .jpg, .gif, .png, .js are allowed. See below for using .chi as a
  175. # CGI extension.
  176. HS_WWWDIR=/etc/chilli/www
  177.  
  178. # Using this option assumes 'haserl' is installed per-default
  179. # but, and CGI type program can ran from wwwsh to process requests
  180. # to chilli with url /www/filename.chi
  181. HS_WWWBIN=/etc/chilli/wwwsh
  182.  
  183. # Some configurations used in certain user interfaces
  184. #
  185. HS_PROVIDER=Coova
  186. HS_PROVIDER_LINK=http://coova.github.io/
  187.  
  188.  
  189. ###
  190. # WISPr RADIUS Attribute support
  191. #
  192.  
  193. HS_LOC_NAME="My HotSpot" # WISPr Location Name and used in portal
  194.  
  195. # WISPr settings (to form a proper WISPr-Location-Id)
  196. # HS_LOC_NETWORK="My Network" # Network name
  197. # HS_LOC_AC=408 # Phone area code
  198. # HS_LOC_CC=1 # Phone country code
  199. # HS_LOC_ISOCC=US # ISO Country code
  200.  
  201. # Embedded miniportal
  202. # HS_REG_MODE="tos" # or self, other
  203. # HS_RAD_PROTO="pap" # or mschapv2, chap
  204. # HS_USE_MAP=on
RAW Paste Data