Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
chilli(8)		    System Manager's Manual		     chilli(8)

NAME
       chilli -	 A Software Access Controller for Captive Portal and WPA

SYNOPSIS
       chilli --help

       chilli --version

       chilli [	configuration options ]

       chilli -fd [ configuration options ] # for debugging in foreground

DESCRIPTION
       chilli  is  a software access controller	typically used in Wireless LAN
       HotSpot.	It supports of two different access methods for	a Wireless LAN
       HotSpot:	Universal Access Method	(UAM) as well  as  Wireless  Protected
       Access  (WPA).  This version of chilli is called	CoovaChilli, a fork of
       the original ChilliSpot.	See http://coova.org/ for more information.

       chilli has three	major interfaces: A downlink interface	for  accepting
       connections from	clients, a radius interface for	authenticating clients
       and  an	uplink	network	interface for forwarding traffic to other net-
       works.

       Authentication of clients is performed by an  external  radius  server.
       For  UAM	 the CHAP-Challenge and	CHAP-Password as specified by RFC 2865
       is used.	For WPA	the radius EAP-Message attribute  as  defined  in  RFC
       2869 is used. The message attributes described in RFC 2548 are used for
       transferring encryption keys from the radius server to chilli. Further-
       more the	radius interface supports accounting.

       The  downlink interface accepts DHCP and	ARP requests from clients. The
       client can be in	two  states:  Unauthenticated  and  authenticated.  In
       unauthenticated	state,	web requests from the client are redirected to
       an authentication web server - the captive portal.

       In a typical application	unauthenticated	clients	will be	forwarded to a
       web server and prompted for username and	password. The web server  for-
       wards the user credentials to chilli by means of	web browser redirects.
       On  the	chilli side, authentication requests are forwarded to a	radius
       server. If authentication is successful the  state  of  the  client  is
       changed	to  authenticated. This	authentication method is known as Uni-
       versal Access Method (UAM).

       As an alternative to UAM, the access points can be  configured  to  au-
       thenticate  the	clients	 by  using Wireless Protected Access (WPA). In
       this case, authentication credentials are forwarded from	the WPA	access
       point to	chilli by using	the radius protocol. The received  radius  re-
       quest is	proxied	by chilli and forwarded	to the radius server.

       The  uplink interface is	implemented by using the TUN/TAP driver.  When
       chilli is started, a tun	interface is established and an	 optional  ex-
       ternal configuration script is called.

       Runtime errors are reported using the syslogd (8) facility.

OPTIONS
       Configuration  parameters set on	the command line always	take precedent
       over anything configured	in a file. See chilli.conf(5) for  a  complete
       list  of	 possible  configurations.  Here are just a few	common command
       line options:

       --help Print help and exit.

       --version
	      Print version and	exit.

       --fg   Run in foreground	(default = off)

       --debug
	      Run in debug mode	(default = off)

       --conf file
	      Configuration file to use	instead	 of  the  default  below.  See
	      chilli.conf(5) for more inforamtion.

       --pidfile file
	      File to put the process ID instead of the	default	below.

       --cmdsock file
	      UNIX  socket file	for inter-process communication	instead	of de-
	      fault below.

       --statedir path
	      Directory	of nonvolatile data instead of default below.

FILES
       /usr/local/etc/chilli.conf
	      The main chilli configuration file.

       /usr/local/etc/chilli/defaults
	      Default configurations used by the chilli	init.d	and  functions
	      scripts.

       /usr/local/etc/chilli/config
	      Location specific	configurations used by chilli init.d and func-
	      tions scripts. Copy the defaults file mentioned above and	edit.

       /usr/local/etc/chilli/functions
	      Helps configure chilli by	loading	the above configurations, sets
	      some  defaults,  and  provides  functions	for writing main.conf,
	      hs.conf, and local.conf based on local  and  possibily  central-
	      ized. See	chilli.conf(5)

       /usr/local/etc/init.d/chilli
	      The  init.d  file	 for  chilli which defaults to using the above
	      configurations to	build a	set of	configurations	files  in  the
	      /usr/local/etc/chilli  directory	-  taking local	configurations
	      and optionally centralized configurations	from RADIUS or a  URL.
	      See chilli.conf(5)

       /var/run/chilli.sock
	      UNIX socket used to daemon communication.	See chilli_query(1)

       /var/run/chilli.pid
	      Process ID file.

       /usr/local/etc/chilli/www/
	      The  typical  directory  for  embedded  web content served up by
	      chilli using a minimal web server. A convenient  place  for  the
	      splash  page,  embedded  captive portal, and JSON	javascript re-
	      sources.

SIGNALS
       Sending HUP to chilli will cause	the configuration file	to  be	reread
       and DNS lookups to be performed.	 The configuration options are not af-
       fected  by  sending HUP:	fg , conf , pidfile , statedir , net , dynip ,
       statip ,	uamlisten , uamport , radiuslisten , coaport , coanoipcheck  ,
       proxylisten  , proxyport	, proxyclient ,	proxysecret , dhcpif , dhcpmac
       , lease , or eapolenable

       The above configuration options can only	be changed by  restarting  the
       daemon.

SEE ALSO
       chilli.conf(5)	chilli-radius(5)  chilli_query(1)  chilli_radconfig(1)
       chilli_response(1) syslogd(8)

NOTES
       See http://coova.org/ for further documentation and community  support.
       The original ChilliSpot project homepage	is/was at www.chillispot.org.

       Besides	the  long  options documented in this man page chilli also ac-
       cepts a number of short options with the	same functionality. Use	chilli
       --help for a full list of all the available options.

       The TUN/TAP driver is required  for  proper  operation  of  the	chilli
       server.	Linux kernels later than 2.4.7 already include the driver, but
       typically needs to be loaded manually with modprobe tun or  automaticly
       by adding alias char-major-10-200 tun to	the /etc/modules.conf configu-
       ration  file.  For other	platforms see http://vtun.sourceforge.net/tun/
       for information on how to install and configure the TUN/TAP driver.

AUTHORS
       CoovaChilli and ChilliSpot are licensed under the Gnu  Public  License.
       Copyright   (C)	 2002-2005   by	  Mondru  AB.,	2006-2007  David  Bird
       <david@coova.com>, All rights reserved.

				  August 2007			     chilli(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=chilli&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>

home | help