Breaking the internet (hotels, guestnet style)
owen at delong.com
Tue Dec 8 09:21:27 CST 2009
> I know what you're saying, but seriously, haven't we just repeated all
> the same mistakes in IPv6? And of course it'd be a nightmare to cover
> all the edge cases, this is why nobody tries to figure it out, so in
> the end we end up with many really cruddy hatchet jobs.
With IPv6, RA/SLAAC is nearly instantaneous, unlike DHCP. This is both
good and bad.
For this purpose, it happens to be good...
1. Have your authentication server running on a host that will accept
connections to _ANY_ address.
2. Have your router send RA/SLAAC for your authentication network
to unauthenticated machines such that their default gateway
is an address that lands them on the authentication server.
3. Once they're authenticated, send them real RA/SLAAC.
4. No need to hork DNS, and, the web page you faked at first
can work just fine after they log in, even if they cached the DNS
information because you gave them the legitimate address.
> Why would "web browsers" have a hot-spot button? What if I want to
> just use ssh? And where's the web browser on my VoIP telephony
> adapter, etc? :-)
Almost all of these systems require you to call support to get a MAC
authentication Exception if you don't have a web browser on your
device. Most of them grant exceptions on a not to exceed 30 day
> It's gotta be difficult for the hotspot networks. Even at&t can't seem
> to make it all work right even when they control both sides; I've seen
> iPhones just hang when connecting to attwifi (and I can say I've seen
> it not work in some way maybe even more often than I've seen it actually
> work). At least the iPhone seems to have some built-in support for this
> sort of thing. (Anybody know anything more about that?)
Yep... Then there are the airports where there seems to be a spanning tree
delay between getting associated with the hotspot and being able to get
a DHCP address. (I've only encountered this behavior at a few US airports,
never on a hotel network).
More information about the NANOG