Hey Louis,
Thank you a lot!
When you say WISPr, you mean 802.1x? I.e. we should generally avoid the
use of a captive portal?
Best regards,
Till
On 12.08.2016 15:31, Louis Munro wrote:
> No, it's just that you ask good questions ;-)
>
> There is no way that I know of to go around HSTS for a site like
> google when using a browser.
> The usual way to do this is with WISPr.
> I.e. while an actual browser will have a problem redirecting from
> google.com <http://google.com> to the captive portal, the embedded
> WISPr client in (e.g.) Android or iOS should prompt you to
> authenticate directly, without requiring a redirect.
>
> For example, on OS X when a captive portal is detected, the OS pops up
> a window prompting you to authenticate.
>
> A captive portal is in the end a kind of Man-in-the-Middle attack
> (albeit a friendly one, most of the time).
> So your browser treats is as such.
>
>
>> On Aug 12, 2016, at 6:33 AM, [email protected]
>> <mailto:[email protected]> wrote:
>>
>> Sometimes I wonder if I always ask the questions which no one wants to
>> hear...
>>
>>
>> On 11.08.2016 17:06, [email protected]
>> <mailto:[email protected]> wrote:
>>> Hi there,
>>>
>>> redirecting to captive portal works fine as long as the user wants to
>>> visit an unsecured page.
>>>
>>> But when trying to get a page over SSL and being trapped by
>>> Packetfence, there is, IMHO, no way to avoid a "man in the middle" error
>>> from the browser.
>>>
>>> Hence the user can not access the portal.
>>>
>>> "The owner of google.com <http://google.com> has configured their
>>> website improperly. To
>>> protect your information from being stolen, Firefox has not connected to
>>> this website.
>>> This site uses HTTP Strict Transport Security (HSTS) to specify that
>>> Firefox only connect to it securely. As a result, it is not possible to
>>> add an exception for this certificate."
>>>
>
> Best regards,
> --
> Louis Munro
> [email protected] <mailto:[email protected]> :: www.inverse.ca
> <http://www.inverse.ca>
> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>)
> and PacketFence (www.packetfence.org <http://www.packetfence.org>)
>
>
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. http://sdm.link/zohodev2dev
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. http://sdm.link/zohodev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
