... well, this time my question was not a proof of understanding ;)
I think I have to investigate a bit more on WISPr.
I got confused with the "Captive Portal detection mechanism" and
WISPr... Not sure, how they are connected together.
Can you please explain me in a few words what the option
captive_portal.wispr_redirection does? What happens on a WISPr capable
device when we use packetfence with captive portal, and this option is
enabled?
Thanks a lot,
Till
On 14.08.2016 22:24, [email protected] wrote:
>
> Hey Louis,
>
> Thank you a lot!
>
> When you say WISPr, you mean 802.1x? I.e. we should generally avoid
> the use of a captive portal?
>
> Best regards,
> Till
>
>
> On 12.08.2016 15:31, Louis Munro wrote:
>> No, it's just that you ask good questions ;-)
>>
>> There is no way that I know of to go around HSTS for a site like
>> google when using a browser.
>> The usual way to do this is with WISPr.
>> I.e. while an actual browser will have a problem redirecting from
>> google.com <http://google.com> to the captive portal, the embedded
>> WISPr client in (e.g.) Android or iOS should prompt you to
>> authenticate directly, without requiring a redirect.
>>
>> For example, on OS X when a captive portal is detected, the OS pops
>> up a window prompting you to authenticate.
>>
>> A captive portal is in the end a kind of Man-in-the-Middle attack
>> (albeit a friendly one, most of the time).
>> So your browser treats is as such.
>>
>>
>>> On Aug 12, 2016, at 6:33 AM, [email protected]
>>> <mailto:[email protected]> wrote:
>>>
>>> Sometimes I wonder if I always ask the questions which no one wants to
>>> hear...
>>>
>>>
>>> On 11.08.2016 17:06, [email protected]
>>> <mailto:[email protected]> wrote:
>>>> Hi there,
>>>>
>>>> redirecting to captive portal works fine as long as the user wants to
>>>> visit an unsecured page.
>>>>
>>>> But when trying to get a page over SSL and being trapped by
>>>> Packetfence, there is, IMHO, no way to avoid a "man in the middle"
>>>> error
>>>> from the browser.
>>>>
>>>> Hence the user can not access the portal.
>>>>
>>>> "The owner of google.com <http://google.com> has configured their
>>>> website improperly. To
>>>> protect your information from being stolen, Firefox has not
>>>> connected to
>>>> this website.
>>>> This site uses HTTP Strict Transport Security (HSTS) to specify that
>>>> Firefox only connect to it securely. As a result, it is not possible to
>>>> add an exception for this certificate."
>>>>
>>
>> Best regards,
>> --
>> Louis Munro
>> [email protected] <mailto:[email protected]> :: www.inverse.ca
>> <http://www.inverse.ca>
>> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu
>> <http://www.sogo.nu>) and PacketFence (www.packetfence.org
>> <http://www.packetfence.org>)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
>> patterns at an interface-level. Reveals which users, apps, and protocols are
>> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>> J-Flow, sFlow and other flows. Make informed decisions using capacity
>> planning reports. http://sdm.link/zohodev2dev
>>
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. http://sdm.link/zohodev2dev
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. http://sdm.link/zohodev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
