Re: [Dorset] Revisited - Accessing a Local Network over a Wireless Router that is NOT Connected to the Internet
On Wednesday, 28 February 2018 21:33:10 GMT Ralph Corderoy wrote: > I still think this idea of trying to fool your paying public that > they're on the Internet, since they won't get the `you're captured' UI > that's familiar to them, just leaves them confused when they can't post > their photos to Facebook, etc. :-) I tried to convince 'Management' of this on Tuesday morning, but to no avail. The problem is that the people who man the pay-booth have no idea about any of this and struggle to explain the procedure to people who've tried to get onto our WiFi network, so the thinking is that it'll be less hassle anyway. BTW. iPhones 'just connect', so Apple users have idea about the loss of their Facebook access until they try to upload their photos. > There's already wimborne-modeltown.com. I'd expect a subdomain of that > to work, e.g. guide.wimborne-modeltown.com. No fee for domain > registration if your existing set-up allows whatever subdomains you > want. The problem is that I have no control over the wimborne-modeltown.com server, which is managed by a contractor. That means that the WMT would have to pay the contractor to make the change. > I think that should work. If you're not allowed subdomains with your > hosting then LetsEncrypt wimborne-modeltown.com and use > wimborne-modeltown.com/guide on the Unternet? That's pretty much what I would have wanted to do, although the length of the URL will be a problem. I don't suppose it would work if we got a Certificate for wimborne- modeltown.com and added that to the DNS on the internal server, then simply told them to go to WMT.com which would also be available on that server? (Maybe by redirection.) > With LetsEncrypt, which is a good choice, yes. And fairly regularly as > they need `renewing' every three months IIRC. For the initial proof, > and later renewals, they contact the server for > guide.wimborne-modeltown.com, say, in a certain manner so you can prove > you own it. It's quite simple, but they need to be able to resolve DNS > for that hostname to an IP address that's happy to play along. It could > all be torn down in between renewals. Or the guide could be available > to the Internet? So. If we got a certificate for wimborne-modeltown.com, would the server need to have that Certificate installed (more contractor work). > How about if the normal site prominently hosted the guide, had a > LetsEncrypt certificate, and had a duplicate off-Internet on the site? Contractor > BTW, AndrewM on IRC pointed out https://qifi.org/ for producing a QR > code that tells the smartphone the SSID, etc., for wifi. Yes. I recall this and we discussed it at the time. The problem is that Aunty Mabel and Grandpa Fred are highly unlikely to have a QR Code Reader App installed, so half the users would still need to type in the foot-long URL. (We also discussed the fact that users could install the QR Code Reader App at the door, but decided that Aunty Mabel, Grandpa Fred or the door staff are unlikely to know how to do that. -- Terry Coles -- Next meeting: Bournemouth, Tuesday, 2018-03-06 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
Re: [Dorset] Revisited - Accessing a Local Network over a Wireless Router that is NOT Connected to the Internet
Hi Terry, > Our idea is to register a new domain for the WMT, such as > WMTGuide.com. I still think this idea of trying to fool your paying public that they're on the Internet, since they won't get the `you're captured' UI that's familiar to them, just leaves them confused when they can't post their photos to Facebook, etc. :-) There's already wimborne-modeltown.com. I'd expect a subdomain of that to work, e.g. guide.wimborne-modeltown.com. No fee for domain registration if your existing set-up allows whatever subdomains you want. > We could then create a Domain Validated Certificate for that site and > use that domain on our private network. I think that should work. If you're not allowed subdomains with your hosting then LetsEncrypt wimborne-modeltown.com and use wimborne-modeltown.com/guide on the Unternet? > Do you (or anyone else) know if we would have to have a live website > on the Internet for the Doamin validation to work? With LetsEncrypt, which is a good choice, yes. And fairly regularly as they need `renewing' every three months IIRC. For the initial proof, and later renewals, they contact the server for guide.wimborne-modeltown.com, say, in a certain manner so you can prove you own it. It's quite simple, but they need to be able to resolve DNS for that hostname to an IP address that's happy to play along. It could all be torn down in between renewals. Or the guide could be available to the Internet? How about if the normal site prominently hosted the guide, had a LetsEncrypt certificate, and had a duplicate off-Internet on the site? BTW, AndrewM on IRC pointed out https://qifi.org/ for producing a QR code that tells the smartphone the SSID, etc., for wifi. Cheers, Ralph. -- Next meeting: Bournemouth, Tuesday, 2018-03-06 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
Re: [Dorset] Revisited - Accessing a Local Network over a Wireless Router that is NOT Connected to the Internet
I just realised that my reply yesterday only went to Ian and not the list; those pesky CCs again. On Sunday, 25 February 2018 12:55:45 GMT you wrote: Ian, > You could create your own CA ... but anyone using the site will still > get the error unless they (manually) install your CA root cert. Yes. Tried that and it was as you said. > Probably the cheapest way is to get a free certificate : > https://letsencrypt.org/ However then the server at least would need to > be connected to the Internet to renew the issued certificate. I spoke to the Management team at WMT this morning and we've decided to try this. AFAICT, Foxdog Studios use the Domain Validated Certificate for their main site and install it on their private server. Presumably this means that they have to name their Private webserver the same as their public one. Our idea is to register a new domain for the WMT, such as WMTGuide.com. We could then create a Domain Validated Certificate for that site and use that domain on our private network. Do you (or anyone else) know if we would have to have a live website on the Internet for the Doamin validation to work? I'm assuming that we probably do, but it would be nice if we didn't so that we can get away with paying for hosting. -- Terry Coles -- Next meeting: Bournemouth, Tuesday, 2018-03-06 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
Re: [Dorset] Next Meeting - One Week to go
On Monday, 26 February 2018 18:00:53 GMT Terry Coles wrote: > The next meeting is one week tonight at The Broadway, Bournemouth on > Tuesday, 2018-03-06 at 20:00. See: I just realised that I sent this a day early ! Fot the avoidance of doubt, the meeting is one week from yesterday, not Monday. -- Terry Coles -- Next meeting: Bournemouth, Tuesday, 2018-03-06 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR