Re: [Dorset] Revisited - Accessing a Local Network over a Wireless Router that is NOT Connected to the Internet

2018-02-28 Thread Terry Coles
On Wednesday, 28 February 2018 21:33:10 GMT Ralph Corderoy wrote:
> I still think this idea of trying to fool your paying public that
> they're on the Internet, since they won't get the `you're captured' UI
> that's familiar to them, just leaves them confused when they can't post
> their photos to Facebook, etc.  :-)

I tried to convince 'Management' of this on Tuesday morning, but to no avail.  
The problem is that the people who man the pay-booth have no idea about any of 
this and struggle to explain the procedure to people who've tried to get onto 
our WiFi network, so the thinking is that it'll be less hassle anyway.

BTW.  iPhones 'just connect', so Apple users have idea about the loss of their 
Facebook access until they try to upload their photos.

> There's already wimborne-modeltown.com.  I'd expect a subdomain of that
> to work, e.g. guide.wimborne-modeltown.com.  No fee for domain
> registration if your existing set-up allows whatever subdomains you
> want.

The problem is that I have no control over the wimborne-modeltown.com server, 
which is managed by a contractor.  That means that the WMT would have to pay 
the contractor to make the change.

> I think that should work.  If you're not allowed subdomains with your
> hosting then LetsEncrypt wimborne-modeltown.com and use
> wimborne-modeltown.com/guide on the Unternet?

That's pretty much what I would have wanted to do, although the length of the 
URL will be a problem.

I don't suppose it would work if we got a Certificate for wimborne-
modeltown.com and added that to the DNS on the internal server, then simply 
told them to go to WMT.com which would also be available on that server?  
(Maybe by redirection.)

> With LetsEncrypt, which is a good choice, yes.  And fairly regularly as
> they need `renewing' every three months IIRC.  For the initial proof,
> and later renewals, they contact the server for
> guide.wimborne-modeltown.com, say, in a certain manner so you can prove
> you own it.  It's quite simple, but they need to be able to resolve DNS
> for that hostname to an IP address that's happy to play along.  It could
> all be torn down in between renewals.  Or the guide could be available
> to the Internet?

So.  If we got a certificate for wimborne-modeltown.com, would the server need 
to have that Certificate installed (more contractor work).

> How about if the normal site prominently hosted the guide, had a
> LetsEncrypt certificate, and had a duplicate off-Internet on the site?

Contractor

> BTW, AndrewM on IRC pointed out https://qifi.org/ for producing a QR
> code that tells the smartphone the SSID, etc., for wifi.

Yes.  I recall this and we discussed it at the time.  The problem is that 
Aunty Mabel and Grandpa Fred are highly unlikely to have a QR Code Reader App 
installed, so half the users would still need to type in the foot-long URL.

(We also discussed the fact that users could install the QR Code Reader App at 
the door, but decided that Aunty Mabel, Grandpa Fred or the door staff are 
unlikely to know how to do that.


-- 



Terry Coles

-- 
Next meeting:  Bournemouth, Tuesday, 2018-03-06 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Revisited - Accessing a Local Network over a Wireless Router that is NOT Connected to the Internet

2018-02-28 Thread Ralph Corderoy
Hi Terry,

> Our idea is to register a new domain for the WMT, such as
> WMTGuide.com.

I still think this idea of trying to fool your paying public that
they're on the Internet, since they won't get the `you're captured' UI
that's familiar to them, just leaves them confused when they can't post
their photos to Facebook, etc.  :-)

There's already wimborne-modeltown.com.  I'd expect a subdomain of that
to work, e.g. guide.wimborne-modeltown.com.  No fee for domain
registration if your existing set-up allows whatever subdomains you
want.

> We could then create a Domain Validated Certificate for that site and
> use that domain on our private network.

I think that should work.  If you're not allowed subdomains with your
hosting then LetsEncrypt wimborne-modeltown.com and use
wimborne-modeltown.com/guide on the Unternet?

> Do you (or anyone else) know if we would have to have a live website
> on the  Internet for the Doamin validation to work?

With LetsEncrypt, which is a good choice, yes.  And fairly regularly as
they need `renewing' every three months IIRC.  For the initial proof,
and later renewals, they contact the server for
guide.wimborne-modeltown.com, say, in a certain manner so you can prove
you own it.  It's quite simple, but they need to be able to resolve DNS
for that hostname to an IP address that's happy to play along.  It could
all be torn down in between renewals.  Or the guide could be available
to the Internet?

How about if the normal site prominently hosted the guide, had a
LetsEncrypt certificate, and had a duplicate off-Internet on the site?

BTW, AndrewM on IRC pointed out https://qifi.org/ for producing a QR
code that tells the smartphone the SSID, etc., for wifi.

Cheers, Ralph.

-- 
Next meeting:  Bournemouth, Tuesday, 2018-03-06 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Revisited - Accessing a Local Network over a Wireless Router that is NOT Connected to the Internet

2018-02-28 Thread Terry Coles
I just realised that my reply yesterday only went to Ian and not the list; 
those pesky CCs again.

On Sunday, 25 February 2018 12:55:45 GMT you wrote:

Ian,

> You could create your own CA ... but anyone using the site will still
> get the error unless they (manually) install your CA root cert.

Yes. Tried that and it was as you said.

> Probably the cheapest way is to get a free certificate :
> https://letsencrypt.org/ However then the server at least would need to
> be connected to the Internet to renew the issued certificate. 

I spoke to the Management team at WMT this morning and we've decided to try 
this.  AFAICT, Foxdog Studios use the Domain Validated Certificate for their 
main site and install it on their private server.  Presumably this means that 
they have to name their Private webserver the same as their public one.

Our idea is to register a new domain for the WMT, such as WMTGuide.com.  We 
could then create a Domain Validated Certificate for that site and use that 
domain on our private network.

Do you (or anyone else) know if we would have to have a live website on the  
Internet for the Doamin validation to work?  I'm assuming that we probably do, 
but it would be nice if we didn't so that we can get away with paying for 
hosting.

-- 



Terry Coles

-- 
Next meeting:  Bournemouth, Tuesday, 2018-03-06 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Next Meeting - One Week to go

2018-02-28 Thread Terry Coles
On Monday, 26 February 2018 18:00:53 GMT Terry Coles wrote:
> The next meeting is one week tonight at The Broadway, Bournemouth on
> Tuesday, 2018-03-06 at 20:00.  See:

I just realised that I sent this a day early !

Fot the avoidance of doubt, the meeting is one week from yesterday, not 
Monday.


-- 



Terry Coles

-- 
Next meeting:  Bournemouth, Tuesday, 2018-03-06 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR