Accessing public captive portal WIFIs from Linux clients
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Accessing public captive portal WIFIs from Linux clients
Hello,
I have had a problem recently where I was the only guy not being able to use an event facility's public WIFI.
At some point it dawned on me that I was also the only guy running Linux and after rebooting into Windows (dual boot setup), everything worked fine.
I did some research later and it seems like Linux in general has a problem using captive portals because those rely on mechanisms that usually are used in malicious attacks like DNS spoofing, and that most distributions have setups that are supposed to protect them from those attacks and thus as a side effect also make it impossible to use WIFIs that are using captive portal mechanisms.
I tried to find a solution, but the only thing I found was how to set up a captive portal with various distros or tools, but not how to simply access one as a client.
Is there an easy solution?
I found a link that said switch the browser to private browsing mode, but that sounds too easy. I have not had a chance to test that yet, unfortunately...
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I tend to use Chromium in private browsing mode (I always use it in that mode anyhow) for captive portals and haven't had a problem in years.
I've not tried with Firefox, my usual browser, as I use NoScript and Adblock Plus and it would be a pain to temporarily disable them just for things like that so I tend to use Chromium in private mode whenever I want to just let a site run scripts and the like.
I found a link that said switch the browser to private browsing mode, but that sounds too easy. I have not had a chance to test that yet, unfortunately...
So all we have here is words but facts (no system, network, sysctl, browser or captive portal details) to work with. I do understand that you would like to just get on with whatever it is you're supposed to be doing but next time please first gather nfo that could help deduce what the problem exactly is. Also, since there's no security-related nfo all that's left is a networking issue so I'll transfer this thread to the Network forum.
This was supposed to be fixed a while back, looks like it's still an issue (unless you're still running an old set up). You're on ubuntu w/ firefox, right?
The combo can't handle the DNS redirect in a walled garden.
I.E: You have to log in to a web interface, agree to terms and then you're allowed to browse.
In simple terms, in that scenario you complete the TCP handshake w/ the gateway then get redirected through DNS to the terms page, there you pick up a token in your browser that lets the firewall stack know that you're kosher and for it to pass your traffic.
You're actually connecting to the gateway. You're just not getting redirected to pick up the token.
So, talk to the clerk or look at the sign, get the password, log in to the wifi, right click your inet connection in the task bar, click connection properties, then copy, paste and go to the "default route" address in your FF address bar. This will kick you over to the terms page so that you can pick up the token and be on you merry way.
And a word to the wise from the truly paranoid: I won't touch google crap w/ a 50 meter cattle prod. They're just too snoopy and slap too much crap to too many places all over your system and give you too little control. The only exception is watching netflix; which should only be done in a dedicated hardened virtual machine.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by Steven_G
And a word to the wise from the truly paranoid: I won't touch google crap w/ a 50 meter cattle prod. They're just too snoopy and slap too much crap to too many places all over your system and give you too little control. The only exception is watching netflix; which should only be done in a dedicated hardened virtual machine.
There's no need for Google for captive portals -- just use Chromium.
I am surprised that Firefox doesn't work nowadays but I'm not interested enough to find a captive portal and create a new Firefox profile without ABP, NoScript, Ghostery, Privacy Badger and all history switched off to find out, sorry.
There's no need for Google for captive portals -- just use Chromium.
Um, I didn't mean Google the search engine. I meant Google the subsidiary of Alphabet whose CEO thinks that algos should sensor free speech and the fact that purely IMHO anything they even come near (like chromium) should be treated like toxic waste.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by Steven_G
Um, I didn't mean Google the search engine. I meant Google the subsidiary of Alphabet whose CEO thinks that algos should sensor free speech and the fact that purely IMHO anything they even come near (like chromium) should be treated like toxic waste.
So you think that an open-source browser is spying on you even though nobody has managed to find anything remotely like that in the code? Or do you have some facts?
So you think that an open-source browser is spying on you even though nobody has managed to find anything remotely like that in the code? Or do you have some facts?
Being snarky is not nice. I wasn't snarky with you. I expressly couched it as an *opinion*.
As I said: *IMHO* everything that comes out of google in general and alphabet in particular is no better than toxic waste.
And *personally* I hate to touch it, just as much for political reasons as technical. Only do so grudgingly. Only do so when I have to. And only do so when I've hardened the effected systems as much as I practically can.
As I said: *IMHO* everything that comes out of google in general and alphabet in particular is no better than toxic waste.
And *personally* I hate to touch it, just as much for political reasons as technical. Only do so grudgingly. Only do so when I have to. And only do so when I've hardened the effected systems as much as I practically can.
See, providing a fact helped those reading to decide whether they would trust Chromium. I wasn't being snarky I was asking you to provide evidence rather than conjecture. As it happens I tend, to the extent I do anything, to trust Chromium precisely because these things are discovered in open source projects.
This was supposed to be fixed a while back, looks like it's still an issue (unless you're still running an old set up). You're on ubuntu w/ firefox, right?
Not exactly - it's LinuxMint and Firefox. LinuxMint being based on Ubuntu, though, but with a different WM (Cinnamon) and other differences.
Quote:
Originally Posted by Steven_G
[...]right click your inet connection in the task bar, click connection properties, then copy, paste and go to the "default route" address in your FF address bar[...]
So if I understand you correctly, if I wanted to use the command line instead of the right-click in the task bar, I would call "route" from a shell, copy and paste the "Gateway" value from the line that has "default" as "Destination" and then tell the browser to go to that gateway?
Not exactly - it's LinuxMint and Firefox. LinuxMint being based on Ubuntu, though, but with a different WM (Cinnamon) and other differences.
So if I understand you correctly, if I wanted to use the command line instead of the right-click in the task bar, I would call "route" from a shell, copy and paste the "Gateway" value from the line that has "default" as "Destination" and then tell the browser to go to that gateway?
Thank you
There's always more than one way to skin a cat, That *should* do it. If not then you're having a different issue.
*Supposedly* that problem was going to be fixed sometime in last 18 months or so. I haven't read up on it in a while. ~2 years ago I read a big, long snarky exchange between the ubuntu devs and the mozilla devs pointing fingers at each other about whose fault it was.
If that trick doesn't get her done then start looking at your DNS configuration. I know Clem and his team work hard at what they do and a lot of people love their work. But I for one find some of the technical changes they makes to basic stuff to be questionable; which is why I don't personally use Mint.
If it's not the generic issue from further up the line I wouldn't put it past Clem's team to have done something wonky to DNS.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.