|
|
|
|
|
|
by zamadatix
610 days ago
|
|
|
Interactive auth sounds attractive at first but it's really the wrong place for an answer once you look at all of the ways captive portals are used (i.e. more than just "check this agreement box"). You really need the power of the browser to display a custom form behind the solution or you end up with n+1 solutions instead of replacing captive portals. Something like a DHCP option or NDP option ends up being a lot more natural: "Hey, here's your IP along with the information needed to access the network" is already a function of that layer. Some devices (e.g. macOS/iOS/iPadOS, Windows, Android) take a similar approach in the reverse by probing for a specific test url. That's also a bit hacky and unreliable (e.g. it can falsely trigger) but some minor standardization of it to e.g. a well known DNS name could be another good option. |
|
|
My assumption is this wasn't adopted because operators want the option of placing the captive portal upstream of the local network DHCP server. DNS spoofing works great over multiple network hops, but DHCP doesn't. (I'm not sure if that's a valid argument, but I'm sure somebody insisted on it)