Ever wondered how your wifi-capable device knows whether or not you are behind a captive portal? Well, depending on the implementation it is a ugly business, that involves DNS requests and fetching text files from well-known locations. This is an ugly solution to an even uglier problem.
But there is hope! The (currently experimental) captive portal URI option as
might make things go smoother, as
the information about an active captive portal is advertised in the IPv6
If you like to start fiddling around with that option, wait no longer! I put
together a ratools module called
which stands for
captive portal uniform resource identifier.
official option number,
it will use the experimental option number
First we create a new RA on interface
# ractl ra@enp0s3 create
Then we add a
cpuri option. Until we have a final RFC, I will allow having multiple
cpuri options in a single RA, although it makes only little sense.
# ractl cpuri0@enp0s3 create
Finally we set the captive portal URI.
# ractl cpuri0@enp0s3 set uri http://www.danrl.de/captive.html
Let’s have a look at our masterpiece:
# ractl show Router Advertisement `ra@enp0s3': State: Disabled Created: 2015-03-24 21:54:54 Updated: 2015-03-24 21:55:03 Version: 0/9 (Compilation scheduled) Interface ID: 2 (enp0s3) Interface State: 1 (Up) Interface MTU: 1500 Hardware Address: 08:00:27:64:14:c0 Link-local Address: :: Maximum Interval: 600 (0d 0h 10m 0s) Minimum Interval: 198 (0d 0h 3m 18s) Solicited/Unsolicited: 0/0 Unicast/Multicast: 0/0 Total RAs: 0 (0 Bytes) Current Hop Limit: 64 Managed Flag: 0 (No Managed Address Configuration) Other Managed Flag: 0 (No Other Managed Configuration) Home Agent Flag: 0 (No Mobile IPv6 Home Agent) Router Preference: 00 (Medium) NDP Proxy Flag: 0 (No NDP Proxy) Lifetime: 1800 (0h 30m 0s) Reachable Time: 0 (0h 0m 0s 0ms) Retransmission Timer: 0 (0h 0m 0s 0ms) Captive Portal URI Option `cpuri0@enp0s3': State: Disabled URI: http://www.danrl.de/captive.html
Looks good! We give it a shot!
# ractl cpuri0@enp0s3 enable # ractl ra@enp0s3 enable
Proof of concept is provided by wireshark: