[lacnog] IPv6 in Wifi Hotspots

Uesley Correa uesleycorrea en gmail.com
Mie Oct 16 12:28:13 -03 2019 

Hi Fernando.

The primary technique for authenticating a hotspot user is to intercept the
DNS query and redirect that query to a login page. And this in IPv4 is
easily solved with a simple NAT rule that when intercepting a query from an
unauthenticated one, makes this redirect and after authenticated throws the
client to a list of "authorized" addresses. But on IPv6 I have not yet
tried a way to do this on Linux or some solution of its kind. It may be a
try. Unfortunately for not having something ready, people stop using IPv6
because the DNS query in IPv6 would not be intercepted and soon the client
would start browsing without authentication. Another problem is: to
authenticate the client on just one stack and to bind by its MAC address
what are the other addresses / pools of the other IP stack and put both
stacks as released after authentication.

I keep following the ideas of the other friends.

Regards,

Uesley Corrêa - Analista de Telecomunicações
CEO Telecom Consultoria, Entrenamiento y Servicios
CEO Telecom Fiber Solutions


Em qua, 16 de out de 2019 às 12:01, Fernando Frediani <fhfrediani en gmail.com>
escreveu:

> Hello there
> I will put in English in order to facilitate for some in the list and
> are english speakers which perhaps may also know about it.
>
> A while ago I asked about IPv6 in Hotspot environments and some people
> responded that had it working but the thread never came to a conclusion
> of what exactly is the key point for IPv6 to work in Hotspot. I
> understand that some people may have public Wifi with IPv6 enabled which
> is not necessarily the same thing as a Hotspot system with IPv6 which I
> am interested to know more about.
>
> What comes to my mind and one of the key points is the web
> authorization. In a IPv4 environment the client gets its IPv4 address
> via traditional DHCP and after web authorization that address is
> permitted to go out to the internet. In IPv6 we have RA where the client
> assigns its own IPv6 Address in stateless autoconfiguration. The web
> authorization system could in theory get the IPv6 address the client is
> talking and authorize it but there is also the figure of multiple and
> Temporary IPv6 Addresses which may break this.
>
> If DHCPv6 only was enabled though Managed RA flag then some clients like
> Android would not work.
> For me the only thing that comes to mind is the Hotspot to work in Layer
> 2 authorizing the MAC Address and not the IP address however in that
> case there may be a problem with access to the authorization website
> itself.
>
> Given that does anyone see any proper way for Hotspot to work with IPv6
> after a client is web authorized ?
>
> Regards
> Fernando Frediani
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20191016/aaa91e0a/attachment.html>

Más información sobre la lista de distribución LACNOG