[lacnog] IPv6 in Wifi Hotspots
JORDI PALET MARTINEZ
jordi.palet en consulintel.es
Mie Oct 16 13:55:58 -03 2019
I recall having found some opensource captive portals some time ago just googling.
Also, you can modify an existing open source captive portal to offer some "objects" in the login web page with are IPv4-only and IPv6-only in the web page. This way you will get both addresses from the customer and "tie" them to the same MAC address.
You also have RFC7710 and RFC8273 (this also allows you to assign a single /64 for each device, so they are isolated form other "hot-spot" clients). I've done presentations on this one in LACNIC.
I don't think temporary addresses are a problem (in general). Why? Client apps use by default the temporary address. Only very specific apps that run on the client that require "incoming" connections, will use the non-temporary address. Really a weird case in a hot-spot, because that requires a DNS entry, etc. If an app wants to allow incoming connections via non-DNS, they will use a "tracking server" that will also use the temporary addresses (if correctly designed).
Now, if you mean that the temporary addresses change from time to time, in the worst case, will mean re-authenticating, or checking if the new IPv6 address uses an "authorized" MAC, etc. Anyway, if a customer is using a hotspot for more than (for example) 3 days, it is probably good to re-authenticate it, right?.
Of course, the alternative is using layer-2 authentication (802.11x) and vendors of captive portals or wireless controllers have proprietary solutions.
El 16/10/19 17:01, "LACNOG en nombre de Fernando Frediani" <lacnog-bounces en lacnic.net en nombre de fhfrediani en gmail.com> escribió:
I will put in English in order to facilitate for some in the list and
are english speakers which perhaps may also know about it.
A while ago I asked about IPv6 in Hotspot environments and some people
responded that had it working but the thread never came to a conclusion
of what exactly is the key point for IPv6 to work in Hotspot. I
understand that some people may have public Wifi with IPv6 enabled which
is not necessarily the same thing as a Hotspot system with IPv6 which I
am interested to know more about.
What comes to my mind and one of the key points is the web
authorization. In a IPv4 environment the client gets its IPv4 address
via traditional DHCP and after web authorization that address is
permitted to go out to the internet. In IPv6 we have RA where the client
assigns its own IPv6 Address in stateless autoconfiguration. The web
authorization system could in theory get the IPv6 address the client is
talking and authorize it but there is also the figure of multiple and
Temporary IPv6 Addresses which may break this.
If DHCPv6 only was enabled though Managed RA flag then some clients like
Android would not work.
For me the only thing that comes to mind is the Hotspot to work in Layer
2 authorizing the MAC Address and not the IP address however in that
case there may be a problem with access to the authorization website itself.
Given that does anyone see any proper way for Hotspot to work with IPv6
after a client is web authorized ?
LACNOG mailing list
LACNOG en lacnic.net
Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
IPv4 is over
Are you ready for the new Internet ?
The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Más información sobre la lista de distribución LACNOG