<div dir="ltr">Hi Fernando.<br><br>The primary technique for authenticating a hotspot user is to intercept the DNS query and redirect that query to a login page. And this in IPv4 is easily solved with a simple NAT rule that when intercepting a query from an unauthenticated one, makes this redirect and after authenticated throws the client to a list of "authorized" addresses. But on IPv6 I have not yet tried a way to do this on Linux or some solution of its kind. It may be a try. Unfortunately for not having something ready, people stop using IPv6 because the DNS query in IPv6 would not be intercepted and soon the client would start browsing without authentication. Another problem is: to authenticate the client on just one stack and to bind by its MAC address what are the other addresses / pools of the other IP stack and put both stacks as released after authentication.<br><br>I keep following the ideas of the other friends.<br><br>Regards,<br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br></div><div>Uesley Corrêa - Analista de Telecomunicações</div></div></div><div>CEO Telecom Consultoria, Entrenamiento y Servicios</div><div>CEO Telecom Fiber Solutions</div></div></div></div></div></div></div></div></div></div></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em qua, 16 de out de 2019 às 12:01, Fernando Frediani <<a href="mailto:fhfrediani@gmail.com">fhfrediani@gmail.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello there<br>
I will put in English in order to facilitate for some in the list and <br>
are english speakers which perhaps may also know about it.<br>
<br>
A while ago I asked about IPv6 in Hotspot environments and some people <br>
responded that had it working but the thread never came to a conclusion <br>
of what exactly is the key point for IPv6 to work in Hotspot. I <br>
understand that some people may have public Wifi with IPv6 enabled which <br>
is not necessarily the same thing as a Hotspot system with IPv6 which I <br>
am interested to know more about.<br>
<br>
What comes to my mind and one of the key points is the web <br>
authorization. In a IPv4 environment the client gets its IPv4 address <br>
via traditional DHCP and after web authorization that address is <br>
permitted to go out to the internet. In IPv6 we have RA where the client <br>
assigns its own IPv6 Address in stateless autoconfiguration. The web <br>
authorization system could in theory get the IPv6 address the client is <br>
talking and authorize it but there is also the figure of multiple and <br>
Temporary IPv6 Addresses which may break this.<br>
<br>
If DHCPv6 only was enabled though Managed RA flag then some clients like <br>
Android would not work.<br>
For me the only thing that comes to mind is the Hotspot to work in Layer <br>
2 authorizing the MAC Address and not the IP address however in that <br>
case there may be a problem with access to the authorization website itself.<br>
<br>
Given that does anyone see any proper way for Hotspot to work with IPv6 <br>
after a client is web authorized ?<br>
<br>
Regards<br>
Fernando Frediani<br>
<br>
_______________________________________________<br>
LACNOG mailing list<br>
<a href="mailto:LACNOG@lacnic.net" target="_blank">LACNOG@lacnic.net</a><br>
<a href="https://mail.lacnic.net/mailman/listinfo/lacnog" rel="noreferrer" target="_blank">https://mail.lacnic.net/mailman/listinfo/lacnog</a><br>
Cancelar suscripcion: <a href="https://mail.lacnic.net/mailman/options/lacnog" rel="noreferrer" target="_blank">https://mail.lacnic.net/mailman/options/lacnog</a><br>
</blockquote></div>