RFC 8910
Ÿnérant
ynerant at crans.org
Wed Apr 20 14:04:00 UTC 2022
Hello!
For my organization, I am using isc-dhcp-server as DHCP server.
We want to deploy a captive portal for a new open Wifi to authenticate
users. However, we want to do it great, and avoid to do Man-in-the-
middle attacks to access the portal. The RFC 8910 let the DHCP server
to send an API URI that indicates the presence of a captive portal, and
let the clients to detect the presence of a captive portal and the URL
that let them to authenticate.
However, I think that the RFC is not implemented yet. The RFC replaces
the RFC 7710 (which added a captivep-portal-url option) and the RFC
3679, which added a default-url option. The present RFC overwrites this
option, number 114.
I just added in my configuration the following options:
option default-url "https://example.com/api.json"; # 114 from RFC3679
option v4-captive-portal "https://example.com/api.json"; # 160 from
RFC7710
These are recognized by isc-dhcp-server. But when I launch the server
and add a client, I don't see any of the two options when I analyse the
DHCP packets (with tcpdump or Wireshark for example). Did I make
something wrong? Is there something unimplemented?
One more question: does someone know how clients react to this DHCP
option? Who really cares about this URL? When is the client informed
that there is a captive portal, and how is they redirected?
Regards,
--
Yohann D'Anello
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20220420/cf877759/attachment.sig>
More information about the dhcp-users
mailing list