[Captive-portals] Capport return of experience and... questions :(
Xavier BEAUDOUIN <xbeaudouin@hotcity.lu> Mon, 18 July 2022 14:47 UTC
Return-Path: <xbeaudouin@hotcity.lu>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFCEFC14CF06 for <captive-portals@ietfa.amsl.com>; Mon, 18 Jul 2022 07:47:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, URI_TRUNCATED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotcity.lu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eCRrT6WXzrXx for <captive-portals@ietfa.amsl.com>; Mon, 18 Jul 2022 07:47:33 -0700 (PDT)
Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25DE7C15A730 for <captive-portals@ietf.org>; Mon, 18 Jul 2022 07:47:32 -0700 (PDT)
Received: by mail-wr1-x42c.google.com with SMTP id d16so17362206wrv.10 for <captive-portals@ietf.org>; Mon, 18 Jul 2022 07:47:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotcity.lu; s=google; h=from:mime-version:subject:message-id:date:to; bh=E+Rwkqw39TzL26WobcF3fCVpcLN103/KnK/DAs+aMDo=; b=TljEvA9o4XiM5Cz8Wk6GcyKmp8lZ4fcb4Oz819iBnNnRyyt1WjwFAsc8oyv7kyISnb cUIqkI2iVAZZqL+Vtu0epN3T65r2owwDa4MHdwMl/WVMjcNX0KCpo25kuJgEEdocsLjC C3NLvlFnDMevug8arxv4fO+QQDHq0Hq1Ft0wCBNDBPBXRA3e3IOfe9enDKQNmLSkplze 7S8ulYpHoyfus1+h5dN/TIOwViTM/3PbQ/2/gx6foGRRvH0MsXJdjFJzBO8RnxegWcwi HJcQrwhVjfy5CaVtriwITrvL5T+3UkXMRzk97/omrfPUBYZYttBSzYnVMdzCPtqWZ1R4 xa5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:mime-version:subject:message-id:date:to; bh=E+Rwkqw39TzL26WobcF3fCVpcLN103/KnK/DAs+aMDo=; b=RSkGVIOT3VSmTSSOvG58T2ayY6AFN+iYuxvmiUA2zJGFz1ssY7ntzY2TcLcawbYTbH nzx6igNVfOctbw2LTwrvqmI8fy2ionc6TaM6p1aJTi5FXYC6IQpT7WsIYLPzvn+V8k4c q5OyeIpvuIpsW00BJZmKO8YK11vEV6mTeZ4gJxlObh3eMz71BiTLthRauBLKrgJHBLzS ppg6S/b0yfYOdCXb2taUM08QGNnjghjeRjyqB7M+UM402SJtNLVKCJc6OmqBfEAw5jZc ySxGHN8RwwsDa7YAfc0LMaI7L/YnixZuCbalhXuUoFec5sl0Qb3YxkEXpf7xAiV9kWX0 sm0w==
X-Gm-Message-State: AJIora9rGRdiEIpY9MYxaQwHBFzBYgC4muqoeYjrMs1NMjGW2grULrBH 3IM+Y2ih0D2FcjaV443Ol0pfYozyJyoZpWx3
X-Google-Smtp-Source: AGRyM1tI3na9g6gavLlBftTBnIsCPTFL0o/0csywwSNspxFryMF+ofnw5sLeS3WhJkg4BD6G5lnVoA==
X-Received: by 2002:a5d:64e8:0:b0:21d:b277:d4a7 with SMTP id g8-20020a5d64e8000000b0021db277d4a7mr23572537wri.621.1658155650541; Mon, 18 Jul 2022 07:47:30 -0700 (PDT)
Received: from smtpclient.apple ([2001:67c:25e8:888f::1000]) by smtp.gmail.com with ESMTPSA id g18-20020a056000119200b0021d8a92d276sm11061036wrx.67.2022.07.18.07.47.29 for <captive-portals@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 18 Jul 2022 07:47:30 -0700 (PDT)
From: Xavier BEAUDOUIN <xbeaudouin@hotcity.lu>
Content-Type: multipart/alternative; boundary="Apple-Mail=_040E992F-6826-4219-8F07-3788E53D3327"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\))
Message-Id: <B3500D35-B44E-47C9-BEAB-3D69EF4B8C0B@hotcity.lu>
Date: Mon, 18 Jul 2022 16:47:28 +0200
To: captive-portals@ietf.org
X-Mailer: Apple Mail (2.3696.80.82.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/vb3EJ5uiow5ssSvZ_JZc-laW-GU>
Subject: [Captive-portals] Capport return of experience and... questions :(
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2022 14:47:37 -0000
Introduction We are a national Wi-Fi provider in Luxembourg and we provide public Wi-Fi hostpots all around the country (~20K users / day). Few weeks ago, we tried to activate Capport RFC on our Wi-Fi infrastructure and we faced some issues with iOS users. These one complained about seeing the captive portal to much times. After analysing our logs, it seems that the devices launches the captive portal pop-up for no reasons (see logs below) Logs analysis # The device requests capport API that was provided by DHCP attribute Jun 30 12:31:35 2a0b:c700:xxx nginx: 100.81.162.155 - - [30/Jun/2022:12:31:35 +0200] "GET https://portal.hotcity.lu/wifi/api/capport/a10d07a5-9258-4fb9-8b4f-3276deab4970 HTTP/2.0" 200 102 "-" "CaptiveNetworkSupport-428.120.3" "TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384" "portal.hotcity.lu" "application/captive+json" "0.029" "0.029" # As the result of the API gives "captive=true", the device decides to open the captive portal pop-up Jun 30 12:31:35 2a0b:c700:xxx nginx: 100.81.162.155 - - [30/Jun/2022:12:31:35 +0200] "GET https://portal.hotcity.lu/wifi/api/portals/a10d07a5-9258-4fb9-8b4f-3276deab4970 HTTP/2.0" 200 1094 "https://portal.hotcity.lu/a10d07a5-9258-4fb9-8b4f-3276deab4970" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148" "TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384" "portal.hotcity.lu" "application/json" "0.022" "0.022" Jun 30 12:31:49 2a0b:c700:xxx nginx: 100.81.162.155 - - [30/Jun/2022:12:31:49 +0200] "GET https://portal.hotcity.lu/a10d07a5-9258-4fb9-8b4f-3276deab4970 HTTP/1.0" 200 1996 "-" "CaptiveNetworkSupport-428.120.3 wispr" "TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384" "portal.hotcity.lu" "text/html" "0.002" "0.001" # The user activates his Wi-Fi session on the captive portal Jun 30 12:31:54 2a0b:c700:xxx nginx: 100.81.162.155 - - [30/Jun/2022:12:31:54 +0200] "POST https://portal.hotcity.lu/auth/api/configurations/wifi/tokens HTTP/2.0" 201 989 "https://portal.hotcity.lu/a10d07a5-9258-4fb9-8b4f-3276deab4970" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148" "TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384" "portal.hotcity.lu" "application/json" "0.039" "0.038" Jun 30 12:31:54 2a0b:c700:xxx nginx: 100.81.162.155 - - [30/Jun/2022:12:31:54 +0200] "POST https://portal.hotcity.lu/wifi/api/portals/a10d07a5-9258-4fb9-8b4f-3276deab4970/users/xxxxxxxxxx@citywifi.lu/connections HTTP/2.0" 201 109 "https://portal.hotcity.lu/a10d07a5-9258-4fb9-8b4f-3276deab4970" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148" "TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384" "portal.hotcity.lu" "application/json" "0.050" "0.050" # The user is redirected on captive portal success page Jun 30 12:31:54 2a0b:c700:xxx nginx: 100.81.162.155 - - [30/Jun/2022:12:31:54 +0200] "GET https://portal.hotcity.lu/a10d07a5-9258-4fb9-8b4f-3276deab4970/citywifi HTTP/2.0" 200 674 "https://portal.hotcity.lu/a10d07a5-9258-4fb9-8b4f-3276deab4970" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148" "TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384" "portal.hotcity.lu" "text/html" "0.001" "0.002" Jun 30 12:31:54 2a0b:c700:xxx nginx: 100.81.162.155 - - [30/Jun/2022:12:31:54 +0200] "GET https://portal.hotcity.lu/wifi/api/portals/a10d07a5-9258-4fb9-8b4f-3276deab4970 HTTP/2.0" 200 1094 "https://portal.hotcity.lu/a10d07a5-9258-4fb9-8b4f-3276deab4970/citywifi" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148" "TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384" "portal.hotcity.lu" "application/json" "0.025" "0.025" Jun 30 12:31:54 2a0b:c700:xxx nginx: 100.81.162.155 - - [30/Jun/2022:12:31:54 +0200] "GET https://portal.hotcity.lu/wifi/api/realms/citywifi/users/xxxxxxxxxx@citywifi.lu HTTP/2.0" 200 167 "https://portal.hotcity.lu/a10d07a5-9258-4fb9-8b4f-3276deab4970/citywifi" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148" "TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384" "portal.hotcity.lu" "application/json" "0.029" "0.030" # The user requested captive portal landing page Jun 30 12:31:56 2a0b:c700:xxx nginx: 100.81.162.155 - - [30/Jun/2022:12:31:56 +0200] "GET https://portal.hotcity.lu/a10d07a5-9258-4fb9-8b4f-3276deab4970 HTTP/2.0" 200 698 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148" "TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384" "portal.hotcity.lu" "text/html" "0.003" "0.003" # The device requested 2 times the captive portal landing page too # Notes : # * The user has just activated his wi-fi session (his state passes from captive=true to captive=false) # * The device decided to open again the captive portal pop-up without checking for the captivity current state Jun 30 12:31:56 2a0b:c700:xxx nginx: 100.81.162.155 - - [30/Jun/2022:12:31:56 +0200] "GET https://portal.hotcity.lu/a10d07a5-9258-4fb9-8b4f-3276deab4970 HTTP/1.0" 200 1996 "-" "CaptiveNetworkSupport-428.120.3 wispr" "TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384" "portal.hotcity.lu" "text/html" "0.011" "0.010" Jun 30 12:31:57 2a0b:c700:xxx nginx: 100.81.162.155 - - [30/Jun/2022:12:31:57 +0200] "GET https://portal.hotcity.lu/wifi/api/portals/a10d07a5-9258-4fb9-8b4f-3276deab4970 HTTP/2.0" 200 1094 "https://portal.hotcity.lu/a10d07a5-9258-4fb9-8b4f-3276deab4970" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148" "TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384" "portal.hotcity.lu" "application/json" "0.031" "0.032" Jun 30 12:31:57 2a0b:c700:xxx nginx: 100.81.162.155 - - [30/Jun/2022:12:31:57 +0200] "GET https://portal.hotcity.lu/a10d07a5-9258-4fb9-8b4f-3276deab4970 HTTP/1.0" 200 1996 "-" "CaptiveNetworkSupport-428.120.3 wispr" "TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384" "portal.hotcity.lu" "text/html" "0.002" "0.001" # The user tried again to activate his Wi-Fi session on the captive portal Jun 30 12:32:14 2a0b:c700:xxx nginx: 100.81.162.155 - - [30/Jun/2022:12:32:14 +0200] "POST https://portal.hotcity.lu/auth/api/configurations/wifi/tokens HTTP/2.0" 201 989 "https://portal.hotcity.lu/a10d07a5-9258-4fb9-8b4f-3276deab4970" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148" "TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384" "portal.hotcity.lu" "application/json" "0.026" "0.027" # Session activation failed on captive portal due to "Simultaneous-Use" RADIUS settings Jun 30 12:32:14 2a0b:c700:xxx nginx: 100.81.162.155 - - [30/Jun/2022:12:32:14 +0200] "POST https://portal.hotcity.lu/wifi/api/portals/a10d07a5-9258-4fb9-8b4f-3276deab4970/users/xxxxxxxxxx@citywifi.lu/connections HTTP/2.0" 400 125 "https://portal.hotcity.lu/a10d07a5-9258-4fb9-8b4f-3276deab4970" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148" "TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384" "portal.hotcity.lu" "application/json" "0.113" "0.113" Conclusion According our logs, it seems that, in some situations, the device does not check for the captivity state before opening the captive portal pop-up. We have no trace in our logs about device asking what is the status of Capport before reloading the popup on the device. Are there any things to do for avoiding such a situation ? Unfortunatly we decided to stop support of capport on our national network until we are able to fix a workaround about this. Kind regards, Xavier -- Xavier Beaudouin | System & Network Engineer 11, Avenue Guillaume <https://maps.google.com/?q=11,+Avenue+Guillaume&entry=gmail&source=g> | L-1651 Luxembourg Phone: (+352) 2663 2661 <>| Fax: (+352) 2663 2665 <> Facebook <https://www.facebook.com/hotcity.lu> | Twitter <https://twitter.com/hotcity_wifi>
- [Captive-portals] Capport return of experience an… Xavier BEAUDOUIN
- Re: [Captive-portals] Capport return of experienc… Michael Richardson
- Re: [Captive-portals] Capport return of experienc… Martin Thomson
- Re: [Captive-portals] Capport return of experienc… Xavier BEAUDOUIN
- Re: [Captive-portals] Capport return of experienc… Tommy Pauly
- Re: [Captive-portals] Capport return of experienc… Erik Kline