GNOME Bugzilla – Bug 739994
Captive portal detection doesn't work if network limits HTTPS access
Last modified: 2015-07-16 14:26:42 UTC
Recently a network with captive portal that I frequently use has changed their configuration in that they now do not allow DNS lookup through their network before authenticating. I'm not sure how this affects other devices, as my Android phone still detects the captive portal, but on Fedora 21 the captive portal detection stopped working - I get a question mark on the network manager wifi display, but no captive portal pop-up. If I type an host name in a browser, I get DNS timeouts while if I type an IP address, I get redirected to the captive portal login screen (which uses a non-routable IP address without a DNS name). I get this error in the system log, but no captive portal detection: Nov 12 09:11:52 mionior NetworkManager[691]: <info> Connectivity check for uri 'https://fedoraproject.org/static/hotspot.txt' failed with 'Error resolving 'fe doraproject.org': Name or service not known'.
You enabled the "connectivity" check via the NetworkManager configuration: [connectivity] uri=https://fedoraproject.org/static/hotspot.txt response=OK interval=300 Probably, you installed NetworkManager-config-connectivity-fedora package which provides this configuration. If you want to disable this configuration, remove the package. How does it work for you if you change the configuration to specify the IP address? For that, remove the package and add the following to NetworkManager.conf [connectivity] uri=https://66.35.62.166/static/hotspot.txt response=OK interval=300 (or add a file /etc/NetworkManager/conf.d/21-connectivity-fedora-my.conf): [connectivity] uri=https://66.35.62.166/static/hotspot.txt (restart NM afterwards) In such an environment, how does detection of captive portal work? I mean, if you type into your browser http://www.google.com, it will fail to resolve the DNS name (and not redirect you to the captive portal).
OK, my bad - not sure if the DNS timeouts I had was a temporary failure or me misunderstanding the actual problem, which is that the captive portal blocks HTTPS (port 443), so access to Google search (over HTTPS) is blocked, but HTTP traffic gets redirected to the captive portal (I assume its likely to solve the problem of Android devices and Chrome browser throw up a really frightening error message when the captive portal tries to redirect an HTTPS request). Because the default fedora connectivity is over HTTPS, it never succeeds and you get the error message I've pasted above (which I still get), or this (that I got now): Nov 12 21:32:32 mionior NetworkManager[21318]: <info> Connectivity check for uri 'https://fedoraproject.org/static/hotspot.txt' failed with 'Could not connect: Network is unreachable'. After I've changed the configuration file to use only the HTTP protocol, everything started working again.
We should get Fedora to change to just HTTP anyway, for a variety of reasons. See bug #747866 for more details. But in any case, should NM just "s/https/http/" for the moment internally and log a warning? I think that's probably the best option.
Actually, I'm just going to dupe htis bug to that one... *** This bug has been marked as a duplicate of bug 747866 ***