On Sun 02 Apr 2017 at 18:36:25 +0200, Marc SCHAEFER wrote: > with a basic Debian jessie install and a recent Firefox, I observe the > following: > > [1] Debian has no specific support for detecting captive networks > (e.g. Android, iOS) and redirecting automatically the browser to > the captive login page > > [2] launching Firefox on the default page doesn't work (doesn't get > redirected properly to the login page but fails with a HTTPS > certificate error), if there is a recent HSTS[*] security > configuration cache for the default domain page (e.g. google.com) > > [1] is not really an issue: I wouldn't like myself that connecting to > a WiFi captive network starts a browser. Also, open captive networks are > messing up, dangerous, a WPA/RADIUS auth would be much better. > > However, open captive networks are quite commons in hotels, airports, > parks, etc. So it cannot be dismissed. > > [2] the only fix is to type an URL you know is HTTP, not HTTPS and does > not configure HSTS, and does not support DNSSEC. In my case I used > ptiturl.ch > > Maybe this could be in the Debian User manual somehow? > > Feel free to contact me if you want help in writing the documentation. > > https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Probably the best place for this is the wiki. Anyone can create a page on the topic of captive networks there. Maybe there one is in existence which can be added to. Feel free to add to such a page or start a new one. -- Brian.
