Jump to content

hotel captive portal get around

jnic

i will be at a hotel, where the wifi uses captive portal , i have a few devices i cant connect with captive portal, so my plan is too connect to it on my laptop, then bridge it for, my virtual pfsense, then through my laptop's Ethernet port connect my ap to the pfsense LAN. my problem is getting the wan side to work on pfsense with the captive portal, i have had success with non captive portal networks, how can i bridge/share the captive portal wifi from my laptop for this to work.

5b3e9cb090543_UntitledDiagram.png.5c2b699ef814ac76f1bed9fb1824b350.png

Link to comment
Share on other sites

Link to post
Share on other sites

spoof the mac address of the device you wanted to register on your laptops wifi card. Register it normally through the packet fence, then revert. Your device will be registered then. 

Used to do this for xboxs 

muh specs 

Gaming and HTPC (reparations)- ASUS 1080, MSI X99A SLI Plus, 5820k- 4.5GHz @ 1.25v, asetek based 360mm AIO, RM 1000x, 16GB memory, 750D with front USB 2.0 replaced with 3.0  ports, 2 250GB 850 EVOs in Raid 0 (why not, only has games on it), some hard drives

Screens- Acer preditor XB241H (1080p, 144Hz Gsync), LG 1080p ultrawide, (all mounted) directly wired to TV in other room

Stuff- k70 with reds, steel series rival, g13, full desk covering mouse mat

All parts black

Workstation(desk)- 3770k, 970 reference, 16GB of some crucial memory, a motherboard of some kind I don't remember, Micomsoft SC-512N1-L/DVI, CM Storm Trooper (It's got a handle, can you handle that?), 240mm Asetek based AIO, Crucial M550 256GB (upgrade soon), some hard drives, disc drives, and hot swap bays

Screens- 3  ASUS VN248H-P IPS 1080p screens mounted on a stand, some old tv on the wall above it. 

Stuff- Epicgear defiant (solderless swappable switches), g600, moutned mic and other stuff. 

Laptop docking area- 2 1440p korean monitors mounted, one AHVA matte, one samsung PLS gloss (very annoying, yes). Trashy Razer blackwidow chroma...I mean like the J key doesn't click anymore. I got a model M i use on it to, but its time for a new keyboard. Some edgy Utechsmart mouse similar to g600. Hooked to laptop dock for both of my dell precision laptops. (not only docking area)

Shelf- i7-2600 non-k (has vt-d), 380t, some ASUS sandy itx board, intel quad nic. Currently hosts shared files, setting up as pfsense box in VM. Also acts as spare gaming PC with a 580 or whatever someone brings. Hooked into laptop dock area via usb switch

Link to comment
Share on other sites

Link to post
Share on other sites

You'll have to Nat behind pfsense, only a single Mac/ip will be presented and you can log in using any device behind that.  The bridge itself will require two devices (1x laptop, 1x pfsense) unless you use internet connection sharing which implements its own nat layer

PC : 3600 · Crosshair VI WiFi · 2x16GB RGB 3200 · 1080Ti SC2 · 1TB WD SN750 · EVGA 1600G2 · Define C 

Link to comment
Share on other sites

Link to post
Share on other sites

31 minutes ago, Syntaxvgm said:

<removed>

He didn't state why he can't connect, only said "can't connect" which implies that there's a limit of how many devices can be contacted at one time. I highly doubt it that OP any devices that are old that cannot connect. However, if his devices cannot connect then he should go and speak to the hotel staff. Not setup a mini network. 

 

<removed>

Edited by SansVarnic

CPU: AMD Ryzen 5 5600X | CPU Cooler: Stock AMD Cooler | Motherboard: Asus ROG STRIX B550-F GAMING (WI-FI) | RAM: Corsair Vengeance LPX 16 GB (2 x 8 GB) DDR4-3000 CL16 | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 1TB  | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitors: 24" Acer S240HLBID + 24" Samsung  | OS: Win 10 Pro

 

Audio: Behringer Q802USB Xenyx 8 Input Mixer |  U-PHORIA UMC204HD | Behringer XM8500 Dynamic Cardioid Vocal Microphone | Sound Blaster Audigy Fx PCI-E card.

 

Home Lab:  Lenovo ThinkCenter M82 ESXi 6.7 | Lenovo M93 Tiny Exchange 2019 | TP-LINK TL-SG1024D 24-Port Gigabit | Cisco ASA 5506 firewall  | Cisco Catalyst 3750 Gigabit Switch | Cisco 2960C-LL | HP MicroServer G8 NAS | Custom built SCCM Server.

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

23 minutes ago, Abdul201588 said:

He didn't state why he can't connect, only said "can't connect" which implies that there's a limit of how many devices can be contacted at one time. I highly doubt it that OP any devices that are old that cannot connect. However, if his devices cannot connect then he should go and speak to the hotel staff. Not setup a mini network. 

then you obliviously have no idea how the registration process works. Let me list some devices I know are not compatible with a lot of packet fence solutions I've used. 
-nintendo switch

-xbox 360 (despite edge)

-psp, vita

-Anything without a modern up to date web browser that lets the packet fence see the mac address, so a lot of older devices and IOT devices as well. 

All of his traffic still goes through the hotels network using a mac address (or multiple) that is tied to his name. 

<removed>

Edited by SansVarnic

muh specs 

Gaming and HTPC (reparations)- ASUS 1080, MSI X99A SLI Plus, 5820k- 4.5GHz @ 1.25v, asetek based 360mm AIO, RM 1000x, 16GB memory, 750D with front USB 2.0 replaced with 3.0  ports, 2 250GB 850 EVOs in Raid 0 (why not, only has games on it), some hard drives

Screens- Acer preditor XB241H (1080p, 144Hz Gsync), LG 1080p ultrawide, (all mounted) directly wired to TV in other room

Stuff- k70 with reds, steel series rival, g13, full desk covering mouse mat

All parts black

Workstation(desk)- 3770k, 970 reference, 16GB of some crucial memory, a motherboard of some kind I don't remember, Micomsoft SC-512N1-L/DVI, CM Storm Trooper (It's got a handle, can you handle that?), 240mm Asetek based AIO, Crucial M550 256GB (upgrade soon), some hard drives, disc drives, and hot swap bays

Screens- 3  ASUS VN248H-P IPS 1080p screens mounted on a stand, some old tv on the wall above it. 

Stuff- Epicgear defiant (solderless swappable switches), g600, moutned mic and other stuff. 

Laptop docking area- 2 1440p korean monitors mounted, one AHVA matte, one samsung PLS gloss (very annoying, yes). Trashy Razer blackwidow chroma...I mean like the J key doesn't click anymore. I got a model M i use on it to, but its time for a new keyboard. Some edgy Utechsmart mouse similar to g600. Hooked to laptop dock for both of my dell precision laptops. (not only docking area)

Shelf- i7-2600 non-k (has vt-d), 380t, some ASUS sandy itx board, intel quad nic. Currently hosts shared files, setting up as pfsense box in VM. Also acts as spare gaming PC with a 580 or whatever someone brings. Hooked into laptop dock area via usb switch

Link to comment
Share on other sites

Link to post
Share on other sites

-= Thread Cleaned =-

 

The OP is talking about Captive Portals not subverting blocking software or hardware.

 

As far as we can tell (for now) there is nothing illegal in the request being made.This topic will not be locked.

 

Discussing moderation openly is not allowed. If you have an issue report it and allow the Mod team to do the job we are here for.

 

 

 

17 minutes ago, Abdul201588 said:

He didn't state why he can't connect, only said "can't connect" which implies that there's a limit of how many devices can be contacted at one time. I highly doubt it that OP any devices that are old that cannot connect. However, if his devices cannot connect then he should go and speak to the hotel staff. Not setup a mini network. 

 

"I hope you enjoy being a backseat mod" just arrogant, don't act like you don't it.. 

He did state why he cannot connect, the Hotel uses captive portals of which he has devices that cannot connect to as quoted below;

14 hours ago, jnic said:

...the wifi uses captive portal , i have a few devices i cant connect with captive portal...

So he is asking for help in setting up a bridge with his laptop.

As far as I can tell there is nothing nefarious in this request for help.

Edited by SansVarnic

COMMUNITY STANDARDS   |   TECH NEWS POSTING GUIDELINES   |   FORUM STAFF

LTT Folding Users Tips, Tricks and FAQ   |   F@H & BOINC Badge Request   |   F@H Contribution    My Rig   |   Project Steamroller

I am a Moderator, but I am fallible. Discuss or debate with me as you will but please do not argue with me as that will get us nowhere.

 

Spoiler

  

 

Character is like a Tree and Reputation like its Shadow. The Shadow is what we think of it; The Tree is the Real thing.  ~ Abraham Lincoln

Reputation is a Lifetime to create but seconds to destroy.

You have enemies? Good. That means you've stood up for something, sometime in your life.  ~ Winston Churchill

Docendo discimus - "to teach is to learn"

 

 CHRISTIAN MEMBER 

 

 
 
 
 
 
 

 

Link to comment
Share on other sites

Link to post
Share on other sites

45 minutes ago, Abdul201588 said:

However, if his devices cannot connect then he should go and speak to the hotel staff. Not setup a mini network

That has about a 0.01% chance of working.  Most receptionist level staff have no idea about that kind of stuff, and even if they do they probably don't have any level of admin access to the equipment.

PC : 3600 · Crosshair VI WiFi · 2x16GB RGB 3200 · 1080Ti SC2 · 1TB WD SN750 · EVGA 1600G2 · Define C 

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, beersykins said:

That has about a 0.01% chance of working.  Most receptionist level staff have no idea about that kind of stuff, and even if they do they probably don't have any level of admin access to the equipment.

whats a packetfence? You mean the pool gate? Your keycard should work 

 

muh specs 

Gaming and HTPC (reparations)- ASUS 1080, MSI X99A SLI Plus, 5820k- 4.5GHz @ 1.25v, asetek based 360mm AIO, RM 1000x, 16GB memory, 750D with front USB 2.0 replaced with 3.0  ports, 2 250GB 850 EVOs in Raid 0 (why not, only has games on it), some hard drives

Screens- Acer preditor XB241H (1080p, 144Hz Gsync), LG 1080p ultrawide, (all mounted) directly wired to TV in other room

Stuff- k70 with reds, steel series rival, g13, full desk covering mouse mat

All parts black

Workstation(desk)- 3770k, 970 reference, 16GB of some crucial memory, a motherboard of some kind I don't remember, Micomsoft SC-512N1-L/DVI, CM Storm Trooper (It's got a handle, can you handle that?), 240mm Asetek based AIO, Crucial M550 256GB (upgrade soon), some hard drives, disc drives, and hot swap bays

Screens- 3  ASUS VN248H-P IPS 1080p screens mounted on a stand, some old tv on the wall above it. 

Stuff- Epicgear defiant (solderless swappable switches), g600, moutned mic and other stuff. 

Laptop docking area- 2 1440p korean monitors mounted, one AHVA matte, one samsung PLS gloss (very annoying, yes). Trashy Razer blackwidow chroma...I mean like the J key doesn't click anymore. I got a model M i use on it to, but its time for a new keyboard. Some edgy Utechsmart mouse similar to g600. Hooked to laptop dock for both of my dell precision laptops. (not only docking area)

Shelf- i7-2600 non-k (has vt-d), 380t, some ASUS sandy itx board, intel quad nic. Currently hosts shared files, setting up as pfsense box in VM. Also acts as spare gaming PC with a 580 or whatever someone brings. Hooked into laptop dock area via usb switch

Link to comment
Share on other sites

Link to post
Share on other sites

pfSense is a bit overkill, the built-in Windows connection sharing should work just fine.  Once you have authenticated on the laptop, anything connected to the laptop should "just work".

 

In fact, even connecting the AP directly should work (and would generally have better reception than a laptop), you just would need to disable the DNS caching (generally a good idea anyway as chances are the captive portal will rear its ugly head again at some point messing up the DNS) and again authenticate with the laptop connected to that AP.

 

I'm also surprised at the Xbox 360 and Switch not working.  I have certainly used the Switch with captive portal before, it sometimes takes a few connections before it detects but eventually the captive portal login appears.

 

Still you are right in that using the laptop is a much easier way to keep things connected.  Although its not going to get you round any captive portals that demand you re-authenticate every couple of hours, unless you are at the laptop at the time to do it.

 

Some captive portals do however have a REST API to login which can be automated, but its generally more trouble than its worth.  I only ever used it on FON where a friend of mine didn't have any broadband at home so I setup OpenWRT to constantly ping Google DNS and re-authenticate if the response was blocked, whilever there were active clients showing in the ARP table.

Router:  Intel N100 (pfSense) WiFi6: Zyxel NWA210AX (1.7Gbit peak at 160Mhz)
WiFi5: Ubiquiti NanoHD OpenWRT (~500Mbit at 80Mhz) Switches: Netgear MS510TXUP, MS510TXPP, GS110EMX
ISPs: Zen Full Fibre 900 (~930Mbit down, 115Mbit up) + Three 5G (~800Mbit down, 115Mbit up)
Upgrading Laptop/Desktop CNVIo WiFi 5 cards to PCIe WiFi6e/7

Link to comment
Share on other sites

Link to post
Share on other sites

On 7/7/2018 at 2:52 PM, Alex Atkin UK said:

pfSense is a bit overkill, the built-in Windows connection sharing should work just fine.  Once you have authenticated on the laptop, anything connected to the laptop should "just work".

 

In fact, even connecting the AP directly should work (and would generally have better reception than a laptop), you just would need to disable the DNS caching (generally a good idea anyway as chances are the captive portal will rear its ugly head again at some point messing up the DNS) and again authenticate with the laptop connected to that AP.

 

I'm also surprised at the Xbox 360 and Switch not working.  I have certainly used the Switch with captive portal before, it sometimes takes a few connections before it detects but eventually the captive portal login appears.

 

Still you are right in that using the laptop is a much easier way to keep things connected.  Although its not going to get you round any captive portals that demand you re-authenticate every couple of hours, unless you are at the laptop at the time to do it.

 

Some captive portals do however have a REST API to login which can be automated, but its generally more trouble than its worth.  I only ever used it on FON where a friend of mine didn't have any broadband at home so I setup OpenWRT to constantly ping Google DNS and re-authenticate if the response was blocked, whilever there were active clients showing in the ARP table.

I just assumed the switch wouldn't work because no browser, but I forgot it has one that you can only use for this exact purpose, which is kind infuriating because I just want a fucking browser on my fucking switch. No idea how good it is, but I have heard some people not be able to get it on hotel wifi. The 360's version of edge did not work for most packet fence portals. IT department I once worked for had a policy specifically for 360s because of this (giving us the mac address)

muh specs 

Gaming and HTPC (reparations)- ASUS 1080, MSI X99A SLI Plus, 5820k- 4.5GHz @ 1.25v, asetek based 360mm AIO, RM 1000x, 16GB memory, 750D with front USB 2.0 replaced with 3.0  ports, 2 250GB 850 EVOs in Raid 0 (why not, only has games on it), some hard drives

Screens- Acer preditor XB241H (1080p, 144Hz Gsync), LG 1080p ultrawide, (all mounted) directly wired to TV in other room

Stuff- k70 with reds, steel series rival, g13, full desk covering mouse mat

All parts black

Workstation(desk)- 3770k, 970 reference, 16GB of some crucial memory, a motherboard of some kind I don't remember, Micomsoft SC-512N1-L/DVI, CM Storm Trooper (It's got a handle, can you handle that?), 240mm Asetek based AIO, Crucial M550 256GB (upgrade soon), some hard drives, disc drives, and hot swap bays

Screens- 3  ASUS VN248H-P IPS 1080p screens mounted on a stand, some old tv on the wall above it. 

Stuff- Epicgear defiant (solderless swappable switches), g600, moutned mic and other stuff. 

Laptop docking area- 2 1440p korean monitors mounted, one AHVA matte, one samsung PLS gloss (very annoying, yes). Trashy Razer blackwidow chroma...I mean like the J key doesn't click anymore. I got a model M i use on it to, but its time for a new keyboard. Some edgy Utechsmart mouse similar to g600. Hooked to laptop dock for both of my dell precision laptops. (not only docking area)

Shelf- i7-2600 non-k (has vt-d), 380t, some ASUS sandy itx board, intel quad nic. Currently hosts shared files, setting up as pfsense box in VM. Also acts as spare gaming PC with a 580 or whatever someone brings. Hooked into laptop dock area via usb switch

Link to comment
Share on other sites

Link to post
Share on other sites

This is definitely tricky since whatever has browser access needs to act as the router - so I wouldn't use pfSense even in the way you described. ICS / internet connection sharing within windows will do this for you. So if a laptop... Hotel WiFi > Laptop > ICS > Clients. ICS also comes with DHCP, so should be simple enough.

 

 

You could quickly create your own router in linux as well by configuring iptables and install your own dhcp daemon.

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

Strictly speaking the device connected to the WiFi DOESN'T have to be the same one as you login with, at least not in my experience.  In fact if you connect with a router and then connect your laptop to that routers WiFi, it opens up some flexibility.  Not least that you typically will have a far more stable connection as routers have much better antennas than any other device.  You just have to make sure DNS is passed directly to the upstream provider rather than cached on the router, so that it doesn't get confused if the captive portal spoofs DNS.

In the example above you can switch between any device you want and move around untethered.  You just may need to be on a device that supports logging in to the captive portal every hour or so, depending on the service.  I have experienced ones where it NEVER asks you to re-authenticate, if you set the router to ping the Internet so the connection never goes idle.


Do note however that for this to really work you don't want to try and repeat the WiFi connection, you are basically connecting to it as if its your ISP (as it is) and using the router in full NAT routing mode.  If the free WiFi you are using supports 5Ghz and you have a newer router with dual-5Ghz radios, those are ideal as you can still broadcast on 5Ghz using a different channel to the main signal.  The absolute ideal is something that runs OpenWRT as you know it will support this configuration then.

Oh and I forgot to mention, if you use a good router then you can use a VPN on that router for extra security for ALL devices connected.

Router:  Intel N100 (pfSense) WiFi6: Zyxel NWA210AX (1.7Gbit peak at 160Mhz)
WiFi5: Ubiquiti NanoHD OpenWRT (~500Mbit at 80Mhz) Switches: Netgear MS510TXUP, MS510TXPP, GS110EMX
ISPs: Zen Full Fibre 900 (~930Mbit down, 115Mbit up) + Three 5G (~800Mbit down, 115Mbit up)
Upgrading Laptop/Desktop CNVIo WiFi 5 cards to PCIe WiFi6e/7

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×