WiFi access point without internet access - iOS devices disconnect

Question

I'm trying to configure a WiFi access point to offer a web service on the local network, without offering clients internet access. The web server has a fixed IP address (let's say 192.168.2.2) and for user friendliness a local dns server assigns it the domain name app.com.

However, when an iOS 8 iPad connects to the network, it automatically tries to determine whether the WiFi network is "usable" - meaning it provides internet. If it fails, the iPad disconnects automatically.

We found this answer suggesting setting the DHCP server(udhcpd in our case)'s DHCP gateway to 0.0.0.0 ("null") and using static DHCP configuration. However, we wish to use DHCP, and indeed clients are no longer automatically assigned an IP when we unset udhcpd's DHCP gateway(router option). This is the relevant section of our udhcpd.conf, in case it helps:

start 192.168.2.100
end 192.168.2.149
max_leases 50
interface br0
remaining yes
option subnet 255.255.255.0
#option router 192.168.2.1

So, is there a way to tell iOS devices to stay connected to a WiFi network while still using DHCP for client IP's, subnet and DNS configuration?

score 1 · Answer 1 · answered Jul 31 '15 at 12:23

1

If it's possible, try to allow TCP traffic to apple.com and icloud.com. On my hotspot it prevents iPhone from thinking that it uses a hotspot. Hope it'll help you.

answered Jul 31 '15 at 12:23

andrey

111
2

which tool would you use to allow such traffic ? dnsmasq ? – ArchiT3K Aug 03 '15 at 07:28
One of possible solutions is to use dnsmasq, ipset and iptables. Probably there are others. – andrey Aug 03 '15 at 12:57

score 0 · Answer 2 · answered Jul 31 '15 at 08:33

0

Actually what you do is a Captive Portal. You provide an AP without Internet access. Main OSes states it is captive, while you are not logged-in, authenticated, or while you dont have agreed ToS.

This can be frustrating, but it is like that. OSes think the mainstream way (like hotspots in hostels, restaurants, starbuck, etc.). I dont know the 0.0.0.0 trick, but it seems wrong a priori.

There had been ways to fool iOS. But they have been "fixed" by Apple. iOS & OSX calls an url and expect a specific answer. Now you cannot determine exactly which IP is called, neither which answer is expected.

Well, I did this way:

I created a 'welcome' page, with one button "I agree ToS" (or what you want),
when you join the Wifi, the captive iOS popup opens and displays the welcome page.
When you click the button, my router opens full access to Internet for some seconds for this user MAC adress.
Once done, the iOS popup displays automatically a "OK" button.
When you click it, the Wifi is hooked, def' joined.
Finally, I re-close the portal. My Wifi is still captive, but joined.

That all is rather a matter of iptables than dhcp.

You have to learn about Captive Portals and how iOS manages it. The only way IMO.

answered Jul 31 '15 at 08:33

ArchiT3K

155
2
12

Did you provide _no internet access_ as asked in the OP? If we have internet, everything works as you say, but if the internet is missing (i.e. WAN unplugged) iOS devices disconnect right after closing the WiFi popup (Actually, like you, we built a captive portal that uses the pop-up, but left that out for simplicity's sake) – Tim Raasveld Jul 31 '15 at 09:20
I did provide *no internet access*. I wanted the popup anyway. So to have the popup "hooking" the Wifi, I needed to open *internet access* for 2 seconds. It has been a work with `iptables`, `dnsmasq` and `php`, never `dhcp`. Btw, how do you bypass the popup ? – ArchiT3K Jul 31 '15 at 09:23
Thanks for the clarity. Just tried it and it works, but our question is for a situation where (temporary) internet access is _impossible_. If you wish to bypass the popup, whitelist captive.apple.com (see andrey's answer) in your captive portal's HTTP proxy so the iOS devices will think it has internet access. – Tim Raasveld Jul 31 '15 at 14:14
Thanks. I will have the same problem about "impossible internet access" and frankly I dont know yet how to manage this. I tried to mimic captive.apple.com response page (Success body) - in order to fool iOS - but it failed. Maybe I missed something, but I really copied full source from it. Note: I had to force popup display by my side, even with zero whitelisting, I didnt get the popup. I ll keep this for *zero internet access* mode and tell my clients to go Safari directly. – ArchiT3K Jul 31 '15 at 14:21
The popup should always open when `captive.apple.com/library/test/success.html` shows something other than the Success page (but not nothing or an error status); this causes an automatic disconnect in my experience). Feel free to open another question if you need further help with this issue! – Tim Raasveld Aug 03 '15 at 07:20
@TimRaasveld My popup does not open even when `captive.apple.com/library/test/success.html` returns my welcome page 'landing.php'. I had to include a wispr payload, into landing.php, to make it opening. – ArchiT3K Aug 03 '15 at 07:26

WiFi access point without internet access - iOS devices disconnect

2 Answers2