2017-02-27 - RE: [GRASE-Hotspot] Re: issues with https login with Facebook

Header Data

From: Daniel Crusoe <di***n@gmail.com>
Message Hash: 6b25105900ad7673645c0fbfb61641e6bae8156a0a1a1e5a3da0f049b3791b89
Message ID: <00c101d290f6$e86826a0$b93873e0$@gmail.com>
Reply To: <CAESLx0JsrT98K8EtsBafwTcgByYU_jyUMz1TzENhPGmdtRTUDA@mail.gmail.com>
UTC Datetime: 2017-02-27 05:42:05 UTC
Raw Date: Mon, 27 Feb 2017 14:42:05 +0200

Raw message 

Hey Tim,

 

I haven’t a clue what happened, last night I ran all the updates to the bleeding edge (apt-get upgrade and apt-get dist-upgrade) and rebooted the system like three times (was an issue I created with the login time out that needed fixing) and now the issue has gone away… go figure… I can access facebook from within my network again… I suspect it was a certification error with the squid.. what ever it was, I have run a backup of my working system  And will continue to work with it as is.. hoping against hope that I don’t need to reload the backup to “fix” any future problems. 

 

From: Timothy White [mailto:ti***8@gmail.com] 
Sent: 27 February 2017 13:36
To: Grase Hotspot
Subject: Re: [GRASE-Hotspot] Re: issues with https login with Facebook

 

Hi Daniel

 

It's really odd the error you are getting. The first part suggests that your browser attempted to access http://www.facebook.com, and due to HSTS Firefox is forcing you to HTTPS. However, the certificate for HTTPS fails. Except, that's where I get confused. There shouldn't be a HTTPS service running on the hotspot to give a certificate, it should be a redirect on the HTTP level, and if firefox upgrades to HTTPS, it should timeout. Do you have any services on the Grase server running on port 443?

 

Unfortunately, (or fortunately, depending on your POV), with the move towards SSL and HSTS, captive portals are becoming harder to make work. However, the good news is that modern OS's are aware of this, and are working to better support them. This includes Android, iOS and Windows (8 and newer I think) sending out probe requests to first detect a captive portal, when a new network connection is made. This just means clients on older OS's don't always get a good experience, as the sites they often load are HTTPS only (HSTS), and so the captive portal redirection just doesn't work properly.

 

I actively look at captive portal detection methods, to ensure that the Grase Hotspot is using as many as possible, but if you find ones that we aren't using, let me know and I'll do my best to implement them.

 

Regards


Tim

 

On Mon, Feb 27, 2017 at 5:23 AM, Daniel Crusoe <di***n@gmail.com> wrote:

 <https://lh3.googleusercontent.com/-zQHQ3GTHEZw/WLMq4i6kV1I/AAAAAAAAgpY/fJBjDUDtv1UIBIJopE626FbxPnfK0E65wCLcB/s1600/internet%2Bfault.jpg> 

 <https://lh3.googleusercontent.com/-zQHQ3GTHEZw/WLMq4i6kV1I/AAAAAAAAgpY/fJBjDUDtv1UIBIJopE626FbxPnfK0E65wCLcB/s1600/internet%2Bfault.jpg> 

sigh... so it worked fine for a day, then the whole network just stopped working.. so i uninstalled grase, updated the server to the latest 14.04 stuff and then re-installed grase (most of the settings remained yay) but when i tried to connect to facebook from inside the grase network i got this error again (cant believe i didnt post it the first time)




-- 
This mailing list is for the Grase Hotspot Project http://grasehotspot.org
--- 
You received this message because you are subscribed to the Google Groups "Grase Hotspot" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gr***e@grasehotspot.org.
To post to this group, send email to gr***t@grasehotspot.org.
Visit this group at https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
To view this discussion on the web visit https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/ff5b60e8-5357-4d6e-af17-786ed1af5f76%40grasehotspot.org <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/ff5b60e8-5357-4d6e-af17-786ed1af5f76%40grasehotspot.org?utm_medium=email&utm_source=footer> .

 

-- 
This mailing list is for the Grase Hotspot Project http://grasehotspot.org
--- 
You received this message because you are subscribed to the Google Groups "Grase Hotspot" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gr***e@grasehotspot.org.
To post to this group, send email to gr***t@grasehotspot.org.
Visit this group at https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
To view this discussion on the web visit https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0JsrT98K8EtsBafwTcgByYU_jyUMz1TzENhPGmdtRTUDA%40mail.gmail.com <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0JsrT98K8EtsBafwTcgByYU_jyUMz1TzENhPGmdtRTUDA%40mail.gmail.com?utm_medium=email&utm_source=footer> .



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Thread