[squid-users] Dual-stack IPv4/IPv6 captive portal
Michele Bergonzoni
bergonz at labs.it
Fri Feb 27 17:00:58 UTC 2015
> - The DHCP and DHCPv6 servers know the MAC and IPv[46] address of each
> client and could cooperate with each other to link this data together.
This is true for v6 if the client uses its MAC as an identifier, which it's not supposed to do and last time I checked was not true for Windows, or if clients or DHCP relays support RFC6939, which is quite new. See for example:
https://lists.isc.org/pipermail/kea-dev/2014-June/000043.html
> However, the proxy does not always have control of the DHCP/DHCPv6 servers.
Yes, and if you really have complete control of everything you can as well poll the first hop routers for their ARP/neighbor tables.
Have you thought about engineering your captive portal with a dual stack DNS name (having both A and AAAA), a v4 only and a v6 only, and having you HTML embed requests with appropriate identifiers to correlate addresses? Of course there are HTTP complications and it is not perfect, but I guess that as long as it's a captive portal, kludginess cannot decrease below some level.
I am really interested to hear what people are doing in the field of squid-powered captive portals, even more when interoperating with iptables/ip6tables.
Regards,
Bergonz
--
Ing. Michele Bergonzoni - Laboratori Guglielmo Marconi S.p.a.
Phone:+39-051-6781926 e-mail: bergonz at labs.it
alt.advanced.networks.design.configure.operate
More information about the squid-users
mailing list