17 points by abdrzj 7 hours ago | 19 comments
zamadatix 2 hours ago
arjvik 3 hours ago
zamadatix 1 hour ago
Something like a DHCP option or NDP option ends up being a lot more natural: "Hey, here's your IP along with the information needed to access the network" is already a function of that layer. Some devices (e.g. macOS/iOS/iPadOS, Windows, Android) take a similar approach in the reverse by probing for a specific test url. That's also a bit hacky and unreliable (e.g. it can falsely trigger) but some minor standardization of it to e.g. a well known DNS name could be another good option.
0xbadcafebee 2 minutes ago
willidiots 48 minutes ago
It's really a business problem. IMO you shouldn't have to solve this just because you've gone indoors – you already pay a carrier for connectivity – but many carriers don't want to own that responsibility.
coretx 2 hours ago
apearson 2 hours ago
I don’t see how CGNAT does anything but allow easier access to attacks (using private ip space outside of the local network)
coretx 2 hours ago
zamadatix 1 hour ago
It's nearly 8 years later, we haven't moved to IPv6, and they stopped making noise so I'm left to assume they either got more source port logging or found some other method?
apearson 1 hour ago
gruez 2 hours ago
snvzz 2 hours ago
Or do not offer internet access at all. People carry their own already-connected devices anyway.
gruez 2 hours ago
>Or do not offer internet access at all. People carry their own already-connected devices anyway.
Travelers don't typically have gigabytes of bandwidth to spare. I for one like having unmetered internet access even when there's theoretically internet access available through roaming (absurdly expensive) or esims (expensive)
snvzz 49 minutes ago
The reality is that nobody wants to bother with any of that.
Either just connect me to the internet without extra steps, or don't at all. Don't waste my time.
gruez 31 minutes ago
I don't either, but for IT departments in large organizations, ignoring the legal department isn't an option.
notpushkin 25 minutes ago
stephenr 41 minutes ago
Configure your access points to use RADIUS or SAML for auth?
gruez 27 minutes ago
stephenr 2 minutes ago
As for importing a private CA. Use a certificate trusted by a public CA and you won't have this problem?
stephenr 2 hours ago
7 hours ago