Open AP is not forcing the portal page when a client connects! (android)

[GGG]

Hi!

 

I am activating the open AP plus a nice google login page. But when I connect to it, I am not forced to visit that landing page. My android send this notification of course but who cares? I have internet even without visiting it and I am not forced to visit it. 

 

What's wrong here?

[dark_pyrro]

Depends on how you define "have internet". Are you able to use the web on the device without authenticating? I guess you are using the Evil Portal module since you refer to the "nice google login page".

[GGG]

25 minutes ago, dark_pyrro said:

Depends on how you define "have internet". Are you able to use the web on the device without authenticating? I guess you are using the Evil Portal module since you refer to the "nice google login page".

Yes and yes! )

I have internet 100% and it just shows a notification in the android notification bar that I need to authenticate bla bla. But it's useless since it's not forcing me to go to this page.

[dark_pyrro]

iptables should control that on the Pineapple and it shouldn't be possible to pass it. Is the /tmp/EVILPORTAL_CLIENTS.txt containing any IP addresses?

[GGG]

6 minutes ago, dark_pyrro said:

iptables should control that on the Pineapple and it shouldn't be possible to pass it. Is the /tmp/EVILPORTAL_CLIENTS.txt containing any IP addresses?

eh... I don't even have a tmp folder in my mark VII 😕

I must have missed something really basic here, right? 😄

 

[dark_pyrro]

It's more or less impossible to not have a /tmp directory, it's a part of OpenWrt

[GGG]

4 minutes ago, dark_pyrro said:

It's more or less impossible to not have a /tmp directory, it's a part of OpenWrt

Definately! I wasn't in the root folder sorry lol

 

Well it only has one IP, the Permanent client's one (which again, I am not sure what does this mean!)

[dark_pyrro]

It's most likely 172.16.42.42 which is the IP address that should be dedicated to the target connected to the Pineapple (at least using the USB-C Ethernet interface, if configured as static). What IP is the Android device getting from the Pineapple when connected to the open AP?

[GGG]

29 minutes ago, dark_pyrro said:

It's most likely 172.16.42.42 which is the IP address that should be dedicated to the target connected to the Pineapple (at least using the USB-C Ethernet interface, if configured as static). What IP is the Android device getting from the Pineapple when connected to the open AP?

172.16.42.184

[dark_pyrro]

What's the output of:
iptables -S -t nat

Not the whole output, but what lines are there that has anything that relates to the 172.16.42.0/24 range? I.e.
iptables -S -t nat | grep 172.16.42

A screenshot of the EvilPortal (when it's active/running) would be nice to have for troubleshooting purposes.

[GGG]

-A PREROUTING -s 172.16.42.42/32
-A PREROUTING -i br-lan -p tcp -m tcp --dport 443 -j DNAT --to-destination 172.16.42.1:80
-A PREROUTING -i br-lan -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.16.42.1:80
-A PREROUTING -i br-lan -p tcp -m tcp --dport 53 -j DNAT --to-destination 172.16.42.1:5353
-A PREROUTING -i br-lan -p udp -m udp --dport 53 -j DNAT --to-destination 172.16.42.1:5353

 

[dark_pyrro]

Can't see what your issue might be atm. I've never had any issues with Evil Portal (well, some when 2.x fw was released but that was fixed and was possible to solve temporarily). It shouldn't be possible to pass iptables rules (or the lack of them for the specific target).

[GGG]

9 minutes ago, dark_pyrro said:

Can't see what your issue might be atm. I've never had any issues with Evil Portal (well, some when 2.x fw was released but that was fixed and was possible to solve temporarily). It shouldn't be possible to pass iptables rules (or the lack of them for the specific target).

What if I tell you that I had internet in my android because I forgot my 5g on as well??? 😕

 

I know... shoot me now.