I need help with accessing captive portal in my public library. My "symptoms" are similar to this poster's problem. On my first attempt to connect, Auto enable login mode and camouflage were off but VPN and AdGuard was on. When I click the "open login portal" warning, it only opens a new tab that showed "Safari can't open page" (and some very long url). I tried going to cnn.com and http://neverssl.com, and neither worked to trigger the captive portal. I then tried all combinations of turning on/off VPN, AdGuard, camouflage, and auto-enable login mode but no luck still.
I turned off VPN+AdGuard, DNS rebinding attack protection, but the "symptoms" remained.
I wanted to try MAC cloning but I don't understand the steps needed as I cant seem to find the Admin Panel -> Network -> MAC Address. I tried looking for options under the "Modify" settings under Internet -> SSID -> Modify -> MAC Mode. but couldn't find the "Manual" MAC address option (I only see Factory, Clone, or Random).
I saw in some other post something about TTL and how I should either set it to 64 or 65 but I'm not exactly sure which is which. Additionally, I saw several posts recommending ways to modify this, but I found that under Internet -> SSID -> Modify -> Advanced Setting , there seems to be a way to provide TTL? Is this the preferred method to "update" TTL (as seems to be suggested in this Sep 2024 response from thread)? My confusion though is that the other posts I found with a later date ([1] Dec 2024, [2] Dec 2024), recommended a more-involved method? Which is the right one? What should I be using??
I am a layperson and do not understand all these networking stuff beyond what's mentioned in the guide. Here are the specs that I could gather during this problem:
Other info: when I tried to connect to the WiFi, the SSID has a tag saying "DFS, Mixed". Also, the "captive portal" only requires me to agree to some terms, no login required. When I connect directly, it pops up a separate window (which appears different vs typical Safari window).
Let me know if more information/context is needed and any help is appreciated!
This one is the link shown from the same message above, when I try to "go to login page" when in login mode. I'm not sure if I should post the link as-is; looking into it, there are keywords such as "real_ip", "client_ip", "auth_version", "key", etc...is this not security risk? Possible to PM the full link instead? The redacted link looks something like:
https://na.network-auth.com/splash/ikXsNaHb.0.97/?mac=98%3A18%3A88%3A40%3A31%3A17&real_jp=[redacted IP]&client_ip=[same IP as previous]&client_mac=[I think this is my MT3000 MAC address]&vap=0&a=[42-character alphanumeric string]=[8-digit number]&auth_version=5&key=[40-character alphanumeric]&acl_ver=P15228118V2&continue_url=http%3A%2F%2Fcaptive.apple.com%2Fhotspot-detect.html
I attempted them through my Macbook again and tried to use camouflage and auto-enable login mode. Didn't work still.
I then tried through my phone (Pixel 8) and it also didn't work. I don't think the repeater ever successfully connected. The router never successfully show the captive portal, so I don't think I can try your suggested method:
Another try...connect again.
I'm not sure if I'm doing it wrong, but I tried a similar step to this post on Dec 2024 (from previous link):
Turned on my VPN from phone
Connect to Library SSID, but did not accept captive portal yet.
Change randomized MAC to device MAC
Accept terms to get through the captive portal
Switch back to randomized MAC
Switch to MT3000 SSID from phone
Go to admin panel, connect to Library SSID with clone MAC (auto-enable login mode off). I think I had to turn off camouflage mode, otherwise the "clone MAC" option does not show.
Did not work and the admin panel keeps showing "no connection error"
I am using Safari in MacBook, not Chrome -- I couldn't find the "secure DNS" option. Also, when I tried to connect directly to the Library WiFi, no issues and the portal shows up. Would a screenshot of the "portal" help at all?
What other info could be useful to help resolve this?
Do you use iCloud private relay in your Mac? That could make a problem of the captive portal as well.
Can your try other browser? For example Firefox?
I know when you connect your phone or computer to the captive portal wifi the page can pop up quickly. Seems during a short time the phone connects to wifi it tries to detect portal. I spent hours to test and my windows works the best for the router repeater. Don’t think it is a bug in the router but seems that when adding a router in the middle it slows the portal detection and could make trouble. I need more test and will get a Mac.
I do not have iCloud subscription, so I don't think I have private relay.
I went to the library again and this time, I tried to use auto-login-mode (ALM) and camouflage from the start. Tried using Chrome (Version 135.0.7049.116 Official Build x86_64):
I also tried chrome on my Windows 10 work laptop and it did not work. With the Windows 10, I also tried to do:
ALM + camouflage
ALM + MAC clone + TTP 65
ALM + MAC clone + TTP 64
None worked.
I also happen to visit school "library" building and it seems like the same problem occurs but the website link shown is much shorter: http://captive.apple.com/hotspot-detect.html
UNFORTUNATELY, I had forgotten to turn off the secure DNS on all tries when testing with Chrome. I will try again tomorrow and report back. Meanwhile, not being able to access captive portal on two different locations seems to suggest to me that I'm probably doing something wrong with my MT3000 settings potentially?
I think I might have figured out what the problem was...I have turned on "Block Non-VPN Traffic" when I first tested the product (which was a few months ago) and I forgot to disable this when going to the library and all this time. This probably conflicted with the auto-login-mode since it turns off VPN until I get a connection...
I will turn this feature off this time and test again and report back. I am truly truly sorry for not being more careful...
