Detect captive portals when connecting to WiFi [$100]

Great work item for networkmanager and/or connman.

Would be nice if somebody told the devs about it, actually.

These are called captive portals and are really easy to detect. When you detect a new wireless connection, try and hit a URL with a 204 response (obviously something known ahead of time). If you get anything but a 204, you know you've hit a captive portal (or something similar) and present the "next step" of configuring the wireless: signing in to the wireless network.

Android does something similar and it works really well on a technical level, though it doesn't do it soon/obviously enough so I guess users miss the norification.

Somewhat hacky (though possible) way of doing it outside of NetworkManager: use NetworkManager's DBus API to watch for connecting to a wireless network. Once a connection is made, try and hit an external page and detect if there's a captive portal. If not, do nothing. If there is, then prompt the user to sign in.

There's a $25 bounty for this bug: https://www.bountysource.com/#issues/447181-detect-captive-portals-when-connecting-to-wifi

Of note: this is also considered a walled garden in addition to captive portal. In case that helps anyone. Also, here is the code Android uses to do its detection:

http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android/4.0.1_r1/android/net/wifi/WifiWatchdogStateMachine.java#WifiWatchdogStateMachine.isWalledGardenConnection%28%29

This works because a captive portal will not return a 204 if it is rerouting traffic.

I'd like to remind you that also wired networks may redirect you to a login page, so this discussion regards also wired connections in my opinion.

I tinkered with this bug a bit, and got a solution that (seems to) work.
It simply consists in keeping the attached script in the /etc/NetworkManager/dispatcher.d directory with execution permissions.
NetworkManager runs all scripts in that directory. What the script does is:
1) check if the event is an "up" event, i.e a new connection
2) test if "http://clients3.google.com/generate_204" returns 204, if not we are in a walled garden
3) if we are in a walled garden, launch the default browser, trying to open google.com, which should then "trigger" the captive portal (uses xdg-open, is it actually the best way to open a link in the default browser?)

What do you think?

Oooops! I tested it with sensible-browser and then uploaded it after trying xdg-open, which breaks it.. sorry! Attached there is the actually script that works! :)
Sorry again!

It should probably just open the 204 page in the browser. Also, should we get our web team to make a 204 URL so we aren't relying on Google?

Sounds like a good addition alongside existing things like http://start.ubuntu.com/connectivity-check.

Yes it would be good to have a 204 page to not have to rely on Google.
About the opening page,if we are in a walled garden,for every page we try to load we should be redirected to the login page of the captive portal..I can easily change Google.com :)

Sergio, that's true. However, some might try and redirect you back to your previous request and not everyone will want to go to Google.com. ;)

The linked branch already contains the modified version of the script, using elementaryos.org instead of google.com :)

Sergio: okay, sorry for being annoying, but could you set it to http://start.elementaryos.org? I'm also working with the web team to throw a 204 page up so we don't have to rely on an undocumented Google page. Unless you think that'd be more reliable than doing it on our own server.

Hm... After testing this some more, it assumes it's a captive portal when I just don't have any Internet connectivity (I.e. I'm on a LAN that's not connected to the Internet).

Cassidy, could you retry? I updated the branch :)

Also, I know it's not really good to rely on google provide that service, but there's also the fact that google services are (basically) always up, so unless they remove that page (thus changing the way android checks for captive portals) I think we're ok.
Changing the 204 page to look up obviously needs no effort at all :)

Sergio, I registered a project page for the Captive Network Assistant. Can you move your branches there? https://launchpad.net/capnet-assist

It should be under the ownership of elementary-apps at the moment. I'm not sure if you're a member of that team. If not, we can add you ;)

Thank you for adding me, I moved the script to capnet-assist, but if you also would like to have it together with the login "app", I need a bit of help for the packaging stuff. At the moment it only uses cmake.. :)

Just +$35'd the bounty!

Has anyone tried https://launchpad.net/capnet-assist? I received no feedback yet :(

Sergio,

I have not tried Captive Network Assistant yet, mainly because I don't know how to install from source yet and haven't had the time to pursue how. That is why I put $35 in the bounty. That being said, if anyone could guide me towards installing this then I think I can spare some time now.

Sergio,

Good read on xdg-open vs gnome-open etc. => http://budts.be/weblog/2011/07/xdf-open-vs-exo-open

"xdg-open is a shell-script which works independent from the desktop-environment. It will inspect your environment and if it can detect that you are running Gnome, KDE, XFCE or LXDE it will use the correct tool from your Desktop Environment (such as exo-open under XFCE). If it can't detect your environment it will try to open the file itself. "

I cloned the capnet-assist repo with bzr. Installed cmake. It failed with not finding Vala, added a PPA for Vala, installed valac, and now I am at the point where it cannot find gtk3+ and webkitgtk3+. I am not entirely certain which packages I need at this point, can anyone help me out with this part of things?

"sudo apt-get install libwebkitgtk-3.0-dev " should install these two missing dependencies for you.

Thanks Sergey,

After I installed Webkit I was able to build and install without errors. Nothing happens when connecting to the captive portal though, I also tried restarting but no success.

Do you have any suggestions on how to debug this?

Thanks again

Hey Elijah!
Sorry I didn't answer you sooner, some stuff happened..however, try to update the source from the repository with 'bzr pull' and then reinstall the script and run 'sudo service network-manager restart'.
Try to connect to the captive portal again, but before you connect to the WiFi network run 'sudo tail -f /var/log/syslog | grep CapNetAssist'. This should show you the logs just for the NetworkManager script. :)
Sorry again for the delay in the answer :)

Hi ! I would like to help solve this. Should I work on a Daily Image of Isis ? (it is the first time I contribute to an open source project)

@aithamouda belaid, nope this code isn't specific to ISIS afaik. Check the related branch: https://code.launchpad.net/~elementary-apps/capnet-assist/trunk

Also, there is now $100 in bounties available for this.
$75 on NetworkManager https://www.bountysource.com/issues/447181-detect-captive-portals-when-connecting-to-wifi
$25 on elementary OS https://www.bountysource.com/issues/447181-detect-captive-portals-when-connecting-to-wifi

Just FYI, this is how Chrome OS has started prompting people to finish connecting. Notification links to gstatic.com/generate_204, which should prompt a redirect. http://i.imgur.com/5u8EJ4Y.png

Hi, folks.
As I understand the problem is fixed.
$75 bounty for the problem can now be claimed.
https://www.bountysource.com/issues/447181-detect-captive-portals-when-connecting-to-wifi

Money goes to Cameron Norman? Inform him please.