Secure DNS problem

lol

You know full well I could not dissect these packages.

I cannot take that engine apart but I have tinkered/faught Travelmate and have a pi w2 running OpenWrt with it and I always look for DNS leaks.

You can look at the page:

  • Automatically add open uplinks to your wireless config, e.g. hotel captive portals

  • Captive portal detection with a ‘heartbeat’ function to keep the uplink connection up and running

  • Captive portal hook for auto-login configured via uci/LuCI. Use an external script for captive portal auto-logins (see example below)

Have you ever used it?

Nope,

but I'm not questioning travelmate, just saying it won't solve the ISP DNS interception...?

Sorry, misunderstood your reply:

I don't know, given how far off the OP's is.
If they leaned toward Travelmate I'd tell them to start over because it wants a clean slate; so I'd avoid trying to clean up their current dns config.

TBH, I didn't think of travelmate, probably because I never used it.

dnsmasq can do it all, I do however agree, OP is all over the place :slight_smile:

1 Like

The luci-app-travelmate ensures these packages are present:

  • 'dnsmasq' as dns backend

I had a day and just got back.
So, that suggests it will work with and is expecting it and so, kill me for my presumption, presume it has configured in some way prima facia.

I could ask in the Travelmate thread but I need a little more participation from the OP.

He is more likely across the road from a coffee shop and wants to leech free Internet and is trying to hide what he is doing from them.
Any Captive Portal should block all dns except for its own during the "login" phase, as well as enforce use of its dhcp, to help prevent third party MITM attacks. Maybe the OP is a wannabe MITM......

1 Like

Travelmate looks very useful. I have attempted to use this many times before. Been trying to make it work for the past two days. Logged a separate help request

based on your other post, I'd say the issue might be with your wifi adapter, and not the package itself.

wifi adapter works as expected without travelmate. i have been using the same wifi adapter with one ap and one client for a while now.

Simultaneously?

1 Like

yes

that's how i always done

i have openwrt on two old routers - dir615d4 and wrt160nl. both have one radio, one ap, one client, all wireless devices.

You have two radios, one you can't get to work, and the other one built in into the Pi ?

Which one does, and doesn't work ?

How are the routers you name dropped related to this thread ?

i have multiple routers and pi and usb wifi adapters. i use one pi as travel router sometimes. please treat each thread independently. not all issues are on the same device.

this thread is not device related, just my lack of understanding in configuring secure dns. i am slowly going through each of the actions each of you have suggested.

i have configured secure dns with dnsmasq and unbound and stubby and other options listed in wiki. all work when there is a ready internet connection. where i fail is when i hit a captiveportal. i have to get my head around setting exceptions and discovering what isp dns ip to set at the time i hit captiveportal.

i don't have an issue with captiveportals, and i don't mind logging in manually. my issue is the always on whatever secure dns solution i use.

A captive portal works by having a DNS server for users that have not yet logged in which resolves all names to the same IP: that of the private captive login page. Thus, wherever a not logged in user may try to go on the Internet, they will get the login page instead.

If you try to use other than the portal's DNS which was advertised over DHCP, your browser will not find the IP of the login page and won't be able to show it to you. Thus there is no way to log in. Secure DNS needs to be disabled until after log in is completed.

4 Likes

This is all handled by Travelmate but it seems @josephg has not started a thread to help walk them through the eggshells of Travelmate.
It is unforgiving.

1 Like

how can i mark multiple solutions? cause my solution is a combination of many of you.

what are you on about? are you drunk? you saw my travelmate thread which i linked above, you posted there multiple times.

No, I was in an accident and it has left me with brain fog, not to mention all the threads I read a day; they kind of mesh together.

Thanks for the concern.

Write a post with referrals and mark that as the solution.

having problems again :frowning: here's what you asked..

$ curl -I http://openwrt.org
HTTP/1.1 302 Found
content-length: 0
location: https://ee-wifi.ee.co.uk/home
Pragma : no-cache
Connection : close
cache-control: no-cache
connection: close
$ nslookup ee-wifi.co.uk
Server:         127.0.0.53
Address:        127.0.0.53:53

Non-authoritative answer:
Name:   ee-wifi.co.uk
Address: 198.58.118.167
Name:   ee-wifi.co.uk
Address: 72.14.178.174
Name:   ee-wifi.co.uk
Address: 45.56.79.23
Name:   ee-wifi.co.uk
Address: 45.33.20.235
Name:   ee-wifi.co.uk
Address: 45.33.2.79
Name:   ee-wifi.co.uk
Address: 45.33.23.183
Name:   ee-wifi.co.uk
Address: 96.126.123.244
Name:   ee-wifi.co.uk
Address: 45.79.19.196
Name:   ee-wifi.co.uk
Address: 45.33.30.197
Name:   ee-wifi.co.uk
Address: 45.33.18.44
Name:   ee-wifi.co.uk
Address: 72.14.185.43
Name:   ee-wifi.co.uk
Address: 173.255.194.134

Non-authoritative answer: