Wilfredma
Level 1 (0 points)

Q: Airport Extreme behind captive portal

I really need some help to solve this issue!

 

- I am currently staying in a service aparment where the internet connection is behind a captive portal and I can only connect up the 4 devices concurrently with my login ID.

 

- I tried to connect my Airport Extreme to the WAN line in my room which is actually a LAN line since I am getting a Double NAT error afterward; this force me to put my Airport into bridge mode to make the error go away.

 

 

Here are my issues:

 

1) My devices managed to get internet connection through the Airport (in bridge mode) but each of them still requires to sign-in at the captive portal through the web browser, which mean I still have that 4 devices only restriction.

 

2) I also have an Apple TV and a NAS (Synology) attached to my network, but I couldn't get any internet connection with those since they don't come with a web browser for me to log in to the captive portal.

 

 

I guess the hidden service apartment router can still see my devices IP and MAC address when my Airport is set to bridge mode? MAC cloning might solve the issue but unfortunately the whole Airport series doesn't come with that function. Anyone got any suggestion before I try to replace my Airport with a TP-Link router?

OS X Mavericks (10.9.1)

Posted on Feb 12, 2014 11:47 PM

Close
Wilfredma

Q: Airport Extreme behind captive portal

  • All replies
  • Helpful answers

  • by Joe Blowe,

    Joe Blowe Joe Blowe Sep 27, 2016 8:48 AM in response to Wilfredma
    Level 1 (13 points)
    Sep 27, 2016 8:48 AM in response to Wilfredma

    Wilfredma,

     

         In short, you already had the answer.  Run the AE in routed mode.  The "error" double-NAT, is true.  There are some services that 'require' you not to run in this mode, such as captive portal!  Simply tell the AE to ignore the error, there is nothing wrong with your implementation.  (although looked down on)  Incidentally, the reason for the 4 host limit; is the responsibility of the owner of the captive portal network.  It is a limit set on their devices to limit how many devices can take up bandwidth.

     

         I have been running my AE in routed mode with the "error" for about three years, the only problem I have ever had was an anomaly on some IPSEC connections.  Oh, and you add about 10ms of latency for the double translation to the INET.  Once you have one host on the network accept the EULA or terms and conditions, your AppleTv and other devices should operate properly.  If they do not work, the frontside network has other security, such as host certificates that have to match on certain host attributes.  (It gets really complicated after this part of the conversation.)

     

    Joe "Double-NAT Warrior" B.

     

    p.s. Good hunting!