Controllerless Networks

Reply
New Contributor

Block All Traffic Feature VIA 3.0.0.0 - Captive Portal/DNS Problem

Hi Guys,

 

Have a query/question around the block all traffic feature of the VIA client. One of our customers requires this feature to be on and devices are to autoconnect to the VPN using VIA. Now when the block all traffic feature is enabled the VIA client cannot resolve the controller address in DNS. To get this working on private networks we have whitelisted RFC1918 addresses which allows the VIA client to resolve DNS locally and VPN to the controller.

 

Thinking about hotspot access, free wifi etc, I would expect to have to get to a splash page and fill in some details to gain access, a large number of these are public cloud hosted and we would have to identify the IP addresses of these and whitelist them including public DNS if used.

 

Is there some sort of captive portal detection and remediation that I am missing?, have read through documentation and doesn't appear to be any workaround for this. Why would you implement a block all traffic before VPN access when that would stop it from contacting the VPN due to no access to DNS or default gateway which we are seeing when this feature is enabled.

 

Thanks

Ben

Guru Elite

Re: Block All Traffic Feature VIA 3.0.0.0 - Captive Portal/DNS Problem

Hi,

 

At this time, we do not have a feature to deal with Captive Portals.  For now, traffic to the following ip addresses should be automaticlaly whitelisted when the "block" feature is enabled:

 

1)      Default gateway
2)      DNS server
3)      DHCP  server
4)      Controllers internal and external addresses.
 
 
 

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
New Contributor

Re: Block All Traffic Feature VIA 3.0.0.0 - Captive Portal/DNS Problem

Thanks Colin,

 

The exeprience we had with that was not the case and blocked all traffic. We had to whitelist the RFC1918 addresses for the VPN profile to allow the client to connect. We are running 7030 MC's AOS 6.5.4.3, VIA client 3.0.0.0 on Windows 10.

Guru Elite

Re: Block All Traffic Feature VIA 3.0.0.0 - Captive Portal/DNS Problem

Is this Windows?   Please upgrade to the latest client and let us know if you have the same issues.

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: