Mikrotik DNS Fix to keep Android Splash Page and the Captive Portal Notification active
Summary
Some Android-based devices are not redirected to the Captive Portal when the user gets connected to a WiFi network with an Android device.
The Captive Portal Notification is not getting triggered automatically or the Splash Page is closed immediately when is the testing domain accessible.
In some cases is necessary to keep the splash page open even if the client is connected and authorized on CP, or the connection is temporarily opened due to authentication or payment.
This practice can be especially helpful when using SOCIFI with the Social Network Login on a system with IP-based Walled Garden (eg. Cisco WLC, Ubiquiti), or with the Off-site Payment Gateway.
How Android determine if it has an Internet Connection
- The Android devices check for the following domains:
http://clients1.google.com/
http://clients3.google.com/
http://connectivitycheck.gstatic.com
http://connectivitycheck.android.com
and other domains used for this purpose by Google.
- If the domain is accessible and returns “generate204” code, the captive portal is not triggered automatically. “generate204” response means the device is connected to the internet.
How to make Android believe it has no Internet Access
The simple method to keep the SP and CPN active is to block access to the testing domains by fake DNS translation.
To configure the DNS server to respond with not valid IP to DNS request, add records for testing domains that point to an inactive private IP, that cannot generate response 204.
The network clients have to use the DNS service configured to mask the testing domains.
Important notice
When using the DNS Fix, please be sure to disable the Android Workaround (copy/paste) using the switch in the SOCIFI Dashboard to get the best possible UX. See Android Sign in to Wi-Fi Network Settings (Workaround)
Configuration Examples
Not all services support this type of configuration. The following examples are for the selected DNS services, of course, any other type of DNS service that supports this configuration is possible to use.
The a.b.c.d represents an inactive private IP, that cannot generate response 204.
Mikrotik
Terminal:
Check if the Servers entries are set with required superior DNS or at least Dynamic server is assigned.
ip dns print servers: 8.8.8.8 dynamic-servers: 192.168.7.1 allow-remote-requests: yes max-udp-packet-size: 4096 query-server-timeout: 2s query-total-timeout: 10s cache-size: 2048KiB cache-max-ttl: 1w cache-used: 15KiB
If not, set the servers with the following command: (the IP set of DNS servers is just example. Set the servers according to your requirements)
ip dns set servers=8.8.8.8,8.8.4.4
Add the static entries using the following command in the Mikrotik Terminal window. The a.b.c.d represents an inactive private IP, that cannot generate response 204.
ip dns static add name=clients1.google.com address=a.b.c.d ip dns static add name=clients3.google.com address=a.b.c.d ip dns static add name=connectivitycheck.android.com address=a.b.c.d ip dns static add name=connectivitycheck.gstatic.com address=a.b.c.d
Or add these entries manually using WinBox:
Go to IP-DNS
Check if the Servers entries are set with required superior DNS or at least Dynamic server is assigned.
If not, enter the servers manually: (the IP of DNS servers are just example, use the servers according to your requirements)
Click on "Static"
Click on "+" (Add)
Enter the Name clients1.google.com and an inactive private IP
Click OK
Repeat the steps for each test domain.
clients1.google.com
clients3.google.com
connectivitycheck.android.com
connectivitycheck.gstatic.com
DnsMasq service:
Insert following lines to configuration file (/etc/dnsmasq.conf). Correctly configured DNS forwarding is expected. The a.b.c.d represents an inactive private IP, that cannot generate response 204.
# Android Internet Conectivity Test Domains address=/clients1.google.com/a.b.c.d address=/clients3.google.com/a.b.c.d address=/connectivitycheck.android.com/a.b.c.d address=/connectivitycheck.gstatic.com/a.b.c.d
Microsoft DNS
In the MS DNS Server Configuration (dnsmgmt.msc) go to Forward Lookup Zones and create a new zone.
Enter the zone name identical to the test domain.
Configure the zone type and other properties according to your requirements and your MS DNS configuration.
Add a new static A entry with empty name and an inactive private IP, that cannot generate response 204.
Repeat the steps for each test domain.
clients1.google.com
clients3.google.com
connectivitycheck.android.com
connectivitycheck.gstatic.com
Important notice
Be aware that any changes in DNS translation can cause unexpected behavior in your network. SOCIFI can not be held responsible for any malfunctions caused by the procedures described above.
Related pages
The Splash Page is not triggered when Android devices connect to WiFi
Android Splash Page Workaround Switcher
Android Sign in to Wi-Fi Network Settings (Workaround)