Mikrotik DNS Fix to keep Android Splash Page and the Captive Portal Notification active

Summary

Some Android-based devices are not redirected to the Captive Portal when the user gets connected to a WiFi network with an Android device. 

The Captive Portal Notification is not getting triggered automatically or the Splash Page is closed immediately when is the testing domain accessible.

In some cases is necessary to keep the splash page open even if the client is connected and authorized on CP, or the connection is temporarily opened due to authentication or payment.

This practice can be especially helpful when using SOCIFI with the Social Network Login on a system with IP-based Walled Garden (eg. Cisco WLC, Ubiquiti), or with the Off-site Payment Gateway.

How Android determine if it has an Internet Connection

  1. The Android devices check for the following domains:
    http://clients1.google.com/
    http://clients3.google.com/
    http://connectivitycheck.gstatic.com
    http://connectivitycheck.android.com
    and other domains used for this purpose by Google.
     
  2. If the domain is accessible and returns “generate204” code, the captive portal is not triggered automatically. “generate204” response means the device is connected to the internet.


How to make Android believe it has no Internet Access

The simple method to keep the SP and CPN active is to block access to the testing domains by fake DNS translation.

To configure the DNS server to respond with not valid IP to DNS request, add records for testing domains that point to an inactive private IP, that cannot generate response 204.

The network clients have to use the DNS service configured to mask the testing domains.

Important notice

When using the DNS Fix, please be sure to disable the Android Workaround (copy/paste) using the switch in the SOCIFI Dashboard to get the best possible UX. See  Android Sign in to Wi-Fi Network Settings (Workaround)



Configuration Examples

Not all services support this type of configuration. The following examples are for the selected DNS services, of course, any other type of DNS service that supports this configuration is possible to use.

The a.b.c.d represents an inactive private IP, that cannot generate response 204.

Mikrotik

Terminal:

Check if the Servers entries are set with required superior DNS or at least Dynamic server is assigned.

 ip dns print
                servers: 8.8.8.8
        dynamic-servers: 192.168.7.1
  allow-remote-requests: yes
    max-udp-packet-size: 4096
   query-server-timeout: 2s
    query-total-timeout: 10s
             cache-size: 2048KiB
          cache-max-ttl: 1w
             cache-used: 15KiB


If not, set the servers with the following command: (the IP set of DNS servers is just example. Set the servers according to your requirements)

ip dns set servers=8.8.8.8,8.8.4.4


Add the static entries using the following command in the Mikrotik Terminal window. The a.b.c.d represents an inactive private IP, that cannot generate response 204.

ip dns static add name=clients1.google.com address=a.b.c.d
ip dns static add name=clients3.google.com address=a.b.c.d
ip dns static add name=connectivitycheck.android.com address=a.b.c.d
ip dns static add name=connectivitycheck.gstatic.com address=a.b.c.d


Or add these entries manually using WinBox:

Go to IP-DNS

Check if the Servers entries are set with required superior DNS or at least Dynamic server is assigned.

If not, enter the servers manually: (the IP of DNS servers are just example, use the servers according to your requirements)

Click on "Static" 

Click on "+" (Add)

Enter the Name clients1.google.com and an inactive private IP

Click OK

Repeat the steps for each test domain.

clients1.google.com
clients3.google.com
connectivitycheck.android.com
connectivitycheck.gstatic.com

DnsMasq service:

Insert following lines to configuration file (/etc/dnsmasq.conf). Correctly configured DNS forwarding is expected. The a.b.c.d represents an inactive private IP, that cannot generate response 204.

# Android Internet Conectivity Test Domains
address=/clients1.google.com/a.b.c.d
address=/clients3.google.com/a.b.c.d
address=/connectivitycheck.android.com/a.b.c.d
address=/connectivitycheck.gstatic.com/a.b.c.d


Microsoft DNS

In the MS DNS Server Configuration (dnsmgmt.msc) go to Forward Lookup Zones and create a new zone.

Enter the zone name identical to the test domain.

Configure the zone type and other properties according to your requirements and your MS DNS configuration.

Add a new static A entry with empty name and an inactive private IP, that cannot generate response 204.

Repeat the steps for each test domain.

clients1.google.com
clients3.google.com
connectivitycheck.android.com
connectivitycheck.gstatic.com


Important notice

Be aware that any changes in DNS translation can cause unexpected behavior in your network. SOCIFI can not be held responsible for any malfunctions caused by the procedures described above.


Related pages

The Splash Page is not triggered when Android devices connect to WiFi

Android Splash Page Workaround Switcher

Android Sign in to Wi-Fi Network Settings (Workaround)