Captive Portal iOS 16.0.2 issues

Nando · September 28, 2022, 10:44am

Hello All,

We are seeing issues with the latest version of iOS (16)

The Captive network assistant (CNA) pops up intermittently.

When it does we get an error “Error opening page - Hotspot login cannot open the page because the server cannot be found”

Works perfectly using iOS 15

Is there anyone seeing similar issues with Mikrotik Hotspot ?

Nando · October 6, 2022, 4:44pm

We figured this out.

Apple have changed something on their DNS network settings on iOS16.

We were bypassing 8.8.8.8 on our hotspot walled garden script (mainly used for for testing i.e. ping 8.8.8.8 )

I could not reach our local hotspot IP (router gateway IP) or DNS name via phone browser with iOS 16

Removing the walled garden entry for 8.8.8.8 fixed the issue.

Some others having similar issues with other applications here:

https://developer.apple.com/forums/thread/715416

giopec · December 7, 2022, 11:00am

Hi Nando,
We are making some tests on similar issues did you get to know why this has fixed the issues?
“Removing the walled garden entry for 8.8.8.8 fixed the issue”
This seems a very standard configuration to use that DNS.
Giovanni

arash66 · December 16, 2022, 7:31am

Hi, we have a similar issue.

iPhones with iOS + 16 no longer prompt our hotspot’s landing page hosted by MikroTik routers.

A Godaddy SSL certificate secures the landing page and once I bypass the crt, the landing page pops up just fine!

We also don’t have any of the public DNSs on the Walled garden.

Any of you guys can help us out with this?

Bitto · January 10, 2023, 10:07am

Any updates about this problem? All of our customers who uses iOS/iPadOS 16 are complaining about no login redirection. Does mikrotik acknowledges this problem? Will there be any updates to fix this?

pablorib · January 24, 2023, 2:27pm

We finally found the cause of all headaches.
There is a file called api.json inside the new standard hotspot folder, that triggers the Apple Cna.
With it, it pops up.
Without it doesn’t.

http://forum.mikrotik.com/t/apple-cna-doesnt-show-up/160265/1

normis · January 24, 2023, 3:04pm

It could be that, but most likely there is a more easy solution. Check your walled garden and remove entries from there. Many people enter some apple servers in there and then are surprised that apple is bypassed

aeero · January 24, 2023, 3:56pm

Thanks a lot.

Removing the file api.json has solved the problem.

Putting Apple servers urls in the walled garden makes no sense at all.
The whole captive portal detection mechanism is based on whether you can reach these servers.

amobasher · March 23, 2023, 9:38am

placing the API.json file in the root directory of our customized hotspot doesn’t solve the problem with apple devices, with/without API.json the Iphone doesn’t popup the captive portal!

I’m using local DNS along with 8.8.8.8

any advise ?

normis · March 23, 2023, 9:42am

I repeat once again.
Please check walled garden. Many of you put some apple domains in there for no reason, other than you copied somebody elses broken config.

amobasher · March 23, 2023, 10:10am

My walled garden and walled garden IP list are totally empty, any advise on what could be the solution?

amobasher · March 27, 2023, 11:18am

Just Update:
I’ve tested downgrading the router board 1036 from ver 7 to ver 6.49.7 and the captive portal didn’t pop up automatically and connected my router to a different ISP and reconfigure the Mikrotik address list and routes and the issue solved and the Captive portal popup automatically on all IOS devices

Flo · March 31, 2023, 5:47am

Mybee interessting fact i found out with the case that the Portal is not working…
I found following Info on the Apple Side:

DHCP Option: 114 (Captive-Portal)
Length: 38
Value: https://example.org/captive-portal/api

DHCPv6 Option: 103 (Captive-Portal)
Length: 38
Value: https://example.org/captive-portal/api

IPv6 RA Option: 37 (Captive-Portal)
Length: 38
Value: https://example.org/captive-portal/api

So i created follwoing DHCP Option for my Hotspot DHCP Server:

/ip dhcp-server option
add code=114 force=yes name="Captive Portal" value="'http://***IP Hotspot Bridge***'"
add code=160 force=yes name=option1 value="'http://***IP Hotspot Bridge***'"
/ip dhcp-server option sets
add name=set1 options="Captive Portal,option1"

Than i had to go to the DHCP Server and activate the DHCP Option.

After this i greated an Walled Garden deny rule.
(iOS is checking captive.apple if there is internet on the connected WLAN)

add action=deny dst-host=*captive.apple* server=****HOTSPOT-SERVER-NAME****

Than move this rule to 1st positon.
Since than my Hotspot Portal is back working on all iOS devices.

Maybe it will help some others.

Info from Apple regarding DHCP Options: https://developer.apple.com/news/?id=q78sq5rv

prawira · April 24, 2024, 5:01am

hi all,

we have experiences where all apple device can not show up the login page automatically when connected to hotspot. the portal address have to enter manually on browser address. thus on iphone 14-15 the portal page refuse to shown even if the address has been entered manually. no problem on android, windows and linux.

the main router is RB1100AHx4 with ROS v6.49.10

is anyone has clue regarding this problem ?

thank you