We have moved to a new Sailfish OS Forum. Please start new discussions there.
19

Roaming client for (international) WiFi/WLAN Hotspot roaming

asked 2013-12-29 20:14:07 +0200

updated 2015-04-10 23:43:14 +0200

Well, it's a complicated thing, but I'd like to raise the issue anyway ...

Worldwide more and more public WiFi/WLAN hotspots pop up, being usable under different commercial and technical concepts

All such concepts are basically using just 2 technical concepts

[UPDATE]: nodevel just loaded "ROAMER" app to openrepos: https://openrepos.net/content/nodevel/roamer It's providing EAP/802.1x/WPA enterprise access. It's primarily targeting Eduroam but I also tested it on an EAP based WiFi hotspot service ....

The pity of the whole approach is, that (almost) all clients allowing automated Hotspot access, are proprietary and only available on certain OS platforms.

One of the reasons is, that WISPr and 802.1x allow different flavours of implementation within the hotspot system, so interoperability is not given. Clients have to "know" the individual network to a certain extent, in order to allow automated access. Future might see "Hotspot 2.0", but until then a truly interoperable client could only be set up with the help of a community being able to provide testing and results within hundreds of networks worldwide.

So - as Christmas just passed, I'm still dreaming of a hotspot client being so versatile/modular, that (like modern instant messaging clients) different accounts could be configured and the client automatically logs me into a hotspot as soon as it detects a suitable one .... don't know whether this is too far fetched, but I'm happy to learn ...

edit retag flag offensive close delete

Comments

well, it's free, but it's also not free... often one needs registration or needs to be some kind of subscriptor for that company, etc... or the need of a spam-able email address...

in a way, if the one client were possible, their whole concept would fail...

AL13N ( 2013-12-29 21:57:11 +0200 )edit

@AL13N No, that's not the case ... even though many hotspots have their own authentication system, a large number is enabled for roaming and allow access also for users being registered in an entirely different user environment. E.g. students of a Swiss university may use the WiFi hotspots of a Swedish university through Eduroam or a customer of Deutsche Telekom may use WiFi hotspots of Swisscom in Switzerland through fully automated roaming ...

Manankanchu ( 2013-12-29 22:07:22 +0200 )edit

great idea, simplify the life of using hotspot without headache !

redge73 ( 2013-12-30 03:41:22 +0200 )edit
1

There is already software support for Eduroam-type WPA EAP-PEAP/MSCHAP2 authentication, you just need to edit config files by hand.

ExTechOp ( 2013-12-30 19:04:27 +0200 )edit

@ExTechOp yes, I know, there are a lot of isolated solutions for such internetwork roaming, you can set up Eduroam as 802.1x network (as all networks have same SSID "Eduroam"), you can install an iPass client, a Boingo client, install free.fr EAPSIM config,, use Skype Hotspot login (which is in fact Boingo) .... so it's in fact similar to Instant Message in former times, when you had a separate client for each service. But like today you have 1 IM client (like e.g. Pidgin) handling all services, I'd love to have a roaming client handling all different accounts a user might have ...

Manankanchu ( 2013-12-31 10:40:29 +0200 )edit

2 Answers

Sort by » oldest newest most voted
3

answered 2013-12-31 10:18:32 +0200

FlyingSheep gravatar image

updated 2013-12-31 11:09:34 +0200

I also would appreciated easier Public WLAN (PWLAN) access.

This morning I failed to get my new Jolla to fully connect to the Swisscom PWLAN on the train to work. I get as far as entering logon details (phone number), then nothing more happens. (whereas from my laptop a few minutes previously the same process was flawless).

I have also tried and failed to access the Visitor's WLAN at work. Once again I enter the credentials, then I briefly get a dialog from the phone asking me if I want to save the credentials, and nothing happens. (I suspect that this dialog may be part of the problem). By way of comparison I can connect to the Visitor's WLAN with my old N9, and have done so with a Samsung Galaxy Note 3.

edit flag offensive delete publish link more

Comments

That's pretty much a problem of Jolla phone which is so far unable to properly handle different WLAN networks. I'm using 5 - 10 different networks per day and I have to reboot Jolla several times a day just for that ... If you search Together you'll find a number of posts referring to that, all waiting for a fix.

Manankanchu ( 2013-12-31 10:43:57 +0200 )edit

thanks, I have seen quite a few of those. B.t.w I should have stated that the 2 PWLANs I quote above both require login via web, as opposed to in the WLAN settings. Have you managed to get Swisscom going? I did get my home WLANt to work though (although updates, installing apps, enabling dev-mode don't seem to work from that network ....)

FlyingSheep ( 2013-12-31 11:00:39 +0200 )edit

i'm actually not a person who wants this, you'll probably mean @Manankanchu and there is no need to have this like a letter, you can cut the useless parts :-). normally this should be for comments, but you'll definately go over the character limit, so i'll leave it as an answer.

AL13N ( 2013-12-31 11:02:56 +0200 )edit

i confirm having the same issue (find it strange that so few others are interested)

Cary Grant ( 2014-01-24 20:48:33 +0200 )edit
2

answered 2014-01-31 09:49:28 +0200

Currently and before Hotspot 2.0 is in wide-spread use, the WiFi networks cannot advertise what roaming partners they will accept. The current roaming clients rely on detecting registered SSIDs (e.g. you have to inform iPass and Boingo what SSID you use, if you are a wireless service provider), captive portal authentication and WISPr parameters received via the redirections and/or login page.

Having functionality, which would blindly try to send user credentials to any captive portal is not really useful. Instead it should be implemented so that device will try to detect a captive portal when joining network and then inform the user and ask he user the permission to enter or send pre-configured credentials. This may require starting a web browser as it is done with Android and iOS where this feature is working reasonably well.

Fortunately also commercial roaming brokers are switching to standard WPA2 Enterprise authentication (with EAP-SIM, EAP-AKA, EAP-TLS in addition to username-password combination) and deploying Hotspot 2.0 so that it is easier to find WiFi roaming networks as well as enter and use existing credentials safer.

Unfortunately currently Jolla does not support these securely and among other issues also the following security issues should be fixed:

https://together.jolla.com/question/15645/connman-does-not-support-setting-up-anonymous-or-outer-eap-identity-for-wifi-wpa-enterprise/

https://together.jolla.com/question/15292/connman-does-not-support-certificate-detail-verification/

https://together.jolla.com/question/1607/gui-to-addtrust-ssl-root-certsself-signed-certs/

There needs to be UI and ways to configure WPA2 Enterprise as well:

https://together.jolla.com/question/315/wpa2-pskaesothers-wifi-support-needed-workaround/

About EAP methods, only EAP-TLS is supported currently by the vanilla ConnMan although wpa_supplicant used can support all of them as well as Hotspot 2.0 features. In this sense Jolla/Mer is still missing a working, good connection manager, which may cause also some of the other WiFi problems reported here at together.jolla.com.

Service providers also need ways to provision (that is to send) configurations to devices. Apple's iOS has already its configuration packages, Android has app interfaces, but currently Jolla does not have either. This is something I have been thinking of writing to together.jolla.com about, but have not yet have time to do it. Maybe I will add a link as a comment when I have done it.

edit flag offensive delete publish link more

Comments

1

@Karri Huhtanen - thank you for your comment, your are basically right concerning Hotspot 2.0 / IEEE 802.11u . The problem is, that this standard is not expected to really spread out widely in a foreseeable amount of time ....

Sending the user to a captive portal does not require a client (browser will do), in fact I just want to avoid this captive portal, as it is not standardized and in frequent cases almost non-understandable.

Sending user credentials blindly is in fact the standard case as of today. While SSL can be taken as basis to encrypt transmission through the wireless link, the access gateway can read username/password. It is fact as of today, that any rogue solutions could harvest credentials by faking the SSID of a real public hotspot, so a "white label" client would neither improve nor worsen the situation.

"Fortunately also commercial roaming brokers are switching to standard WPA2 Enterprise authentication " .... hmmm, haven't heard of any (and I'm in this business for years ....).

Well, I was aware, that there is no easy solution to this issue, so I was trying to limit the approach to WISPr and 802.1x (aiming for Eduroam, as are there's only 1 SSID) ...

Manankanchu ( 2014-01-31 11:23:09 +0200 )edit

Starting to use EAP-SIM, EAP-AKA and EAP-TLS with WPA2 Enterprise networks and only use open / captive portal networks only for first provisioning seems to be the where roaming brokers and service providers are heading. 802.11u and Hotspot 2.0 of course complement this.

Karri Huhtanen ( 2014-01-31 11:36:50 +0200 )edit

WISPr 1.0 and 2.0 headers and information on web page could be used for detecting a possible roaming network or at least captive portal and then a dialog or opportunity to use stored credential could be offered to user.

Karri Huhtanen ( 2014-01-31 11:40:34 +0200 )edit

Haven't heard of roaming brokers to go for EAP (no active approach heard from iPass, Boingo, Crossroam, Aicent - only approach heard of Comfone/Key2Roam) so there's no movement in that ...

Manankanchu ( 2014-01-31 11:41:20 +0200 )edit
1

"WISPr 1.0 and 2.0 headers and information on web page could be used for detecting a possible roaming network or at least captive portal and then a dialog or opportunity to use stored credential could be offered to user." .... yep ...that's basically what a WISPr client is doing ...

Manankanchu ( 2014-01-31 11:43:53 +0200 )edit
Login/Signup to Answer

Question tools

Follow
11 followers

Stats

Asked: 2013-12-29 20:14:07 +0200

Seen: 1,951 times

Last updated: Apr 10 '15