WiFly/Mikrotik Captive portal page doesn't close on iOS, but works on Android

mac iphone ipad

When connecting an Apple device to a guest hotspot, the authorization page of the Apple Captive Network Assistant does not close after authenticating. On Android it works like it should.

My setup:

  • Provider: Rostelecom
  • Captive Portal Service Provider: WiFly
  • Router: Mikrotik
  • Transport: UniFi

The instructions from these vendors did not help in solving the problem.


The automatic handling of captive portals on works by iOS automatically downloading various Apple URLs when connecting to a new network, such as these URLs:

http://captive.apple.com/hotspot-detect.html https://www.apple.com/library/test/success.html (and others)

If the download contains the word "Success", iOS is satisfied that the user has direct access to the Internet.

If the download contains something else, it is most probably a captive portal page, which requires the user to authenticate in some manner. This triggers the Apple Captive Network Assistant to display the downloaded page on screen.

The user then authenticates in some manner with this page. Afterwards iOS periodically checks those URLs mentioned before to see if it now contains the word "Success". As soon as it does, the CNA window is closed.

This method of detectiing captive portals and authenticating conforms to the WISPr 2.0 specification and allows the so called "Universal Access Method" for authentication. This specification is followed by iOS and Android devices alike.

As this doesn't happen for you, it means that your setup somehow prevents the iOS device from downloading the correct page. This could be due to incorrect cache settings on your proxy server (if you have one), incorrect DNS settings, incorrect authentication checks, etc. Especially it's important that you never block any of the apple.com pages used for captive portal detection.

In some cases you can also have problems, if your captive portal page presents an outdated or otherwise invalid TLS certificate.

Another source of errors is when your system redirects the user to another page when successfully authenticated. This could be to an internal page or an external page. Depending on how your system is setup, one of the two might be failing - so you could switch to the other type, or fix the configuration errors (such as firewall or authentication checks) that prevent the user from accesssing the redirect page.

A good way to check is to use Wireshark to make a packet capture of the WiFi interface when trying to connect. You'll be able to see exactly what you're redirected to, and which request fails.

Related

After my brother deleted some system files from my Macbook Air I can’t reinstall macOS
How to monitor and log my internet connectivity on Mojave
Activity Monitor data, in recent history?
Is it possible to make Apple Watch Series 5 measure heart rate (pulse), passively, all the time?
How to disable predictive text on Mac OS Catalina on iMessages
Keeping mail accounts with separate Mail apps on iOS
How to show all results from a repeat loop in the Script Editor results pane
terminal mac - bash command not found, permission denied and '&gt' in prompt
Unable to boot into recovery mode on El Capitan MacBook Air
Apple Pay on the Web requires my phone and email. Is that information shared?
How to fix iPad Pro complaining about unsupported Apple Smart Keyboard?
Password reset with Filevault recovery key not working