We have an app wherein certain functionality needs to work only when the user is connected to a router associated with his account (we have some information about user accounts and home routers).
However, it is possible for the user to set up a VPN connection to his home router via any public wifi/3g network. We want to block certain functionality if that is the case.
Any ideas as to how it can be detected using any of the existing iphone/ipad apis?
Thanks,
Hetal
There is a flag in the reachability API called kSCNetworkReachabilityFlagsTransientConnection.
It is true when you are connected via a VPN and false if you are not connected via a VPN.
We used this flag value to check for our conditions.
There's no iOS API (public at least) that is going to give you information on whether you're running on a home router or public WiFi connection. You can only determine that you're on a WiFi connection vs. 3G. (for example, see the Reachability sample)
You might be able to do some sort of lookup based on the device's current IP address. You'd have to have each user register their router's IP address and have your application validate it before running, etc. But still, there'd be no guarantee that user's home router is secured. In other words, it could be just as wide open as a public WiFi.
Related
During the Account Linking of our app with Google Assistant, we authenticate the user by mapping its WAN IP Address.
Once Webhooks intents are received, they are coming from Google cloud, not the user device, so the WAN IP doesn't match. It's then impossible to know if the user is still at home.
It seems there are ways of obtaining user and device identity, like name or device location. Is there a way of obtaining the device WAN IP address?
(à la x-forwarded-for).
In short - no.
The Assistant platform is meant to allow users to, somewhat transparently, move from device to device. The device ID isn't even standard.
If you need to know their location to make sure they haven't moved, then you can ask for their physical location. For speaker devices, such as the Home, it will use the device location that was set by the user, but for mobile devices it will use the GPS.
One of our hotel clients provide free WiFi to its guests with a Hot Spot, however, there are available only a few URL to access them freely (such as Facebook or the website of the hotel) and if you need more access you should log in.
We have developed the App for the hotel and one of its features is that if you open the App it gives you a complete access to the hotel WiFi, so you can navigate to any page you want.
Therefore, it is necessary that the guests can download the app through the AppStore without being logged in to the hotel WiFi, so the guest can download the App and get the access immediately.
We have a trace of the URL that calls the AppStore for search and downloading the App and we have set the Hot Spot to allow access to this URL, however, the AppStore tells us that we have no connection.
What URL should we need to enable in our Hot Spot for the AppStore to work properly?
These are the routes that have enabled:
search.itunes.apple.com
play.itunes.apple.com
init.itunes.apple.com
su.itunes.apple.com
itunes.apple.com
se.itunes.apple.com
p59-buy.itunes.apple.com
pd-st.itunes.apple.com
xp.apple.com
sp.itunes.apple.com
Thank you for your help.
Apple Appstore communicate using HTTPS. So router in the middle will not know what url that been use by client due to it's encrypted.
The solution is, instead of allow those by url. you need to allow it by ip address.
I would suggest to allow connection to the following address.
17.154.0.0/16 Apple's Class B Subnet includes phobos.apple.com address(es)
23.63.98.0/23 Akamai Technologies CDN
Please keep in mind that xxx.xxx.xxx.xxx/16 mean 255.255.0.0.
And it will be equal to allow ip adresss from 17.154.0.0 - 17.154.255.255
Also Akamai is a Content delivery service So ip address will various from location. I would suggest you to try to ping swcdn.apple.com get ipaddress and allow those /23 server.
I need to let a user access server only from a specific MAC, so he wont be able to access server from another device.
Can any one give me hint how can i achieve that ?
There is no direct way to achieve this
You can of course limit access by protocol/IP/port (with iptables), or at the application level (including IP, with tcpwrappers). You can also limit access based on MAC (with ebtables).
But I am affraid there are no solutions linking user information and MAC address. Too far in the network stack to be usable, perhaps.
What is the exact problem that you are trying to solve by limiting access by MAC and UserID?
Consider a solution like this: initialy, every computer gets a 'temporary' IP from an unprvileged network. That IP does not entitle the user to use any services. Then the user logs in , and after a sucesfull log-in, a new IP from privileged network is issued to him. This IP is specific to this user. From now on the user access can be controlled based solely on his IP.
This will require VLANs and some provisioning made on switches. See Windows server - assign IP by username for a similar case.
We're deploying a Wifi hotspot service in some locations via unifi. You have to sign up with your mobile number and get an sms which includes the activation link.
The Problem is:
The iPhone seems to check the connectivity of a WLAN to the internet. So, after you sent your number, and before you clicked on the actvation Link, theres no Internet Connection (Basically it is, but youre not allowed to get outside of the Internal network until activation Link has been clicked).
The Iphone recognizes this and disables the WiFi, because it can't contact his "Testserver" - so you are on 3g again, and the activation Link isn't reachable anymore.
My Question:
Does anybody know to which IP the Iphone tries to connect before it deactivates WiFI?
So i could Whitelist this IP to be reachable without authentication, so the Iphone wouldnt disable Wifi by itself anymore.
I've tried to catch it up via wireshark, but i didnt see anything. :(
How can connect to a specific wifi which is password protected?
Scenario: There are four wifi networks but my app needs to connect to specific one whilst providing a password.
You can't there is no public API to do this.
You have to manually select a wifi network from the settings.