Captive Wi-Fi networks, also referred to as “subscription” or “Wi-Fi Hotspot” networks, are public Wi-Fi networks that users can subscribe to or pay to access. Captive Wi-Fi networks can typically be found at public locations including but not limited to coffee shops, Internet cafes, hotels, airports, airplane, and other public or semi-public locations. In some cases, captive networks are sponsored and maintained by wireless carriers (such as AT&T wireless hotspots in Starbucks).
Users/visitors typically access a captive network via its captive portal, which provides a mechanism to control Internet access by authenticating and/or authorizing guest or other types of access to the captive network by the users. When a new user attempts to connect to the Internet through a wireless connection to the captive network, that connection request is sent to the captive portal, which typically presents welcome information and an agreement on terms and conditions of access (allowed ports, liability, etc.) to the captive network for the user to accept. When authentication through the captive portal is complete, the user is allowed access to the Internet through the captive network. In some embodiments, the captive portal may also be used to monetize the user's access to the Internet (as in contemporary airplane Wi-Fi) by facilitating payment for the Internet service. Some mobile devices such as smartphones and laptops can automatically detect that they are within a captive network and display a notification to the user of a smartphone that access must be authorized before connections are allowed to continue.
When an interstitial network appliance such as a virtual private network (VPN) gateway running on a network appliance that has no external display attempts to connect to and use a captive network, utilizing a captive portal that requires interaction via a display screen for access authorization may be problematic. The VPN gateway of the network appliance is typically used to as gatekeeper to protect devices in a protected network. Generally the VPN gateway must be bypassed in an insecure way so that a device protected by the VPN gateway can interact with the captive portal via a web browser or similar web access tool. Otherwise, network access to the captive network by the devices in the protected network cannot be achieved. Bypassing the VPN gateway, however, lowers the security of the devices that the VPN gateway is intended to protect.
The foregoing examples of the related art and limitations related therewith are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent upon a reading of the specification and a study of the drawings.