[Dnsmasq-discuss] Block dhcp from serving to specific device

David Kerr david.a.kerr at gmail.com
Fri Oct 16 23:57:19 BST 2020 

Note that keychain is not specific to iPhones... it is used by all Apple
devices... MacOS, iPhone, iPad.  You just have to click "yes" on any
browser to have your password saved.  So it is really easy to end up with
web site credentials in your keychain and then propagate to all devices you
own.

David.

On Fri, Oct 16, 2020 at 5:43 PM Jeff Boyce <jboyce at meridianenv.com> wrote:

> Yes, I had disabled the keychain sync, and I thought that had solved the
> issue.  I think it went several months without connecting back to the
> parents vlan.  I haven't been able to figure out what caused it again, it
> may have been the recent iOS update that reset some of the settings back to
> default.  But now it seems to be doing it again regularly, and why I am
> looking for other possible options.  I will go back and look at the
> keychain sync again.  Apple doesn't make it easy find and disable that;
> will have to check my notes.
>
> The parents don't use their phones for conducting banking transactions and
> other things that might accidentally be exposed on the kids phones, so we
> should have ourselves protected there.  And the kids are still a little too
> young to be set free with their own Apple IDs, which is also part of the
> reason why they are on a separate vlan.  With the phone tied to the parent
> account it is much easier to monitor their activity, not as easy with a
> separate Apple ID.
>
> Jeff
>
>
> On 10/16/2020 12:44 PM, David Kerr wrote:
>
> Have you tried disabling keychain sync to iCloud on the kids iPhones?
> WiFi passwords are stored in there and if you sync keychain across devices
> then that is why the kids iPhones are picking up your WiFi passwords.
>
> They will also be getting all your saved userids and passwords... Do you
> really want your kids having your bank account credentials?
>
> It would be best for your kids to have their own Apple IDs -- unless they
> are still too young for that.
>
> David.
>
> ---------- Forwarded message ---------
> *From: *Jeff Boyce <jboyce at meridianenv.com>
> *Subject: **[Dnsmasq-discuss] Block dhcp from serving to specific device*
> *Date: *October 16, 2020 at 11:39:31 AM CDT
> *To: *DNSmasq Mailing List <dnsmasq-discuss at lists.thekelleys.org.uk>
>
> Greetings -
>
>     I am having an issue on my home network with Apple devices getting
> assigned addresses to vlans that are not desired.  Not sure of if dnsmasq
> will be helpful in resolving the issue, but thought I would inquire here as
> I am exploring many options.  I am running dnsmasq as part of my pfSense
> gateway device, but if dnsmasq can solve this then I am sure I can get it
> implemented in the pfSense interface.
>
>     The issue is that I have two iPhones on my home wireless network, and
> have two vlans for my wireless network.  One vlan is for setup for the
> parents, while the other vlan is setup for kids and guests with different
> firewall and access restrictions between the two vlans.  All known devices
> are assigned static IP's via dnsmasq, with guest devices assigned dynamic
> IP addresses.  The parent iPhone is configured to use the parent wireless
> vlan.  The kid iPhone only has the ssid and password for the kid wireless
> vlan remembered on the phone, and has not been given the password for the
> parent wireless vlan.
>
>     The issue occurs when occasionally I find the kid iPhone being
> assigned a dynamic IP address on the parent wireless vlan.  When this
> happens I tell the kid iPhone to forget that network, and it goes back to
> the kid wireless vlan.  I am certain that the kid is not the one making the
> change to the parent wireless network.
>
>     I have tracked the issue to an Apple feature, that synchronizes
> wireless access point information between phones on the same account.  The
> kids iPhone happens to be under the same Apple account as the iPhone of one
> of the parents, so when Apple synchronizes all iPhones on the account the
> kids phone gets the information for the ssid and password of the parent
> wireless vlan.  The kids iPhone will connect to the parent wireless vlan
> when dhcp is renewed if the parent wireless vlan happens to have a stronger
> signal than the kid wireless vlan (my assumption on signal strength being
> the determining factor, it may be the the reply comes back quicker from the
> parent wireless vlan).  When this happens the kids iPhone gets assigned a
> dynamic IP address from the parents wireless vlan.  I have gone through all
> the options with Apple to try and resolve this, and nothing works because
> it is an intended feature that is supposed to not be broken.
>
>     So I am wondering if there is a configuration setting that I can add
> to my dhcp server that would refuse a specific device from connecting to a
> specific vlan.  If possible, then I would be able to block the kids iPhone
> from connecting to the parent wireless vlan, thus forcing it back to the
> kids wireless vlan.  Thanks.
>
> Jeff
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
> _______________________________________________
> Dnsmasq-discuss mailing listDnsmasq-discuss at lists.thekelleys.org.ukhttp://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
> --
>
> Jeff Boyce, CF
> Meridian Environmental
> 2136 Westlake Ave. North
> Seattle, WA  98109
> 206-522-8282www.meridianenv.com
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20201016/b80142ae/attachment-0001.html>

More information about the Dnsmasq-discuss mailing list