[Dnsmasq-discuss] Block dhcp from serving to specific device

Fri Oct 16 20:44:18 BST 2020

Have you tried disabling keychain sync to iCloud on the kids iPhones?  WiFi
passwords are stored in there and if you sync keychain across devices then
that is why the kids iPhones are picking up your WiFi passwords.

They will also be getting all your saved userids and passwords... Do you
really want your kids having your bank account credentials?

It would be best for your kids to have their own Apple IDs -- unless they
are still too young for that.

David.

---------- Forwarded message ---------
*From: *Jeff Boyce <jboyce at meridianenv.com>
*Subject: **[Dnsmasq-discuss] Block dhcp from serving to specific device*
*Date: *October 16, 2020 at 11:39:31 AM CDT
*To: *DNSmasq Mailing List <dnsmasq-discuss at lists.thekelleys.org.uk>

Greetings -

    I am having an issue on my home network with Apple devices getting
assigned addresses to vlans that are not desired.  Not sure of if dnsmasq
will be helpful in resolving the issue, but thought I would inquire here as
I am exploring many options.  I am running dnsmasq as part of my pfSense
gateway device, but if dnsmasq can solve this then I am sure I can get it
implemented in the pfSense interface.

    The issue is that I have two iPhones on my home wireless network, and
have two vlans for my wireless network.  One vlan is for setup for the
parents, while the other vlan is setup for kids and guests with different
firewall and access restrictions between the two vlans.  All known devices
are assigned static IP's via dnsmasq, with guest devices assigned dynamic
IP addresses.  The parent iPhone is configured to use the parent wireless
vlan.  The kid iPhone only has the ssid and password for the kid wireless
vlan remembered on the phone, and has not been given the password for the
parent wireless vlan.

    The issue occurs when occasionally I find the kid iPhone being assigned
a dynamic IP address on the parent wireless vlan.  When this happens I tell
the kid iPhone to forget that network, and it goes back to the kid wireless
vlan.  I am certain that the kid is not the one making the change to the
parent wireless network.

    I have tracked the issue to an Apple feature, that synchronizes
wireless access point information between phones on the same account.  The
kids iPhone happens to be under the same Apple account as the iPhone of one
of the parents, so when Apple synchronizes all iPhones on the account the
kids phone gets the information for the ssid and password of the parent
wireless vlan.  The kids iPhone will connect to the parent wireless vlan
when dhcp is renewed if the parent wireless vlan happens to have a stronger
signal than the kid wireless vlan (my assumption on signal strength being
the determining factor, it may be the the reply comes back quicker from the
parent wireless vlan).  When this happens the kids iPhone gets assigned a
dynamic IP address from the parents wireless vlan.  I have gone through all
the options with Apple to try and resolve this, and nothing works because
it is an intended feature that is supposed to not be broken.

    So I am wondering if there is a configuration setting that I can add to
my dhcp server that would refuse a specific device from connecting to a
specific vlan.  If possible, then I would be able to block the kids iPhone
from connecting to the parent wireless vlan, thus forcing it back to the
kids wireless vlan.  Thanks.

Jeff

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20201016/48a3765a/attachment.html>