Page 1 of 2 12 LastLast
Results 1 to 10 of 20
  1. #1
    Newbie
    Join Date
    Dec 2019
    Posts
    12

    Default Autotag of hosts by a device hostname pattern (e.g. *iPhone*, tag as iphone)

    I have many Apple iPhone and iPad devices in my network. For load balancing purposes, I would like to tag all iPhones and iPads into separate groups and distribute their loads across different VPN Tunnels that I already have working properly (including DNS leak issues taken care by a separate DNS port 53 TCP/UDP forwarding rule).

    Unfortunately, Apple has a Private Address feature which periodically changes MAC IDs for each device so that they cannot be manually tagged in the Hosts tab. So, while I manually assign tags to hosts, in a day or 2, these tags are no longer matching to the right device.

    I would like to know if anyone has found a way to handle this situation by automatically tagging such devices using hostname patterns such as *iPhone* or *iPad* in an Event Trigger to set a tag on behalf of each host when it connects to the Untangle NG. If so, can you provide details? Even if I can find a possible source event (Host Event - hostnameDeviceLastKnown looks interesting?), it's unclear how long I should set as the assigned Tag Lifetime so that I don't end up with tags timing out or living too long. Any ideas would be welcome -- other than telling folks to disable the Private Address feature.. that is what I'm trying to address -- not ignore.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,235

    Default

    There is no way to do what you ask, and there never will be a way to do what you ask. At least... not with that MAC randomization BS running.

    There simply is no tagging that will universally work in these conditions. Names can be changed, and don't always contain "iPhone", and the MAC prefix doesn't say Apple either... so you're rather sunk.

    If you want your manual tags to stick: https://support.apple.com/en-us/HT211227
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie
    Join Date
    Dec 2019
    Posts
    12

    Default

    Thanks, but there is definitely a large consistency in the hostnames for Apple devices. Nearly all of the iPads and iPhones I see on my network typically have *iPhone* or *iPad* in the hostname (at least with sufficient consistency for my purpose, in >95% of the cases).

    So, there is sufficient consistency to do what I want from the information on my NG firewall already. I'm just missing the knowledge to harness what's already there in Untangle to generate an event-driven tag from a hostname or device event with an appropriate Tag Lifetime to largely offset the Apple Private Address feature. Has anyone done something similar to what I'm asking?
    Last edited by craiglschafer; 12-25-2020 at 08:35 PM.

  4. #4
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,258

    Default

    On a few sites we look at the Browser User Agent.
    And from that asigne tags.

  5. #5
    Master Untangler
    Join Date
    Apr 2020
    Location
    United Kingdom
    Posts
    125

    Default

    I recently came up against this with my wife's new Android phone. Fortunately, you can switch the MAC randomization off per specific WiFi network, so not sure if iOS lets you do the same?

    I was almost tempted to use it as an excuse for having a go at setting up some kind of RADIUS/LDAP server so that I could tag users based on username (as well as authenticate to WiF and all the other stuff), which in a way is nicer as you can apply policy regardless of which device they beg, steal or borrow.

  6. #6
    Untanglit
    Join Date
    Dec 2020
    Posts
    15

    Default

    WebFooL, do you know if there is a way to auto tag based on the http user agent?

  7. #7
    Untanglit
    Join Date
    Mar 2020
    Posts
    15

    Default

    I'm not an expert in this, but it my understanding that Apple always randomizes using four unique ranges. x2-xx-xx-xx-xx-xx, x6-xx-xx-xx-xx-xx, xA-xx-xx-xx-xx-xx, xE-xx-xx-xx-xx-xx

    So if you build a rule using the standard Glob matching feature which I believe MAC Addresses in rules supports you can easily identify a randomized iPhone address.

    Hope this helps and as always, open to corrections or suggestions.
    Last edited by JerryOH; 12-26-2020 at 02:57 PM.

  8. #8
    Newbie
    Join Date
    Dec 2019
    Posts
    12

    Default

    If anyone has a working version of this, I would really appreciate an exact setup of the appropriate trigger as I'm honestly struggling to get the triggers to work. See the example below which doesn't work when enabled (trying to trigger tagging using httpUserAgent updates to the Event table). Can anyone tell me the correct way to trigger against the listed events:

    autotag rule broken.png
    httpUserAgent events.png

  9. #9
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,258

    Default

    Here is a sample:
    trigger.PNG

    If i remember right we had some issues with the "contains" option.

  10. #10
    Newbie
    Join Date
    Dec 2019
    Posts
    12

    Default

    Thanks so much for a working trigger example for device table. But I guess without working trigger support for a "contains" operation, the end goal just isn't doable as I can't keep creating new trigger versions of httpUserAgent strings as the version number must continually change. So, it appears that software bugs in Untangle event/device triggers are effectively blocking me from doing anything reasonable to address private MAC addresses on devices. Would be nice if Untangle could provide a fix or workaround for this bug.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2