I don’t need help, it’s just too implausible for me not to be curious.

Aside, it’s been fascinating anonymously watching this network evolve over the past decade as a citizen-user who has business in the building. I’ve been battling with the faceless network admins trying to find ways to access my home lab year-after-year.

First they blocked my personal domain because I tried to reach vpn.mydomain.com. Then I couldn’t use OpenVPN at all (or I was too green at the time to bypass). Next, Wireguard worked for a while until it didn’t. Now tailscale is working but I’m forced to use the slow DERP servers to reach home. I might try Headscale with a different personal domain next.

My next project is a little more radical - hiding an old pi 3B on the network as an exit node on that network. Then I can use the state-owned IP instead of my home one when websites are dicks about third-party VPN IPs.

  • @dynamic_generals
    link
    English
    0
    edit-2
    9 months ago

    If there are no TOS though, wouldn’t OP be in the clear? I was an intern at a state capitol a couple years and while we had secured user/print/PSK networks, the public network was just an unprotected SSID without a captive portal - you just join.

    I didn’t think about it at the time, but it seems wild to have that setup in 2024. Piqued, I just looked it up and unless they’ve added a captive portal with a TOS to agree to, it looks like this is the only governing statement:

    Wireless Internet access is provided for the public at the Connecticut General Assembly (CGA) campus. This includes the State Capitol Building, the Legislative Office Building (LOB), and the Old State House (OSH). This wireless service is protected by virus and malware protection systems. Objectionable advertising, pornography, spyware, viruses, and other inappropriate content is blocked. To utilize the Internet, simply connect your device to the CGA_Guest wireless network.

    It reads to me like In that increasingly rare scenario that a raspberry pi advertising an exit node isn’t considered different from Joe’s laptop or Jane’s phone.

    • @computergeek125
      link
      English
      49 months ago

      ToS I’m using as a bit of a nebulous phrase. If there is filtering involved, there exists a list of dos and donts - in your example, that base filtering case seems to have a lot of leeway in defining what “objectionable advertising and content” is. They could (not a great move but could) say “VPNs are objectionable”.

      I still stand by that the correct move to contact IT - if the network isn’t showing it’s ToS on launch, either as the flyer with the password, captive portal, or equivalent, they could request the network terms from IT (or equivalent service desk/management). If there is not in fact a ToS,… Then it’s really become a lawyer matter. I am not a lawyer - I’ll defer that discussion of a network that enforces a policy without showing a ToS to the experts in the field.

      I hesitate to say if OP has the green light if they’re not advertising terms. Clearly there is some policy the network is enforcing against OP, and a (as they put it) a faceless network admin making the changes. Even if it’s not a formal legalese policy, it could be just a simple list of what not to do. Communication between OP and their faceless network admin is going to be the key to successful resolution.

      Guest networks are in a bit of a different category for that because we (collectively as IT in general) expect people to be placing tunneling protocols to protect themselves on a guest network, but a company may object to and block any non-standardized VPN that isn’t run by corporate on their internal network.