We have an Omada Wifi network setup in a very large basement of a Multi-Dwelling Residential Condominium Property with no cellular coverage (in basement). No cellular operator in my country is willing to install any type of Distriubuted DAS antenna, Small cell or Repeater Solution because of the costs involved and relatively low udser density. However most of the apartment common facilities & maintenance runs out of basement and their are Car parking bays. So people do move about in the basement and they need some type of network connectivity for the mobile devices they are carrying. And therefore Wifi network was rolled out as the only substitute possible.

Our Wifi network relires on SMS authentication beacuse it requires no explicit priovisioning and duistribution effort (of userid-passwords, Vouchers, etc). But the drawback we have is that to complete SMS authengtication (Receive OTP) of any user we need cellular network. The very network that its substituting. To recive SMS or voice calls the Mobile device (ios or android) misy gave full network connectivity so that VoWifi tunnel can be established ny the mobile with the SIM operator's network (ePDG, Port 500, 4500). Once the trunnel is established we can get calls and SMS on it.

When we run a Omada capive portal in network, it relies on intercepting device 's HTTP traffic and redirecting it to portal at the start. So for device the full network connectivity check fails or waits. Only when authentication is completed, the devce is given unrestricted access and its starts the establishing proceedure of VoWifi tunnel. The situation is:

(1) Device wants full internet access to establish VoWifi Tunnel  to get SMS OTP, but does not have it. So it waits
(2) Network does not give full internet access, because user device did not pass/complete authentication
(3) To pass user authentication, the device needs SMS OTP or VoWifi tunnel to be established

So effectively a deadlock.

So the captive portal detection and handling in Omada is therefore interfering with the VoWifi Tunnel establishment. On android (what i tested), the call to http://wwwDOTgstaticDOTcom/generate_204 gets redirected to captive Portal (device HTTP 3xx instead of 204 response and decides no internet connectivity) and does not initiate VoWifi Tunnel establish,ment. IOS will be something similar with a different URL.

Any solution to this type of problem ?

Basically I want to get around the internet connectivity check of Android/IOS and its interference with Captive Portal Detection and initiate the tunnel setup even if its just with the ePDG. Before starting the ePDG tunnel formation, the device has to do a A/AAAA DNS query for its URL (like epdgDOTepcDOTmnc045DOTmcc404DOTpubDOT3gppnetworkDOTorg) which also is blocked because the device does not have network access. Is opening access to Public/Private DNS a safe thing to do prior to authentication ?