That one can be bypassed by using an own DNSSEC or DOT DNS provider I think.
This makes “compliance” captive portals even more annoying… in Germany, every public network has one, so that people accept that they are not responsible for whatever and log MAC addresses and whatever.
This requires to use DHCP advertised insecure DNS, great!
There are many problems with VPN on public networks. Here’s an example https://www.fortiguard.com/psirt/FG-IR-24-170
That one can be bypassed by using an own DNSSEC or DOT DNS provider I think.
This makes “compliance” captive portals even more annoying… in Germany, every public network has one, so that people accept that they are not responsible for whatever and log MAC addresses and whatever.
This requires to use DHCP advertised insecure DNS, great!