In this article

Use this article to enable and configure Travel Wi-Fi mode for macOS Roaming Clients, a feature introduced in version 2.3.8 of the macOS agent that helps macOS devices load captive portals on networks such as airplanes, hotels, and airports while maintaining DNS protection.

What Travel Wi-Fi mode does

Travel Wi-Fi mode temporarily allows the device to use the Wi-Fi network’s DNS so captive portals can load correctly. During this short window (default 60 seconds), the macOS agent sends each DNS request to two places:

• The network’s DHCP DNS server (used by captive portals)
• The DNSFilter resolvers

The agent applies the following decision logic:

• If DNSFilter resolvers return a block, the request remains blocked
• If DNSFilter resolvers return an allow, the DHCP DNS answer is used so the captive portal can load
• If the DNSFilter resolvers are unreachable, DHCP DNS is used automatically, matching real captive portal behavior

When the countdown expires, full DNS protection resumes without additional action.

Standard install (per-device modification)

Travel Wi-Fi mode is controlled through the agent's daemon.config file. Follow these steps from the end-user device after deploying v2.3.8 or higher of the agent. 

As of agent version 2.3.9, Travel Wi-Fi mode is configurable for MDM deployment. Skip to the silent process below to modify the deployment bash script to enable Travel Wi-Fi mode.

Prerequisites

• Running macOS Roaming Client v2.3.8 or higher
• Permissions to edit Application Support device settings
• Access to a text editor app such as BBEdit, Sublime Text, or Sudo Nano

Step one: Update file permissions

The daemon.config file permissions need set to Read & Write to update the file. 

1. From the mac home screen, open Finder
   
2. From the Finder menu bar, select Go 
3. Select Go to Folder and enter: /Library/Application Support
   
4. Navigate to the DNSFilter folder (DNS Agent for whitelabeled agents) and right-click to Get Info 
5. Under Sharing & Permissions, select the Lock icon and enter the local user authentication
6. Set Admin (or Everyone) to Read & Write
   
7. Select the Lock icon again to save the settings and close the agent info window
8. Open the DNSFilter/DNS Agent folder
9. Navigate to the daemon.conf file and right-click to Get Info 
   
10. Under Sharing & Permissions, select the Lock icon and enter the local user authentication
11. Set Admin (or Everyone) to Read & Write just like the folder in step 6 above
12. Select the Lock icon again to save the settings and close the agent info window

The daemon.config file can now be edited to set Travel Wi-Fi mode.

Step two: Edit daemon.config

1. Open the daemon.conf file in a text editor (TextEdit; Sublime Text)
2. At the very top of the file, insert this configuration line: allowExtensionBypass=true 
   
   🚨 Important: Place this line above [log] section of the daemon.config file, as shown in the image above. 
3. Save the updated file and close the text editor

Example

allowExtensionBypass=true
[log]
level = "debug"

[client]
secret_key = "<your site key>"

[misc]
local_dns_and_domains = ""

Step three: Restart the macOS agent

After saving daemon.config file, restart the agent:

1. From the mac home screen, navigate to Terminal and stop the helper
   1. Copy this command into Terminal and hit Return to run the command

      • sudo launchctl bootout system /Library/LaunchDaemons/com.dnsfilter.agent.macos.helper.plist

      • sudo launchctl bootout system /Library/LaunchDaemons/io.netalerts.agent.macos.helper.plist

   2. Enter the local device password if prompted
   3. Wait until the menu icon shows the agent is disconnected
      
2. After the agent shows disconnected, restart the helper following the same steps with this command:

   • sudo launchctl bootstrap system /Library/LaunchDaemons/com.dnsfilter.agent.macos.helper.plist

   • sudo launchctl bootstrap system /Library/LaunchDaemons/io.netalerts.agent.macos.helper.plist

✍️ The agent should reconnect within seconds. If it does not, click the menu icon and follow the Fix Installation Issues prompt to restart the agent.

After restart, the macOS menu icon displays a Travel Wi-Fi option. Continue below for steps to activate Travel Wi-Fi mode.

Silent install (MDM script modification)

As of agent version 2.3.9, Travel Wi-Fi mode can be configured silently via editing the deployment script.

New deployment

1. Follow the install guide to prepare the deployment and download the installer .pkg 
2. Edit the bash script to include the Travel Wi-Fi mode modifications

   1. Add allowExtensionBypass=true after the Site secret Key

      # Create temporary config file 
      cat > "$LOCATION/$TEMP_CONFIG_NAME" << EOF 
      SITE_SECRET_KEY="$SITE_SECRET_KEY"
      allowExtensionBypass=true 
      LOCAL_DNS_AND_DOMAINS="" 
      OVERRIDE_CONFIG_FILE=yes 
      EOF

   2. (Optional) modify the timeout (shown below)
3. Continue with the install guide steps to execute the script

Once deployed the macOS agent menu icon now displays a Travel Wi-Fi option. 

Existing deployment

If the macOS Roaming Client v2.3.9+ is already deployed via MDM and Travel Wi-Fi Mode is not visible in the DNSFilter menu bar icon, enable it by updating the agent configuration file.

1. Execute the following bash script via MDM. Edit the file source to DNS Agent for Whitelabeled deployments:

   #!/bin/bash
   
   CONFIG_FILE="/Library/Application Support/DNSFilter Agent/daemon.conf"
   LINE_TO_ADD='allowExtensionBypass=true'
   
   # Check if the line already exists
   if grep -qF "$LINE_TO_ADD" "$CONFIG_FILE"; then
       echo "Line already exists in config. No changes made."
       exit 0
   fi
   
   # Add the line to the top of the file
   TEMP_FILE=$(mktemp)
   echo "$LINE_TO_ADD" | cat - "$CONFIG_FILE" > "$TEMP_FILE" && mv "$TEMP_FILE" "$CONFIG_FILE"
   
   echo "Successfully added '$LINE_TO_ADD' to the top of $CONFIG_FILE"

   This adds the required setting to enable Travel Wi-Fi Mode.

2. Restart the agent or device after the script runs successfully

Once restarted, the Travel Wi-Fi Mode option appears in the DNSFilter menu bar icon.

Activate Travel Wi-Fi mode

Click Travel Wi-Fi to initiate a captive portal session to complete the Wi-Fi login process. 

When activated:

• The tray displays Travel Wi-Fi Active (XXs)
• A countdown shows how long the temporary captive portal mode will remain active

Travel Wi-Fi mode automatically ends when the timer expires, restoring full filtering.

Optional: change the timeout

The default timeout is 60 seconds. To use a different value, add captive_portal_delay=<seconds> below allowExtensionBypass=true

Manual process example (45-second timeout)

allowExtensionBypass=true
captive_portal_delay=45
[log]
level = "debug"

[client]
secret_key = "<your site key>"

[misc]
local_dns_and_domains = ""

MDM bash script example (45-second timeout)

# Create temporary config file 
cat > "$LOCATION/$TEMP_CONFIG_NAME" << EOF 
SITE_SECRET_KEY="$SITE_SECRET_KEY"
allowExtensionBypass=true 
captive_portal_delay=45
LOCAL_DNS_AND_DOMAINS="" 
OVERRIDE_CONFIG_FILE=yes 
EOF