Voucher system to block access to internet when OC200 is offline.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Voucher system to block access to internet when OC200 is offline.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Voucher system to block access to internet when OC200 is offline.
Voucher system to block access to internet when OC200 is offline.
2019-06-15 12:53:00
Model: EAP225-Outdoor  
Hardware Version: V1
Firmware Version: 1.5.0 Build 20190404 Rel. 58086

Hi Guys,

 

I've been using OC200 cloud controller for about a month now and very satisfied with it, because I don't need my laptop to be a EAP controller for a voucher wifi business. But this afternoon I've encountered that the no. of guest is different with the no. of running vouchers or on going vouchers. So, I've been troubleshooting it and found out that when the OC200 got cut from the network or offline, the EAP225-outdoor will still have the SSID but a default login and a check box for terms etc. I just checked the box and click on accept, it will automatically login in and there is a message something like login successful, and I can access the internet without any vouchers and the most frustrating part is that when my customers encounter this and the OC200 is already online, it will accept the clients who login with that procedure and bypass the voucher login. I tried to disconnect those clients but they just reconnect and still have access to the internet, I tried the unauthorized but it pops up with an error message that no authorization link/code or something that can stop those clients from connecting and have access to the internet. The only solution was to block them and unblock to let them access the Vouchers.

 

Hope you can give me some insights or guidance on how to block clients from having access to the internet when oc200 is offline or poweroff for some unknown reason.

 

Hope you can help with that because I'm trying to expand the reach of my small wifi business in our small village.

 

Thanks and regards,

 

JesseiG

  0      
  0      
#1
Options
9 Reply
Re:Voucher system to block access to internet when OC200 is offline.
2019-06-15 13:17:09

Here is the screenshot of the login page once the oc200 got offline, and I think its because of the power cable, both the oc200 and eap225-outdoor are plug to my tplink WR720N router.

 

Once they check the "I accept" and log in they can now access the internet.

  0  
  0  
#2
Options
Re:Voucher system to block access to internet when OC200 is offline.
2019-06-16 10:47:47

Hi Guys,

 

Some more updates, I think some customers think that its a hack or bug in the voucher system that they been trying to find ways to exploit it and one is that they try to flood the voucher login / oc200 with "... authentication failed when connected to SSID..." and hoping to get to the default login page for them to have access to free internet access. I've been checking the logs and found several attempts. I did block them but its time consuming to check the logs. Is there any way to limit their attempts? like after 5 failed attempts, wait for 1min or something like that? or a autoban for those clients who flood the voucher system with 10 or more attempts?

 

In every business have those kinds of customers and hope we can find solutions to those kinds of customers.

 

Regards,

  0  
  0  
#3
Options
Re:Voucher system to block access to internet when OC200 is offline.
2019-06-18 10:55:30

I have already reported this last week and still waiting for controller update (as the senior engineer mentioned).

Bug/Vulnerability on EAP225-Outdoor + Omada Controller + Voucher Authentication

  0  
  0  
#4
Options
Re:Re:Voucher system to block access to internet when OC200 is offline.
2019-06-18 11:32:48
Hi hashrack, Read your post and it is very detailed, and thats what i also happen to my OC200. The sad part is that my clients are mostly minor and been trying to do unbelievable things so that my omada controller goes offline, one is that they tried flooding it with failed authentication. So, i've posted some rules that if there are too many login, they will be banned. Regarding the Authorization iniformation does not exist. I think banning them and unban them will do the trick to get them back to the voucher login. Hope they can patch this problem, or can we downgrade to the old eap version?
  0  
  0  
#5
Options
Re:Voucher system to block access to internet when OC200 is offline.
2019-06-18 11:47:51

They're talking about Controller update. So it's not an EAP firmware update but update on OC200 firmware.

Currently, to avoid free connection, I turn ON first OC200 until it's connected to cloud. It takes about 3 to 4 minutes before OC200 gets connected to cloud. The moment it's connected to cloud, when both LEDs are on steady light mode, that's when I turn ON the EAP. This way, it will only take a few seconds to display the free portal before EAP is synced to OC200.

If you turn them ON at the same time, OC200 and EAP, then your EAP will be  vulnerable for at least 4 minutes before the OC200 portal is displayed.
Also, about the "No authorization", I tried it 2 to 3 times, and the free user got disconnected from the network successfully. 

  0  
  0  
#6
Options
Re:Re:Voucher system to block access to internet when OC200 is offline.
2019-06-20 11:07:01

Due to constant power interuption here, you I can't stop the EAP from powering up  before the OC200. Due to this vulnerability or bug, I'm losing income and been banning clients, So i tried to downgrade the EAP225-Outdoor V1 firmware see screen shot and it worked fine.

 

 

 

I even got the Rouge AP Detection enable which was gone in the current firmware and only has the scan button.

 

 

 

Here is the screen shot from a phone client when I disconnected the OC200 from the network, it has username and password, the new firmware do not have only the term of use and login button only.

 

 

  0  
  0  
#7
Options
Re:Re:Re:Voucher system to block access to internet when OC200 is offline.
2019-06-22 03:52:19 - last edited 2019-06-22 03:58:53

Firmware for what?

- OC200? or 
- EAP255-Outdoor?
 

Downgrade to what firmware version?

I guess I'll do the same. As when there's a power loss and I'm not at home, the moment power comes back, a lot of users get a free internet because of this bug.

And how did you downgrade? I don't have the option to select firmware, it only says: Your AP Firmware is up to date.

  0  
  0  
#8
Options
Re:Re:Re:Re:Voucher system to block access to internet when OC200 is offline.
2019-06-22 06:28:03

Hi hashrack,

 

I just downgrade the firmware of the eap225-outdoor with the oldest one. There are 3 updates i dont know if the 2nd update is also safe. 

 

I just download it from the tplink site, the firmware version its on my previous screen shot (its the shot that also shows the OC200 version) I appologize for the lack of links but using my mobile phone and current outside the house.

 

You can download the firmware and there is an option when you click on the accesspoint or click on you eap then click on manual upload of firmware. Remember it takes about 2-10mins before it gets reflected but it will have the username and password before they can login and stop them from login successful.

 

 

  0  
  0  
#9
Options
Re:Re:Re:Re:Re:Voucher system to block access to internet when OC200 is offline.
2019-06-26 21:59:14
I downgraded from version 1.5.0 to 1.4.1 and problem fixed. And existing voucher users connected before controller goes down can continue using their allotted time until they expire (this is not possible on 1.5.0, another bug).
  1  
  1  
#10
Options