How can I prevent bypassing web authentication with Psiphon VPN?
How can I prevent bypassing web authentication with Psiphon VPN?
As the Wi-Fi service provider, we've discovered a problem. Even though users should log in with a username and password, they can avoid this by using Psiphon VPN. This means they get internet access without logging in. It's bad for our business. We need to fix this fast.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Tried same setup with my er605v2+eap-115 and results were same. Exclamation mark on WiFi icon indicating no internet connection but surfing web normally with psiphon pro running in background. Will conduct more tests later. Tried same thing with few public hotspots that require you to log-in (mikrotik,ubiquiti) and all of them exhibit same problem. Interesting....
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
Alex_Mahone wrote
Please check your inbox. I have already sent the router configuration backup file. The firmware version of the router is 1.4.1 Build 20240117 Rel.57421, and the hardware version is V1.0.
Best Regards!
Here's the reply, it is doable.
Due to the portal landing page being necessary to be accessed, TCP/UDP 53 is allowed. Psiphon will use 53 to establish the VPN tunnel with the server. Which will bypass the portal authentication.
For this issue, you can set up ACL to stop this unauthorized connection. The goal is to block TCP and UDP 53.
Create a service with TCP and UDP 53. SRC port = All. DST = TCP/UDP 53.
Direction = LAN -> WAN
SRC IP = portal subnet.
DST IP = Any.
In addition to making it more secure, you can also set up DHCP.
One Allow, one deny. First one is Allow DNS. Second one is blocking. Note that the first entry is set to be !DNS_server. You also need to create this IP group in your Preference settings to specify your DNS server.
Pictures were zipped during the conversation. Yet, still readable.
BTW, it does not affect the afterwards connection. VPN still can function.
- Copy Link
- Report Inappropriate Content
It worked properly. Thank you for your helpful approach in fixing this issue. Your solution is incredibly valuable and truly appreciated. Thanks again.
Best Regards!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1237
Replies: 13
Voters 0
No one has voted for it yet.