Business Community > Routers > How can I prevent bypassing web authentication with Psiphon VPN?
< Routers

How can I prevent bypassing web authentication with Psiphon VPN?

12

How can I prevent bypassing web authentication with Psiphon VPN?

13 Reply
Re:How can I prevent bypassing web authentication with Psiphon VPN?
2024-03-27 09:48:40

  @Alex_Mahone 

 

Tried same setup with my er605v2+eap-115 and results were same. Exclamation mark on WiFi icon indicating no internet connection but surfing web normally with psiphon pro running in background. Will conduct more tests later. Tried same thing with few public hotspots that require you to log-in (mikrotik,ubiquiti) and all of them exhibit same problem.  Interesting....

  0  
  0  
#12
Options
Re:How can I prevent bypassing web authentication with Psiphon VPN?-Solution
2024-03-29 05:48:27 - last edited 2024-03-29 05:51:34

Hi @Alex_Mahone   @dariana_dev 

Thanks for posting in our business forum.

Alex_Mahone wrote

  @Clive_A 

 

Please check your inbox. I have already sent the router configuration backup file. The firmware version of the router is 1.4.1 Build 20240117 Rel.57421, and the hardware version is V1.0.

Best Regards!

Here's the reply, it is doable.

Due to the portal landing page being necessary to be accessed, TCP/UDP 53 is allowed. Psiphon will use 53 to establish the VPN tunnel with the server. Which will bypass the portal authentication.

 

For this issue, you can set up ACL to stop this unauthorized connection. The goal is to block TCP and UDP 53.

Create a service with TCP and UDP 53. SRC port = All. DST = TCP/UDP 53.

Direction = LAN -> WAN

SRC IP = portal subnet.

DST IP = Any.

 

In addition to making it more secure, you can also set up DHCP.

 

One Allow, one deny. First one is Allow DNS. Second one is blocking. Note that the first entry is set to be !DNS_server. You also need to create this IP group in your Preference settings to specify your DNS server.

 

Pictures were zipped during the conversation. Yet, still readable.

 

BTW, it does not affect the afterwards connection. VPN still can function.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Beta firmware got some NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
Recommended Solution
  1  
  1  
#13
Options
Re:How can I prevent bypassing web authentication with Psiphon VPN?
2024-04-01 13:18:32

  @Clive_A 

It worked properly. Thank you for your helpful approach in fixing this issue. Your solution is incredibly valuable and truly appreciated. Thanks again.

Best Regards!

  1  
  1  
#14
Options
12

Tags

Gateway ACL Highlighted Thread
Related Articles
Having troubles with Web Group Filtering
377 0
SNMPv3 Authentication Method and Encryption Type
558 2
Secured Admin, Home, IoT, Cameras and Guest VLAN using Gateway ACL
3408 19
How do I disable DHCP in the Omada Controller web-app?
1134 0
Way to prevent Clients to use Wireguard Tunnel
1137 2
Disconnecting every 5 minutes
638 0
About Us
Press
Copyright © TP-LINK CORPORATION PTE. LTD. All rights reserved.