Captive Portal Re-authentication

Captive Portal Re-authentication

Captive Portal Re-authentication
Captive Portal Re-authentication
a week ago - last edited a week ago
Model: OC200  
Hardware Version: V2
Firmware Version: 2.17.6 Build 20241101 Rel.44787
Captive Portal question.
I want to have a captive portal where there is free access and a special access.
I setup two voucher groups.
  • Free voucher:
    • rate limited 1500Kbs,
    • unlimited for usage.
    • Duration by time: 9999 days, so it never expires.
  • Special Voucher:
    • rate limited 6Mbs,
    • limited online users 1,
    • Duration by time: 1 day.

 

I am able to connect to the portal fine, with free access voucher, but cannot switch to the special access voucher. Meaing on client device I forget the network and then reconnect. The AP does not require re-logging in. It seems to remember me and done. So I have no way to switch to a higher limit voucher.
How on earth do I setup the portal to force a captive portal login on every connection? That would resolve the issue.
Log out is not an option and does not seem to even work. I am using an OC200 controller with multiple EAP625 units. Also, even if logout did work, my guests would not remember for the life of them the logout URL.
Our current dated system is ubiquiti and it supports the option to force captive portal on each reconnect. As such, my clients can switch from Free to higher speeds.
 
Any tips would be appreciated...thanks
  0      
  0      
#1
Options
6 Reply
Re:Captive Portal Re-authentication
a week ago

  @Swicago 

 

When you are authenticated, you will not be asked to authenticate again before the time has expired. You must go to hotspot management and log the user out of the portal if you want to be authenticated again before the time you have set has expired. The users should probably have one of the profiles so it is probably not a problem, but if you are going to test, log yourself out of the hotspot portal,

 

 

  0  
  0  
#2
Options
Re:Captive Portal Re-authentication
a week ago

  @MR.S , so there is no way for a user to log themselves out, in order to use a faster voucher?

 

pfSense for example allows for user to be auto logged off, if idle for a set amount of time. It does not mean their voucher is invalid, they can log in again and continue using it. This makes sense when a voucher is time based where time only counts as user is connected.

 

In my case I would have customers connect to free voucher, only later decide they want faster speed, maybe to watch netflix or something. That can only be accomplished, if they have a way to log off somehow or the voucher expires. The normal "portal.tplink.net/portal/logout" does not appear to be working for new EAP625 APs, as such my customers have no way to log off and switch vouchers.

Are their API commands I can use from a remote host on the same subnet that can be used to send a log off signal on behalf of the customer?

 

Thanks for your reply...much appreciated.

  0  
  0  
#3
Options
Re:Captive Portal Re-authentication
a week ago

Followup reply.... I updated my EAP625 to latest firmware, turns out they do support logout command, however after logging into port and then visiting " portal.tplink.net/portal/logout " it does not work. I assume I need to change this URL to actually hit my OC200 controller. Any info on how to do that? Allowing a way to logoff of the free voucher would allow my customers a quick way to re-auth for faster speed vouchers.

  0  
  0  
#4
Options
Re:Captive Portal Re-authentication
a week ago - last edited a week ago

Hi  @Swicago 

 

Is your EAP625-outdoor HD?

 

We don't need to change that URL, normally, clients should be able to logout via the URL portal.tplink.net/portal/logout

 

What will happen when clients access to that URL?

 

BTW, we have a pre-release version for OC200, you may update it and see if that helps.

 

Hardware Controller (Built-in Omada SDN Controller V5.15.6.25) Pre-release

 

One more thing, only certain EAP with the latest firmware support Portal logout. For those clients that connecting to these EAPs, it won't take effective either.

  0  
  0  
#5
Options
Re:Captive Portal Re-authentication
a week ago

  @Vincent-TP 

Yes, it is EAP625-outdoor HD, hardware version v1.6 on latest 1.3.1 Build 20240929 Rel. 44649

OC200 is running latest stabile 2.17.6 Build 20241101 Rel.44787

The URL portal.tplink.net/portal/logout  does nothing, even though it is enabled in the voucher.

I even made sure firewall has given full access to clients connected to EAP-625, to rule it out. I confirmed by being able to load the OC200 config page from my connected client, andriod.

Per OC200 my EAP625 should support the feature. It is not listed as the unsupported per the  Devices->Configuration Results->Incompatable section. It was before the firmware updates.

Is there a direct URL for the logout page? Like a direct URL to the portal page? OC200_IPADDRESS:8088/portal/logout ??? This URL does not work, so it must be something else.

Is there a way to change to URL on the OC200? tplink.net is a real domain and redirects to /www.aerial.net/shop/ .. Maybe that is the issue, Once logged into portal, the DNS sees this as a real domain. DNS is not controlled by Omada, but by a pfSense router. Per OC200 config page under voucher, it says the URL can be changed in omada.properties, but how. is there an SSH login for OC200 to change the URL? Seems pretty bad to have left out an easy way to change this url to a custom branded one.

 

As for visiting the URL, it does nothing. Chrome just says the following

Hmm. We’re having trouble finding that site.

We can’t connect to the server at portal.tplink.net.

 

If you entered the right address, you can:

  • Try again later

  • Check your network connection

  • Check that Firefox has permission to access the web (you might be connected but behind a firewall)

 

 

Let me know what else I can try? You mention a beta OC200 firmware, can I roll back to stabil if it does not work? If so what are the instructions for that?

Thanks, much appreciated

  0  
  0  
#6
Options
Re:Captive Portal Re-authentication
Tuesday

 Hi @Swicago 

 

We were testing this issue and have some clues.

 

To answer your questions:

1. To change the logout URL, we added an option on the controller interface on controller 5.15.24, please kindly wait.

2. We can manually downgrade the firmware of the OC200, below is the guide:

How to Upgrade or Downgrade Omada SDN ControllerHow to Upgrade or Downgrade Omada SDN Controller

 

As for the logout URL not working issue, we would like to know the following:

1. What kind of clients are connecting to the portal network? 

2. What kind of web browsers are these clients using?

3. Does the logout URL never work on your side? It sometimes works in our local lab.

  0  
  0  
#7
Options