Pre-Auth List issue with HTTPS domains on Omada Controller v5.15.20.16
Pre-Auth List issue with HTTPS domains on Omada Controller v5.15.20.16
Hi,
I'm facing a problem with the Pre-Authentication Access List on Omada SDN Controller (v5.15.20.16).
The whitelist works fine for some domains (e.g., btc2007[dot]com), but fails for others hosted behind certain CDN providers (like fedapay[dot]com).
What I did:
-
Whitelisted both domain names and IP addresses (using /32)
-
Added public DNS servers (8.8.8.8 and 1.1.1.1)
-
DNS resolution works
-
Access to btc2007[dot]com is successful before login
-
Access to fedapay-type domains is blocked or redirected to the captive portal
When testing with curl, I receive HTTP 530 errors. It seems the portal is not handling HTTPS requests correctly for some domains, maybe due to TLS/SNI or how Cloud-based protection works.
Looking for:
-
Confirmation if this is a known limitation or bug
-
A reliable method to allow such HTTPS domains in the Pre-Auth List
Thanks in advance!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Just as an fyi - can't really write HOW it was solved IF no one gets back to me :)
In the time I didn't get a reply from TP-Link I got support from Purple.ai and fixed a part of the issue. I'm still unable to get wildcards in the walled garden and this stops me from seeing specific content in my authentication process.
Ideas?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@fulgore I'm running Controller v5.15.20.18 The Problem is still there Pre-Auth List doest not work with domains. It works with IPs list only. TP-link Supports please look at the problem!!!!!
- Copy Link
- Report Inappropriate Content
@fulgore I updated my Oamada Server to 6.1.0.19 (latest). Pre-Auth Access URL does not work also. Only IP Range will work. This is a huge inconvenience.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1740
Replies: 15
Voters 0
No one has voted for it yet.