CommScope RUCKUS Community Forums

alberto_towns · ‎07-07-2015

android clients are bypassing the guest portal using psiphone. Is there a way to avoid it?

john_d · ‎07-08-2015

I'm not sure I understand how Psiphon could achieve that. Psiphon is a comprehensive VPN/SSL/SSH tunneling proxy that is primarily meant to bypass web filtering, such as site blocking used by a lot of schools and corporations.

A captive portal denies all Internet access until you authenticate, redirecting all pre-authenticated Internet access to the login portal. Psiphon should not be effective in bypassing the initial login.

(Of course, there are always techniques to do so-called session hijacking via MAC address + IP cloning on an open authentication captive portal, which is why Ruckus has other authentication techniques like DPSK or WPA2 Enterprise that prevent users on the same network from being able to intercept their peers' traffic and hence gain the information necessary to hijack their session)

keith_gipe · ‎07-10-2015

So I just tested this myself and found that Psiphone isn't actually bypassing Guest on our's. What is happening is it realizes it can get to the Internet over the 4G connection instead and pushes traffic out that. I verified this by going to whatismyip.com after connecting.

john_d · ‎07-10-2015

Thanks for the info! That's a more plausible explanation.

I checked and Psiphon doesn't support any of the techniques I would expect to bypass a captive portal (e.g. DNS tunneling, MAC address spoofing / packet sniffing)