I have an issue with Captive portal authentication on the mobility controller. The unauthorized users can bypass the authentication step using vpn applications like psiphone.
Is there any solution to resolve this issue and force users to get through the captive portal authentication process before connecting to the network?
The initial role is set to something to force captive portal authentication.
Normally all the traffic, including VPN traffic, will be dropped and a user needs to be authenticated before internet access is available.
Please check the ACL’s connected to the initial user role. Can you share the initial role connected to this network?
You can use the command ‘show rights <rolename>’ for this
For the initial role i used the default "guest-guest-logon" role (ArubaOS v8)
You find attached to this post the output of the "show rights" command.
Thank you, but iven if you delete the Natt rule, this not résolve the issue.
because ssl vpns still work
Use the "show datapath session table <ip.address>" to see what traffic is coming to/from the client while it's connected. This should give you an idea which port(s) the VPN is using, so that you can lock that down as needed.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.