psiphone

  • 1
  • Question
  • Updated 2 years ago
android clients are bypassing the guest portal using psiphone. Is there a way to avoid it?
Photo of Alberto Towns

Alberto Towns

  • 1 Post
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of John D

John D, AlphaDog

  • 497 Posts
  • 136 Reply Likes
I'm not sure I understand how Psiphon could achieve that. Psiphon is a comprehensive VPN/SSL/SSH tunneling proxy that is primarily meant to bypass web filtering, such as site blocking used by a lot of schools and corporations.

A captive portal denies all Internet access until you authenticate, redirecting all pre-authenticated Internet access to the login portal. Psiphon should not be effective in bypassing the initial login.

(Of course, there are always techniques to do so-called session hijacking via MAC address  + IP cloning on an open authentication captive portal, which is why Ruckus has other authentication techniques like DPSK or WPA2 Enterprise that prevent users on the same network from being able to intercept their peers' traffic and hence gain the information necessary to hijack their session)
Photo of Keith Gipe

Keith Gipe

  • 6 Posts
  • 3 Reply Likes
So I just tested this myself and found that Psiphone isn't actually bypassing Guest on our's.  What is happening is it realizes it can get to the Internet over the 4G connection instead and pushes traffic out that.  I verified this by going to whatismyip.com after connecting.
Photo of John D

John D, AlphaDog

  • 497 Posts
  • 136 Reply Likes
Thanks for the info! That's a more plausible explanation.

I checked and Psiphon doesn't support any of the techniques I would expect to bypass a captive portal (e.g. DNS tunneling, MAC address spoofing / packet sniffing)