AR750 Connect as repeater to wifi with an agreement screen

Can anyone please provide the steps needed to connect the AR750 as a repeater on an existing wifi that normally starts an agreement screen as part of the process. Like at a hotel or café where they want you to agree to their terms of service.

When I try to connect currently to the business wifi, using my phone as the UI to the router, it disconnects my phone from the router.

Pls check http://docs.gl-inet.com/setup/dns/

There is a rebind-protection settings. Uncheck that before you connect to repeater.

It would have been very helpful for this information to be in the Users Guide.

@alzhao: what’s the normal use-case of “DNS Rebind Protection”? IOW, why would a user need that, and why does it default to “On”?

Thanks

https://darkwebnews.com/hacking/dns-rebinding-attack/

TLDR:
You know how when you connect to McDonalds wifi, you go to google.com and it magically changes the page to their wifi connection page? Well hackers can do the same, by rebinding the dns and changing all pages to their ones, either phishing or just listening to all traffic. That is why you want the dns rebinding protection on at all times, and only disable it when you actually need a page to redirect to a portal, like McDonalds wifi for example.

So you get on wifi, try to connect the repeater. If you don’t get any internet, you disable the dns rebinding, connect the repeater again, and go to any page. The page will get redirected, you accept the terms, login or whatever, then disable the dns rebinding again after you have internet.

It is said that DNS rebind protection is not that important these days. DNS can always been hijacked, regardless this option.

Yeah ofc, it’s just a matter of how complex the attack becomes. It’s the same as who can break into an embassy. Small time robbers won’t, people that rob banks every day might be able :wink:

It just adds a little more security, to slow the attack down.

Problem is, don’t a lot of the agreement pages (and their requisite elements) tend to come from redirects that expect the providers’ DNS (and not general ones, like 8.8.8.8 or OpenDNS’ servers) to handle resolving the address of the login page (which is almost certainly not on the general internet)?

i.e., you get an IP - try to hit foobar.com - cafe’s router sees your MAC isn’t authenticated - throws up a page at makethemloginfirst.localhost - “DNS Rebind Protection” is on, so say Google DNS is trying to resolve that and returns “SERVFAIL”, you can’t get past their verification screen.

Many times I DO see an IP address used instead, which makes more sense, but based on what I see in address fields it could go either way.

@kennethrc Read my post again that is exactly what i wrote. This is the only case when you disable the dns rebind protection. When the portal has let you through, you re-enable it again because the portal only does it one time; until your session is over.