GL sft1200 opal on MSC cruise

Technical Support for Routers
57

You just checked everything?
Lets see what has been talked about here already.
MSC wants you to only use one device (did they specify smartphone or not?) with each user account or voucher

What does a wifi provider do to enforce this 1 device rule?

  1. They send out with a TTL=1 . If you do not adjust this on the incoming packets, no packet (eg portal logon screen) will go further than the GL.inet itself if Network mode "router" is used. It will never reach the client device.

  2. If repeater with mode extender is used, any device behind the extender will request its own DHCP lease. MSC will see requests with GL.inet MAC in the request header, and the client device MAC and TTL in the request packet itself. That kind of DHCP requests often fails to get answers to the client. And different MAC in header and packet is a clear indication of a 2.5 layer bridge (=extender with MAC-NAT)) Also the MSC DHCP server will refuse to lease a second IP address to the same MAC address.

  3. In both extender and router mode for repeater, any packet from the client device will use the TTL setting of the client device , and that packet will arrive at MSC with that TTL or with "TTL-1" if routing is used. That TTL may be different from the initial GL.inet packets, as GL.inet router but also the phone have their own default TTL value. Varying TTL values is a very clear indication of multiple devices behind a travel router. Keep the outgoing TTL values all identical in the outgoing packets.

  4. Single device per user. If the phone is registered to the portal with a username or voucher values, then a second device will not be accepted with the same credentials. "Camouflage" is necessary to appear to be the first device , camouflage (FR) of everything: MAC, IP, Host name, TTL, ....

  5. Portals can check on MAC or check on IP address or both. They probably maintain a list of active (logged on) MAC addresses, and the portal page will not appear if already logged on, as it is not needed then.

  6. ICMP is not following the TCP and UDP rules of the portal and firewall. It is not a valid test to see if the portal connection is open for internet use or not.

3 Likes