Blocking of non paying customers in Splynx

Splynx blocks non paying customers automatically. Also administrator can block the customer manually. When customer is put to Blocked or Inactive status, Splynx sends to router command to block him. If status is changed to Block – Splynx never cuts the service, but places the IP of end user to Address-list or give hime IP address from IP pool for blocked customers. Then administrator can create a rule on router for redirection of non-payers to a special page.

Splynx has 4 default blocking pages which are located at : http://yoursplynxurl:8101, http://yoursplynxurl:8102, http://yoursplynxurl:8103 and http://yoursplynxurl:8104

It’s a simple HTML file, which you can change via command line inside your splynx installation (SSH) at  /var/www/splynx/web/errors/ and folders 1,2,3,4 correspond to ports 8101, 8102, 8103 and 8104

Example of default blocking page is shown below :

2016-09-02 03.53.25 pm

Example of how the page can be customized :

2016-09-02 03.52.51 pm

There are 4 types of blocking scenarios :

1. Mikrotik API blocking
If you use Mikrotik based authentication – Hotspot, DHCP, Wireless or PPP, then as the first step, you should enable API blocking of users. It’s called “Disabled customers to Address-List” in Router API settings:

disabled

When customer is moved to status “Blocked”, his IP address is put to address list “SpLBL_blocked”. With setting up the rules for redirection, you can achieve that customer will see a special webpage with information why his access to the Internet was blocked.

2. Radius COA blocking
In Radius by default we also work with Addres-lists. Splynx uses names of address lists Reject_1, Reject_2, Reject_3 and Reject_4 for different type of errors. The names of address lists are configured under Config -> Networking -> Radius and also under field COA Block attributes:

2016-09-02 04.18.24 pm

3. Radius Session disconnection
The difference between Radius COA block and session blocking is that with COA session of customer is not disconnected, while in Session blocking his session is cut and user must reconnect his device.

The setting how to block user is defined in Config -> Networking -> Radius “Customer Block” and “FUP Block”:

2016-09-03 02.17.07 pm

4. Radius IP pool blocking
If customer gets IP from dynamic pool, or when NAS router is not a Mikrotik, Splynx gives to the blocked customer IP from Reject IP pools. By default these pools are 10.250.25x.0/24, but it can be changed in Config -> Networking -> Radius as shown on screenshot below:

2016-09-02 04.17.17 pm

If you use Mikrotik routers, there are 2 rules to redirect all TCP traffic to the blocking webpage and to cut all other traffic like Peer to peer connections (redirect them to router itself):

/ip firewall nat add action=dst-nat chain=dstnat protocol=tcp src-address-list=Reject_1 to-addresses=10.0.1.158 to-ports=8101
/ip firewall nat add action=redirect chain=dstnat protocol=!tcp src-address-list=Reject_1

All four methods of Splynx user blocking  you can find on our video tutorials:

Mikrotik API blocking of non payers

Radius COA blocking of non payers

Radius code disconnect (session reset)

Radius reject IP pool assignment