We've recently discovered an issue on 6.37.2 still existing on 6.38rc31 that breaks walled-garden ip.
Tested it on 2 routers (6.36.3 and 6.37.2/6.38rc31) by adding 2 lines in walled-garden ip
Code: Select all
/ip hotspot walled-garden ip
add action=accept disabled=no !dst-address dst-host=domain.com dst-port=80 protocol=tcp server=hotspot1 !src-address
add action=accept disabled=no !dst-address dst-host=domain.com dst-port=443 protocol=tcp server=hotspot1 !src-address
On 6.36.3
Code: Select all
7 D ;;; domain.com
chain=hs-unauth action=return protocol=tcp dst-address=10.101.0.1 in-interface=ether5-AP-1 dst-port=80 log=no log-prefix=""
8 D ;;; domain.com
chain=hs-unauth action=return protocol=tcp dst-address=10.101.0.1 in-interface=ether5-AP-1 dst-port=443 log=no log-prefix=""
11 D ;;; domain.com
chain=hs-unauth-to action=return protocol=tcp src-address=10.101.0.1 out-interface=ether5-AP-1 src-port=80 log=no log-prefix=""
12 D ;;; domain.com
chain=hs-unauth-to action=return protocol=tcp src-address=10.101.0.1 out-interface=ether5-AP-1 src-port=443 log=no log-prefix=""
Code: Select all
9 D ;;; domain.com
chain=hs-unauth action=return protocol=tcp dst-address=10.101.0.1 in-interface=ether10-AP-1 dst-port=80
11 D ;;; domain.com
chain=hs-unauth action=return protocol=tcp dst-address=10.101.0.1 in-interface=ether10-AP-1 dst-port=443
14 D ;;; domain.com
chain=hs-unauth-to action=return protocol=tcp src-address=10.101.0.1 out-interface=ether10-AP-1dst-port=80
16 D ;;; domain.com
chain=hs-unauth-to action=return protocol=tcp src-address=10.101.0.1 out-interface=ether10-AP-1 dst-port=443