Community discussions

MikroTik App
 
tchus
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Tue Jan 25, 2011 12:08 am

Still no PayPal fix and other UM issues?

Sat Apr 02, 2011 5:08 pm

So, I guess one still has to use SurferTims script/fix for the PayPal issue with new customers trying to purchase time?
No plans on that issue?
I've lost a lot of customers because of this problem with UserManager.
Last edited by tchus on Mon Apr 04, 2011 1:15 am, edited 1 time in total.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Still no PayPal fix?

Sat Apr 02, 2011 7:01 pm

This is supposed to be corrected in the V5.x releases now. I can't use a beta package, so I am still on V4.16. What version are you using?

Just a warning: Do not upgrade to V5.x if you are counting on User Manager. I see many challenges with that version of User Manager. Stay with the script until the MT crew gets the bugs out of the V5.x User Manager.
 
tchus
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Tue Jan 25, 2011 12:08 am

Re: Still no PayPal fix?

Sun Apr 03, 2011 6:48 am

Hi Tim
I'm using V5.11rc with your script now on rb750g's.
I'm glad you mentioned not to go to V5.0.
I have a few i86 boxes with V4.17. These seem to be ok.
Should I stick with that version throughout? On routerboards and x86 boxes.
I like the webfig on V5 interface but I just can't deal with the UserManager uncertainties much more.
Thanks
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Still no PayPal fix?

Sun Apr 03, 2011 1:23 pm

It is the UserManager that has the problems, so you can probably do ok if you use V5.x on the routers without User Manager.

Is the PayPal hotspot bypass still not working with V5.x? You still need my script? The bypass is done in each router, not by User Manager. The MT crew thought they had it fixed. I have not tried it yet. I'm still on V4.16.
 
tchus
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Tue Jan 25, 2011 12:08 am

Re: Still no PayPal fix?

Sun Apr 03, 2011 7:24 pm

I've been using your script not knowing they had fixed the problem.
So, you suggest I build an external radius? what 's the curve like for a guy thats just dangerous with linux? Any other suggestions?
I guess till then I'll just stick with V4.17.
Thanks,
BTW on another note.

Another issue with my system.
The pic shows the errors in my RB750G hotspot/log.

This is a hotspot.
Modem --->switch---->RB750G--->WAP(bridge)--->Wsta(bridge)---->WAP--->wireless clients.

As you can see I'm getting the Radius accounting error.
I've increased the time out setting on Radius with no immprovement.
The CPU gets whacked, 100%, and things go down from there.
I have yet to see any answers to this issue.

Possibly an inherent issue with a Hotspot wireless topology and RouterOS/Hotspot?
Timing between wireless and a wired connections as the router/hotspot sees it?
Or the Usermanager overloading the cpu?
Eliminate the RouterOS Usermanager? Build another Radius box?
Maybe an V5 RouterOS issue?
Maybe the different performance between an "N" client and "G" client?
????
Thanks
You do not have the required permissions to view the files attached to this post.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Still no PayPal fix?

Sun Apr 03, 2011 7:36 pm

Is the radius server (User Manager) in the same router? The login requests are timing out too. It might help if you post
/radius print detail
You can "x" out the password.

ADD: You should post "/ip firewall filter" and "/ip firewall nat" too.
 
tchus
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Tue Jan 25, 2011 12:08 am

Re: Still no PayPal fix?

Mon Apr 04, 2011 12:21 am

Yes, Usermanager is on the router.
Here's the print detail. Not sure why firewall filter is so minimal. There are at least 20 rules, yet I only get 5 in term printout?
As I get more in GUI interface @20.
What am I missing? Placement of rules sequentially, improper placement?.

Radius print detail:

Flags: X - disabled
0 service=login,hotspot called-id="" domain="*******.****.com"
address=*.*.*.* secret="xxxxxxxxxxxxxxxx" authentication-port=1812
accounting-port=1813 timeout=1s200ms accounting-backup=no realm=""

Add: I'm using my public IP for the address. Been doing it for awhile. Is this a bad configuration?
-----------------------------------------------------------------------
IP firewall filter:

0 chain=forward action=accept p2p=all-p2p connection-state=new
connection-mark=mark

1 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

2 chain=forward action=accept protocol=tcp port=80

3 chain=forward action=accept protocol=tcp port=443

4 chain=input action=accept protocol=tcp

5 chain=output action=passthrough protocol=tcp

-------------------------------------------------------------------------

IP firewall Nat:

0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 ;;; *.*
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=8002
protocol=tcp dst-address=*.*.*.* dst-port=8002

2 ;;; *(*)
chain=dstnat action=dst-nat to-addresses=192.168.88.3 to-ports=8003
protocol=tcp dst-address=*.*.*.* dst-port=8003

3 ;;; *.* on *
chain=dstnat action=dst-nat to-addresses=192.168.88.4 to-ports=8004
protocol=tcp dst-address=*.*.*.* dst-port=8004

4 ;;; *.*S2 on *
chain=dstnat action=dst-nat to-addresses=192.168.88.5 to-ports=8005
protocol=tcp dst-address=*.*.*.* dst-port=8005

5 ;;; Added by webbox
chain=srcnat action=masquerade out-interface=ether1-gateway

6 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.88.0/24

7 ;;; *.*SM5
chain=dstnat action=dst-nat to-addresses=192.168.88.6 to-ports=8006
protocol=tcp dst-address=*.*.*.* dst-port=8006

8 ;;; *.* *.*M5
chain=dstnat action=dst-nat to-addresses=192.168.88.7 to-ports=8007
protocol=tcp dst-address=*.*.*.* dst-port=8007

9 ;;; *.*NSM5
chain=dstnat action=dst-nat to-addresses=192.168.88.8 to-ports=8008
protocol=tcp dst-address=*.*.*.* dst-port=8008

10 ;;; *.*Bullet
chain=dstnat action=dst-nat to-addresses=192.168.88.9 to-ports=8009
protocol=tcp dst-address=*.*.*.* dst-port=8009

11 ;;; Kayak airgrid
chain=dstnat action=dst-nat to-addresses=192.168.88.17 to-ports=8017
protocol=tcp dst-address=*.*.*.* dst-port=8017

12 ;;; Seaforth 2.4 8010 dest
chain=dstnat action=dst-nat to-addresses=192.168.88.10 to-ports=8010
protocol=tcp dst-address=*.*.*.* dst-port=8010

13 ;;; Seacoast 8014
chain=dstnat action=dst-nat to-addresses=192.168.88.14 to-ports=8014
protocol=tcp dst-address=*.*.*.* dst-port=8014

14 ;;; Seacoast Printer
chain=dstnat action=dst-nat to-addresses=192.168.88.19 to-ports=80
protocol=tcp dst-address=*.*.*.* dst-port=8050

15 ;;; *.* to pc at seacoast
chain=dstnat action=dst-nat to-addresses=192.168.88.199 to-ports=3389
protocol=tcp dst-address=192.168.88.199 dst-port=3389

16 chain=dstnat action=dst-nat to-addresses=192.168.88.199 to-ports=3389
protocol=tcp dst-address=*.*.*.* dst-port=3389

17 chain=srcnat action=accept protocol=tcp src-address=192.168.88.199
src-port=3389

18 ;;; remote ftp to *.*
chain=dstnat action=dst-nat to-addresses=192.168.88.199 to-ports=20-21
protocol=tcp dst-address=*.*.*.* dst-port=20-21

Add: so where do you see that login requests are also timing out?
If so, sounds like a config mistake.

Add:
Here's partial pic of winbox gui firewall filter.
You do not have the required permissions to view the files attached to this post.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Still no PayPal fix and other UM issues?

Mon Apr 04, 2011 4:50 am

If you have an entry for "domain" in the "/radius" setting and there is not a reason, I would remove it. That could cause a challenge connecting to the radius server. Unless the "/ip hotspot profile" has "radius-default-domain" set to the same domain, it won't use that radius server.

You should use 127.0.0.1 for the address in the "/radius" section, and enter a router in User Manager for 127.0.0.1.
http://wiki.mikrotik.com/wiki/User_Mana ... ame_router
 
tchus
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Tue Jan 25, 2011 12:08 am

Re: Still no PayPal fix and other UM issues?

Mon Apr 04, 2011 5:02 am

Yes, IP hotspot profile and radius same public domain name. Radius has the IP address and domain name.
Regarding the firewall filter. Shouldn't the print show all the rules? The gui does but a print from CLI only brings up a few.
This particular router board has been through the ringer.
I'd like to default it and start over but, the hassle. Users etc...
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Still no PayPal fix and other UM issues?

Mon Apr 04, 2011 5:08 am

In the printout above, at 07:18:39 it shows Ian tried to login, and at 07:18:51 it shows the login failed due to radius server not responding.

In the CLI, you need to use "print dynamic" or "print all" to see all rules. "print" only shows static rules.

ADD: I have User Manager and a hotspot on the same router, but mine is a RB433AH on V4.16.
 
tchus
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Tue Jan 25, 2011 12:08 am

Re: Still no PayPal fix and other UM issues?

Mon Apr 04, 2011 5:51 am

So, is it pointless to be pointing to the public domain? . As compared to staying "local" with the loop IP 127.0.0.0.1
Maybe that's causing the "timeouts".
The hotspots had all been seemingly running ok with the radius going to public IP. Regardless, I'll go back to 127.0.0.1.
Ian coincidentally had just used all his "time". Though shouldn't have the "radius server not responding error".
 
tchus
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Tue Jan 25, 2011 12:08 am

Re: Still no PayPal fix and other UM issues?

Mon Apr 04, 2011 6:19 am

In the printout above, at 07:18:39 it shows Ian tried to login, and at 07:18:51 it shows the login failed due to radius server not responding.

In the CLI, you need to use "print dynamic" or "print all" to see all rules. "print" only shows static rules.

ADD: I have User Manager and a hotspot on the same router, but mine is a RB433AH on V4.16.
Here's the "print dynamic" if it's of any use.

I've changed the radius and hotspot profile settings, see how that goes.
Thanks
> ip firewall filter print dynamic
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=forward action=jump jump-target=hs-unauth hotspot=from-client,!auth

1 D chain=forward action=jump jump-target=hs-unauth-to hotspot=to-client,!auth

2 D chain=input action=jump jump-target=hs-input hotspot=from-client

3 D chain=input action=drop protocol=tcp hotspot=!from-client dst-port=64872-6487>

4 I chain=hs-input action=jump jump-target=pre-hs-input

5 D chain=hs-input action=accept protocol=udp dst-port=64872

6 D chain=hs-input action=accept protocol=tcp dst-port=64872-64875

7 D chain=hs-unauth action=return dst-address=*.*.*.*

8 D ;;; ppobj apr/03/2011
chain=hs-unauth action=return dst-address=96.7.96.146

9 D ;;; ppobj apr/03/2011
chain=hs-unauth action=return dst-address=184.24.192.146

10 D ;;; paypal
chain=hs-unauth action=return dst-address=66.211.169.2

11 D ;;; paypal
chain=hs-unauth action=return dst-address=66.211.169.65

12 D ;;; paypal
chain=hs-unauth action=return dst-address=64.4.241.33

13 D ;;; paypal
chain=hs-unauth action=return dst-address=64.4.241.49

14 D chain=hs-input action=jump jump-target=hs-unauth hotspot=!auth

15 D chain=hs-unauth action=reject reject-with=tcp-reset protocol=tcp

15 D chain=hs-unauth action=reject reject-with=tcp-reset protocol=tcp


16 D chain=hs-unauth-to action=return src-address=*.*.*.*

17 D ;;; ppobj apr/03/2011
chain=hs-unauth-to action=return src-address=96.7.96.146

18 D ;;; ppobj apr/03/2011
chain=hs-unauth-to action=return src-address=184.24.192.146

19 D ;;; paypal
chain=hs-unauth-to action=return src-address=66.211.169.2

20 D ;;; paypal
chain=hs-unauth-to action=return src-address=66.211.169.65

21 D ;;; paypal
chain=hs-unauth-to action=return src-address=64.4.241.33

22 D ;;; paypal
chain=hs-unauth-to action=return src-address=64.4.241.49

23 D chain=hs-unauth action=reject reject-with=icmp-net-prohibited

24 D chain=hs-unauth-to action=reject reject-with=icmp-host-prohibited
-- [Q quit|D dump|up]
 
tchus
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Tue Jan 25, 2011 12:08 am

Re: Still no PayPal fix and other UM issues?

Mon Apr 04, 2011 4:20 pm

I'm still not clear as to whether or not the SurferTim PayPal script is needed to resolve the dns-cache issue with PayPal?
Anyone know if that 's been fixed? :? :? :?
 
wesleysa
just joined
Posts: 1
Joined: Mon Apr 11, 2011 4:41 pm

Re: Still no PayPal fix and other UM issues?

Mon Apr 11, 2011 4:58 pm

Hi, Does any one know if there is still underlying bugs with usermanager on routerOS 5.0?

also looking for some help on setting up paypal for users to purchase bundels/packages.

ty,

wez

Who is online

Users browsing this forum: No registered users and 7 guests