I recently upgraded a large hotspot from 2.9.51 to 3.13 After the upgrade I found that the hotspot stops accepting logins after 30 ~ 40 people are logged in. It just stops redirecting people to the login page. I have already ensured that transparent proxy is turned off for ALL user profiles.
Its been a problem from 3.9(ish) right up to and including 3.16
Its not limited to amount of logins (that im aware of)
Something is crashing at mikrotik's end.
I have sent supouts but never get any joy.
It was supposed to be fixed in 3.12 *) fixed bug - web server could lock up at startup (no access to hotspot login page after that);
Although this is not the entire symptoms, as it doesnt just lock up at startup.
The only way to fix is to upgrade-downgrade your firmware. I have found 3.13 to be the most stable, but upgrading/downgrading to 3.9 or 3.15 seems to fix it for me most of the time.
Once you have it back up and running, just wait for it to happen again because it will!
We run x86, mipsle, mipsbe, powerpc all with hotspot and they ALL have the same problem, on 3.9, 3.13, 3.14, 3.15, 3.16
Ohh and another bug, downgrading from 3.16 to 3.13 will remove your hotspot files, be careful to watch out for this as it wont warn you. Did that to me about 80% of the time upon downgrade.
Greetings! Just a couple questions: Is the login page SSL or clear text? Do you have a hostname assigned to the box? If so, is it a legitimate (DNS resolvable) name?
The login page itself is clear text but when you click on submit for username and password the form submission is to an SSL page. ie. The login is done with https but the logon page is in http The hostname is DNS resolvable.
It works for about the first 40 logons and then stops working and won't redirect to the logon page.
Can you give it a try without the SSL logon? I have had some difficulty with SSL pages and the hotspot software. Mine happens with authorize.net for time purchase before login. Same time frame as yours (30-50 purchases), then "page cannot be displayed". Very soon no login page either. Rebooting did not help. Only putting the server ip addresses in /ip hotspot walled-garden ip did any good.
The above poster was right. As soon as you change the auth type to CHAP instead of HTTPS this problem goes away.
MikroTik take note, Hotspot eventually stops accepting new logins (it hangs at the redirect part) when using SSL/HTTPS authentication.
The post above that mentions that he only uses SSL for the purchasing part, not for the authentication login.
As far as the original goes, look at your hosts tab on the hotspot menu. Are there any IP address associated with incorrect MAC addresses? We've been tracking an issue like that on our network since about 3.9 as well. We had thought it was just our network with issue, but maybe we're seeing the same problem.
I didn't check for bad host entries and I'm not converting back to HTTPS auth. My testing went like this... HTTPS auth, hotspot stops accepting sign-ins Change to CHAP, hotspot works Change back to HTTPS, stops working again Change back to CHAP, works again.
You are correct. I do not use the SSL login. But the problem with the SSL purchases eventually affects the login page despite that. When the SSL purchase page loads start failing, it will not be long before the login page will not load either. I have tried everything else, and I am sticking with the setup I have now.
I had to put the ip addresses of the authorize.net servers in /ip hotspot walled-garden ip to get it to work at all.And I also did the same experiment. Install the ips in the walled garden ip, the purchases work. Remove them, and they stop. Reinstall them, they work.
ADD: Just a thought. You might want to try putting your hotspot gateway ip in the walled-garden ip section. And to make it clear, I tried putting the authorize.net server names in /ip hotspot walled-garden and that did nothing, zip, nada! Fail City!
If the Mikrotik team sees this, I would suspect the dns for SSL connections through the hotspot when not authenticated. IPs ok, domain names, not ok. .
I'm using HotSpot with SSL authentication and different walled-gardens rules for different HTTPS pages, everything is working fine. What should I configure to get the same problems as you have ?
Easy. Take 50 or 60 payments through authorize.net, and the SSL connection will suddenly fail. Normally, if I set up the box on Thursday, it will stop taking payments sometime Friday night about 8pm. Then there will be NOTHING you can do to get it restarted, except install the ips of the authorize.net servers in /ip hotspot walled-garden ip
Take them out, the SSL downloads fail Put them in, the SSL downloads work Take them out, the SSL downloads fail
See a pattern? I have had this challenge in every V3.x I have tried. I am now on V3.14 on my boxes. They work fine set up like this, and like I said before, I am not about to change it!
BTW, this is not a big complaint for me. I have a way around it!
ADD: I don't want to mess with my system until March. I have a large group of what could be a very angry mob of snowbirds (winter guests) vacationing here. Something goes wrong, and these people know where I live! If all you northern U.S. and Canadian WISPs wonder where your complaining customers are...
I guess there might be something wrong with proxy. In the latest version, we have fixed some few important things regarding to the proxy operation. It might be the case, why HTTPs stop working after a while. As soon as you will be able, it would be great you upgrade to 3.19 and let us know, whether the same problem with walled-garden is present.
Proxy. I do not mean to seem too skeptical, but that is what was supposedly to blame the last time this happened. I disabled, then enabled the proxy with no joy.
I will try to set up a box with V3.19 in the next day or two and see what happens.
ADD: Even if I set up the box today, I do not have a major purchase day until Feb. 1st. The snowbirds purchase in 30 day increments, and the normal arrival dates in the local condos for long term is the 1st and 15th. The summer months are the busy times here. Northwest Florida here.
I normally do not double post, but I wanted to draw this to your attention. What I meant was that bokad needs help now. He should be the one testing this version because he will see the failures first and much more often if it is failing after 40 or 50 LOGINS!. I can do with what I have. I want it fixed, of course, but I think this is a matter of priority in bokad's favor.
The people that don't use the SSL login and just need to get past the hotspot to get paid, the way above is how to do it.
BTW, thanks to the Mikrotik Teaml. You guys are OK!
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
Login |
View unanswered posts | View active topics
