I have semi-successfully configured the hotspot for a rb150 on ROS v4.11.
Where I seem to be having trouble is with the redirect portion of the hotspot.
The hostname isn't resolving, resulting in a "server not found" message in the browser.
I'm testing from windows and have tried flushing the DNS cache and re-leasing the hotspot IP. Typically the name of the hotspot is not pingable from windows, but is from a terminal in winbox. When I plug the IP address in to the redirected URL (http://192.168.26.1/login?dst=http%3A%2F%2Fwww.google.com%2F), I am able to get the login page.
Any help would be greatly appreciated.
(if I am able to get past this, I have a few other questions about hotspots and bridge plus how to get initial https:// URLs to redirect to the login page)
[admin@MikroTik] > ping hotspot
192.168.26.1 64 byte ping: ttl=64 time=8 ms
192.168.26.1 64 byte ping: ttl=64 time=8 ms
192.168.26.1 64 byte ping: ttl=64 time=8 ms
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 8/8.0/8 ms
[admin@MikroTik] > export
# jan/02/1970 16:58:42 by RouterOS 4.11
#
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1518 mac-address=00:0C:42:12:3D:13 \
master-port=none mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1518 mac-address=00:0C:42:12:3D:14 \
master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1518 mac-address=00:0C:42:12:3D:15 \
master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1518 mac-address=00:0C:42:12:3D:16 \
master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1518 mac-address=00:0C:42:12:3D:17 \
master-port=none mtu=1500 name=ether5 speed=100Mbps
/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers="" \
group-key-update=5m interim-update=0s management-protection=disabled \
management-protection-key="" mode=none name=default \
radius-eap-accounting=no radius-mac-accounting=no \
radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
static-sta-private-algo=none static-sta-private-key="" \
static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" \
wpa2-pre-shared-key=""
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=no
add dns-name=hotspot hotspot-address=192.168.26.1 html-directory=hotspot \
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
name=hsprof1 rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=\
1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set default auth-algorithms=sha1 comment="" disabled=no enc-algorithms=3des \
lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=hs-pool-5 ranges=192.168.26.50-192.168.26.100
/ip dhcp-server
add address-pool=hs-pool-5 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether5 lease-time=1h name=dhcp1
/ip hotspot
add address-pool=hs-pool-5 addresses-per-mac=2 disabled=no idle-timeout=5m \
interface=ether5 keepalive-timeout=none name=hotspot1 profile=hsprof1
/port
set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none \
stop-bits=1
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default \
use-compression=default use-encryption=default use-vj-compression=default
set default-encryption change-tcp-mss=yes comment="" name=default-encryption \
only-one=default use-compression=default use-encryption=yes \
use-vj-compression=default
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
5
set default-small kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment="" disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set default comment="" disabled=no distribute-default=never in-filter=ospf-in \
metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=\
auto metric-rip=20 metric-static=20 name=default out-filter=ospf-out \
redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \
redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 comment="" disabled=no instance=default name=\
backbone type=default
/snmp
set contact="" enabled=no engine-boots=0 engine-id="" location="" \
time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=\
DES name=public read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote=0.0.0.0:514 src-address=0.0.0.0 \
syslog-facility=daemon syslog-severity=auto target=remote
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-only boot-protocol=bootp \
cpu-frequency=175MHz cpu-mode=regular enable-jumper-reset=yes \
enter-setup-on=any-key force-backup-booter=no silent-boot=yes
set baud-rate=115200 boot-delay=2s boot-device=nand-only boot-protocol=bootp \
cpu-frequency=175MHz cpu-mode=regular enable-jumper-reset=yes \
enter-setup-on=any-key force-backup-booter=no silent-boot=yes
/user group
add comment="" name=read policy="local,telnet,ssh,reboot,read,test,winbox,pass\
word,web,sniff,sensitive,!ftp,!write,!policy"
add comment="" name=write policy="local,telnet,ssh,reboot,read,write,test,winb\
ox,password,web,sniff,sensitive,!ftp,!policy"
add comment="" name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy\
,test,winbox,password,web,sniff,sensitive"
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
no
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
default enabled=no keepalive-timeout=60 mac-address=FE:BF:48:6A:70:1A \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.13.254/24 broadcast=192.168.13.255 comment="" disabled=no \
interface=ether1 network=192.168.13.0
add address=192.168.26.1/24 broadcast=192.168.26.255 comment=\
"hotspot network" disabled=no interface=ether5 network=192.168.26.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.26.0/24 comment="hotspot network" gateway=192.168.26.1
add address=192.168.88.0/24 comment="" gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 servers=192.168.13.1
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.26.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name=admin password=secret profile=default
/ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
set ether5 discover=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
0.0.0.0
/ip route
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.13.1 scope=30 target-scope=10
/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
add comment="" disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
use-explicit-null=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default
/radius incoming
set accept=no port=3799
/routing bfd interface
set all comment="" disabled=no interface=all interval=0.2sec min-rx=0.2sec \
multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
routing-table=main timeout-timer=3m update-timer=30s
/store
add comment="" disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=manual
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system console
add disabled=no port=serial0 term=vt102
/system health
set
/system identity
set name=MikroTik
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
100
/tool e-mail
set from=<> password="" server=0.0.0.0:25 username=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 \
filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=\
yes interface=all memory-limit=10 memory-scroll=no only-headers=no \
streaming-enabled=no streaming-server=0.0.0.0
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
[admin@MikroTik] >
Re: Hotspot redirect weirdless
a) make sure the router can resolve DNS. Open a terminal and run ":resolve www.google.com;". If you don't get a result, edit the "/ip dns" settings until the router has a functional DNS configuration
b) edit the DNS name in the Hotspot profile. Right now it is set to just "hotspot" - that won't work, use a FQDN with a proper TLD, such as "myhotspot.com".
In the future please use code tags as that makes exported configuration much easier to read, and if you know which parts are important take out the non-relevant parts. Thank you for posting the export, though.
b) edit the DNS name in the Hotspot profile. Right now it is set to just "hotspot" - that won't work, use a FQDN with a proper TLD, such as "myhotspot.com".
In the future please use code tags as that makes exported configuration much easier to read, and if you know which parts are important take out the non-relevant parts. Thank you for posting the export, though.