Community discussions

MikroTik App

Search found 520 matches

  • 1
  • 2
by reinerotto
Wed Mar 20, 2024 12:43 am
Forum: General
Topic: Use Mikrotik's HotSpot solution to unblock Wireguard???
Replies: 24
Views: 1730

Re: Use Mikrotik's HotSpot solution to unblock Wireguard???

tailscale might be best and simplest solution. Especially, because there is also (open source) headscale available, a do-it-yourself central manager, in case you do not trust a third party.
by reinerotto
Sat Mar 09, 2024 11:16 am
Forum: Beginner Basics
Topic: DNS setup with AdGuard and static hosts
Replies: 5
Views: 544

Re: DNS setup with AdGuard and static hosts

In case, you have a MT, which is officially supported to run openwrt, after flashing openwrt, you can do what you are asking for.
by reinerotto
Thu Aug 31, 2023 8:28 am
Forum: General
Topic: Multi-carrier SIM in the USA ?
Replies: 0
Views: 967

Multi-carrier SIM in the USA ?

Is there a reliable multi-carrier SIM-provider in the USA, to allow usage of ATT&T or Verizon ?
by reinerotto
Wed May 17, 2023 8:35 am
Forum: General
Topic: LTE problems Quectel EC25
Replies: 12
Views: 1903

Re: LTE problems Quectel EC25

>All 3 of the devices that worked for 5 minutes are all listed as "supports Verizon". < This is not clear to me. Do you find these devices on Verizons website, confirming, they are _certified_by_Verizon ? If not, no need to go any further. BTW, Mikrotiks devices are _NOT_ certified, AFAIK....
by reinerotto
Sun Apr 30, 2023 9:30 am
Forum: General
Topic: 3rd Party Software
Replies: 4
Views: 1273

Re: 3rd Party Software

Golden Orb is some type of fork of "official" openwrt. Goggle for openwrt and your device type. You should find some instructions for flashing openwrt, or for restoring factory (MT) software.
by reinerotto
Sat Apr 22, 2023 8:12 am
Forum: General
Topic: ATT or VZ certification ?
Replies: 0
Views: 246

ATT or VZ certification ?

Is there any mobile router from MT, which is certified for ATT or Verizon ?
For commercial installations, using some type of cheating here is too risky.
Certification of the device is the most important, because intending to use Quectel-AF modem, which is certified already.
by reinerotto
Mon Apr 10, 2023 8:53 am
Forum: General
Topic: Web Proxy
Replies: 5
Views: 624

Re: Web Proxy

Then you should have a look at squid proxy. Not to run on MT, AFAIK, so you will need a small LINUX host.
However, steep learning curve, for what you want to achieve. But doable.
by reinerotto
Sat Apr 08, 2023 9:11 am
Forum: General
Topic: LTE problems Quectel EC25
Replies: 12
Views: 1903

Re: LTE problems Quectel EC25

1) VZ detects your non-certified hardware and drops connection.
2) You are leaking irregular traffic to Verizon, i.e. packets from LAN, without being NATted. VZ disconnects in this case.
tcpdump your traffic to VZ.
by reinerotto
Fri Apr 07, 2023 9:29 am
Forum: General
Topic: How to limit a specific IP address to 2 hours per day?
Replies: 42
Views: 3956

Re: How to limit a specific IP address to 2 hours per day?

As mentioned already, hotspot functionality should do it. macauth + radius "daily session time".
I am writing "should do it", because standard MT hotspots are not so advanced like coova-chilli hotspots, running on openwrt.
by reinerotto
Tue Mar 28, 2023 9:39 am
Forum: General
Topic: Modern way to stop ISP customers with WEB redirect
Replies: 9
Views: 789

Re: Modern way to stop ISP customers with WEB redirect

some devices like Huawei routers have option to redirect user to some SITE for information - thou we don't know how they do it
Interesting. Did you verify, that this also worked flawlessly for HSTS sites ?
by reinerotto
Mon Mar 27, 2023 11:05 pm
Forum: General
Topic: LTE problems Quectel EC25
Replies: 12
Views: 1903

Re: LTE problems Quectel EC25

I am using the EC25-V in a large fleet of openwrt-routers, for IoT, because EC25-V AND the router itself are certified by Verizon to be used in their network. The EC25-AF also is certified by Verizon, AFAIK. Whether EC25-A is certified, I do not know. AFAIK Mikrotik devices are not officially certif...
by reinerotto
Sat Mar 25, 2023 7:29 am
Forum: General
Topic: LTE problems Quectel EC25
Replies: 12
Views: 1903

Re: LTE problems Quectel EC25

EC25-A is not for usage on Verizon. Only EC25-AF or EC25-V.
Anyway, you confirmed, that the usage of your LHG-R and EC25-AF (or EC25-V) is properly supported/registered with Verizon ?
by reinerotto
Mon Mar 06, 2023 8:19 am
Forum: Beginner Basics
Topic: Remote DNS Request, Block Client Device [SOLVED]
Replies: 6
Views: 1032

Re: Remote DNS Request, Block Client Device [SOLVED]

> it will be nice bounce if we could do something like making a specific domain works only for a specific device.<
You can do this, in case you can install a special service (i.e. DNS-server or DNS-forwarder; router) in the location of your "specifc device". To catch the mac.
by reinerotto
Wed Mar 01, 2023 8:23 am
Forum: Beginner Basics
Topic: i want a script to remove hosts if they used 1gb
Replies: 9
Views: 1018

Re: i want a script to remove hosts if they used 1gb

well my problem is if i set lets say 10gb to a user and the user used 9gb of them then the next time he opens the internet if he used the remaining 1 gb it wont automatically cut him off the internet it'll wait until he logs out or the host is removed somehow Using "serious" Captive Porta...
by reinerotto
Tue Feb 28, 2023 10:42 am
Forum: General
Topic: How to mass configure 50 hAP units ?
Replies: 19
Views: 1965

Re: How to mass configure 50 hAP units ?

We are provisioning about 200 devices a month. And yeah, it would be very nice to have some sort oft automatisation. All device run their own config - so every device is NOT a copy of another. Using openwrt-based, customized firmware image, my client(s) also provision lot of devices every month, fo...
by reinerotto
Mon Feb 27, 2023 3:44 pm
Forum: General
Topic: Hotspot Rate Limit without dynamic queue?
Replies: 2
Views: 512

Re: Hotspot Rate Limit without dynamic queue?

Use a "serious" hotspot software, like coova-chilli + openwrt. Which has a CoA-similar mechanism built in, for more than 10 years already. Its called 'acctupdate', which means, when sending accounting info from hotspot device to radius, it _might_ pass back update of session pars, i.e. ses...
by reinerotto
Mon Feb 13, 2023 4:01 pm
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 85
Views: 18210

Re: Block Youtube on computers and smartphone apps

All this posts, but still valid what is written on post #2... Please, stop to spread wrong info. You can not assume, that, in case, you did not succeed in blocking, nobody else can do, as well. I.e. what does any browser, trying to use QUIC, in case UDP port 443 blocked in router ? There is an old ...
by reinerotto
Sat Feb 04, 2023 2:56 am
Forum: General
Topic: Which LTE/5G Solution?
Replies: 20
Views: 2753

Re: Which LTE/5G Solution?

Can Mikrotik provide that info?
They should. But you can look online on Verizons pages, for certified devices, not being org Verizon products.
by reinerotto
Sat Feb 04, 2023 2:53 am
Forum: General
Topic: Which LTE/5G Solution?
Replies: 20
Views: 2753

Re: Which LTE/5G Solution?

I support a large fleet of IoT devices, using Verizon. However, the fully certified routers and modems are not Mikrotik. But also from the Baltic states :-)
by reinerotto
Sat Feb 04, 2023 2:40 am
Forum: General
Topic: Which LTE/5G Solution?
Replies: 20
Views: 2753

Re: Which LTE/5G Solution?

Be very careful, when connecting Mikrotik to Verizon. They are _very_ strict in their certification policy, which means, you need to make shure, that the Mikrotik equipment is certified from Verizon to be used on their mobile network.
See here: viewtopic.php?t=193243
by reinerotto
Thu Feb 02, 2023 6:08 am
Forum: Beginner Basics
Topic: (Mikrotik LHGG LTE6) LTE randomly disconnects multiple times a day [SOLVED]
Replies: 17
Views: 2947

Re: (Mikrotik LHGG LTE6) LTE randomly disconnects multiple times a day [SOLVED]

May be, renewal of IP does not work properly ? How long is IP valid ?
by reinerotto
Sun Jan 29, 2023 1:59 pm
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 85
Views: 18210

Re: Block Youtube on computers and smartphone apps

Actually, not enforced everywhere. Does youtube enforce it ?
by reinerotto
Sun Jan 29, 2023 1:00 pm
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 85
Views: 18210

Re: Block Youtube on computers and smartphone apps

Applaus.
You did the "teaching", I was too lazy for. Assuming, my hints would trigger some thinking.
BTW: SNI intercept can also help in blocking youtube etc.
by reinerotto
Sun Jan 29, 2023 5:53 am
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 85
Views: 18210

Re: Block Youtube on computers and smartphone apps

Until you do not have full control of user device, you can not stop DoH & Co. with pihole (and neither the VPNs). Not absolutely correct. You _can_ stop DoH/DoT, and VPNs as well, at least, many or most of them. I.e. for WiFi in schools, this is an important feature. You can _not_ block DoH wit...
by reinerotto
Fri Jan 27, 2023 1:45 am
Forum: General
Topic: MUM plans for 2023?
Replies: 52
Views: 8953

Re: MUM plans for 2023?

Would like to hold a presentation there, like: "The advantages of running openwrt on mikrotik hardware, especially for hotspots".
Question is, whether accepted by Mikrotik ...
by reinerotto
Mon Jan 23, 2023 3:02 am
Forum: Beginner Basics
Topic: Force DNS not working in mobile phones
Replies: 7
Views: 1008

Re: Force DNS not working in mobile phones

I did something very similar, running openwrt on a mikrotik, to include customized DNS-server/recursor, similar to pi-hole, in same box.
by reinerotto
Sun Jan 22, 2023 7:43 am
Forum: Beginner Basics
Topic: Force DNS not working in mobile phones
Replies: 7
Views: 1008

Re: Force DNS not working in mobile phones

You "simply" have to block all the IPs of the well-known DoH or DoT servers on the router, to force the usage of simple DNS. Still a small loophole, in case somebody runs his private DoH-server, though. Or your list of well-known Doh/DoT-Servers is incomplete; requires regular updates, of ...
by reinerotto
Sun Jan 22, 2023 5:09 am
Forum: Beginner Basics
Topic: Force DNS not working in mobile phones
Replies: 7
Views: 1008

Re: Force DNS not working in mobile phones

There are a few issues, you have to consider, when doing this.
- Is IPv6-DNS also redirected to pi-hole ?
- Is DoH blocked ?
- Is DoT blocked ?

Nowadays, quite often DoH is used by default. Which renders the method from the video useless.
by reinerotto
Fri Jan 20, 2023 4:53 am
Forum: General
Topic: WireGuard export visible private key??
Replies: 3
Views: 1986

Re: WireGuard export visible private key??

Now, they would be connecting with their WG IP address so the perpetrator of issues would be 'trackable'
Not necessarily, because WG IP can be easily changed.
by reinerotto
Thu Jan 19, 2023 9:02 am
Forum: General
Topic: Return same IP for all DNS queries.
Replies: 8
Views: 874

Re: Return same IP for all DNS queries.

#In case, your mikrotikdevice is officially supported by openwrt, #flash openwrt to your mikrotik, log into the router, i.e. via ssh or putty, and then it is just a one-liner: echo 'address=/#/ONLYIP' >> /etc/dnsmasq.conf #i.e. echo 'address=/#/192.168.1.1' >> /etc/dnsmasq.conf #reboot #This will fo...
by reinerotto
Wed Jan 18, 2023 5:18 am
Forum: Beginner Basics
Topic: MQTT publish on new device connected
Replies: 4
Views: 1388

Re: MQTT publish on new device connected

I'd argue this is way easier on Mikrotik, than using OpenWRT and somehow integrating "mosquito" and "bash" [and cron and reading the dnsmasq leases]. #Sorry,but I have to correct you. #All you have to do on openwrt is to log into openwrt-shell, using ssh or putty, for example, a...
by reinerotto
Fri Jan 13, 2023 3:27 pm
Forum: Beginner Basics
Topic: unable to install openWRT on my RB951ui
Replies: 12
Views: 1414

Re: unable to install openWRT on my RB951ui

is it true that the MT feature become more diversitile if we install openWRT firmware on it..? I did my first hotspot systems on mikrotiks, many years ago. Later on, I switched to openwrt for this purpose, because much more open, with many more packages to choose from, giving the opportunity of som...
by reinerotto
Fri Jan 13, 2023 3:11 pm
Forum: Beginner Basics
Topic: MQTT publish on new device connected
Replies: 4
Views: 1388

Re: MQTT publish on new device connected

You can do this using a more appropriate device, instead of a mikrotik. I.e. a router, running openwrt.
However, _may_be, even your mikrotik is officially supported, to run openwrt. Then you only need to switch OS,
and you can use mosquitto and bash, to achieve your goal.
by reinerotto
Mon Jan 09, 2023 6:33 am
Forum: Beginner Basics
Topic: save DNS request from Clients using mikrotik
Replies: 5
Views: 587

Re: save DNS request from Clients using mikrotik

You could add your "private" DNS server plus logging to your network. However, depending upon knowledge of your clients, they might bypass this. Or the browser used does this by default itself, already. I.e. using DoH, which would need some additional tricks for you against it. A completel...
by reinerotto
Sat Aug 13, 2022 10:27 am
Forum: Beginner Basics
Topic: Is MikroTik a good start for a complete noob?
Replies: 10
Views: 2268

Re: Is MikroTik a good start for a complete noob?

I think, for your purpose a router, based on openwrt, is the better solution. SImply, because it is much closer to a real LINUX system like ubuntu, than the mikrotik stuff. In fact, openwrt is a "shrinked down" LINUX, but also having a GUI for the common setups. But you can always change t...
by reinerotto
Wed Aug 10, 2022 10:04 pm
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 85
Views: 18210

Re: Block Youtube on computers and smartphone apps

The only real problem is the usage of VPN.
Everything else can be taken care of.
by reinerotto
Wed Aug 03, 2022 9:21 am
Forum: Beginner Basics
Topic: LTE Modems: Safe for frequent/abrupt power loss?
Replies: 6
Views: 857

Re: LTE Modems: Safe for frequent/abrupt power loss?

" ... shut down gracefully ..." means something like "shutdown" or "halt" to the device. And then, to switch off power to the device, like pulling the plug. As I read, MTs _should_ withstand abrupt power cut, but I am coming from industrial environments with high reliab...
by reinerotto
Sun Jul 31, 2022 9:59 am
Forum: Beginner Basics
Topic: LTE Modems: Safe for frequent/abrupt power loss?
Replies: 6
Views: 857

Re: LTE Modems: Safe for frequent/abrupt power loss?

In a professional, industry grade install, you have a small battery for buffering, to shut down gracefully in case of power loss.
When using in a vehicle, this also will take care of power fluctuations, especially during start up of the engine.
by reinerotto
Thu Jul 28, 2022 9:30 am
Forum: General
Topic: Content Filter Options for Mikrotik
Replies: 8
Views: 4083

Re: Content Filter Options for Mikrotik

I did several variants of what you are talking about, however, on a commercial basis, either built into openwrt devices, OR server based.
Feel free to contact me on my adrs augustus_meyer at yahoo.de , for details.
by reinerotto
Sat Jun 18, 2022 1:06 pm
Forum: General
Topic: Cloud based Mikrotik Controller and Management
Replies: 15
Views: 5952

Re: Cloud based Mikrotik Controller and Management

As a developer, I did various custom management services for openwrt-routers, for various clients, mostly in the area of hotspots. Clients have all sources, of course. So no public open source, but open to the client himself. Thus, the answer in short: No 3rd party stuff. In case of more general man...
by reinerotto
Sat Jun 18, 2022 1:00 pm
Forum: General
Topic: Content Filter Options for Mikrotik
Replies: 8
Views: 4083

Re: Content Filter Options for Mikrotik

Having done various "flavors" of custom DNS, similar to OpenDNS, for WISPs, not willing to pay royalties because of commercial use, I do not completely understand your requirements, And your critics, that you used 4 different DNS based content filtering solutions, not being good enough. Wh...
by reinerotto
Sat Jun 18, 2022 12:43 pm
Forum: General
Topic: Cloud based Mikrotik Controller and Management
Replies: 15
Views: 5952

Re: Cloud based Mikrotik Controller and Management

I consider the critics here, regarding security and confidentiality of a cloud based service, not to be fair. Although, I have switched from using miktotik for custom hotspots many years ago, _ALSO_ because of the fact, that RoS is _NOT_ open source. Therefore, critics regarding security and confide...
by reinerotto
Tue May 17, 2022 7:37 pm
Forum: Beginner Basics
Topic: Need product recommendation
Replies: 9
Views: 1341

Re: Need product recommendation

+1.
Using wireguard on openwrt, which is much more "Linux" than MTs stuff, is straight forward.
by reinerotto
Tue May 17, 2022 10:12 am
Forum: General
Topic: how to kick off hotspot user only if they reach time and data limit
Replies: 5
Views: 1387

Re: how to kick off hotspot user only if they reach time and data limit

What you want, can be controlled using RADIUS (i.e. freeradius). I do exactly what you want on hotspots, running openwrt, using coova-chilli as captive portal (which is the most flexible, but most complicated CP), which cooperates with RADIUS. To get rid of the bad guys, downloading or watching high...
by reinerotto
Tue May 17, 2022 9:58 am
Forum: General
Topic: Forcing DNS traffic to open DNS [SOLVED]
Replies: 12
Views: 4620

Re: Forcing DNS traffic to open DNS [SOLVED]

Certain RB2011 models are officially supported by openwrt. Which allows much more customization for special applications, like yours, because being totally opensource. I.e. content filtering can be forced much better running openwrt compared to RoS, using certain packages of openwrt. In your case, D...
by reinerotto
Tue May 17, 2022 9:29 am
Forum: Beginner Basics
Topic: Need product recommendation
Replies: 9
Views: 1341

Re: Need product recommendation

Alternative, probably faster than zerotier, and no license hassles, but requiring more tech know-how for setup: Use wireguard as VPN. wireguard-"client" on local router, setting up tunnel to private wireguard-"server" on the web. You can do this with mikrotik equipment, but also ...
by reinerotto
Mon May 02, 2022 11:28 pm
Forum: General
Topic: If wireguard fails to connect, it won't ever try again
Replies: 35
Views: 8888

Re: If wireguard fails to connect, it won't ever try again

On openwrt I _MUST_ make shure, that NTP syncs the system time, before wireguard starts up. Which needs re-arranging the startup-sequence regarding NTP service, and single-shot update of system time via NTP, not just graceful adjustment in small increments, to be on safe side or to handle worst case...
by reinerotto
Mon May 02, 2022 11:08 pm
Forum: General
Topic: If wireguard fails to connect, it won't ever try again
Replies: 35
Views: 8888

Re: If wireguard fails to connect, it won't ever try again

Today the power went out, and when it came back online, the router did not reconnect to the VPN. It seems that while the cable modem was reconnecting, wireguard failed to handshake and then the router just never tried again. It is not a wireguard problem, but MTs implementation/usage of wireguard. ...
by reinerotto
Tue Apr 26, 2022 9:17 am
Forum: General
Topic: redundant hardware or spare in entreprise infrastructure [SOLVED]
Replies: 5
Views: 1303

Re: redundant hardware or spare in entreprise infrastructure [SOLVED]

In the good old days, when providing process control computers to airport environments, we used a simple switchover technique, triggered manually. The backup system was on cold stand-by, all external interfaces (DI/DO, serial lines ...) were switched from the failed live system to the backup using o...
by reinerotto
Sat Apr 23, 2022 10:28 pm
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 64
Views: 68269

Re: Recommend way to block Ads with Mikrotik

"Some reading ..." confirms my statement from above. Thank you.
by reinerotto
Sat Apr 23, 2022 1:13 pm
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 64
Views: 68269

Re: Recommend way to block Ads with Mikrotik

1) Since you can not see what's inside HTTPS packages, you can not know if its a web site or DoH traffic. 2) And since any can setup a DoH or DoT server, there are no way you can block this. 1) Since every "well-known DoH-server" has an IP, its possible to block. Or after interception of ...
by reinerotto
Fri Apr 22, 2022 4:51 pm
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 64
Views: 68269

Re: Recommend way to block Ads with Mikrotik

How can you ever block all DoH servers?
Not possible, of course. But possible to block the "well known" DoH servers.
by reinerotto
Fri Apr 22, 2022 12:57 pm
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 64
Views: 68269

Re: Recommend way to block Ads with Mikrotik

DoH in your browser will however bypass both your local DNS or local DoH server settings.
Not necessarily.
Because DoH server can be blocked, and then fallback to standard DNS.
by reinerotto
Fri Apr 22, 2022 12:52 pm
Forum: Beginner Basics
Topic: Local DNS - not on Mikrotik but on WinSrv
Replies: 20
Views: 2942

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

I think you could even run openwrt on some mikrotik devices, and then install pihole with unbound.
+1
Or to use dnsmasq, or even powerDNS with openwrt, running on some MT devices.
Done that.
by reinerotto
Mon Jan 10, 2022 2:12 am
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

@reinerotto To solve this discussion. Give me a VPN to a site that you control and is porn secure, and I can send you some print screen show what I can get when using your VPN. (As long as you have standard usable open net. Not all IP blocked.) First of all, the fact, that you still did not provide...
by reinerotto
Sun Jan 09, 2022 1:16 pm
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

I do not spread wrong information.
You still did not answer my question, how you can you claim, 100% control about clients is required, to block porn.
Which I also consider, to be wrong.
by reinerotto
Sun Jan 09, 2022 8:18 am
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

Running openwrt on certain mikrotiks, so I have the permission to be here, I assume.
However, I consider it a good idea, to correct the spreading of some wrong and bad desinformation, in case I encounter it, by chance.
To fight the degradation of software quality.
by reinerotto
Sun Jan 09, 2022 4:19 am
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

Posts #11 and #65 already give a good start. And then to use the few rules, posted here already, to redir all DNS-requests to openDNS, for example. There are lists of the "well known" DoH-Servers on the web. Block access to them on the RB, using firewall. Finally, implement "Force Saf...
by reinerotto
Sun Jan 09, 2022 2:32 am
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

1) Just google on how to ignore the Force Safe Search and you are done. 2) Or you can just change browser. 3) Again: Without 100% control of all clients, you can not block porn. 4) @reinerotto What are you trying to defend here with all this posts? That its easy to to block porn with RotuerOS? 1,2)...
by reinerotto
Sat Jan 08, 2022 5:44 pm
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

The statement "porn is unblockable" is wrong already, when at least ONE porn site is automatically recognized and blocked.
by reinerotto
Sat Jan 08, 2022 5:06 pm
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

Yes, that is the simple, general method to intercept all DNS requests, and force them to a specific server. Thus, it can be used to force usage of own, custom DNS server to perform the porn filtering by domain, and force the safe search. Because I do not really trust 3rd party services, which might ...
by reinerotto
Sat Jan 08, 2022 2:18 pm
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

"That is something possible with RouterOS, just require using /ip/dns commands instead of OpenWRT's dnsmasq config ." OK, I di dnot know, because I do not know RoS so well. Dropped usage of RoS for hotspots many years ago, because not the best platform for this type of app. Sorry, I do not...
by reinerotto
Sat Jan 08, 2022 10:39 am
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

You are wrong, in regards regarding clients: "Force Safe Search" is possible _WITHOUT_ doing anything on the clients. Just read the docs about it. You are right, that this is not possible on Mikrotik, running RoS. In case, the mikrotik is running openwrt, you can do it. Installation accord...
by reinerotto
Sat Jan 08, 2022 3:16 am
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

"I would say closer to 80%, not 99.9% Example when search for "sex" in google.com using any browser, how would you block that." Bad example: Various methods to force "Safe Search" for bing, google, etc. For details, google "How to force safe search google". un...
by reinerotto
Fri Jan 07, 2022 6:26 am
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

Porn is unblockable. This is wrong generalization. Correct is: "Porn is not 100% blockable, but 99.9%". Assuming proper knowledge and tools, of course. MT enthusiasts should not think, the limits of RoS also apply to standard ubuntu, for example. Or openwrt. When going down to porn blocka...
by reinerotto
Thu Jan 06, 2022 3:31 pm
Forum: General
Topic: feature request ADVANCED DNS Server
Replies: 46
Views: 18611

Re: feature request ADVANCED DNS Server

I think, you are asking for too much. RoS is a routers operating system. As an alternative, in case you need DNS-Server functionality, use openwrt, which also runs on a few selected MTs. It also does routing, of course. But I even run powerdns on it. dnsmasq is standard, but you can also use unbound...
by reinerotto
Thu Jan 06, 2022 4:13 am
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

The funny part is, you consider setup of private DoH-Server to be simple. But you do not recognise the (technical) difference between blockage of (porn-)domains, which usually is good enough, and blockage of specific (porn-)URLs. BTW: A "clever' guy, trying to circumvent DNS based blockage, wou...
by reinerotto
Wed Jan 05, 2022 10:33 am
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

Intercept of https and de-crypt/ inspect/ en-crypt requires cert installs on clients, as decribed. 1) This is what I was looking for. Since you need to do some with the clients, this is more or less the same as how Palo Alto or Forcepoint works. Only a solution for company that has 100% controls of...
by reinerotto
Wed Jan 05, 2022 3:33 am
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

@Jotne Very comprehensive how web filter works in untangle https://wiki.untangle.com/index.php/Web_Filter At first glance, part of it contains a commercial version of squid, to intercept http(s). Impossible to be done on MT, but, as I wrote already, to be done yourself on openwrt device, or small L...
by reinerotto
Wed Jan 05, 2022 3:21 am
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

In Turkey they blocked various sites, like Wikipedia. DoH fixed access to it. So please show me a solution that are up to 100% secure without controlling the clients. Obviously, you did not read my post. Or, you did not understand. Then it does not make sense, to explain more details to you, regard...
by reinerotto
Tue Jan 04, 2022 4:07 pm
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

It was just to show that trying to block some are more complicated and nearly impossible today. You are correct, when stating "nearly". But it is much closer to 100%, as your comments suggest. Unfortunately, I doubt everything can be done on a MT, as not "open" enough. openwrt-d...
by reinerotto
Tue Jan 04, 2022 4:05 pm
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

Turn off safe search on your google search
You can block google.com, but then just use bing.com instead. Same problem.
No.
You can force safe search, both for google, and for bing, on the router.
by reinerotto
Tue Jan 04, 2022 4:03 pm
Forum: General
Topic: How do I block pronographic images in my RB?
Replies: 82
Views: 18651

Re: How do I block pronographic images in my RB?

add action=dst-nat chain=dstnat comment="block porn" dst-port=53 protocol=udp src-address-list="BLOCK PORN" to-addresses=208.67.222.123 to-ports=53 There is no way to construct a rule that will match DNS over HTTPS traffic in that same way. However, you can block access to (know...
by reinerotto
Fri Nov 12, 2021 5:42 pm
Forum: General
Topic: Connection Problem with Verizon
Replies: 3
Views: 983

Re: Connection Problem with Verizon

Unfortunately, no change.
Thank you, anyway, will keep the rules, of course.
by reinerotto
Tue Nov 09, 2021 8:16 am
Forum: General
Topic: Connection Problem with Verizon
Replies: 3
Views: 983

Connection Problem with Verizon

I have multiple identical routers, equipped with Quectel EC25-V, to be connected to Verizon. Using PPPD, about 60% of all the routers connect (receive IP) immediately, the other connect after many retries, after a few hours sometimes. Even, if the devices are located just side by side. A suspicion o...
by reinerotto
Fri Oct 01, 2021 1:46 am
Forum: Beginner Basics
Topic: url filtering on ssl traffic through Web Proxy Configuration
Replies: 15
Views: 4439

Re: url filtering on ssl traffic through Web Proxy Configuration

There are several caveats: If the packet with the SNI is fragmented, the firewall rule is not triggered. This is also a limitation of MT. Because an openwrt-device, for example, can run squid, which is able to "examine" the complete SNI, and filter it, on higher level. Which means, this l...
by reinerotto
Fri Oct 01, 2021 1:39 am
Forum: Beginner Basics
Topic: url filtering on ssl traffic through Web Proxy Configuration
Replies: 15
Views: 4439

Re: url filtering on ssl traffic through Web Proxy Configuration

@rextended There is no way, and the vendor do not have any importance. This is definitely not correct. Or, in your words, "idiotic". A MT-device actually does not run something like squid as intercept/explicit proxy. Which is the "kernel", required for https-url-filtering. But lo...
by reinerotto
Thu Sep 30, 2021 7:09 pm
Forum: Beginner Basics
Topic: url filtering on ssl traffic through Web Proxy Configuration
Replies: 15
Views: 4439

Re: url filtering on ssl traffic through Web Proxy Configuration

In case, you did it already using squid, then you can do it on openwrt-device the same way. And use the box as a router, too, of course.
For such "tricks", MT is not the best choice. Because closed, unfortunately.
by reinerotto
Thu Sep 30, 2021 8:11 am
Forum: Beginner Basics
Topic: url filtering on ssl traffic through Web Proxy Configuration
Replies: 15
Views: 4439

Re: url filtering on ssl traffic through Web Proxy Configuration

This is not absolutely correct. There are proxies, which intercept HTTPS-traffic, de-/recipher the request, and allow URL-filtering. However, this needs installation of certs on the client devices, which is possible only on local nets. Does not work for certain sites, using pinned certs, though. All...
by reinerotto
Mon Aug 17, 2020 9:02 am
Forum: General
Topic: Blocking web page
Replies: 10
Views: 2617

Re: Blocking web page

mikrotiks first of all are routers. All other functionalities are addons, usually good enough for average requirements.
However, for (ad-)blocking I use an openwrt-device. Which has many more possibilities.
by reinerotto
Sun Aug 16, 2020 9:51 am
Forum: General
Topic: Feature request: Static DNS NXDOMAIN
Replies: 11
Views: 5515

Re: Feature request: Static DNS NXDOMAIN

Does the definition of this canary domain 'use-application-dns.net' for FF really disable DoH ? I have FF 79, connected to non-MT router, running dnsmasq. And I can not see any access to this domain in my logs. May be, FF dropped this option recently ? As a workaround, I block access to many well-kn...
by reinerotto
Tue Aug 04, 2020 12:07 am
Forum: General
Topic: Timeout instead of proxy error page when using https
Replies: 6
Views: 2618

Re: Timeout instead of proxy error page when using https

You are bound to the limitations of RoS. In general, it is possible to achieve, what you want, _BUT_ getting a security warning from the browser, first, because of wrong certificate. I do this on openwrt, however. Which is more suited for such tasks. Which are typical for advanced hotspots, requirin...
by reinerotto
Fri Jun 05, 2020 8:36 am
Forum: Beginner Basics
Topic: How can I block website / mp3 etc (string) without proxy ?
Replies: 5
Views: 2598

Re: How can I block website / mp3 etc (string) without proxy ?

If you are filtering Facebook, use NAT instead to redirect the Facebook connection to a local server that will serve a page.
Clever. Thanx a lot.
by reinerotto
Fri Feb 07, 2020 6:10 pm
Forum: Beginner Basics
Topic: Activate Safe Search based on WiFi network selected
Replies: 1
Views: 1403

Re: Activate Safe Search based on WiFi network selected

On openwrt, I do it using multiple instances of dnsmasq.
by reinerotto
Sun Jan 26, 2020 2:32 pm
Forum: General
Topic: Offline Hotspot.
Replies: 3
Views: 1821

Re: Offline Hotspot.

>the browser needs to resolve to check ifs there connection< AFAIK, this is done trying DNS. In standard hotspots, DNS works. You should do detailed analysis, whats going on between browser and router. I.e. using tcp-dump. Be warned, that "Captive Portal Detection" is similar for Andoid an...
by reinerotto
Mon Jan 20, 2020 2:43 pm
Forum: General
Topic: Hotspot with mac-login, external captive portal and RADIUS auth - How to force a second auth request
Replies: 13
Views: 5345

Re: Hotspot with mac-login, external captive portal and RADIUS auth - How to force a second auth request

Because openwrt is open source, coova-chilli can be used as Captive Portal. Like on more expensive comercial hotspot systems. coova-chilli can be configured, first to try MAC-auth, when users device associates. In case of success, user can immediately reach the web. In case of failure, coova-chilli ...
by reinerotto
Tue Oct 01, 2019 10:47 pm
Forum: General
Topic: How to configure auto login feature into Freeraius
Replies: 1
Views: 756

Re: How to configure auto login feature into Freeraius

Although this question is not MT-specific, as a general guideline you need to use MAC-based auth on the second login. Which is to be set up both on freeradius, and the hotspot itself.
Sorry, no details for MT, as I only do openwrt-based hotspots. More suited for advanced configs.
by reinerotto
Tue Oct 01, 2019 4:19 pm
Forum: General
Topic: Recommended hotel hotspot management software?
Replies: 7
Views: 2995

Re: Recommended hotel hotspot management software?

OP not asking for radius only. Radius usually is part of any good management system, but only small part.
by reinerotto
Tue Oct 01, 2019 7:58 am
Forum: General
Topic: Recommended hotel hotspot management software?
Replies: 7
Views: 2995

Re: Recommended hotel hotspot management software?

This is not the right place to make recommendations out of mikrotiks environment.
For openwrt based systems, which includes several mikrotik devices, hotspotsystem.com is a good choice. Or ct-networks.io

I have no connections with both.
by reinerotto
Mon Sep 30, 2019 10:02 pm
Forum: General
Topic: Recommended hotel hotspot management software?
Replies: 7
Views: 2995

Re: Recommended hotel hotspot management software?

Unfortunately, mikrotik is not the best platform for hotspot services, having above-basic requirements. One reason is, that RoS is closed, so no special customization possible. This said, you might take into consideration, that there are a few hotspot+management packages available for openwrt-based ...
by reinerotto
Sun Sep 15, 2019 7:21 pm
Forum: General
Topic: Contact to hotspot-providers requested
Replies: 0
Views: 863

Contact to hotspot-providers requested

I am looking for business-related contacts, regarding filtering services for hotspots, either at home, or public.
Yes, there is openDNS. But there might be a better, and cheaper, alternative.
Pls, mail augustus_meyerATyahoo.de
by reinerotto
Sun Sep 01, 2019 6:48 am
Forum: Beginner Basics
Topic: Monitor Users Web activity
Replies: 11
Views: 26222

Re: Monitor Users Web activity

Using squid: YES.
I did that for "Parental Control" , for a commercial product.
by reinerotto
Tue Aug 20, 2019 10:40 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 17656

Re: Hotspot and HTTPS? What solutions?

1) This question has nothing to do with Mikrotik, all vendors do it in their own unique way (and also change those ways from time to time). 2) I doubt anyone of this forum will be able to answer this particular question fully. 1) Correct. 2) Wrong. However, because of 1), no further details here. Q...
by reinerotto
Tue Aug 20, 2019 9:52 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 17656

Re: Hotspot and HTTPS? What solutions?

And how does does it know the hotspot login page to send the user to? Lets say the hotspot is hosted at 1.1.1.1, how does it know to send the user to 1.1.1.1? Back to one of my previous posts: Using openwrt for hotspots will show you, because open source. I.e. check the docs and source code for coo...
by reinerotto
Tue Aug 20, 2019 8:32 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 17656

Re: Hotspot and HTTPS? What solutions?

What I did do is scour all the walled garden section (there's a bunch) and found *gstatic.com and *akamai* was infact in the wallen garden list. We are using HSNM (lets see if that now fixes the issue and reduces complaints) These were not in the configurable parameters but actually came from a php...
by reinerotto
Tue Aug 20, 2019 8:14 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 17656

Re: Hotspot and HTTPS? What solutions?

Correct.
But thats not all, as firefox, for example, has a pre-loaded list of HSTS sites. I guess, same for Chrome.
by reinerotto
Sun Aug 18, 2019 8:21 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 17656

Re: Hotspot and HTTPS? What solutions?

When buying a certificate for your website, buy from "trusted" authority.
Otherwise you might face inconvenient issues when using newer IOS clients.
by reinerotto
Sat Aug 17, 2019 5:44 pm
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 17656

Re: Hotspot and HTTPS? What solutions?

hing I see on the software page that is a bit alarming is the fact that they display YouTube videos when you are not authenticated Yes, this is very, very suspicious, at least. Good indication would be problems with Android phones, as their CP-detection relies on google servers. IOS should not be c...
by reinerotto
Sat Aug 17, 2019 12:14 pm
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 17656

Re: Hotspot and HTTPS? What solutions?

So the CP-detection is your real issue. I am a bit wondering about this, as I thought, MT-hotspots are quite often used, and I expected MT to have a reasonable solution, at least. Your issue(s) need more detailed discussion, it looks like, as CP-detection also is dependent upon clients device, altho...
by reinerotto
Sat Aug 17, 2019 8:44 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 17656

Re: Hotspot and HTTPS? What solutions?

As I wrote already, you will _never_ be able to reliably redirect HTTPS (for purpose of Captive Portal CP or anything else), unless you are able to install special certificate on the users device. Which is not possible for a public hotspot. Valid for MT-hotspots, openwrt-based ones etc. No differenc...
by reinerotto
Fri Aug 16, 2019 9:46 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 17656

Re: Hotspot and HTTPS? What solutions?

If the hotspot server is a mikrotik router, how do you accomplish this?
Sorry, no idea, but doing this for long time already, on openwrt-based devices.
Which are much better suited for hotspots with "advanced features", like this one.
by reinerotto
Thu Jul 25, 2019 6:42 pm
Forum: General
Topic: Why Mikrotik ???
Replies: 32
Views: 12866

Re: Why Mikrotik ???

RouterOS is a configurable router, this puts it in the same category as ubiquiti, cisco, junipter, pfsense, your typical x86 based and linux OS. The mean weakness that mikrotik has is that unlike ubiquiti or any standard OS you cant install anything else onto the router other than what mikrotik dev...
by reinerotto
Tue Jul 16, 2019 8:43 am
Forum: RouterBOARD hardware
Topic: Legal mikrotiks for Brazil ?
Replies: 4
Views: 2236

Re: Legal mikrotiks for Brazil ?

Thanx for confirmation. But what about using MT plus USB-dongle from carrier, where applicable ?
Also the MT-boards need "Certification" ?
by reinerotto
Mon Jul 15, 2019 9:40 pm
Forum: RouterBOARD hardware
Topic: Legal mikrotiks for Brazil ?
Replies: 4
Views: 2236

Legal mikrotiks for Brazil ?

For a friend in BR I want to buy a MT with LTE modem.
However, I am advised, that such equipment needs some type of 'Certification' for legal usage in BR.
Are all MTs legal to be used in BR ?
by reinerotto
Sun Apr 07, 2019 11:33 pm
Forum: General
Topic: [Feature request] Wireguard
Replies: 148
Views: 65641

Re: [Feature request] Wireguard

Why so complicated ?
Use MT for "plain and simple" routing/networking.
And an openwrt-box for the missing functions, like wireguard, squid proxy, nginx web server etc.
Or, just use openwrt devices for routing/networking, too.
by reinerotto
Mon Feb 18, 2019 11:46 am
Forum: Beginner Basics
Topic: Monitor Users Web activity
Replies: 11
Views: 26222

Re: Monitor Users Web activity

This you can do yourself, using squid proxy. However, it needs quite some expertise for correct setup.
However: Does forcepoint work with _ALL_ domains ? (facebook, google ...)
Just thinking about pinned certs ...
by reinerotto
Sat Nov 24, 2018 11:46 pm
Forum: General
Topic: Hotspot Javascript
Replies: 1
Views: 815

Re: Hotspot Javascript

Dunno. But the MT should be able to determine the MAC itself, from IP and leases of dhcp.
by reinerotto
Thu Oct 11, 2018 5:17 pm
Forum: General
Topic: Hotspot captive portal prevent automatic close on redirect after login
Replies: 28
Views: 31236

Re: Hotspot captive portal prevent automatic close on redirect after login

Sorry, but I do this for a living, and on openwrt. Besides, impossible to do the same on MT, because not open, and it needs some software (openwrt-packages; or LINUX, if you want) not available on MT. I often stated several times here that for hotspots with special requirements, MT is _no_ good choi...
by reinerotto
Fri Oct 05, 2018 8:54 pm
Forum: General
Topic: Hotspot captive portal prevent automatic close on redirect after login
Replies: 28
Views: 31236

Re: Hotspot captive portal prevent automatic close on redirect after login

Congrats. So you are the second :-)
Works for Android 7, too, I hope ...
by reinerotto
Mon Jul 30, 2018 11:32 pm
Forum: General
Topic: Mikrotik + Squid Proxy server to log HTTPS traffic
Replies: 2
Views: 2261

Re: Mikrotik + Squid Proxy server to log HTTPS traffic

>... and they must be explicitly configured to use the proxy - transparent proxying does not work for HTTPS.< This is not absolutely correct, with respect to the requested logging. (Not to mention fiddling aroud with certs, which allows transparent https-proxying to some extent even further.) Transp...
by reinerotto
Sat Jul 14, 2018 10:48 am
Forum: Beginner Basics
Topic: SSID for kids Zone with OpenDNS
Replies: 14
Views: 3915

Re: SSID for kids Zone with OpenDNS

Sorry, but publishing more details about a future commercial product goes too far. Wait, and you'll see. As a good comparison, for hotspots with special requirements, MT also is not properly suited, because closed. No problem to install squid or nginx on openwrt, for eample, if required for special ...
by reinerotto
Fri Jul 13, 2018 6:52 pm
Forum: Beginner Basics
Topic: SSID for kids Zone with OpenDNS
Replies: 14
Views: 3915

Re: SSID for kids Zone with OpenDNS

Perfectly within the realms of a MikroTik
Yes, you are correct, to match the basic requirements of the thread starter.
However, in case of more demanding functionality, MT not usable any more
for commercial product.
by reinerotto
Thu Jul 12, 2018 10:21 pm
Forum: General
Topic: Block HTTPS sites
Replies: 11
Views: 6292

Re: Block HTTPS sites

R1CH had the best proposal: Fake a Captive Portal. Implementation details depend upon your network structure, i.e. using DNS-hijack. And might not be so simple, though. However, will work without flaws on http only, but on connecting devices the Captive Portal Detection will be triggered, and you ca...
by reinerotto
Thu Jul 12, 2018 10:11 pm
Forum: Beginner Basics
Topic: SSID for kids Zone with OpenDNS
Replies: 14
Views: 3915

Re: SSID for kids Zone with OpenDNS

You might simply wait, to buy a router with your requested features. Time to wait depends upon your location, as I am doing a commercial product based on openwrt
implementing your request :-)
MT is not the best platform for such a device. Because too closed.
by reinerotto
Sat Jul 07, 2018 10:59 pm
Forum: Beginner Basics
Topic: Disable video on Facebook, YouTube and etc...
Replies: 8
Views: 5015

Re: Disable video on Facebook, YouTube and etc...

@Isko900: As many sites, like youtube or facbook, use https, which is encrypted, it is not possible any more to block certain (video-) file types, like .avi or .mp4. Simply, because they are not recognizable any more, as when using http. Slowing down the connection per user, i.e. to 128kbit/s, would...
by reinerotto
Fri Jul 06, 2018 5:53 pm
Forum: General
Topic: Installing a basic webpage on the router? [SOLVED]
Replies: 4
Views: 2029

Re: Installing a basic webpage on the router? [SOLVED]

Or use a device, much better suited to hotspot functionality with above-average requirements: openwrt-based device. There we (can) do such tricks. And a few more. _But_ your requirement impossible to fulfill cleanly for https, of course. In best case, you reach the redirected page after some browser...
by reinerotto
Tue Jun 12, 2018 3:54 pm
Forum: Beginner Basics
Topic: Trying to block sites. Mild success.
Replies: 8
Views: 3764

Re: Trying to block sites. Mild success.

OpenDNS which is a free service for home or private users.
FYI: For commercial use, OpenDNS asks for subscription payments. So, for a public WISP, I did a simple clone of OpenDNS, to save the $$.
In case of interest, lemme know.
by reinerotto
Tue Jun 05, 2018 3:04 pm
Forum: General
Topic: Mikrotik Hotspot issues
Replies: 3
Views: 1498

Re: Mikrotik Hotspot issues

Agree to previous post in general; however, something else must be wrong, too. As practically every client-device with recent OS (iOS, Android, Windows ...) tests the internet connection using _standard_ http, which triggers the captive portal. Or the MT hotspot. At least, it should trigger, _unless...
by reinerotto
Tue Jun 05, 2018 2:53 pm
Forum: General
Topic: Hotspot with ADS
Replies: 1
Views: 888

Re: Hotspot with ADS

Use the search function on this forum, and you will find some advice regarding your question. Also some comments from me.
by reinerotto
Thu May 24, 2018 9:11 am
Forum: General
Topic: How to block URL-s contains IP address (Proxy)
Replies: 11
Views: 3742

Re: How to block URL-s contains IP address (Proxy)

Dump IPFire, install a small/old x86-PC running squid as local proxy within your network. This can do, what you want.
It is always strange, to read some questions, having already a supposed-to-work answer included :-)
by reinerotto
Wed May 23, 2018 11:34 pm
Forum: General
Topic: How to block URL-s contains IP address (Proxy)
Replies: 11
Views: 3742

Re: How to block URL-s contains IP address (Proxy)

Yes: Use a full-featured proxy, like squid.

Your usage case is one more argument against using MT for hotspots
with above-basic requirements.
As in openwrt, I often integrated squid. Also to implement
your requested functionality :-)
by reinerotto
Wed May 16, 2018 10:41 pm
Forum: General
Topic: Showing or pop up a warning message when user browse blocked content
Replies: 3
Views: 1137

Re: Showing or pop up a warning message when user browse blocked content

MT is not the wright platform for the functionality, you want.
On openwrt-based devices, you can do this either based on
DNS
or by impleneting a full fletched proxy.
Will also work on https, with some browser warnings, though.
by reinerotto
Tue Mar 13, 2018 2:59 pm
Forum: General
Topic: Hotspot Authentication Even Without Internet
Replies: 12
Views: 8247

Re: Hotspot Authentication Even Without Internet

Did several commercial systems, like you are asking for. However, MT is not the wright platform for this, because not flexible enough. openwrt is the way to go. I.e. I did a "local hotspot" for on board aircraft, without internet connection, to work as media server, for order processing et...
by reinerotto
Thu Mar 01, 2018 1:57 pm
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 17656

Re: Hotspot and HTTPS? What solutions?

No. As you wrote, it also needs an (impossible) https-redir. "Best" you could do is to trigger some error messages from browser, regarding invalid cert. But this frightens the user even more.
So just to ignore https here only viable solution.
by reinerotto
Thu Mar 01, 2018 11:58 am
Forum: General
Topic: Redirect or advertising project
Replies: 5
Views: 1923

Re: Redirect or advertising project

There was (still is ?) a function for regular adverts (via REDIRs) available, for MT-hotspots. However, this was/is not a solution for wide production use, as it does a REDIR simply time-based. Which disturbes the rendering of a web page just being requested. (Browser must request multiple objects t...
by reinerotto
Thu Mar 01, 2018 11:48 am
Forum: General
Topic: Using webproxy to Cache Hotspot Users contents
Replies: 3
Views: 1128

Re: Using webproxy to Cache Hotspot Users contents

goggle for "squid cache"
by reinerotto
Thu Mar 01, 2018 11:42 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 17656

Re: Hotspot and HTTPS? What solutions?

In general, you will _never_ be able to reliably redirect HTTPS (for purpose of Captive Portal CP or anything else), unless you are able to install special certificate on the users device. Which is not possible for a public hotspot. This is just a feature of HTTPS, especially designed to inhibit suc...
by reinerotto
Thu Mar 01, 2018 11:27 am
Forum: Beginner Basics
Topic: Hotspot without internet
Replies: 3
Views: 1184

Re: Hotspot without internet

Yes. I did this already several times for various clients, but based on openwrt/LEDE-devices as hotspots.
As I wrote here already:: For more than basic requirements for hotspots, MT is _NOT_ the best platform.
For commercial help, you can contact me: augustus_meyerATyahoo.de
by reinerotto
Thu Jan 25, 2018 3:40 pm
Forum: General
Topic: Block many websites
Replies: 20
Views: 22340

Re: Block many websites

ivicask gave the simplest and most complete solution to the problem. Also works for https-sites, of course.
by reinerotto
Fri Jan 19, 2018 4:32 pm
Forum: General
Topic: tool kid-control
Replies: 64
Views: 30869

Re: tool kid-control

>Regarding using mac address instead of IP would not solve anything.. .< No. Because it depends upon, how to use the MAC. ALmost 2 years ago I did a commercial parental control device (AP/router) on openwrt, based on MAC-control. And DNS-hijacking. Unknown MACs have everything blocked, so faking the...
by reinerotto
Wed Jan 10, 2018 11:46 am
Forum: General
Topic: iOS Captive Network Assistant problems on Mikrotik
Replies: 2
Views: 1293

Re: iOS Captive Network Assistant problems on Mikrotik

>Is there a way to "fool" the CNA to "think" the user has internet access and display "Done" so when Captive window is closed, the device stays connected to our Hotspot?< Yes. _But_ I dunno, how to do it on MT, as it is closed. So, no surprise, you got no other response...
by reinerotto
Sun Dec 03, 2017 5:22 am
Forum: General
Topic: Remotely monitor large amount of routers
Replies: 20
Views: 6202

Re: Remotely monitor large amount of routers

wifibus.com.mx Why to block the path to evolution, by starting too limited ? You might convince the client about alternative hw, and its possibilities. I.e. we also do GPS tracking of busses,of course. And, I do not know cost structure of 3g/4g in your area, but it might be quite expensive. So the u...
by reinerotto
Sun Dec 03, 2017 5:08 am
Forum: General
Topic: Remotely monitor large amount of routers
Replies: 20
Views: 6202

Re: Remotely monitor large amount of routers

Same idea here. Hotspot redirects to a page (without user/pass) and serves the first video that must be seen complete. Then, redirects to free web. We do much more: Local server to serve real movies, music, simple games, local news etc. from web-site within device. For entertainment of user (to sav...
by reinerotto
Fri Dec 01, 2017 7:27 am
Forum: General
Topic: Remotely monitor large amount of routers
Replies: 20
Views: 6202

Re: Remotely monitor large amount of routers

I have more than 1000 routers moving on vehicles serving as hotspot. They're connected to 4G. I need to periodically (say, every hour) read the uptime, traffic consumption, clients connected, know if Did that for public transport system in big Mexican city. Using openwrt-based devices, also deliver...
by reinerotto
Wed Nov 29, 2017 9:34 am
Forum: General
Topic: drop https requests then force a redirect
Replies: 3
Views: 1384

Re: drop https requests then force a redirect

>and then after login immediately shut down< This happens on new Android devices automatically, because the mini-browser closes the window, as soon as web access granted. Same for Windows-mobile. Some possible workarounds for this behaviour, but not on MT. Needs smarter (or more open) hotspot system...
by reinerotto
Mon Nov 20, 2017 7:51 pm
Forum: Beginner Basics
Topic: HTTPS traffic redirect problem
Replies: 8
Views: 3198

Re: HTTPS traffic redirect problem

So sorry, mixed up with this one:
>Forcepoint strips of https certificate, looks at were you go and allow/block session. If it allows session it uses the real cert from the site you are visiting.<
by reinerotto
Mon Nov 20, 2017 7:03 pm
Forum: Beginner Basics
Topic: HTTPS traffic redirect problem
Replies: 8
Views: 3198

Re: HTTPS traffic redirect problem

Both methods require to install custom root CA cert on the clients. Again, in case you want to filter/log certain _hostnames_ (_NOT_ complete URLs) or IPs, you do _NOT_ need to install the certificate for https. Exactly, what I did for a special router (openwrt/LEDE) for parental control. Which is ...
by reinerotto
Sun Nov 19, 2017 6:44 pm
Forum: General
Topic: HTTPS does not records in Mikrotik log
Replies: 13
Views: 2867

Re: HTTPS does not records in Mikrotik log

The only thing you'll get with HTTPS [edit: if you're explicitly proxying it] is the hostname that the connection was proxied to
I have to disagree here. You can get the same info for transparently proxied https, using squid.
However, configuring "splice/bump" for this is non-trivial.
by reinerotto
Sun Nov 19, 2017 6:33 pm
Forum: Beginner Basics
Topic: HTTPS traffic redirect problem
Replies: 8
Views: 3198

Re: HTTPS traffic redirect problem

Not 100% correct.
squid (open source) can do the same. So, in open Linux environments (also on openwrt/LEDE), this can be done without separate product.
by reinerotto
Sun Nov 19, 2017 6:19 pm
Forum: Beginner Basics
Topic: captive portal safari or chrome instead of microbrowsers
Replies: 1
Views: 1556

Re: captive portal safari or chrome instead of microbrowsers

>how can i force the devices to open safari, chrome or firefox instead of microbrowsers< You can not. As it is a functionality of the users device. However, you can switch to the philosophy, that user has to _explicitly_ open the browser to connect to the WiFi. _And_ you need to fake the internet co...
by reinerotto
Fri Oct 27, 2017 9:30 am
Forum: Beginner Basics
Topic: Business with limited Bandwidth and out of control usage
Replies: 6
Views: 1828

Re: Business with limited Bandwidth and out of control usage

@cpctech: Yes, setup is the most suitable, and simplest. @troffasky: "You aren't going to get any caching or a lot of useful info from Squid about HTTPS sites without MITM." No caching effect without MITM, correct. Amd this setup is for (very) advanced users. However, useful info from http...
by reinerotto
Fri Oct 27, 2017 12:23 am
Forum: Beginner Basics
Topic: Business with limited Bandwidth and out of control usage
Replies: 6
Views: 1828

Re: Business with limited Bandwidth and out of control usage

To fulfill clients prio #1 simplest and best is to set up an intermediate caching proxy with logging for the whole network. Old PC running LINUX+squid reduces required bandwidth (because of cache) and provides extensive logging of user activities on http and https.Various log analyzers for squid log...
by reinerotto
Mon Oct 23, 2017 4:49 pm
Forum: Beginner Basics
Topic: Convert URL to static internal IPs
Replies: 2
Views: 1041

Re: Convert URL to static internal IPs

Own DNS-server makes sense. However, BIND is overkill for what you want to achieve.
dnsmasq will do the job; much easier to configure.
by reinerotto
Sat Oct 21, 2017 3:21 pm
Forum: Beginner Basics
Topic: Websites not being blocked/logged?
Replies: 5
Views: 1600

Re: Websites not being blocked/logged?

The last thing I'll leave you with, you may need to look at DNS based blocking from a provider like OpenDNS if you can't install a device that MITM's SSL.
Agreed. However, you also have the option to do DNS-based blocking yourself.
by reinerotto
Mon Oct 09, 2017 8:43 pm
Forum: General
Topic: Hotspot captive portal prevent automatic close on redirect after login
Replies: 28
Views: 31236

Re: Hotspot captive portal prevent automatic close on redirect after login

You have the best solution, possible on mikrotik. However, very best solution can be done on open (openwrt/LEDE) hotspot systems. I.g. it means, to filter (or to fake) the internet-connection probes by iOs, WP, Android. Your issue is one more confirmation for my decision, to drop MT for hotspots wit...
by reinerotto
Sun Oct 08, 2017 8:59 pm
Forum: General
Topic: Can I block HTTPS site with proxy?
Replies: 10
Views: 5959

Re: Can I block HTTPS site with proxy?

Only correct, when you talk about mikrotik.
I did a (better) clone of openDNS on an average ubuntu server, blocking about 1.2Mio porno sites.
Theoretically, could be done on MT, too. In case, it were open (for mods).
by reinerotto
Sun Sep 17, 2017 8:46 pm
Forum: General
Topic: What is the best router to use in hotspot for wifi vendo machine
Replies: 3
Views: 12538

Re: What is the best router to use in hotspot for wifi vendo machine

best router for hotspot is based on openwrt/LEDE. As youhave (almost) all possibilities of linux packages available. I.e. you can integrate full featured caching proxy like squid. Or captive portal like coova-chilli. miktotiks have similar functionalities, but closed and more limited. But are easier...
by reinerotto
Sun Sep 03, 2017 9:27 pm
Forum: Beginner Basics
Topic: customer frequency tracking
Replies: 5
Views: 1405

Re: customer frequency tracking

1) How to send PM here ?
2) Some people are willing to compensate for " Best Know-How". Or for better functions/higher quality.
3) Quite a few "leechers" on various forums, to get financial advantages from free high-quality advice.
by reinerotto
Sun Sep 03, 2017 12:33 am
Forum: Beginner Basics
Topic: customer frequency tracking
Replies: 5
Views: 1405

Re: customer frequency tracking

You can just read this post:
viewtopic.php?f=13&t=125057

Which is for free, too, and much smarter than your contribution.
However, no continous (streaming) solutions.
As you get, what you pay for.
by reinerotto
Sat Sep 02, 2017 6:44 pm
Forum: Beginner Basics
Topic: customer frequency tracking
Replies: 5
Views: 1405

Re: customer frequency tracking

Yes; not a big deal. In case you can use openWRT, at least, as it is much more flexible. In plain words: open in its features. Did it for two clients already; right now for a third one in South America. As I do coding, incl. firmware, for a living. However, there are some limitations to the interpre...
by reinerotto
Mon Jul 31, 2017 4:12 pm
Forum: Beginner Basics
Topic: possible to limit bandwidth per user not per device in Hotspot?
Replies: 6
Views: 3772

Re: possible to limit bandwidth per user not per device in Hotspot?

DMA Radius (based on free radius) is not able to do this. I am wondering. The limitations is RoS, I strongly suspect. As Radius can control a lot of various quota policy. You are another example, that RoS is not the best choice for hotspots with special requirements. openwrt/LEDE + freeradius backe...
by reinerotto
Sun Jul 30, 2017 9:35 pm
Forum: General
Topic: How to only open .ir sites ?
Replies: 3
Views: 1603

Re: How to only open .ir sites ?

I wanted to write: Use proxy, like squid. However, in case the user opens https-tunnel, or uses VPN, then ...
by reinerotto
Tue Jul 25, 2017 2:43 pm
Forum: General
Topic: can I redirect https to my router?
Replies: 24
Views: 6275

Re: can I redirect https to my router?

Can you give an example, where a porn hosting website would also have family oriented pages on the same domain :) ? The problem is usually not that, but there are indeed cases where some people want to block "part of a site". E.g. some site that offers games (that are seen as unwanted, e....
by reinerotto
Mon Jul 24, 2017 10:11 am
Forum: General
Topic: can I redirect https to my router?
Replies: 24
Views: 6275

Re: can I redirect https to my router?

Because of the costs of openDNS for commecial use, but the necessity of filtering the access to public, open hotspots of a client, I did a "worst case" DNS-server, considering several blocklists, most of all porn, of course, but also gambling etc. So no special consideration of age-ranges...
by reinerotto
Sun Jul 23, 2017 4:55 pm
Forum: General
Topic: can I redirect https to my router?
Replies: 24
Views: 6275

Re: can I redirect https to my router?

Because of the costs of openDNS for commecial use, but the necessity of filtering the access to public, open hotspots of a client, I did a "worst case" DNS-server, considering several blocklists, most of all porn, of course, but also gambling etc. So no special consideration of age-ranges,...
by reinerotto
Thu Jul 20, 2017 10:30 pm
Forum: General
Topic: Facebook Login on Captive Portal
Replies: 3
Views: 2746

Re: Facebook Login on Captive Portal

Doing fb-login with large hotspot provider, haven't heard of this issue. Not using MT, though, but openwrt-based solution. With special backend for auth.
Did you contact fb already, to get the reason for the "temp locked" ?
by reinerotto
Thu Jul 20, 2017 10:25 pm
Forum: General
Topic: can I redirect https to my router?
Replies: 24
Views: 6275

Re: can I redirect https to my router?

To use it for business purposes it is formally required to ask them for a quote for a paid account. And it is very expensive (I tried).
And that is the reason, I developed a simple clone of openDNS for a hotspot provider. With custom "Blocked !" page, of course :-)
by reinerotto
Tue Jul 18, 2017 10:48 pm
Forum: General
Topic: How to deliver In-Session Ads via Mikrotik HotSpot
Replies: 3
Views: 4260

Re: How to deliver In-Session Ads via Mikrotik HotSpot

Hi, Previously Mikrotik had a feature called advertisement in HotSpot, which is obsolete in latest ROS versions. Any suggestions? I remember this RoS-feature. After first usage, few years ago, I recognized the pitfalls, as it was not good enough for real production use. As it might interrupt the re...
by reinerotto
Tue Jul 18, 2017 10:29 pm
Forum: Beginner Basics
Topic: possible to limit bandwidth per user not per device in Hotspot?
Replies: 6
Views: 3772

Re: possible to limit bandwidth per user not per device in Hotspot?

This is typical task for a (free-)radius server as backend. Dunno how to interface to RoS, though. openwrt/LEDE is better suited to special hotspot configs, like this one.
by reinerotto
Fri Jun 23, 2017 8:25 am
Forum: General
Topic: Hotspot MAC exception not working for XBox/PS4/Sonos
Replies: 7
Views: 2115

Re: Hotspot MAC exception not working for XBox/PS4/Sonos

CCR-support on openwrt/LEDE looks unreliable to me, far from production stability. However, you hit an interesting feature. Having developed a lot of different firmware for special purpose hotspots/routers (incl. parental control, social login, access logging, local content distribution etc.) on var...
by reinerotto
Thu Jun 22, 2017 9:32 pm
Forum: General
Topic: Hotspot MAC exception not working for XBox/PS4/Sonos
Replies: 7
Views: 2115

Re: Hotspot MAC exception not working for XBox/PS4/Sonos

Depending upon number of hotspots required, I might consider some special development using openwrt/LEDE. Which _might_ even run on certain mikrotiks.
Which MTs are you using ?
by reinerotto
Thu Jun 22, 2017 10:22 am
Forum: General
Topic: Filter rules + Hotspot
Replies: 4
Views: 1805

Re: Filter rules + Hotspot

>several hotspot rules were added dynamically on top of the list!< This is normal for Captive Portals to work. However, sequence of rules depends upon sequence of module activitation (custom rules, rules fom captive portal) Which is obvious in open systems, like openwrt/LEDE; but _NOT_ in RoS, becau...
by reinerotto
Wed Jun 21, 2017 10:49 pm
Forum: General
Topic: rate limit on https not applied
Replies: 2
Views: 867

Re: rate limit on https not applied

Dunno on MT. openwrt/LEDE-based hotspots (incl. coova-chilli) do not have your problem. And may solve a few more sophisticated issues (i.e. site/url-logging).
by reinerotto
Wed Jun 21, 2017 5:13 pm
Forum: Beginner Basics
Topic: Problem with hotspot
Replies: 1
Views: 752

Re: Problem with hotspot

1)It seems that at some point the mikrotik or radius (who releases the ip) after a while seems to end the ip, I increased the time lease but the problem persists as I can do it? Sounds like session terminated by radius. because of inactivity, or session too long 2)Is there a script that allows me to...
by reinerotto
Wed Jun 21, 2017 5:06 pm
Forum: Beginner Basics
Topic: Web-Proxy site speed limit.
Replies: 2
Views: 1247

Re: Web-Proxy site speed limit.

Add an external squid Proxy. Or use openwrt/LEDE based router/hotspot, incl. squid.
by reinerotto
Mon Jun 19, 2017 4:58 pm
Forum: Beginner Basics
Topic: RouterOS for custom device
Replies: 2
Views: 1184

Re: RouterOS for custom device

Agreed.
Thats the reason, I left RoS for development of special purpose WiFi devices (routers), like for integration of parental control or similar.
_OR_ simply better hotspot functionality.
by reinerotto
Sun Jun 18, 2017 8:25 pm
Forum: Beginner Basics
Topic: simple redirect after HS connect
Replies: 5
Views: 1246

Re: simple redirect after HS connect

I do not remember, sorry. Although I am on upwork, too, several completed projects are on freelancer.
Allso containing, what you still want to achieve. Both UBT and MT are the wrong tools for that.
by reinerotto
Sun Jun 18, 2017 7:05 pm
Forum: Beginner Basics
Topic: simple redirect after HS connect
Replies: 5
Views: 1246

Re: simple redirect after HS connect

Yes.
I have hotspots, delivering local content only. But these are based on openwrt/LEDE.
Which contain such a special feature you are looking for :-)
However, own developed firmware.
MT is too closed for such advanced features.
by reinerotto
Sun Jun 18, 2017 9:25 am
Forum: Beginner Basics
Topic: simple redirect after HS connect
Replies: 5
Views: 1246

Re: simple redirect after HS connect

- Automatic popup/captive window after connect to the HS (each time you connect to this HS) This is standard, but ... - this redirected page has to be opened in native webbrowser (Safari, Chrome,.. ) not on "lightweight login Browser window" Here is the problem: Some OS (certain Android ve...
by reinerotto
Mon Jun 12, 2017 7:51 am
Forum: General
Topic: Event webpage injection to hotspot user
Replies: 3
Views: 1486

Re: Event webpage injection to hotspot user

Injection of content into 3rd party pages can help in funding free hotspots. You are correct, that there _might_ be interference, but only in case of extremely dynamic (tricky) sites.. Which need to be blacklisted.
MTs 'interstetials' are much more risky regarding disturbance of 3rd party sites.
by reinerotto
Sun Jun 11, 2017 7:32 pm
Forum: General
Topic: Event webpage injection to hotspot user
Replies: 3
Views: 1486

Re: Event webpage injection to hotspot user

In principal, YES, there is. I developed some commercial software to do 'injection of content' into HTML, on-the-fly, using a proxy (http only).
A common usage scenario is the injection of ads, typically overlays, by means of injected JS.
In case of interest, contact me augustus_meyerATyahoo.com
by reinerotto
Sat May 13, 2017 10:12 am
Forum: General
Topic: How to block Youtube and facebook Android App in router Mikrotik
Replies: 31
Views: 99900

Re: How to block Youtube and facebook Android App in router Mikrotik

Instead of messing around with this one >...you can disrupt the connection before SSL is fully negotiated. certificate exchange takes place "in cleartext", < on MT on low level, similar can be done in a clean way using squids https interception. Which also allows to block facebook etc. How...
by reinerotto
Fri May 12, 2017 1:45 pm
Forum: General
Topic: how can I see HTTPS on proxy
Replies: 11
Views: 16467

Re: how can I see HTTPS on proxy

You can _not_ detect inline-malware, like injected javascript, using DNS.
You _could_ keep privacy using local intercepting https proxy.
But, privacy (read: protection) of advertisers is the crucial issue here.
by reinerotto
Fri May 12, 2017 11:55 am
Forum: General
Topic: how can I see HTTPS on proxy
Replies: 11
Views: 16467

Re: how can I see HTTPS on proxy

There are pros and conns to SSL intercept. I.e. SSL-intercept could be useful to better detect malware. Or to do parental control more refined.
Or to do better ad blocking. Which, I guess, is the main reason, quite a few "browser vendors" try hard to make this impossible.
by reinerotto
Fri May 12, 2017 11:49 am
Forum: Beginner Basics
Topic: Parental Control for Certain MAC
Replies: 15
Views: 5532

Re: Parental Control for Certain MAC

Yes, that is part of the story.
by reinerotto
Fri May 12, 2017 10:53 am
Forum: Beginner Basics
Topic: Parental Control for Certain MAC
Replies: 15
Views: 5532

Re: Parental Control for Certain MAC

Nobody tried this or there is no solution for this kind of parental control? :(
I did a (commercial) clone of openDNS. Which also can be tailored for individual MACs. However, needs private server, and special router (non-MT; but openwrt/LEDE)
by reinerotto
Thu May 11, 2017 4:42 pm
Forum: General
Topic: how can I see HTTPS on proxy
Replies: 11
Views: 16467

Re: how can I see HTTPS on proxy

>I wouldn't be surprised if Squid supports this.< You are correct in some sense. Using squid, it is possible to determine the target domain/IP of the SSL session, without installation of special certs in the clients. However, a bit tricky. And _NOT_ possible to see the full URL, domain only. Install...
by reinerotto
Thu May 11, 2017 4:37 pm
Forum: General
Topic: Integrating Facebook Connect with Hotspot Login / Authent ..
Replies: 132
Views: 653351

Re: Integrating Facebook Connect with Hotspot Login / Authent ..

>the Facebook logon page is launched in the mobile phone's browser instead of in the Facebook app. Most people, myself included, don't have my Facebook credentials stored in my mobile phone's browser so people simply click on the "Skip logon" link which defeats the object of the system.< Y...
by reinerotto
Thu May 11, 2017 4:15 pm
Forum: General
Topic: Hotspot + Facebook ??
Replies: 3
Views: 1895

Re: Hotspot + Facebook ??

This is so called 'Like-Gating'. Which is prohibited since end of 2015 by facebook. Unless fb explicitly grants this right to your app. Which is very unlikely, but you can try. However, it is allowed to ask for a like. But user may refuse. Login via fb I can only setup using special backend server, ...
by reinerotto
Mon Jun 13, 2016 1:33 pm
Forum: General
Topic: how to use hotspot advertise oprion?
Replies: 3
Views: 2200

Re: how to use hotspot advertise oprion?

>why Mikrotik keep holding this option< Marketing argument. It works "in principal". However, not good enough for production with _many_ users, as number of complaints will increase. Better alternative: I have a few, depending upon requirements. However, I make my living from "good kn...
by reinerotto
Sun Jun 12, 2016 12:17 am
Forum: General
Topic: Open-source, alternative firmware
Replies: 2
Views: 5641

Re: Open-source, alternative firmware

Depends upon the device and what you need. You can squeeze openwrt, for example, just by installing necessary packages (SW).
Then you will need to build your own image, for real downsizing.
Not all MTs run openrwrt, BTW.
openwrt is open, RoS is not.
openwrt the best choice for hotspots, for example.
by reinerotto
Sun Jun 12, 2016 12:14 am
Forum: General
Topic: how to use hotspot advertise oprion?
Replies: 3
Views: 2200

Re: how to use hotspot advertise oprion?

Worked for me in the past, but then I dropped usage. As not a good solution for production. There are btter alternatives.
Anyway: You need to do active browsing. When the timer for advertisements expires, it will redirect you, when navifating to another URL.
Simple wait will not work :-)
by reinerotto
Thu May 19, 2016 12:33 pm
Forum: Wireless Networking
Topic: Contact to WLAN-installers for several sites in Greece required
Replies: 0
Views: 1243

Contact to WLAN-installers for several sites in Greece required

Addendum to my previous post http://forum.mikrotik.com/viewtopic.php?f=7&t=108527
We might offer the WLAN-contract also to foreign partners. A charity org always has low budget :-)
by reinerotto
Thu May 19, 2016 12:18 pm
Forum: Wireless Networking
Topic: Contact to WISPs (WAN or WLAN) in Greece required
Replies: 1
Views: 1343

Contact to WISPs (WAN or WLAN) in Greece required

As technical consultant for an international charity org, also active in several refugee camps in Greece, I am looking for contacts with WISPs, which can establish PtP-WAN-connections to the camps or setup WLANs within the camps. However, this will be two separate contracts. For the largest camp we ...
by reinerotto
Wed Apr 27, 2016 1:39 pm
Forum: General
Topic: Social Login on Hotspot Mikrotik
Replies: 5
Views: 5269

Re: Social Login on Hotspot Mikrotik

Hi, I have a contact in Mexico, who just did that also for MT. Send me a mail, to augustus_meyer@ahoo.de, so I can forward you. Note: facebook does not allow (any more) "Like-Gating", which means, forcing the user to give a "Like" before receiving some service. However, is is pos...
by reinerotto
Tue Nov 17, 2015 9:38 pm
Forum: General
Topic: Dual WAN PCC + Squid Transparent Proxy + Hotspot
Replies: 4
Views: 3192

Re: Dual WAN PCC + Squid Transparent Proxy + Hotspot

Don't know pfsense in detail. However, you might also install the squid-box (or pfsense ?) inbetween the MTs.
Then you can use the easy solution for your hotspot users, at least.
squid-box could be old/simple ubuntu-PC (or your netbook) , with lot of RAM (fastest cache :-) and (fast) HDD, 2 NICs.
by reinerotto
Tue Nov 17, 2015 3:25 pm
Forum: General
Topic: Dual WAN PCC + Squid Transparent Proxy + Hotspot
Replies: 4
Views: 3192

Re: Dual WAN PCC + Squid Transparent Proxy + Hotspot

In general, installation of HTTP-intercepting squid is simple in any standard LINUX environment, as it only needs an iptables-rule to REDirect http-traffic to squid on same machine. In case, squid runs on another PC (NOT the one with the iptables-rule) it is more difficult. So, in your case, having ...
by reinerotto
Fri Sep 25, 2015 10:18 am
Forum: General
Topic: Hotspot Server using a SQUID server on the Internet (Public IP) as the upstream proxy
Replies: 3
Views: 1129

Re: Hotspot Server using a SQUID server on the Internet (Public IP) as the upstream proxy

You are wright, VPN is an alternative.
Did not think about it that time :-)
by reinerotto
Thu Sep 24, 2015 11:52 pm
Forum: General
Topic: Hotspot Server using a SQUID server on the Internet (Public IP) as the upstream proxy
Replies: 3
Views: 1129

Re: Hotspot Server using a SQUID server on the Internet (Public IP) as the upstream proxy

Yes. For a customer, having very similar problem, I developed a solution using email, to signal "valid IP" to server running squid. In case of interest, consider a project on "freelancer.com". And let me know :-)
by reinerotto
Thu Sep 24, 2015 2:35 pm
Forum: General
Topic: How to open hotspot login page automatically after connecting to wifi
Replies: 5
Views: 3753

Re: How to open hotspot login page automatically after connecting to wifi

>you get opened browser with login page<
Which is triggered by the browser OR OS-dependent activities in case of successful connection to WiFi, like Apple or MS or Android do.
by reinerotto
Wed Sep 16, 2015 9:40 pm
Forum: General
Topic: DNS server and cache server
Replies: 4
Views: 1549

Re: DNS server and cache server

Caching DNS-server (like dnsmasq) and a caching proxy (like squid). There are some solutions around to cache youtube with squid.
by reinerotto
Tue Aug 25, 2015 10:02 am
Forum: General
Topic: RB951G-2HND bootloop after overwrite firmware
Replies: 46
Views: 25340

Re: RB951G-2HND bootloop after overwrite firmware

Hi, I came across this thread as trying to find a minimum 16mb flash & 64mb RAM router with USB & 2.4ghz wifi we can install WRT on. There are a lot of different devices available, meeting your specs. I have done mods to OM2Ps FW (r481) and programmed different openwrt-devices (various TP-L...
by reinerotto
Tue Jun 02, 2015 6:53 pm
Forum: General
Topic: Block a host on the LAN to internet and show a warningpage
Replies: 3
Views: 1161

Re: Block a host on the LAN to internet and show a warningpage

Transp proxy should also work, in case "specific host" has fixed IP, and you only redirect its traffic.
Otherwise, you need to redirect evething to proxy, and then deny access/display message for "specific hosts" domain.
by reinerotto
Sun May 31, 2015 7:04 pm
Forum: General
Topic: Transparent Web Proxy configuration
Replies: 3
Views: 1828

Re: Transparent Web Proxy configuration

Use a real proxy, like squid, on a separate box.
by reinerotto
Wed May 06, 2015 3:43 pm
Forum: General
Topic: Redirect connection to static webpage with Radius
Replies: 2
Views: 1187

Re: Redirect connection to static webpage with Radius

Using radius-CoA you can command a redirect from the server. Question is, whether client (Mikrotik) supports it.
by reinerotto
Mon May 04, 2015 12:45 pm
Forum: General
Topic: costume login page
Replies: 1
Views: 916

Re: costume login page

Yes.
by reinerotto
Sun May 03, 2015 11:55 pm
Forum: Beginner Basics
Topic: Freeradius + Mikrotik Routers + Bandwidth Throttling and Data Cap + Paid Support?????
Replies: 2
Views: 1850

Re: Freeradius + Mikrotik Routers + Bandwidth Throttling and Data Cap + Paid Support?????

Sounds like a typical "MAC-auth"-scenario, in which the MAC of the WiFi device is used for AAA. This can be done using plain freeradius on a server; also to take care of bandwidth-control and volume limits. Just searched around here on the forum (serach for mac-auth); looks like MTs hotspo...
by reinerotto
Sat Feb 07, 2015 1:09 am
Forum: General
Topic: Hotspot. Captive portal with only a checkbox.
Replies: 1
Views: 1070

Re: Hotspot. Captive portal with only a checkbox.

You need to modify the hotspot functionality of MT/RoS to do simple redirection, without authorization. Especially to modify the standard "Splash Page". You can hire me :-)
by reinerotto
Sat Feb 07, 2015 1:01 am
Forum: Beginner Basics
Topic: How to redirect a website in mikrotik
Replies: 1
Views: 1079

Re: How to redirect a website in mikrotik

Have a look at the hotspot functionality in RoS. That includes redirection.
by reinerotto
Fri Jan 30, 2015 10:46 pm
Forum: Beginner Basics
Topic: Some sites are not responding in mikrotik routerboard
Replies: 6
Views: 1899

Re: Some sites are not responding in mikrotik routerboard

Does not work for me either, of course:
share.earthlinktele.com. 2249 IN A 192.168.1.66
by reinerotto
Fri Jan 30, 2015 4:49 pm
Forum: Beginner Basics
Topic: Some sites are not responding in mikrotik routerboard
Replies: 6
Views: 1899

Re: Some sites are not responding in mikrotik routerboard

An example (Link !) will make it much more likely to receive a response.
by reinerotto
Thu Jan 22, 2015 6:11 pm
Forum: General
Topic: Add a toolbar to client's web browser???
Replies: 16
Views: 4097

Re: Add a toolbar to client's web browser???

reinerotto yes, you give me price of 5555 USD and other guy 750 for same work.... Just for one coffe bar I still have a small solution, which is not server-based for high volume. But it can only be used together with openWRT running on Mikrotik, as integration in RoS is too difficault, as not Open ...
by reinerotto
Wed Jan 21, 2015 1:34 pm
Forum: Beginner Basics
Topic: Free Wifi to login with social media websites
Replies: 3
Views: 3908

Re: Free Wifi to login with social media websites

My question is in some places we are providing free wifi. I want people to login through email or social media profiles to excess our free wifi. For example when you go to barclays bank or subway you need to register with them and you can use wifi for free. Cheers! In case, you need some consulting...
by reinerotto
Tue Jan 20, 2015 10:19 am
Forum: General
Topic: Add a toolbar to client's web browser???
Replies: 16
Views: 4097

Re: Add a toolbar to client's web browser???

Still open for payed-for offers. As I do it already for years, looks like time is ripe for it, you will get a solid solution.
I am open for cooperation, exclusively for certain contries.
Hm - squid and MT - you might ask on freelancer. Did some bids there, right now.
by reinerotto
Mon Jan 19, 2015 5:04 pm
Forum: General
Topic: LTE performance
Replies: 1
Views: 1056

Re: LTE performance

Interesting. I am using same MC7710 on a real (small) debian based system, with 1GHz CPU. Thruput is almost as good as on your mobile phone. However, I had quite some work to get the newest QMI-driver running the MC7710 on my debian. As the MC7710 can also be used in the (suppose to be) inferior DIP...
by reinerotto
Wed Dec 31, 2014 8:41 pm
Forum: General
Topic: Webproxy does not forward original client IP address
Replies: 3
Views: 1793

Re: Webproxy does not forward original client IP address

In case, no solution directly on the MT: Use a full featured proxy, like squid. You might assign an old PC to this task-
by reinerotto
Tue Dec 23, 2014 11:57 am
Forum: General
Topic: RB951G-2HND web proxy
Replies: 4
Views: 4737

Re: RB951G-2HND web proxy

Relevant parts: max-cache-size: 3906250KiB !Set to 64MB max-cache-object-size: 4096KiB !Set to 64kb cache-on-disk: yes !No max-client-connections: 50 !Set to 128 for single user max-server-connections: 50 !Set to 128 for single user These values are "best guesses" for the beginning. Only R...
by reinerotto
Mon Dec 22, 2014 5:14 pm
Forum: General
Topic: RB951G-2HND web proxy
Replies: 4
Views: 4737

Re: RB951G-2HND web proxy

>max-cache-size: 3906250KiB max-cache-object-size: 4096KiB cache-on-disk: yes< I would set it to RAM-cache only. As 128MB on the board, there shoud be quite some RAM (>64MB) left for cache. And set max-cache-object lower, as most objects on the web are rather small. Would suggest 64kb or similar.
by reinerotto
Sat Dec 13, 2014 7:44 pm
Forum: General
Topic: RB951G-2HND bootloop after overwrite firmware
Replies: 46
Views: 25340

Re: RB951G-2HND bootloop after overwrite firmware

Hi, any update on this one ? Looking to buy this RB951Ui-2HnD for openWRT; fortunately I discovered this thread :-)
by reinerotto
Thu Oct 23, 2014 7:03 am
Forum: General
Topic: hiring PHP/mikrotik programmer
Replies: 4
Views: 2188

Re: hiring PHP/mikrotik programmer

Pls contact me at my email, to be found in my profile.
by reinerotto
Thu Oct 02, 2014 10:11 am
Forum: General
Topic: Bandwidth Compression between Mikrotik Routers
Replies: 3
Views: 1902

Re: Bandwidth Compression between Mikrotik Routers

For a serious solution, you should - install local PC+squid cache as a proxy - use some type of ad-blocker (DNS-based) to avoid download of adverts to local PC - install remote PC + compression software (ziproxy) - use remote PC as a parent proxy for local squid Works only for http, but might give y...
by reinerotto
Mon Sep 08, 2014 4:13 pm
Forum: General
Topic: working with MC7710
Replies: 6
Views: 2198

Re: working with MC7710

I use a MC7710 with QMI on a pcengines APU-board, running "voyage", a Debian based LINUX.
Works like a charm.
by reinerotto
Sat Sep 06, 2014 2:18 am
Forum: General
Topic: Walled Garden problems: youtube
Replies: 1
Views: 1731

Re: Walled Garden problems: youtube

There are more domains for youtube videos, at least googlevideo.com to add.
As it might depend upon the region, you are located in, you should use firefox+firebug to see, which domains you have to put into walled garden.
by reinerotto
Sun Aug 24, 2014 8:23 pm
Forum: General
Topic: open-mesh FW on MT equipment ?
Replies: 0
Views: 808

open-mesh FW on MT equipment ?

Did anybody try/succeed in running OM-FW on a Mikrotik AP/router ?
by reinerotto
Sun Aug 17, 2014 7:14 pm
Forum: General
Topic: [Solved [can´t be done]] Proxy and https issues
Replies: 10
Views: 3641

Re: Proxy and https issues

Hi, sorry for the late reply.

So, to summarize, there is no way to achieve this using our router alone.

Is that correct?
Yes.
by reinerotto
Wed Aug 06, 2014 4:36 pm
Forum: General
Topic: [Solved [can´t be done]] Proxy and https issues
Replies: 10
Views: 3641

Re: Proxy and https issues

you mean - add a static entry, and everyone who queries for that name will get set address? No
Too bad. Then to use a (transparent) proxy, doing DNS with dnsmasq, for example.
by reinerotto
Wed Aug 06, 2014 3:51 pm
Forum: General
Topic: [Solved [can´t be done]] Proxy and https issues
Replies: 10
Views: 3641

Re: Proxy and https issues

1) So I don't think I was doing transparent Proxy since I had the browser config in place. 2) - As you mentinoed, I also considered tinkering with DNS but I am not sure I can make mikrotik send bogus DNS responses like facebook=120.0.0.1 1) Correct 2) You should be able to "poison" MTs DN...
by reinerotto
Wed Aug 06, 2014 2:21 pm
Forum: General
Topic: Banner ADS on HotSpot
Replies: 8
Views: 3339

Re: Banner ADS on HotSpot

Please explain more about this?
In production already. However, as it seems to be "A Hot Topic", only contact via email. Look at my profile.
And, it is a commercial solution, not bound to MT. Actually being implemented in USA on Open-Mesh equipment, too.
by reinerotto
Wed Aug 06, 2014 2:10 pm
Forum: General
Topic: [Solved [can´t be done]] Proxy and https issues
Replies: 10
Views: 3641

Re: Proxy and https issues

Hi, I want to block access to certain sites in a work environment (mostly facebook and adult sites). Since there is no domain blocking in the firewall I thought I would use the Proxy feature which does have it, but then I´ve found intermittent problems to access https sites that are not blocked, GM...
by reinerotto
Tue Aug 05, 2014 10:34 am
Forum: General
Topic: Opening an Website Automatically
Replies: 5
Views: 2025

Re: Opening an Website Automatically

Hi Thanks for reply. It may be a Captive Portal, Customer Self-Care or any Website- what I was wondering - can any website be automatically opened, after login by a PPPoE dialer ? It is a common practice in Hotspot but can it be applied to PPPoE dialing as well ? Abhishek Actually, it should, assum...
by reinerotto
Tue Aug 05, 2014 1:15 am
Forum: General
Topic: Opening an Website Automatically
Replies: 5
Views: 2025

Re: Opening an Website Automatically

Any alternate way out ? Abhishek May be, you are talking about a "Captive Portal". This means, instead of the users first requested page, he is redirected to another one. Then, depending upon the page, either this redirected one "replaces" the original page requested, OR automat...
by reinerotto
Fri Jul 25, 2014 11:08 pm
Forum: General
Topic: redirect user to a site after wifi access
Replies: 2
Views: 1081

Re: redirect user to a site after wifi access

Add squid as a proxy.
by reinerotto
Sat Jul 19, 2014 2:23 pm
Forum: General
Topic: Ethernet interface Up\Down
Replies: 10
Views: 22812

Re: Ethernet interface Up\Down

A typical reason is "Auto negotiate ON". I even had the case, that the Ethernet-link between two NT-routers of same type went up and down, because they could not always agree upon the link speed to be used. So you might try to set both sides of the links affected to 100MBit, half dplx. And...
by reinerotto
Wed Jul 16, 2014 11:19 pm
Forum: General
Topic: Block Microsoft updates over 3G network
Replies: 9
Views: 2570

Re: Block Microsoft updates over 3G network

I can't ask them to carry allso a server with them.
An APU with internal SSD is only marginally larger than a MT-box. And has the advantage, you can install latest modem drivers.
And you can install internal mSATA-SSD-card, for caching, if you want.
by reinerotto
Wed Jul 16, 2014 10:16 pm
Forum: General
Topic: Block Microsoft updates over 3G network
Replies: 9
Views: 2570

Re: Block Microsoft updates over 3G network

Hi,
The firewall rule L7 works.
But is it also possible to redirect it to an other page?
So I can display to the uses why thy are blocked.
Use a real proxy, like squid. Caching on large disk would be an advantage, anyway.
Which means, not to use MT, but an embedded LINUX box, like ALIX or APU.
by reinerotto
Tue Jul 15, 2014 10:56 pm
Forum: General
Topic: Looking for a suggestion for a x86 SBC for RouterOS
Replies: 10
Views: 3594

Re: Looking for a suggestion for a x86 SBC for RouterOS

www.pcengines.ch
The APU or ALIX boards are very solid. Although better to be run using some kind of LINUX.
by reinerotto
Thu Jul 10, 2014 6:08 pm
Forum: General
Topic: Hotspot: SMS authentication
Replies: 13
Views: 10908

Re: Hotspot: SMS authentication

I am using
hotspotsystems.com
services for AAA via SMS.
The simplest for a start.
by reinerotto
Tue Jul 01, 2014 11:12 pm
Forum: General
Topic: Hotspot login/redirect page without internet
Replies: 31
Views: 32426

Re: Hotspot login/redirect page without internet

that there is something that Mikrotik cannot do Has nothing to do with MT. In case, there is no DNS entry in browsers or clients PC DNS-cache, the proposed solution will work, as there has to be a DNS request, immediately going to your no-connection-page. In case, user just navigates to another pag...
by reinerotto
Tue Jul 01, 2014 10:07 pm
Forum: General
Topic: Hotspot login/redirect page without internet
Replies: 31
Views: 32426

Re: Hotspot login/redirect page without internet

the browser tries to browse anything on first attemtp it gets page not found 404 error and on the second it gets the "Sorry internet not available" So it looks like it can be done, please give me a suggestion on how to get it on the first try to browse. Do not believe, this can be done re...
by reinerotto
Mon Jun 30, 2014 3:29 pm
Forum: General
Topic: GRE Sequencing
Replies: 1
Views: 1055

Re: GRE Sequencing

AFAIK, a sequence is optional, but has to be "signalled" in GRE-header: S, Sequence Number present. 1 bit. If set then the Sequence Number field is present and contains valid information. Otherwise, sequencing is also done on the TCP/IP-layer, wrapping GRE. So within GRE, is seems to be re...
by reinerotto
Fri Jun 27, 2014 1:35 am
Forum: General
Topic: Q About Block Sites
Replies: 3
Views: 1061

Re: Q About Block Sites

I have a special proxy in USA, to allow access for German users to blocked videos on youtube. Access for Germans only, as the proxy is sponsored by injected ads, targeted to Germany only. In case, you have multiple clients, you can set up such a solution yourself. Or pay me :-) In case of many users...
by reinerotto
Tue Jun 24, 2014 11:57 pm
Forum: General
Topic: ROS 5.26 Web Proxy problem
Replies: 1
Views: 1905

Re: ROS 5.26 Web Proxy problem

You might consider implementing a dedicated cache machine, running squid, for example. Might even cache videos.
by reinerotto
Sun Jun 08, 2014 9:51 pm
Forum: General
Topic: Welcome page on free wifi
Replies: 6
Views: 2785

Re: Welcome page on free wifi

squid
by reinerotto
Fri May 23, 2014 10:50 pm
Forum: General
Topic: Hotspot session info in html overlay
Replies: 8
Views: 2617

Re: Hotspot session info in html overlay

Hello!
Is there a way I could somehow inject a html overlay at the bottom of browser/page,
Matej
Yes; inject into every page visited. This principle is used for ads more often; but will work for your ideaa, too.In case of interest, email to my adrs in profile.
by reinerotto
Sun May 18, 2014 8:10 pm
Forum: General
Topic: Feature Request: Router with USB and SIM Slot
Replies: 5
Views: 2028

Re: Feature Request: Router with USB and SIM Slot

will be costly compare to routerboard
The you should better say: APU has too much power for my requirements :-)
by reinerotto
Sat May 17, 2014 11:38 am
Forum: General
Topic: Feature Request: Router with USB and SIM Slot
Replies: 5
Views: 2028

Re: Feature Request: Router with USB and SIM Slot

will be costly compare to routerboard
Hm, to which routerboard do you compare, CPU-wise ?
by reinerotto
Fri May 16, 2014 11:10 pm
Forum: General
Topic: Feature Request: Router with USB and SIM Slot
Replies: 5
Views: 2028

Re: Feature Request: Router with USB and SIM Slot

pcengines.ch, APU: 3 ports, SIM slot.
by reinerotto
Wed May 14, 2014 9:24 am
Forum: General
Topic: private messages..
Replies: 2
Views: 857

Re: private messages..

I'm not authorised to send private messages.

How can I get permission?

Thanks
You might vote up this issue here
http://forum.mikrotik.com/viewtopic.php?f=2&t=75436

Alternative: Publish a special email-adrs in your profile. Like I do.
by reinerotto
Tue May 13, 2014 1:48 pm
Forum: General
Topic: Redirect users to other sites
Replies: 10
Views: 2955

Re: Redirect users to other sites

Hi,
How can I do that in Squid, could you please let me know any instructions do you have?
thank you,
ven
Sorry, this is a MT forum.
by reinerotto
Tue May 13, 2014 1:47 pm
Forum: General
Topic: Block hd videos via proxy or firewall
Replies: 8
Views: 2667

Re: Block hd videos via proxy or firewall

YES, but only to be started with. This URL will be redirected according to your location/requested resolution into something much more complicated. And this will contain "...id=..." specifying the resolution. You should use firebug in firefox to observe. As this is a MT-forum, no more info...
by reinerotto
Tue May 13, 2014 2:38 am
Forum: General
Topic: Block hd videos via proxy or firewall
Replies: 8
Views: 2667

Re: Block hd videos via proxy or firewall

I do not see any "hd" tag in youtube video url
It seems really impossible
Then I give you a hint to do the impossible: Examine "id"
by reinerotto
Tue May 13, 2014 12:24 am
Forum: General
Topic: Block hd videos via proxy or firewall
Replies: 8
Views: 2667

Re: Block hd videos via proxy or firewall

I was wondering if there's a way to block high definition videos such as youtube hd or other websites that offer hd streaming videos. any proxy/firewall rule? No problem regarding youtube-videos when using squid, as yt identifies HD-videos within URL. Only need to set up proper ACL & regex for ...
by reinerotto
Mon May 12, 2014 6:53 pm
Forum: General
Topic: Redirect users to other sites
Replies: 10
Views: 2955

Re: Redirect users to other sites

Hi,

I am using Squid Proxy in transparent mode , is that possible to redirect users?

thank you,

ven
Yes.
by reinerotto
Sun May 11, 2014 2:07 pm
Forum: General
Topic: Redirect user without hotspot and authentication
Replies: 9
Views: 1775

Re: Redirect user without hotspot and authentication

>On the second case /ip proxy access add action=deny dst-host=* redirect-to=www.pay.it< Same you can do with squid, too, with so-called "ACL", access-control-list. Assuming, you have edited a "customer_needs_to_pay.lst" text file, containing some kinf of ID, like username, IP, or...
by reinerotto
Sun May 11, 2014 11:03 am
Forum: General
Topic: View clients' http requests and traffic
Replies: 45
Views: 13458

Re: View clients' http requests and traffic

You're talking about users redirection? I always thought to use squid as caching server...so it could solve traffic logging & saving I guess First of all caching server, that is correct. But a lot of features besides, like configurable details of traffic logging, and various options to allow re...
by reinerotto
Sun May 11, 2014 2:26 am
Forum: General
Topic: View clients' http requests and traffic
Replies: 45
Views: 13458

Re: View clients' http requests and traffic

Simplest solution for logging all stuff would be the use of squid as an upstream proxy. will also solve your question regarding "redirection" with "url_rewrite" or "session_control".
by reinerotto
Sat May 10, 2014 3:24 pm
Forum: General
Topic: Redirect users to other sites
Replies: 10
Views: 2955

Re: Redirect users to other sites

You can use opendns to block porn sites and add /ip firewall nat add chain=dstnat protocol=udp dst-port=53 dst-address-type=!local action=redirect to-ports=53 to redirect DNS queries. Is not sufficent. What will be sufficient in this scenario, assuming, access via http(s)+IP is already blocked, too.
by reinerotto
Thu May 08, 2014 9:23 am
Forum: General
Topic: Central Hotspot Deployment
Replies: 1
Views: 970

Re: Central Hotspot Deployment

Hi, as there is no PM allowed, :-(, pls email me at my adrs from profile. Subject: Financing.
by reinerotto
Thu May 01, 2014 9:42 pm
Forum: General
Topic: transparent proxy not working - help!!
Replies: 3
Views: 3653

Re: transparent proxy not working - help!!

The HW-config is not clear to me: You want the MT-box to be used as a hotspot, and to have the squid-machine as upstream proxy ?
  • 1
  • 2