Hello everyone,
in several deployments involving multiple RouterOS hotspots, I ran into practical limitations when using User Manager for centralized authentication and provisioning, especially in multi-site environments.
Some of the common challenges I experienced:
-
Centralized management across multiple MikroTik routers
-
Flexible user provisioning workflows
-
Plan-based logic with better expiration control
-
External automation and API integration
-
Clear separation between Radius logic and RouterOS devices
To address this, I built a web-based management layer on top of FreeRADIUS that integrates with RouterOS using standard Radius configuration.
Architecture overview
-
MikroTik RouterOS → Radius authentication
-
FreeRADIUS server → handles authentication and accounting
-
Web management layer (Viberad) → manages users, plans, attributes and provisioning logic
RouterOS configuration remains standard (radius + hotspot / pppoe / etc.), so no additional packages are required on the router side.
Current capabilities
-
Centralized multi-router management
-
Plan-based user provisioning
-
Attribute control (Mikrotik-Rate-Limit, Session-Timeout, etc.)
-
Expiration and renewal logic
-
Clear separation between infrastructure and management layer
The goal is not to replace RouterOS features, but to simplify operational management in scenarios such as:
-
WISP deployments
-
Hospitality hotspot environments
-
Distributed hotspot infrastructures
-
Lab setups with multiple routers
I’m mainly sharing this to gather technical feedback from those running RouterOS + external Radius environments.
If anyone is interested in evaluating the setup, a public demo instance is available for testing purposes. I’m also open to sharing more detailed technical information privately.
Questions for the community:
-
Are you using User Manager or external FreeRADIUS?
-
What operational limitations have you encountered?
-
Do you prefer tighter RouterOS integration or a fully external management layer?
Any technical feedback is welcome.