I’m starting a small WISP and have chosen RouterOS hotspot as my gateway/user management. I was looking for any free/simple ways to accept credit cards and automatically create accounts on the MikroTik.
I’ve come up with a solution that some of you may be interested in.
If this has already been done, let me know!!!
What is is:
Quick web based interface to MikroTik RouterOS
Requirements:
Windows 2000 or better
A paypal account
Apache webserver and PHP, both free
What it does:
—Account Creation Module—
Allows user to select one of three account types (24 hours pass, 1 or 2 hours, 1 month)
Passes appropriate price and product information to PayPal
Once the user pays at PayPal (they don’t need a paypal account) they are redirected to a page where they can create a new account or add credit to their old one.
Automatically creates/updates the user account
Allows user to check status and time remaining on their account
—User Management Module—
Quick and easy listing, creating, modifying, removing, of users.
Bonus:
Very easy to setup, one or two hours
No RADIUS server needed
No dedicated box required runs on any machine
No merchant gateway account necessary
The Bad:
Very ugly UI right now
Poorly written PHPSL (PHP as a second language)
Based on telnet (problem with PHP SSH module, hopefully fixed soon)
Probably buggy and insecure
Has this already been done? Is there interest in something like this? I wrote it to fit my need of running an automated hotspot without forking over alot of cash or spending time learning the free linux solutions.
You would use a web form to gather the info, this function aggregates in to the proper RouterOS command, and then then returned for it to be passed on to the telnet program and executed.
Basically you setup a HTTP server like he recommended, create a webform so the user can enter information such as: name, billing address, rate plans, etc. Use the above script to take the entered data in the webform and create the user in the mikrotik’s hotspot server by generating the RouterOS syntax and entering it via telnet.. He also provided a link to integrate paypal to accept payments.
I think it would be easier, scalable, and more secure if you used an external RADIUS server and designed the webform around RADIUS and then set the mikrotik up to get authentication from the RADIUS server.
One security issue I notice right away is telnet being used to enter in client data, because it sends authentication, as well as all other data in plain text.
RADIUS has secure authentication protocols, and really doesn’t require much to run… just RAM and some harddrive space..
The thing is you still need an externel box to run the webserver… If you got that then why not just use RADIUS?
Not trying to slam your efforts, just trying to offer some constructive critisism and think of the cost savings/benefits of the suggested system.
The real value would be creating the web interface and RAIDUS server for “out of the box” mikrotik integration.
re: Telnet…I don’t recall if I mentioned in the original write up, but the SSH implementation in the current PHP package for windows is broken.
In my environment the server was directly connected to the MikroTik so there was no threat of someone sniffing the traffic.
My original goal was to provide a free billing and user management hotspot solution on windows. There’s stuff out there for Linux but it can be complicated and everyone already has a windows box sitting around that can do double duty. There are no good free RADIUS servers for Windows and the “cheap” ones start at $600. To do what you describe requires the RADIUS server to work with an SQL database. None of the free RADIUS servers for windows support SQL databases. It is possible to manipulate a flat text file, storing non-radius attributes as comments in the file, etc… however, FreeRadius for windows only reads the user file on startup. The Multitech free RADIUS server will reread the user file every minute, but it does not support some of the MikroTik custom attributes.
I got pretty far in to the telnet interface before leaving it to work on a solution with text based RADIUS user files. When I quit, the user could sign himself up and pay with CC and also credit time to an existing account. It would check to see the user account didn’t already exist, etc… The main problem is that it was slow because each time a telnet command was issued the program would have to pause to ensure it had recieved the response before continuing. This made each executed command take at least a second. It may not seem like much, but some of the operations required multiple commands to be run.
Wireless Orbit is getting ready to rollout a new version of their hotspot management service that will support Mikrotik. They charge a very reasonable ~$40/month per AP. Some seem to be wary of a remotely hosted authentication solution but I’ve been testing it over a bad satellite link and it is working fine. They provide far more redundancy than I ever could. Unfortunately, this will noit come out until the end of November and I need to find something in the Interim. I’m planning to use the homegrown telnet solution until that time.
If I ever do come up with something complete and documented enough to share, I will be sure to post it here.
We are starting a small WISP here to and planning to setup several “Local Hotspots” with RouterOS and linked up with backbone links exclusively via wireless, I would be highly interested in what you are doing too because we were planning to give the billing and authentication to a third party company.But it would be good if we can do it in house.My background here is mainly R&d in antennas for 0 to 30dbi and been doing antenna designs for several years now. Ive setup serveral APs with backbone links covering approxmatly 80sq km and 100% of our antennas are made here, from parabolics to omini for 2.4ghz to 5.8 peer to peer and APs
Bokad, I would highly suggest just posting what you have so far under GNU or something, then everyone can contribute to the project. You could probably even get it set up under a SourceForge project.
I understand everything else but the hangup I have is a lack of understanding quite how to work with PayPal. Even spending time on Micah Carrick’s site I’m just not “getting” that part.
