Configure Hotspot and PPTP on the same network

RouterOS Beginner Basics
1

I have a network like this:

        Internet
            |
--------MainRouter----------------------
|               |           |       ... |
Router1-        Router2     Router3 ... PPTPServer
|       |
Switch1 Router11
...

Some switches and routers are connected to each router. It is actually a huge network.
Clients connect to switches using Ethernet cable or Wi-Fi bridges, login to PPTP VPN and use network. We use PPTP to limit bandwidth and weekly traffic usage.
Actually when they log in to PPTP, it gives them an IP (separate from DHCP) so they send their packets to PPTP server.

However, PPTP is deprecated in Android 12 and later, so users cannot connect using their new mobile phones.
We decided to add a HotSpot (Captive Portal) server besides the PPTP server, so that the user can login to either PPTP or HotSpot.

        Internet
            |
--------MainRouter---------------------------------
|               |           |       ... |          |
Router1-        Router2     Router3 ... PPTPServer HotSpotServer
|       |
Switch1 Router11
...

Currently, I successfully created a HotSpot server and connected to the Internet through it. However, when I login to the HotSpot, it actually logins the first neighbor with an ip.


Internet
|
HotSpotServer
|
Laptop
| (wi-fi network sharing)
Mobile

Here, if I login using Mobile, Laptop is also logged in.


Internet
|
HotSpotServer
|
Router--
|       |
Client1 Client2

I think in this situation, if Client1 log in, Router is actually logged in and Client2 will also have internet access; however this is not good, each client should login separately.

So the questions, How should I configure the HotSpot so that:

  1. It can work besides PPTP server? I mean, client either logins to PPTP VPN, or enters HotSpotServer ip in their browser and logins to HotSpot.
  2. Each client login separately, regardless of how many routers are there between it and HotSpotServer?

HotSpotServer is a MikroTik RB1100AHx2 with RouterOS 7.10.2.

2

hello,

interesting… are you some kind of isp? :thinking:

Clients connect to switches using Ethernet cable or Wi-Fi bridges, login to PPTP VPN and use network. We use PPTP to limit bandwidth and weekly traffic usage.

are you sure - that was pptp vpn you are using to manage your subscribers? typo?

However, PPTP is deprecated in Android 12 and later, so users cannot connect using their new mobile phones.
We decided to add a HotSpot (Captive Portal) server besides the PPTP server, so that the user can login to either PPTP or HotSpot.

maybe both of them could work for your scheme - but there are differences in access method.

anyway - maybe you can show us your problematic hotspot config as you have said?

3

Somewhat. The network is for a university. Classes, labs, dormitory, etc.

Yes PPTP is currently being used to manage bandwidth and traffic limitation. Setup was done many years ago.

Sure. Here is the export of current config:
rb.rsc (2.07 KB)
It works somewhat; however, I should set gateway manually to 10.18.7.7 in client. I disabled DHCP to prevent interference with DHCP of subnets. Also, both client and router must be in exact same subnet.

The network has many subnets. I want to configure router so that I connect it somewhere in network (probably in top-level network), configure IP adresses, and then any client anywhere in the network enter HotSpot IP in their browser, login and use internet without any manual IP configuration.

Currently, PPTP server gives each clien an IP distinct from its subnet. For example, here is the output of ifconfig:

...
# PPTP
ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1400
        inet 172.27.1.240  netmask 255.255.255.255  destination 172.16.50.10
        ppp  txqueuelen 3  (Point-to-Point Protocol)
...
# Wi-Fi (10.18.7.0/24 Lab network)
wlp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.18.7.13  netmask 255.255.255.0  broadcast 10.18.7.255
        inet6 fe80::7f7f:184d:e6f6:1790  prefixlen 64  scopeid 0x20<link>
        ether 34:6f:24:9b:8d:bb  txqueuelen 1000  (Ethernet)
4

hello,

aaa.. a campus topology. does your university consist of separate building for each faculty?

well, your question won’t take a short answer.

for this part,

So the questions, How should I configure the HotSpot so that:
It can work besides PPTP server? I mean, client either logins to PPTP VPN, or enters HotSpotServer ip in their browser and logins to HotSpot.

although you can use pptp vpn as user control, I don’t think it is normal and a little bit waste of ip resources, and adding unnecessary complexity. ie. you need to provide ip address before your user can use pptp vpn with another ip address and more routing. (a bit complicated and not too efficient) —> this makes pptp can’t be interchangeable with hotspot.

most common method for Ethernet based user control is pppoe, which almost similar to pptp vpn except for the encryption part. pppoe doesn’t need initial ip address which later can be assigned by dhcp —> almost similar to hotspot.

now, can pptp and hotspot be use interchangeably? the answer is no. (read my explanation above - pptp needs initial ip prior its usage).

om the other hand, pppoe and hotspots only need user credentials and a broadcast domain for user connection :
1 bridge for pppoe service, and
1 bridge for hotspot service
(of course you need to adjust its number according to your requirements).
add vlans if you need.

put 1 ap controller (hotspot server) for the bridged ap’s and wireless clients, and
1 pppoe server for each building/faculty for the bridged switches and wired clients
(all in 1 MT box, act as bras/bng) - before all traffic are switched to the university core router or to the internet. easier to manage and flexible for the requirements of each building/faculty (user logs, firewall, bandwidth control etc).

then, if those 2 services (pppoe and hotspot) work perfectly - you can optionally put pptp service on top of those 2 basic links.

hope this helps.

5

Yes. Even on the same building, there might be multiple routers and multiple subnets.

Well, that is done by a 3rd party company. I have no idea why they chose PPTP. Anyway, now we want to replace it but we cannot disable PPTP right now as many clients are using it and it takes time to transfer all of them to HotSpot.

Is PPPoE necessary? I mean, isn’t it just another login besides HotSpot? Why should I use it?
Sorry, I’m a beginner and I’m a little confused.

On top of those? Doesn’t it mean client have to login to both HotSpot and PPTP?

Why we cannot setup HotSpot besides PPTP? I mean, PPTP server is just there in the network and users call it when they need it. As far as I know, traffic doesn’t go through PPTP server by default before VPN login.

6

hello,

ok. nevermind.

have you read this wiki?

https://wiki.mikrotik.com/wiki/Manual:Simple_CAPsMAN_setup

— additional

https://wiki.mikrotik.com/wiki/Manual:IP/Hotspot

maybe it can help you with your user login problem.