Forwarding to login page of Hotspot

Hi, I am testing hotspot. When I open web page (test http or https) web browser show web is unreachable. Does not funct automatic forwarding to login page of hotspot. I scanned the ports with nmap tool and ports 64872 - 64875 are open. I have as client station Windows 10 and Android phone.

# sep/25/2019 11:02:46 by RouterOS 6.45.6
# software id = D0WF-K8C6
#
# model = RB941-2nD
# serial number = 93710A6C2368
/interface bridge
add admin-mac=74:4D:28:5A:A0:2A auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor \
    mode=ap-bridge ssid=MikroTik-5AA02E wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add dns-name=t.cz hotspot-address=192.168.87.1 login-by=http-pap,trial,mac-cookie name=hsprof1 rate-limit=5M/5M trial-uptime-limit=5m \
    trial-uptime-reset=10m
/ip hotspot user profile
set [ find default=yes ] shared-users=10
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=hs-pool-1 ranges=192.168.87.2-192.168.87.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=hs-pool-1 disabled=no interface=wlan1 lease-time=1h name=dhcp1
/ip hotspot
add address-pool=hs-pool-1 disabled=no interface=wlan1 name=hotspot1 profile=hsprof1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=pwr-line1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set allow-fast-path=no
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=wlan1 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.87.1/24 comment=defconf interface=wlan1 network=192.168.87.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.87.0/24 comment="hotspot network" gateway=192.168.87.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
    in-interface-list=WAN
/ip firewall nat
add action=log chain=hotspot comment=hledani disabled=yes
add action=log chain=hs-unauth disabled=yes log-prefix=Pdr
add action=redirect chain=hs-unauth dst-port=80 in-interface=wlan1 log=yes protocol=tcp to-ports=64874
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=192.168.87.0/24
/ip hotspot user
add name=admin
/ip service
set www-ssl disabled=no
/system clock
set time-zone-name=Europe/Prague
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

If you try with the hotspot’s address (http://x.y.z.w) manually in your browser, does it work?

Yes, if I give to browser ip / hostname of Mikrotik, login page is show.

I guess the device you use doesn’t detect that it is behind a hotspot.. As long as your configuration is correct then it has totally to do with your computer.
If you try with your mobile phone does the hotspot portal pop up???

Unfortunately, it is the same on mobile phone with OS Android 7.0. When phone showed notification about hotspot, I click on it, is open page on browser “connectivitycheck.gstatic.com/generate_204”. But page does not load.

try removing dns name of your hotspot.

OK. I was test it, but status not change. Automatic redirection to hotspot login page still doesn’t work.
Current configuration

# sep/25/2019 15:13:12 by RouterOS 6.45.6
# software id = D0WF-K8C6
#
# model = RB941-2nD
# serial number = 93710A6C2368
/interface bridge
add admin-mac=74:4D:28:5A:A0:2A auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor \
    mode=ap-bridge ssid=MikroTik-5AA02E wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add hotspot-address=192.168.87.1 login-by=http-pap,trial,mac-cookie name=hsprof1 rate-limit=5M/5M trial-uptime-limit=5m trial-uptime-reset=\
    10m
/ip hotspot user profile
set [ find default=yes ] shared-users=10
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=hs-pool-1 ranges=192.168.87.2-192.168.87.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=hs-pool-1 disabled=no interface=wlan1 lease-time=1h name=dhcp1
/ip hotspot
add address-pool=hs-pool-1 disabled=no interface=wlan1 name=hotspot1 profile=hsprof1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=pwr-line1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set allow-fast-path=no
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=wlan1 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.87.1/24 comment=defconf interface=wlan1 network=192.168.87.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.87.0/24 comment="hotspot network" gateway=192.168.87.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
    in-interface-list=WAN
/ip firewall nat
add action=log chain=hotspot comment=hledani disabled=yes
add action=log chain=hs-unauth disabled=yes log-prefix=Pdr
add action=redirect chain=hs-unauth dst-port=80 in-interface=wlan1 log=yes protocol=tcp to-ports=64874
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=192.168.87.0/24
/ip hotspot user
add name=admin
/ip service
set www-ssl disabled=no
/system clock
set time-zone-name=Europe/Prague
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Although am not sure, inside your dhcp server network add under DNS your hotspot address 192.168.87.1 so your client gets a DNS…

Bingo!
Zacharia you are right,
If you don’t specify DNS on your dhcp server you wont be able to open hotspot landing page automaticaly, in most devices will open but some of them are not working.
Attention!
You must specify your hotspot gateway address as your dns server under DHCP > NETWORKS

Hi men,
ok, I am set ip of DNS server (192.168.87.1) to DHCP->Network (when IP not set, is as default use IP of router). But nothing.

# sep/26/2019 07:19:46 by RouterOS 6.45.6
# software id = D0WF-K8C6
#
# model = RB941-2nD
# serial number = 93710A6C2368
/interface bridge
add admin-mac=74:4D:28:5A:A0:2A auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor \
    mode=ap-bridge ssid=MikroTik-5AA02E wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add dns-name=t.cz hotspot-address=192.168.87.1 login-by=http-pap,trial,mac-cookie name=hsprof1 rate-limit=5M/5M trial-uptime-limit=5m \
    trial-uptime-reset=10m
/ip hotspot user profile
set [ find default=yes ] shared-users=10
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=hs-pool-1 ranges=192.168.87.2-192.168.87.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=hs-pool-1 disabled=no interface=wlan1 name=dhcp1
/ip hotspot
add address-pool=hs-pool-1 disabled=no interface=wlan1 name=hotspot1 profile=hsprof1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=pwr-line1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set allow-fast-path=no
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=wlan1 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.87.1/24 comment=defconf interface=wlan1 network=192.168.87.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.87.0/24 comment="hotspot network" dns-server=192.168.87.1 gateway=192.168.87.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
add address=192.168.87.1 name=connectivitycheck.gstatic.com
/ip firewall filter
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
    in-interface-list=WAN
/ip firewall nat
add action=log chain=hotspot comment=hledani disabled=yes
add action=log chain=hs-unauth disabled=yes log-prefix=Pdr
add action=redirect chain=hs-unauth dst-port=80 in-interface=wlan1 log=yes protocol=tcp to-ports=64874
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=192.168.87.0/24
/ip hotspot user
add name=admin password=admin
/ip service
set www-ssl disabled=no
/system clock
set time-zone-name=Europe/Prague
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Your current configuration works just fine to me. I am redirected to the hotspot login page.

Please tell me what client station (OS, platform) you are use? And what type of MK and version fo RouterOS?

The client was a windows 10 computer. The router os verion was 6.4x.x something, and the device an RBmAP2nD

Ok I have new knowledge. In stable RouterOS 6.45.6 the hotspot not forwarding to login page, but in older firmware 6.43.16 yes. The solution is downgrade.
I will not look for the latest firmware in which everything works. I think, this is a bug in ROS 6.45.6.

Thanks you guys

RB4011 same issue.
6.45.6 not working
6.46.2 not working
6.44.6 long term working
Mikrotik please fix Hotspot!!!

Did you test in latest ROS ?

i have same problem with redirect to local /login.html, after downgrade to 6.44.6 its work. please fix. p.s.: RB750G
some details: when i open http page by domain. nothing happens, browser wait connection and reset it after tiomeout.
when i open 1.2.3.4 In broeser, its redirected to local hotsoit domain name and again wait connection, and reset it after timeout.

Is this a bug?

I have been trying the same thing since yesterday and have no results.
That’s crazy !

If I do a DNS on the gateway of the AP I come across the router’s management page.
With IP adress I come across the router’s management page.
On android I see the login page but no redirection possible even by putting a site in http for test (modification of alogin and login.html).

I am on RB760iGS hardware and have stable ROS 6.47.4.