Subject:
I appreciate MikroTik’s Hotspot offering and all the work they put into it. But I want a simpler way of allowing internet access instead of redirects which break SSL (TLS) certificate behavior. How about we use the embedded web server in a different way. Read on!
Need:
I need to allow free Wi-Fi to in-store customers if they provide their email address (or some other configurable input). They’ll be given a pamphlet that reads: “Use our free Wi-Fi service by connecting to StoreWifiSSID. Next, visit abc.lan and enter your email address to gain access and win prizes!”
Current:
I’m using a Hotspot server running on a VLAN interface with some customized JavaScript and HTML. It works, but all the firewall and NAT rules are messy looking.
Wants:
Is there a way, such that after I see a new IP and MAC on my VLAN, I could drop packets until after the user visits abc.lan? When they do, my JavaScript will post back to abc.lan/login giving them a chance to enter details. After which a script will fire that adds their MAC to an “Allow” address list in the firewall for my VLAN.
So much cleaner vs all these redirects (which cause certificate errors), don’t you think?
Thoughts?