I am trying to use the Mikrotik hotspot with an external login page. I have followed the instructions at : RouterOS - RouterOS - MikroTik Documentation

I have added the IP address of my external server and the hotspot router to the IP walled garden!

However, when I try to access the hotspot the browser loops between the external server address and the internal server address repeatedly and rapidly.

Here is my login.html on the router.

internet hotspot login body {color: #737373; font-size: 10px; font-family: verdana;}

textarea,input,select {
background-color: #FDFBFB;
border: 1px solid #BBBBBB;
padding: 2px;
margin: 1px;
font-size: 14px;
color: #808080;
}

a, a:link, a:visited, a:active { color: #AAAAAA; text-decoration: none; font-size: 10px; }
a:hover { border-bottom: 1px dotted #c1c1c1; color: #AAAAAA; }
img {border: none;}
td { font-size: 14px; color: #7A7A7A; }

$(if chap-id) JavaScript required. Enable JavaScript to continue. $(endif)

Hee is my login.php on the server.

<?php $mac=$_POST['mac']; $ip=$_POST['ip']; $username=$_POST['username']; $linklogin=$_POST['link-login']; $linkorig=$_POST['link-orig']; $error=$_POST['error']; $chapid=$_POST['chap-id']; $chapchallenge=$_POST['chap-challenge']; $linkloginonly=$_POST['link-login-only']; $linkorigesc=$_POST['link-orig-esc']; $macesc=$_POST['mac-esc']; ?> mikrotik hotspot > login body {color: #737373; font-size: 10px; font-family: verdana;}

textarea,input,select {
background-color: #FDFBFB;
border: 1px solid #BBBBBB;
padding: 2px;
margin: 1px;
font-size: 14px;
color: #808080;
}

a, a:link, a:visited, a:active { color: #AAAAAA; text-decoration: none; font-size: 10px; }
a:hover { border-bottom: 1px dotted #c1c1c1; color: #AAAAAA; }
img {border: none;}
td { font-size: 14px; color: #7A7A7A; }

Please log on to use the mikrotik hotspot service Free trial available, <a style="color: #FF8080"href="<?php echo $linkloginonly; ?>?dst=<?php echo $linkorigesc; ?>&username=T-<?php echo $macesc; ?>">click here. login password <?php echo $error; ?>

\ \ IP route print: [admin@MikroTik] /ip route> print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADS 0.0.0.0/0 172.16.16.254 1 1 ADC 10.5.50.0/24 10.5.50.1 ether5 0 2 ADC 172.16.16.254/32 172.16.16.35 pppoe-out1 0 3 ADC 192.168.88.0/24 192.168.88.1 bridge1 0

/ip hotspot export
[admin@MikroTik] /ip> hotspot export

nov/11/2011 12:41:25 by RouterOS 5.7

software id = LYAP-MAWH

/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=default rate-limit="" smtp-server=
0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip hotspot profile
add dns-name=10.5.50.1 hotspot-address=10.5.50.1 html-directory=hotspot http-proxy=10.5.50.1:0 login-by=mac,http-chap,https,trial mac-auth-password="" name=hsprof1 nas-port-type=
wireless-802.11 radius-accounting=yes radius-default-domain="" radius-interim-update=received radius-location-id="" radius-location-name="" radius-mac-format=XX:XX:XX:XX:XX:XX
rate-limit="" smtp-server=0.0.0.0 split-user-domain=no ssl-certificate=none trial-uptime=30m/1d trial-user-profile=default use-radius=yes
/ip hotspot
add address-pool=hs-pool-5 addresses-per-mac=2 disabled=no idle-timeout=5m interface=ether5 keepalive-timeout=none name=hotspot1 profile=hsprof1
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add disabled=no name=admin password="" profile=default
/ip hotspot walled-garden
add action=allow comment="place hotspot rules here" disabled=no dst-host=floresvillefreenet.com server=hotspot1
/ip hotspot walled-garden ip
add action=accept disabled=no server=hotspot1 src-address=xx.xxx.xx.128/25
add action=accept disabled=no server=hotspot1 src-address=172.16.16.254
add action=accept disabled=no server=hotspot1 src-address=216.156.225.34
add action=accept disabled=no server=hotspot1 src-address=67.106.105.15
add action=accept disabled=no server=hotspot1 src-address=192.168.1.0/24
add action=accept disabled=no server=hotspot1 src-address=172.16.16.0/20
add action=accept disabled=no server=hotspot1 src-address=192.168.88.0/24
add action=accept disabled=no server=hotspot1 src-address=10.5.50.1

ip firewall nat print

[admin@MikroTik] /ip> firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=10.5.50.0/24

2 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.88.0/24


Can someone help with this? It is holding up a major project.

I have one centralized usermanager utilizing the internal radius server.

I have multiple hotspots that go to the external server for the login page and authenticate against the centralized usermanager. I am using trial user and advert as well.

Thanks,

The most logical explanation is that you didn’t whitelist the external server correctly. Unfortunately you masked out IP addresses, so we can’t check for you. Check for typos.

If that doesn’t get you anywhere use wireshark to inspect traffic on a client behind the Hotspot. You’re not using HTTPS so it should be easy to see what intercepts where, and the $link-orig value you’re passing on should show which URL is being accessed that’s causing the Hotspot to throw a redirect back to itself.

Normally this is due to the external server ip not bypassed in the walled garden. It will endless loop without the walled garden entry.

/ip hotspot walled-garden ip
add dst-address=xx.xx.xx.242 action=accept

I had the correct IP address in the IP walled garden. However when that didn’t work. I added the whole subnet. /25 and still didn’t work.

I have read the forums and have triple checked the IP walled garden for accuracy. It is correct. But it seems that the hotspot still can’t find the external server, either by IP or DNS.

OK just quadruple checked by printing out the IP walled garden. oooops!!!

I had the addresses listed in the src field.!

Thanks for the help