I recently got a new RB450 to replace one that died. I upgraded it to v5.9. I got everything setup and working expect the hotspot login redirect is not working (for the most part). The redirect works fine on my iPhone but no where else, not on any of my PCs using IE or Chrome…
Thoughts?
If you need help you’ll have to be more specific than “I got everything setup and working expect the hotspot login redirect is not working (for the most part)” - what is working? What isn’t? Also post the relevant configuration in text format.
Are you using HTTP or HTTPS for your redirect? We found that HTTPS redirects did not work with 5.9.
If I connect to my guest wireless with my iPhone it pops up with the login page. I log in and surf away. (This is iOS 5 not sure the earlier ones were so slick on the iphone). If I fired up one of my PCs and connect to the guest wireless, type in any HTTP address, it tries to redirect to the login page but says “Internet Explorer cannot display the page”. If I hit refresh it seems to get stuck in a loop and just refreshes over and over again. Chrome does not redirect either. I am puzzled. Is there a bug in 5.9? I just used the hotspot setup button in winbox. The only things I configured were routes, addresses, and VLANs.
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 5.9 (c) 1999-2011 http://www.mikrotik.com/
[admin@MikroTik] > /ip firewall export
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=drop chain=forward disabled=no in-interface=ether5 out-interface=
ether2
add action=drop chain=forward disabled=no in-interface=ether4 out-interface=
ether2
add action=passthrough chain=unused-hs-chain comment=
"place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network"
disabled=no src-address=192.168.3.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
[admin@MikroTik] >
I added the top two firewall rules to isolate my guest network but allow me to get to the RB from my trusted internal network.
Also this what the URL says as it just loops away when trying to redirect:
stjw-hotspotcontroller1/login?dst=http%3A%2F%2Flinkhelp.clients.google.com%2Ftbproxy%2Flh%2Ffixurl%3Fsourceid%3Dnavclient%26url%3Dhttp%253A%252F%252Fstjw-hotspotcontroller1%252Flogin%253F%26transition%3D9%26error%3Ddnserror%26hl%3Den%26sd%3Dcom%26rlz%3D1R7ACAW%5FenUS408
transition error ddnserror???
Still working great on the iPhone though.
You need to give your Hotspot a proper domain name with a valid TLD, such as “hotspot.local” instead of just “stjw-hotspotcontroller1”. Everything else looks fine from what you posted.
Thanks fewi. That was it. I knew I was overlooking something simple. Darn it!
Thanks again.
EDIT: Actually the PCs now work fine but the iPhone will not show the login page. I can’t win. 
l had being using hotspot since 2.9* to 2.9.51 all the features were working as advertised for hotspot.
configuration was ssl enabled hotspot with anyip working .that is client computer can have both proxy and anyip they still will get the login page .
then my server we dead(86x).
l got a replacement key but can only install 3.* ,4.* or 5.*.
Since then mine hotspot server had never been stable.
Login in page crash most time.
l have tried all the mikrotik versions.written to support all to no avail.
Can someone help my configure the following feature on latest mikrotik software.
1 Anyip or autoconfiguration zeroconfiguration when client has already configure ip and proxy and my hotspot uses ssl.
2 can l get mikrotik to behave like Nomadix AG5600 Access Gateway or zyxel.
l am ready to pay for consultant.
Thanks
I turned the auto-join off on the iPhone for this network and now it works too. FYI for anyone that has this issue.