Hi guys,
i have hotspot with radius auth
auth works,
but no internet access
proxy is squid on external machine. (its not in transparent mode, so im using WPAD with DNS, or i manually set proxy configuration in browser). Part with wpad and dns works.
Also if i enable proxy under hotspot server profile (set ip of external server and port), i have internet access, but only for HTTP traffic, i need it for HTTPS too.
However if i disable hotspot, everything works perfect through mikrotik, HTTP and HTTPS.
i did try to search on forum and i did try to src-nat but no luck.
Im sure im doing something wrong.
You cannot intercept HTTPS transparently without it throwing up a certificate issue. In order for you to proxy HTTPS, the browser on the client machine must be aware of the proxy and be pointed to it, not really something you can control in a hotspot environment. There are ways to decrypt/encrypt HTTPS with a proxy and force it’s use, but without having your root certificate installed on each machine, every HTTPS page will throw up a certificate error.
ok let me explain,
proxy works in non-transparent mode.
it works on my local network for more than 150 users.
Proxy information is deployed with wpad over dns.
proxy works for all segments of network except users behind mikrotik hotspot.
It dont need to work in transparent mode, i can deploy information with wpad. (actually this part also works for clients behind mikrotik which are not behind hotspot)
so is there a way to point https traffic from hot spot users to external proxy?