Hi, I do not even know if this is possible. I have a decent understanding of Mikrotik and configs.
Scenario:
I have a cloud router, hosted at AWS. I use this router mainly as a VPN server and UserMan Server. Everything works perfectly as is now. I have a few gesthouses with hotspots that use my UserMan server for their guest authentication. I VPN their Mikrotik to my CloudRouter and then they do userman Auth on their own hotspots running on their own Mikrotik routers. The reason I do this is for the ability to have backups of client user databases, and some routers do not have the ability to run userman. Everyone knows that clients do not do backups even if their lives depend on it. All of those Guesthouses are very far away from me and some of them I can not even access remotely. But that is beyond the scope of this question.
I had this idea, that maybe since I already do the UserMan Auth, why can I not run the client’s 'whole hotspot from my CloudRouter. This will cause the clients routers to have even a more minimalist setup, and when there is equipment failure, the receptionist could be told how to replace a router over the phone…
Now I got this working using a VPN, EoIP and some bridging on a test router at my office with my own hotspot. The DHCP server is on the CloudRouter and the Hotspot server is also on the CloudRouter. Basicly everything works from the cloud. This was a great moment for me, but then I realized that the hotspot client’s gateway had to be set to the CloudRouter in order for the hotspot to kick in. At my office its not a problem as I have vast amounts of upload speed, but most of my clients only have upload speeds of 512Kbps. This would limit the hotspot client’s maximum download speed to 512Kbps and Most of the Clients give their hotspot users up to 4Mbps. If I set the gateway on the DHCP to the Guesthouses router, the internet still works, but the hotspot is bypassed.
So now the question. Is there a way to have hotspot authentication and client management done on the CloudRouter, while allowing the hotspot client to use the local gateway of the router they are connecting to? If this is at all a possibility, I would imagine it would involve some fancy routing or firewall forwarding. I am not sure how the inner workings of the hotspot authentication process works, but if I look at the firewall rules that gets created by default, there are some port blocking and chain forwarding going on. I imagine some kind of manipulation of those rules could do the trick, but I am no expert in this particular field.