i have problem (no Internet available) in mobile

RouterOS General
1

hello

I want to block all websites and programs on the Mikrotik 2011 server and allow only the WhatsApp application to work, and I succeeded in doing so by doing add dhcp-ip in firewall In a box src.address As in the picture and in action select drop

and i Then I collected the addresses of the WhatsApp program and I made these addresses accept

The method works well

But there is a problem, which is that some mobile phones will display a message when connected to Wi-Fi (no Internet available), even though the WhatsApp program works well.

What’s the solution
picture 1

picture 2

2

Ask it to the manufacturer of the phone or its OS.
Today you often cannot connect to a network which has no general internet access, due to issues like you describe.
It is all done to make it easier for the user. Unfortunately it is often more difficult for the admin.

3

I guess that some mobile phones uses internet connection check to IP that is blocked because you allow only WhatsApp IPs. This can be different per brand firmware and OS, example Windows perform http request to set status for internet connection, like is mentioned here.

4

Any block you put in can be bypassed by VPN, so dont waste your time.

5

@anav If you have only allow IP addresses, how?

6

MT does not do deep packet inspections which is what is required to hope to successfully block aps. Check it out.

7

No, I meant if you have defined allowed IPs/ranges (WhatsApp servers only I guess) how to connect to some external VPN if you cannot reach it? That’s why is a problem with internet connection status check.

8

Yeah, most mobile devices will complain if they can reach some website (e.g. part of phone’s captive portal etc test when wi-fi connects). And in most OSes, there is a high chance that Wi-Fi will reconnect to another Wi-Fi SSID with internet, if another SSID was saved on the phone/device was also available.


Don’t know if this will work for the use case. But an alternative approach is setup a VPN on the 2011, and the use OS’s MDM policy/“device profile” to add the RB2011 “What’s App” VPN for WhatsApp application. I know this is possible on iOS, and imagine same would be in Android.

Another approach be to enable the captive portal feature on the Mikrotik, and allow WhatsUp’s IPs in the walled garden, but don’t have users allow to actually login past the captive portal prompt.

9

They devices are running a standard DNS check to check if internet is truely there they don’t assume it is just because they have an IP. Pretty sure all MAC and some Samsung devices do it.