Internet not working after hotspot setup

maxcuban · March 27, 2014, 7:49pm

Hi everyone,
I just set up a hotspot with RouterOS on x86 system. The hotpsot works fine but when I log in I am unable to access the internet even though the internet works when accessed directly without hotspot.

I’ve reset the routerOS a couple of times and started all over again but nothing seems to change.

My hotspot settings is shown below together with a relevant screenshot of DHCP server.
I have also switched interfaces but still nothing works.
Any help as to how i can get the internet to work will be greatly appreciated.

Thanks,
Max

[admin@MikroTik] > ip hotspot
[admin@MikroTik] /ip hotspot> print
Flags: X - disabled, I - invalid, S - HTTPS 
 #   NAME        INTERFACE        ADDRESS-POOL        PROFILE        IDLE-TIMEOUT
 0   hotspot1    ether2           hs-pool-2           hsprof1        5m          
[admin@MikroTik] /ip hotspot> ..
[admin@MikroTik] /ip> pool
[admin@MikroTik] /ip pool> print
 # NAME                                           RANGES                         
 0 hs-pool-2                                      192.168.88.2-192.168.88.254    
[admin@MikroTik] /ip pool> ..
[admin@MikroTik] /ip> pool
[admin@MikroTik] /ip pool> /ip     
accounting  dhcp-client  dns       ipsec     pool   service  ssh           upnp  
address     dhcp-relay   firewall  neighbor  proxy  smb      tftp          export
arp         dhcp-server  hotspot   packing   route  socks    traffic-flow  
[admin@MikroTik] /ip pool> /ip dhcp-server
[admin@MikroTik] /ip dhcp-server> print
Flags: X - disabled, I - invalid 
 #   NAME       INTERFACE     RELAY           ADDRESS-POOL     LEASE-TIME ADD-ARP
 0   dhcp1      ether2                        hs-pool-2        1h        
[admin@MikroTik] /ip dhcp-server> /ip firewall nat  
[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic 
 0 X ;;; place hotspot rules here
     chain=unused-hs-chain action=passthrough to-addresses=0.0.0.0 

 1   ;;; masquerade hotspot network
     chain=srcnat action=masquerade to-addresses=0.0.0.0 
     src-address=192.168.88.0/24 
[admin@MikroTik] /ip firewall nat> 
[admin@MikroTik] /ip firewall nat>

rextended · March 27, 2014, 11:28pm

RouterOS 5.25 is unsupported, upgrade to 6.11 AND REMEMBER to upgrade also the BIOS [firmware] after you install 6.11

jurgenskrause · March 28, 2014, 7:39am

I have managed some hotspots on 5.25, so you should be able to get it working.

I assume you have followed the instructions on the wiki: http://wiki.mikrotik.com/wiki/Hotspot_server_setup

the instructions are a bit dated, I have also written a step by step tutorial which you can find on http://binaryheartbeat.blogspot.com/2014/02/setting-up-mikrotik-hotspot-with.html which is specifically for 6.7, but should work on 5.25

Post back here if you can’t get it working so that we can try and help you.

maxcuban · March 28, 2014, 5:12pm

Thanks but I don’t have problem with the hotspot. I’ve already finished with it. It works, the usermanager/RADIUS also works as well.
I can do everything that i’m supposed to do with my hotspot.

The only problem is that the internet isn’t working after a user has successfully authenticated with login even though the internet works well when connected without mikrotik.

I hope someone can see this and help me.

Thanks

SurferTim · March 28, 2014, 7:38pm

Have you tried accessing the internet by ip rather than domain? May be a dns issue. Check your “/ip dns” settings and insure you have “allow-remote-requests=yes”.

maxcuban · March 29, 2014, 1:00am

I have allowed remote request but it seems the problem is still coming from the DNS setup.
Because

when I try to visit any website it doesn’t work but somehow when I check the DNS cache and see that of google or Facebook those websites will work.
If I visit any other site that is not in the DNS cache it doesn’t open.
If I clear the DNS cache now those sites that were earlier in the cache and I could visit will no more be working.

Do you have any suggestion to help me please?

Thanks in advance,
Max

SurferTim · March 29, 2014, 11:27am

Try this from a command line in the router.

:put [:resolve www.google.com]

Does it resolve to an ip?

Insure the dns servers entered in “/ip dns” are operational dns servers.

maxcuban · March 30, 2014, 2:27pm

I get the results

failure: dns server failure

and so I’m unable to use the internet but when I bypass the hotspot via winbox for any device at all then the internet works ok.
What could be the problem please?

rextended · March 30, 2014, 2:37pm

Without “/export compact” output, how you can think someone can help you?

Paste this on terminal, if not work, paste all “/export compact” command results:

/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=8.8.8.8,8.8.4.4 max-udp-packet-size=4096

maxcuban · March 30, 2014, 5:33pm

rextended:

Without “/export compact” output, how you can think someone can help you?

Paste this on terminal, if not work, paste all “/export compact” command results:
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=8.8.8.8,8.8.4.4 max-udp-packet-size=4096

I’ve already tried the above dns config and it didn’t work
Here’s the output from “/export compact”. I hope it be of help so you can assist me. thanks

admin@MikroTik] > /export compact
# mar/30/2014 17:31:42 by RouterOS 5.25
# software id = S171-XH7K
#
/ip hotspot profile
add dns-name=hispeed.com hotspot-address=192.168.88.1 login-by=http-chap name=\
    hsprof1 use-radius=yes
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m shared-users=\
    unlimited
/ip pool
add name=hs-pool-2 ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=hs-pool-2 disabled=no interface=ether2 lease-time=1h name=\
    dhcp1
/ip hotspot
add address-pool=hs-pool-2 addresses-per-mac=253 disabled=no interface=ether2 \
    name=hotspot1 profile=hsprof1
/ip address
add address=192.168.88.1/24 interface=ether2
/ip dhcp-client
add default-route-distance=0 disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment="hotspot network" gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=8.8.8.8,8.8.4.4

/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.88.0/24 to-addresses=0.0.0.0
/ip hotspot ip-binding
add address=192.168.88.251 mac-address=00:13:72:12:53:F1 server=hotspot1 \
    to-address=192.168.88.251 type=bypassed
/ip hotspot user
add name=admin
/radius
add address=127.0.0.1 secret=123456
/system gps
set set-system-time=no
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
/tool user-manager router
add coa-port=1700 customer=admin disabled=no ip-address=127.0.0.1 log=auth-fail \
    name=hsg shared-secret=123456 use-coa=no
/tool user-manager user
add customer=admin disabled=no name=nq6dxs password=72bzcx shared-users=1 \
    wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
[admin@MikroTik] >

edit to add: Now after a minute or so, the devices I bypassed also no longer has internet

huntah · March 30, 2014, 5:51pm

Hi,

first change distance in DHCP Client to 1

/ip dhcp-client
add default-route-distance=1 disabled=no interface=ether1

Is your RADIUS Server working? Can you Access Userman?
Is hotspot login page accesseble (try typing: 192.168.88.1 it should display login page)
Try disabling RADIUS and use internal hotspot users and profiles.

SurferTim · March 30, 2014, 5:56pm

What does it do when it doesn’t work? What does the web browser display? Do you get a login page? What is in the address bar of the web browser?

I found the redirect to the login page won’t work if the dns-name entry doesn’t resolve to the ip of the hotspot interface, at least on my system. That would be 192.168.88.1 for your setup. Does hispeed.com resolve to 192.168.88.1? Unless you put an entry in “/ip dns static”, it probably doesn’t.

edit: Did you get your router’s dns working? If this still fails, you are going to have problems.

:put [:resolve www.google.com]

rextended · March 30, 2014, 11:55pm

/ip dhcp-client
default-route-distance=0
must be 1

/ip hotspot
addresses-per-mac=253
253???!!!
must be 2…

/ip dhcp-server network
add address=192.168.88.0/24 comment=“hotspot network” gateway=192.168.88.1
missing dns-server=192.168.88.1

/tool user-manager customer
customer is missing from your export, you have cut those lines?

I find your errors.

maxcuban · March 31, 2014, 11:30am

/ip hotspot
addresses-per-mac=253
253???!!!
must be 2…

From my experience, if you have an AP connects a CPE and you have addresses-per-mac to be 2,
only two devices from the CPE can connect to the AP. If you want as much devices to be able to connected via the CPE
then you can set it to 253 so I’m pretty sure that wasn’t the problem.

/ip dhcp-server network
add address=192.168.88.0/24 comment=“hotspot network” gateway=192.168.88.1
missing dns-server=192.168.88.1

I have two other hotspots and I always default to using the ISP’s DNS servers but it seems the problem is with using the DNS in the RouterOS because I tried Google DNS and OpenDNS with no luck

/tool user-manager customer
customer is missing from your export, you have cut those lines?

Yes, I cut those lines because I believed they weren’t part of the problem. From the way I understood it, Usermanager may have nothing to do with having DNS resolution issue so I wanted to post only the relevant code.

Thanks though. +1 karma for you all the same for helping.

rextended · March 31, 2014, 11:33am

but in this case, dns-server are not setted, indipendently what dns you use.
the machine connected to hotspot not receive what dns can use.

SurferTim · March 31, 2014, 11:34am

Did you fix your dns resolution problem?

@rextended: The hotspot redirects any dns request to the router.

maxcuban · March 31, 2014, 11:36am

Upon reading this I decided to place the Google DNS right inside my ADSL router and check. So far everything works well
as expected but I’m still monitoring to see if nothing misbehaves but it’s being up for like 10 hours and I haven’t had any
problem…yet!

The weird thing is I have another connection from the same ISP and I didn’t have to go through this hack to get it working
but I think I will go with it.

Thanks very much

SurferTim · March 31, 2014, 12:18pm

Just a FYI: If you decide to add another network to your router, insure you add a masquerade that covers the new subnet. I use this, and it covers any subnets in the router.

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1

rextended · March 31, 2014, 12:24pm

But at what IP the client send DNS request, if no one IP for DNS is provided to client?

SurferTim · March 31, 2014, 12:32pm

From the OP:

The hotpsot works fine but when I log in I am unable to access the internet > even though the internet works when accessed directly without hotspot> .

Then later:

I get the results

failure: dns server failure

If the router cannot resolve dns requests, then there will be problems.