Looks legit and dynamically sets up the firewall rules. I can ping the radius server via its pptp VPN address whilst not logged in. All looks well but consistently getting “radius server is not responding” and auth status failures pile up.
Below is the code is necessary. Thanks for any assistance.
[admin@MikroTik] /ip hotspot walled-garden ip> export
# jan/02/1970 06:46:09 by RouterOS 4.11
# software id = EHRL-4JLF
#
/ip hotspot walled-garden ip
add action=accept comment="" disabled=no dst-address=10.0.2.188 dst-port=\
1812-1813 protocol=udp server=server1 src-address=192.168.2.0/24
Firewall details if they help
# jan/02/1970 06:47:43 by RouterOS 4.11
# software id = EHRL-4JLF
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=input comment="default configuration" disabled=yes \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=yes in-interface=ether1-gateway
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=yes in-interface=ether1-gateway
add action=drop chain=input comment="default configuration" disabled=yes \
in-interface=ether1-gateway
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="default configuration" disabled=\
no out-interface=ether1-gateway
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no