Hi,
I’m facing some issues with multiple hotspot profiles on one routerboard. On the routerboard, we have >1 hotspot profiles. All of the profiles have “hotspot.example.com” as it’s hotspot DNS name, so only 1 SSL certificate is needed on the routerboard. The remote server (radius) is logging in the user as described in http://wiki.mikrotik.com/wiki/Manual:Customizing_Hotspot#Examples. Within the HTML form, the following action is set:
action=“https://hotspot.example.com/login”
In addition. the following static DNS entries are set on the routerboard:
/ip dns static print
Flags: D - dynamic, X - disabled, R - regexp
NAME ADDRESS TTL
0 hotspot.example.com 192.168.0.1 1d
1 hotspot.example.com 192.168.4.1 1d
2 hotspot.example.com 192.168.8.1 1d
As you can guess, the routerboard will respond with one of the configured ip addresses that are statically configured via the hotspot wizzard. If the the wrong ip address for “hotspot.example.com” has been returned by the routerboard, the user won’t get authenticated.
I wonder about a feasible solution for that. One would be to just choose different hotspot names for each profile, but for that I need multiple SSL certificates for each hotspot name. Another solution is maybe to only define one static DNS entry (e.g hotspot.example.com → 192.168.0.1) and allow all other profiles to authenticate against “192.168.0.1”, but actually I want to seperate all subnets from each other.
Thanks in advance.