Our admin that in past configure Mikrotik router leaves company and now we have first problem.
We have several devices on wireless network that is for public use (e-kiosks) and therefore need to bypass Hotspot login page. As per documentation, we add MAC adresses and change type to “bypassed” in IP\Hotspot\IP binding page. When user opens web browser, there is no login page anymore, but also no possibility to browse Internet. I think, that problem is with name resolution, while when I use nslookup, it can connect to Router DNS server, but server return no answer to any query. When I disable rule in IP Binding page, login page opens and after authentication same queries works.
How is the client getting an ip address? If it is not in the localnet range of the interface, the hotspot does a one-to-one nat to an ip within the address range. If that is the case, you would not be able to surf the net without changing/setting the ip.
If you are using dhcp to issue addresses, I make the dhcp assignment static (not a static ip, just makes the dhcp server issue the same ip to that client when it requests one), and bypass the ip address through the hotspot.
/ip dhcp-server lease
print
make-static X
where X is the line number of the dhcp lease you want to make static.
Also check that you have “allow-remote-requests=yes” in your DNS settings.
My wireless clients gets IP addreses from router DHCP service. I’ve already thinking about make address lease for e-kiosks static, but as I create IP Binding rule only with MAC address condition, I think there is no need to do that.
When I check “allow-remote-requests=yes” in IP\DNS settings, all works and these special computer can browse Internet without need to be authenticated in Hotspot. But I don’t know, what is that setting for and why name resolution works without setting this checkbox if user authenticates via Hotspot? Is it option to allow router DNS service make recursive queries? Currently I leave it checked, as it solves my problem, but if you have a little bit time - please explain me more!
I am not certain, but by experience, the hotspot is not a “remote” unit, so it accesses the DNS locally, as a “proxy” for your client, in a way. If you do not use the hotspot (bypassed), and attempt to go directly from your client to the DNS server for name resolution, and that would be a remote request.
But I don’t know, what is that setting for and why name resolution works without setting this checkbox if user authenticates via Hotspot? Is it option to allow router DNS service make recursive queries? Currently I leave it checked, as it solves my problem, but if you have a little bit time - please explain me more!