MikroTik router version 7.13.5 (ARM), RB3011 UiAS:
I’m experiencing an issue with redirecting to the login page. I’ve come across suggestions about using Let’s Encrypt certificates, but I’m facing another problem. I’m unable to access my router from a public IP despite configuring port forwarding to the internal IP. I’ve tried everything, but it’s not working. Before diving into the complex process of setting up certificates, is there a simpler shortcut or solution to address this problem?
Are you on CGNAT maybe ?
So you don’t get a usable public ip ?
And can you describe a little more what you want to achieve?
And in Mikrotik devices, the hotspot should only be reachable from the inside (LAN)
Do you get something like this ??
CGNAT has its own reserved IP range between 100.64.0.0 and 100.127.255.255.
Thank you for your response.
I want to achieve two issues:
1- not redirecting users to the loggint page in case they entered any website(it rederects them to the logining page only when they enere to the network).
2- cant reach MT from outsid.
1 - Redirecting users to the hotspot login page if they enter any address. Currently, it redirects them to the hotspot login page once they access the WiFi. However, if they try to enter any address, it doesn’t redirect and instead gives errors such as:
Secure Connection Failed
Error Code: PR_END_OF_FILE_ERROR
This site can’t be reached
Error: ERR_CONNECTION_CLOSED
This site can’t be reached
Error: ERR_QUIC_PROTOCOL_ERROR
I searched, and one of the solutions is to set up a certificate. However, I couldn’t do that because I can’t reach the MT router from outside. This is the second issue as I also want to remotely access the MT router.
2- Although I can see a public IP on MikroTik Cloud, I can’t reach it. I set up port forwarding on the ISP router to reach the MT router, but I couldn’t establish a connection.
Additionally, when I set up DHCP client , if I enable the option for peer DNS, it delivers the internal DNS (192.168.1.1, the ISP router’s IP). If I remove this option, I can’t find DNS in the DNS window, and I have to enter it manually. I expect to see dynamic DNS in this window automatically, but I’ve never seen one. I don’t know where the issue is.
I’m on LTE internet : router huawei E5785Lh-22c
I’m not sure if I’m no CGNAT
the ips which I see inside the ISP router is like 10.120.200.50 under the name WAN ip, not starting with 100, but it is diffrent than my public ip when I search about it it is like 41.250.50.50 , and I could see it inside the mikrotik in cloud window but I cant reach it
Same Issues:
Hotspot page not showing for user to login !
The user connect to my network (RB110X4) not redirect to Login page, only empty page showing !
This issue from first of v7 on v6 Its normal
Actually, here on pages 7 and even 6, there is not an empty page, I have errors reaching the page. The HTTPS doesn’t redirect, and this requires a certificate. However, I haven’t been able to find a solution to reach the router from outside the network, which is necessary to resolve the certificate issue.
probably yes this is a CGNAT , is there any solve to that if it was a CGNAT
The first thing comes to mind, do you need a public ipv4 address ??
Let’s Encrypt certificates is internet facing certs so you need public ip for these.
And these certs have a very short life span, you have to renew them a lot.
First of all, I think you can easily check your WAN ip on your router if that in the CGNAT ip range.
So you can confirm you in a cgnat situation.
First you can ask your ISP if you as a customer can get a public ipv4 address instead of cgnat one.
You can use some public tunnel providers, so you can tunnel your trafic from public ip to the tunnel and then into your setup.
I think cloudflare has this functionality.
I am not any expert of this, I just know how this uses a lot now because all Internet connected things(devices) needs public ipv4 addresses, so even the ISP don’t now lease out the public ip’s anymore.
They also uses the NAT technology like we do internally in our network(RFC1918).
But they call it cgnat.
Thank you