PPPoE with Walled Garden

srikanth418 · February 4, 2016, 10:55am

Hello Everyone,

I am looking for a solution for my PPPoE customers where expired users can be able to access the Bank Sites for Payments. I can only do it with hotspot users but not PPPoE users. I suggest a workaround and can you people please suggest if following topology works.

Currently I configured Mt Radius server as well as CCR - PPPoe Server that all my active users will get 172.16.xx.xx pool for browsing and expired users will get 192.168.xx.xx pool where I am redirecting them to a web server where they were only informed that connection is expired.
Active Users Ip Pool : 172.16.XX.XX
Expired Users IP Pool: 192.168.xx.xx

Now I want to implement policy based routing in PPPoE Server and I would like to send all my expired users to other CCR where there is only hotspot is configured with walled garden where I am expecting all my 192.168.xx.xx traffic will be passing through Hotspot server and hit the walled garden. All my bank sites are allowed in that walled garden. Somebody please suggest me if this topology works ???

ZeroByte · February 4, 2016, 1:22pm

The CCR will of course need a static route to 192.168.x.x via the PPPoE server.

Make a mangle table rule in the prerouting chain that if the src-address is 192.168.0.0/16 then action=mark-routing new-routing-mark=expired
Add a default GW route with mark=expired and next-hop = CCR. Also whatever IP network is between the pppoe server and the CCR, you will need to add that network as a static route in “expired” routing table also (gateway=ether4 or whatever interface it is on)

That should do the trick.

kraker · February 11, 2016, 3:03pm

http://wiki.azotel.com/simpler-features/frequently-asked-questions/mikrotik-setting-up-the-walled-garden-for-pppoe-users

follow it…

srikanth418 · February 24, 2016, 10:29am

Thanks for your reply. I am on my way to implement it.