laolsen
October 19, 2017, 11:49pm
1
Hi all,
I hope someone can help me, I am new to Mikrotik and while I have learned a lot; however I am struggling with a hotspot/captive portal issue. If I disable my hotspot configuration the Network connection to the internet is just fine, but as soon as I enable it and sign on the internet crawls! I go form 20-30ms ping responses and 50+mbs download, to over 200ms response time and only can maintain a .01mbs download. What is weird, is the upload speed seems just fine! What is going on? I can run whatever output from the terminal that will be helpful, I am just at my wits end!
I am not saying I will help, but without export of your settings nobody will be able to do it… Go to terminal and do
/export hide-sensitive
# oct/20/2017 08:41:44 by RouterOS 6.40.4
# software id = CD23-AB0R
#
# model = RouterBOARD 3011UiAS
# serial number = 783E074B97BC
/interface bridge
add admin-mac=64:D1:54:40:38:59 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
set [ find default-name=ether6 ] name=ether6-master
set [ find default-name=ether7 ] master-port=ether6-master
set [ find default-name=ether8 ] master-port=ether6-master
set [ find default-name=ether9 ] master-port=ether6-master
set [ find default-name=ether10 ] master-port=ether6-master
/ip neighbor discovery
set ether1 discover=no
/interface vlan
add interface=ether2-master name=vlan15 vlan-id=15
add interface=ether2-master name=vlan20 vlan-id=20
add interface=ether2-master name=vlan25 vlan-id=25
add interface=ether2-master name=vlan30 vlan-id=30
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=nexudus login-by=mac,http-chap
add hotspot-address=192.168.25.1 html-directory=nexudus login-by=mac,http-chap \
name=hsprof1
/ip pool
add name=dhcp ranges=192.168.10.25-192.168.10.254
add name=dhcp_pool1 ranges=192.168.15.15-192.168.15.254
add name=dhcp_pool2 ranges=192.168.20.15-192.168.20.254
add name=dhcp_pool3 ranges=192.168.25.15-192.168.25.254
add name=dhcp_pool4 ranges=192.168.30.15-192.168.30.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool1 disabled=no interface=vlan15 lease-time=1h20m name=\
dhcp1
add address-pool=dhcp_pool2 disabled=no interface=vlan20 lease-time=1h20m name=\
dhcp2
add address-pool=dhcp_pool3 disabled=no interface=vlan25 lease-time=1h20m name=\
dhcp3
add address-pool=dhcp_pool4 disabled=no interface=vlan30 lease-time=1h20m name=\
dhcp4
/ip hotspot
add address-pool=dhcp_pool3 interface=vlan25 name=hotspot1 profile=hsprof1
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=no address-pool=dhcp_pool3 on-login="# V\
ERSION: 2016-08-28\r\
\n# REQUIRES VERSION ROUTER OS 6.2 OR NEWER\r\
\n# PASTE THIS SCRIPT IN THE LOGIN SCRIPT OF THE HOTSPOT USER PROFILE\r\
\n\r\
\n:global cachedMacs;\r\
\n:local username;\r\
\n:local mac;\r\
\n:local found;\r\
\n:local currentMacs;\r\
\n:local url;\r\
\n:local foundUser;\r\
\n:local checkedInMac;\r\
\n:local fileName;\r\
\n:local fileContents;\r\
\n/log info (\"########### LOGIN ###########\");\r\
\n:set currentMacs [/ip hotspot active find];\r\
\n\r\
\n:global doRequest do={\r\
\n :do {\r\
\n :local fileContents;\r\
\n /log info \$url;\r\
\n /tool fetch url=\$url mode=https dst-path=\$fileName;\r\
\n :set fileContents [/file get \$fileName contents]\r\
\n /log info \$fileContents;\r\
\n :if (\$fileContents = \"FALSE\") do={\r\
\n /ip hotspot host remove [/ip hotspot host find mac-address=\$mac ]\
;\r\
\n /ip hotspot active remove [/ip hotspot active find mac-address=\$m\
ac ];\r\
\n /ip hotspot user remove [/ip hotspot user find mac-address=\$mac];\
\r\
\n /log info \"REMOVED USER\";\r\
\n }\r\
\n } on-error={ \r\
\n :if (\$retries = 0) do={ :return }\r\
\n :global doRequest;\r\
\n /log info (\"FAILED TO CHECK USER IN. \" . \$retries); \r\
\n \$doRequest mac=\$mac url=\$url fileName=\$fileName retries=(\$retri\
es - 1);\r\
\n };\r\
\n}\r\
\n\r\
\n:foreach line in=\$currentMacs do={\r\
\n :set found 0;\r\
\n :set mac [/ip hotspot active get \$line mac-address];\r\
\n :foreach cachedMac in=\$cachedMacs do={\r\
\n :if (\$cachedMac = \$mac) do={\r\
\n :set found 1;\r\
\n }\r\
\n }\r\
\n :if (\$found = 0) do={\r\
\n /log info (\"LOGIN: \" . \$mac);\r\
\n :set foundUser [/ip hotspot user find mac-address=\$mac];\r\
\n :if (\$foundUser = \"\") do={\r\
\n /ip hotspot user add name=\$mac mac-address=\$mac;\r\
\n /ip hotspot host remove [/ip hotspot host find mac-address=\$mac];\r\
\n }\r\
\n :set url (\"https://spaces.nexudus.com/Mikrotik/CheckIn.do\?mac=\" . \
\$mac . \"&guid=3fbc163b-dee2-48e6-bd2a-546b11146e72\");\r\
\n :set checkedInMac \$mac;\r\
\n }\r\
\n}\r\
\n\r\
\n/ip hotspot active remove [/ip hotspot active find user=\"admin\"];\r\
\n\r\
\n:if (\$found = 0) do={\r\
\n :set fileName (\$checkedInMac . \".mac\");\r\
\n \$doRequest mac=\$mac url=\$url fileName=\$fileName retries=10;\r\
\n}" on-logout="# VERSION: 2016-08-28\r\
\n# REQUIRES VERSION ROUTER OS 6.2 OR NEWER\r\
\n# PASTE THIS SCRIPT IN THE LOGOUT SCRIPT OF THE HOTSPOT USER PROFILE\r\
\n\r\
\n:local url;\r\
\n:local mac;\r\
\n:set mac \$user;\r\
\n\r\
\n:global doCheckOutRequest do={\r\
\n :do {\r\
\n\r\
\n /log info \$url;\r\
\n /tool fetch url=\$url mode=https;\r\
\n } on-error={ \r\
\n :if (\$retries = 0) do={ :return }\r\
\n :global doCheckOutRequest;\r\
\n /log info (\"FAILED TO CHECK USER OUT. \" . \$retries); \r\
\n \$doCheckOutRequest url=\$url retries=(\$retries - 1);\r\
\n };\r\
\n}\r\
\n\r\
\n/log info (\"LOGOUT: \" . \$mac);\r\
\n:set url (\"https://spaces.nexudus.com/Mikrotik/CheckOut.do\?mac=\" . \$ma\
c . \"&guid=3fbc163b-dee2-48e6-bd2a-546b11146e72\");\r\
\n\$doCheckOutRequest url=\$url retries=10;" shared-users=1000
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=ether6-master
add bridge=bridge comment=defconf interface=sfp1
add interface=ether10
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.10.1/24 comment=defconf interface=ether2-master network=\
192.168.10.0
add address=192.168.15.1/24 interface=vlan15 network=192.168.15.0
add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0
add address=192.168.25.1/24 interface=vlan25 network=192.168.25.0
add address=192.168.30.1/24 interface=vlan30 network=192.168.30.0
add address=208.117.69.185/27 interface=ether1 network=208.117.69.160
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 comment=defconf gateway=192.168.10.1 netmask=24
add address=192.168.15.0/24 dns-server=208.123.128.36,8.8.8.8 domain=ube.local \
gateway=192.168.15.1
add address=192.168.20.0/24 dns-server=208.123.128.36,8.8.8.8 domain=\
newmoon.local gateway=192.168.20.1
add address=192.168.25.0/24 dns-server=208.123.128.36,8.8.8.8 domain=\
cowork.local gateway=192.168.25.1
add address=192.168.30.0/24 dns-server=208.123.128.36,8.8.8.8 domain=\
printers.local gateway=192.168.30.1
/ip dns
set allow-remote-requests=yes servers=208.123.128.36,8.8.8.8
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
disabled=yes
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
disabled=yes
add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1 protocol=tcp \
to-addresses=192.168.10.8 to-ports=80
add action=dst-nat chain=dstnat dst-port=554 in-interface=ether1 protocol=tcp \
to-addresses=192.168.10.8 to-ports=0-65535
add action=dst-nat chain=dstnat dst-port=8000 in-interface=ether1 protocol=tcp \
to-addresses=192.168.10.8 to-ports=8000
add action=masquerade chain=srcnat out-interface-list=WAN src-address=\
192.168.15.0/24
add action=masquerade chain=srcnat out-interface-list=WAN src-address=\
192.168.20.0/24
add action=masquerade chain=srcnat out-interface-list=WAN src-address=\
192.168.30.0/24
add action=masquerade chain=srcnat out-interface-list=WAN src-address=\
192.168.25.0/24
/ip hotspot user
add name=admin
add mac-address=DC:EF:CA:54:AA:AC name=DC:EF:CA:54:AA:AC
/ip hotspot walled-garden
add comment="place hotspot rules here" disabled=yes
/ip hotspot walled-garden ip
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
ajax.googleapis.com !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
maps.googleapis.com !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
fonts.googleapis.com !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
www.paypalobject.com !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
maps.gstatic.com !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=twimg.com \
!dst-port !protocol server=hotspot1 !src-address !src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
platform.twitter.com !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
multigateway.nexudus.com !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
checkout.stripe.com !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
q.stripe.com !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
api.stripe.com !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
netdna.bootstrapcdn.com !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
cdnjs.cloudflare.com !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
sandbox.forte.net !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
api.mixpanel.com !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
s3.amazonaws.com !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
cdn.syndication.twimg.com !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
coworkpueblo.spaces.nexudus.com !dst-port !protocol server=hotspot1 \
!src-address !src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
spaces.nexudus.com !dst-port !protocol server=hotspot1 !src-address \
!src-address-list
add action=accept disabled=no dst-address=192.168.25.1 !dst-address-list \
!dst-port !protocol server=hotspot1 !src-address !src-address-list
/ip route
add distance=1 gateway=208.117.69.161
/system clock
set time-zone-name=America/Denver
/system scheduler
add interval=5m name=schedule1 on-event="CheckActiveUsers\r\
\n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=sep/20/2017 start-time=04:48:44
/system script
add name=CheckActiveUsers owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# V\
ERSION: 2016-08-28\r\
\n# REQUIRES VERSION ROUTER OS 6.2 OR NEWER\r\
\n# DO NOT PASTE THIS SCRIPT IN THE HOTSPOT PROFILE\r\
\n# CREATE A TASK IN THE SCHEDULER AND TRIGGER THIS SCRIPT EVERY 5 MINUTES\r\
\n\r\
\n:local currentMacs;\r\
\n:local mac;\r\
\n:local url;\r\
\n:local fileName;\r\
\n\r\
\n/log info (\"########### CHECKING USERS ###########\");\r\
\n\r\
\n:global doRequest do={\r\
\n :do {\r\
\n :local fileContents;\r\
\n /log info \$url;\r\
\n /tool fetch url=\$url mode=https dst-path=\$fileName;\r\
\n :set fileContents [/file get \$fileName contents]\r\
\n /log info \$fileContents;\r\
\n :if (\$fileContents = \"FALSE\") do={\r\
\n /ip hotspot host remove [/ip hotspot host find mac-address=\$mac ]\
;\r\
\n /ip hotspot active remove [/ip hotspot active find mac-address=\$m\
ac ];\r\
\n /ip hotspot user remove [/ip hotspot user find mac-address=\$mac];\
\r\
\n /log info \"REMOVED USER\";\r\
\n }\r\
\n } on-error={ \r\
\n :if (\$retries = 0) do={ :return }\r\
\n :global doRequest;\r\
\n /log info (\"FAILED TO CHECK USER STATUS. \" . \$retries); \r\
\n \$doRequest mac=\$mac url=\$url fileName=\$fileName retries=(\$retri\
es - 1);\r\
\n };\r\
\n}\r\
\n\r\
\n:set currentMacs [/ip hotspot active find];\r\
\n:foreach line in=\$currentMacs do={\r\
\n :set mac [/ip hotspot active get \$line mac-address];\r\
\n :set url (\"https://spaces.nexudus.com/Mikrotik/CheckIn.do\?mac=\" . \$\
mac . \"&guid=3fbc163b-dee2-48e6-bd2a-546b11146e72\");\r\
\n :set fileName (\$mac . \".mac\");\r\
\n \$doRequest mac=\$mac url=\$url fileName=\$fileName retries=10;\r\
\n}\r\
\n\r\
\n"
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge
Hopefully I am not missing something super obvious! Thanks for your help
My ISP now has 100 MB/sec download. I have the same problem. If I bypass hotspot, I can download at 100 MB/s. If authenticated through the hotspot, the maximum is 50 MB/sec. I hope someone can answer this.
Did you ever get a solution to this problem?
I am having the same issue. Any help regarding this?