SMIPS walled garden issues

thegreathoe · December 10, 2019, 3:46pm

Good morning,

I have been trying to set up a hotspot service on a hAP LITE, but have been having issues with the walled garden. It seems like traffic to any domains that i place in the walled garden still gets rejected. I also do not see any of the counters increasing when i try to visit a domain in the whitelist.

I can get to places if i add the ip of a server in the “walled garden ip list” but that is it.

I have run the same script on another device *hAP AC lite" running a mipsbe firmware… and it work just fine there… both devices only had factory default settings before the script was run.

Config:

# Set the interface name to use with hotspot
# Examples:
# :global hotspotinterface ether2
# :global hotspotinterface wlan1
# :global hotspotinterface bridge1

:global hotspotinterface bridge

# Configure the NasID (from Control Panel)

:global nasid deviceid

# for temp management
 /ip firewall filter add action=accept in-interface=ether1 protocol=tcp dst-port=8291 place-before=1 chain=input
 /ip firewall filter add action=accept in-interface=ether1 protocol=tcp dst-port=22 place-before=2 chain=input

/ip hotspot
add disabled=no name=[/interface ethernet get [/interface ethernet find default-name="ether1"] mac-address] interface="$hotspotinterface"
/ip hotspot profile
set [ find default=yes ] login-by=http-chap use-radius=yes
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=no
/ip hotspot walled-garden
add dst-host=*mywifi.io
add dst-host=*guestlinx.com
add dst-host=*securewifilogin.com
add dst-host=*cloudfront.net
add dst-host=*fonts.gstatic.com
add dst-host=*fonts.googleapis.com
add dst-host=*linkedin.com
add dst-host=*amazonaws.com
add dst-host=*licdn.com
add dst-host=*twitter.com
add dst-host=*facebook.com
add dst-host=*fbcdn.net
add dst-host=*akadns.net
add dst-host=*edgekey.net
add dst-host=*edgesuite.net
add dst-host=*akamaihd.net
add dst-host=*akamaiedge.net
add dst-host=*akamai.net
add dst-host=*twimg.com
add dst-host=*instagram.com
add dst-host=*facebook.net
add dst-host=*stripe.com
add dst-host=*paypal.com
add dst-host=*paypalobjects.com
add dst-host=*twilio.com
add dst-host=*vk.com
add dst-host=*js.authorize.net
/ip hotspot walled-garden ip
add action=accept disabled=no dst-host=js.stripe.com
add action=accept disabled=no dst-host=js.authorize.net

/radius
add address=IP1 disabled=no secret=mywifi service=hotspot
add address=IP2 disabled=no secret=mywifi service=hotspot
/system identity
set name="$nasid"
:delay 3s

:global hotspotdirectory [/ip hotspot profile get [find] html-directory]
/file remove [/file find name="$hotspotdirectory/login.html"]
/file remove [/file find name="$hotspotdirectory/rlogin.html"]
/file remove [/file find name="$hotspotdirectory/alogin.html"]
/file remove [/file find name="$hotspotdirectory/lv"]
/file remove [/file find name="$hotspotdirectory/img"]
/file remove [/file find name="$hotspotdirectory/xml"]

thegreathoe · December 10, 2019, 4:42pm

attached are configs from both the working and non-working devices… i ran a compare on both and do not see any real differences that would cause it to not be working…
export-working-redacted.txt (4.9 KB)
export-notworking-redacted.txt (5.04 KB)

thegreathoe · December 10, 2019, 5:07pm

OK, i have downgraded the hAP lite to firmware version 6.44.6, and it is working there… so it looks like there is an issue with the walled garden or hotspot in the latest version of the SMIPS firmware!