web page re direct, splash paga, captive portal

We have a public wi-fi set up with some motorola AP’s that are connected to a mikrotik and its working fine assiging dhcp ect. My question is how do i set up a splash page, i tried several settings under the hotspot option, but no luck, i got the login page to work but i dont need that. Its free and public dont want any authentication, just a splash page to a url address, a facebook page, everytime they log in. Where exactly do i set up this url re direct, im new to mikrotik as many details as possible will help. Mikrotik 3.15

Thanks again.

If you want to just redirect people to a specific web site when they first connect, that is easy to do with a dst-nat rule and you don’t need the hotspot to do that for you. The main problem with this approach is how do you determine who to redirect, when, and when have they “logged off” so you don’t redirect them too much.

You can play around with address lists, such that the first time they end up at the IP address of your server they are in an address list where they will not be redirected again. You will need more rules however to cover how to determine when they have stopped passing traffic so you know you can remove them from the list, or just live with redirecting them ever couple of hours.

I think this is simpler with a Hotspot exactly for the reasons Feklar listed as issues. It’s hard to determine what constitutes an “initial redirect”. Just redirecting doesn’t work - the vast majority of machines now do HTTP requests well before the user ever opens a browser. On boot lots of programs check for updates, the weather widgets on the desktop fetch the current temperature via HTTP from Yahoo - if you just redirect the first tcp/80 request from a machine there’s a low chance anyone will ever see the redirect.

You can implement hotspots with “auto logins”, where the login page submits itself and the user is then shown a redirect. Since that includes an initial redirect to the Hotspot servlet, which then servers a 302 to the login.html, which then in turn users JavaScript or meta refreshes, few simple HTTP apps such as weather widgets or auto updaters follow that entire chain. If they don’t get an immediate 200 OK, they give up.

Here’s the basic code on how to do that. First you create a Hotspot profile and Hotspot. You need to at least change the interface the Hotspot attaches to, as well as the DNS name, and the hotspot-address to match the interface IP address.

/ip hotspot profile
add dns-name=hotspot.example.com hotspot-address=10.1.0.1 html-directory=hotspot http-proxy=0.0.0.0:0 login-by=http-pap name=hotspot rate-limit=1m/1m smtp-server=0.0.0.0
/ip hotspot
add disabled=no idle-timeout=30m interface=hotspot keepalive-timeout=5m name=hotspot profile=hotspot

Then create a username and password as well as a user profile. You at least need to adjust the per user rate limit in the user profile.

/ip hotspot user profile
add idle-timeout=none keepalive-timeout=15m name=hotspot rate-limit=1m/1m shared-users=unlimited status-autorefresh=1m transparent-proxy=no
/ip hotspot user
add disabled=no name=hotspot password=hotspot profile=hotspot

Then access the router via SFTP/FTP/whatever and delete all files in the ‘hotspot’ directory that got automatically created. Replace them with the below, replacing all references to ‘hotspot.example.com’ with the DNS name of your Hotspot. Also edit the URL in alogin.html to the URL you want to redirect people to:

redirect.html, status.html, fstatus.html, rlogin.html, and logout.html all have the same content:

<html>
<head>
<meta http-equiv="refresh" content="0; url=http://hotspot.example.com/login.html">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="-1">
</head>
<body>
</body>
</html>

login.html submits to the Hotspot on load and logs the user in with the local user credentials:

<html>
<head>
<meta http-equiv="refresh" content="0; url=login?username=hotspot&password=hotspot">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="-1">
</head>
<body>
</body>
</html>

And alogin.html redirects to your Facebook page after successful login:

<html>
<head>
<meta http-equiv="refresh" content="0; url=https://www.facebook.com.com">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="-1">
</head>
<body>
</body>
</html>

And make an error.html that displays that there was a fatal error. That works as a minimum, you can also provide fstatus.html and status.html that give more information rather than just do nothing.

Other people don’t like meta refreshes, you can achieve the same thing with JavaScript and onLoad triggers. Personally I hate how dirty meta refreshes are, but in testing we found that more devices implement it correctly compared to JavaScript (particularly in combination with NoScript etc., where this auto login breaks until you permit JavaScript on the client).

Hope that helps.

http://wiki.mikrotik.com/wiki/Manual:Customizing_Hotspot is good reading for your purposes. All the above is more or less documented there, as it lists all the various variables etc. and how the Hotspot actually works.

Fewi is CORRECT…

This works absolutely well. I had the exact same need on our network’s complimentary hotspots in building lobbies and this was the perfect solution. Thanks Fewi!

fewi to the rescue again. Runs like a champ when i tried this.

May a squadren of sandwitches find thier way to your mouth.

Hey guys, I was wondering. This current setup requires that the user go to an HTTP page in order for the authentication to take place. Is it possible for this to work if a users homepage is an https page? Currently if we go to an https page first it never hits the authentication and the user gets no internet.

bump. Anyone know if this is possible?

any experts wanna chime in with a yay or nay?