Tue Jan 09, 2018 4:55 pm
Yes, it's perfect for this. I use it in hotels to enable Chromecast on the hotel TV, and on airplanes to share a single Wi-Fi purchase with my family or coworkers.
Specific answers:
1. Yes, but the configuration is a bit tricky. First you need to create a Virtual AP on top of the base radio interface. Member that Virtual AP to the bridge. Setup a Wi-Fi password of your choosing for the default security profile. For my configuration, I also member the Ethernet port to the bridge as well, as the default configuration uses the Ethernet port for the WAN interface. Next you reconnect to the Virtual AP you just created. Now create another security profile with the password of the Wi-Fi network to which you want the router to connect as WAN. (You still need a security profile even if the network does not use a password. Note this is the Wi-Fi password, not any password you need to enter into a captive portal once connected.) Now on the base radio interface, set the security profile that you just created. Next perform a background scan and connect to the Wi-Fi network you want to use for your WAN. If all goes well, you will still be connected to the Virtual AP and the base radio interface will report "connected ESS." Change the frequency to Auto (important for #2 below). This will disconnect you for a minute until the Wi-Fi scans again and reconnects to the Wi-Fi. Now go to the DHCP Client and set it to the wlan1 base radio that is now operating in Station Mode. Then go to the Firewall setting and change the NAT rule to use the wlan1 base radio interface instead of ether1. Everything else should be fine with the defaults. Now with your device you will connect to example.com and sign into the captive portal as necessary. After that, all devices that connect to your Virtual AP will be on the Internet NATed through the router! I like to save the config at this point with a filename descriptive of the network for which I configured it (this is important for #2 below). Make sure when you give the backup a filename you prefix the name with "flash/" so the backup file is stored in the flash memory instead of the RAMdisk.
2. Sadly no, and this can be quite infuriating until you get the hang of the steps in #1 above. If you move to another location and the old Wi-Fi SSID is no longer available for connection (also applies if you're too far away and/or the Wi-Fi password is wrong), the base radio will keep going into normal scan mode searching for the SSID. It does not seem to operate in Background Scan Mode. The result of this is that the Virtual AP will not be available since the base radio isn't up. This is why I recommended you save the config above. The hotels and planes where I use this configuration generally have the same SSID name no matter where I am. So once I have it configured once using the steps in #1, I just hold down the reset button while applying power, and keep the reset button held down until the lights start alternate-blinking. This resets the router to default, but does *not* clear the flash containing the backup configs! Then I connect to the default open Wi-Fi, go to Files, select the configuration for the hotel or plane I need, and restore. The router reboots with the new config, the Auto frequency setting from #1 above allows it to select the best Wi-Fi network with the preconfigured SSID and Wi-Fi password, and then I'm up and running. Alternatively, you can always connect via the Ethernet port and avoid the Virtual AP being down if you need to reconfigure the base radio. I travel with a Pixel Chromebook 2 LS, which doesn't have an Ethernet port, so I'm pretty good at doing the steps in #1 within a couple minutes, but I also have a USB-Ethernet adapter I could use for configuration through ether1. Maybe that would work for you, too. I even have a USB Type-C-to-A adapter that I could conceivably use on my Google Pixel XL phone, for the same purpose, but I have never tried.
3. Of course. You can use any of the RouterOS functionality, limited only by CPU, RAM, and flash space. The popular VPN protocols are built-in to the main package, so there shouldn't be a problem setting up OpenVPN, IPSec, PPTP, whatever. I don't do this though; I just use VPN or SSH on my client device as-needed, depending what I'm trying to accomplish. Hotel and plane networks are already slow enough--I don't want to needlessly add more overhead!
Last edited by
yottabit on Wed Jan 10, 2018 11:32 pm, edited 2 times in total.