Hotspot login page slow loading (freeradius)
Posted: Tue Oct 02, 2018 11:33 am
Dear all,
I setup this hotspot system with external radius server(free radius) as authentication and accounting. 3 months ago this works good as intended. I also built windows application to handle voucher/user creation this application serves as some sort of usermanager.
my problem is after 3 months my hotspot login page takes too long to load. however it is till working but it takes 10-15 seconds to load the login page which takes only 2 seconds before.
Please see attached files for diagram and other screen shots.
I want to ask apology in advance, i'm still new in RouterOS and i only follow some videos online that helps me to setup my hotspot.
-----------------------------------------------------------------------------------------------------
[admin@MikroTik] /interface vlan> print
Flags: X - disabled, R - running, S - slave
# NAME MTU ARP VLAN-ID INTERFACE
0 R vlan_admin 1500 enabled 10 ether10_LAN
1 R vlan_csg 1500 enabled 20 ether10_LAN
2 R vlan_csx 1500 enabled 30 ether10_LAN
3 R vlan_dorm 1500 enabled 40 ether10_LAN
4 R vlan_hotspot 1500 enabled 99 ether10_LAN
5 R vlan_resto 1500 enabled 50 ether10_LAN
(note i only use vlan 10, 40 and 99)
-----------------------------------------------------------------------------------------------------
[admin@MikroTik] /ip hotspot> print
Flags: X - disabled, I - invalid, S - HTTPS
# NAME INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT
0 hs-vlan_... vlan_hotspot dhcp_pool173 hsprof2 5m
-----------------------------------------------------------------------------------------------------
[admin@MikroTik] /ip hotspot profile> print
Flags: * - default
0 * name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot
html-directory-override="" rate-limit="" http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d
split-user-domain=no use-radius=no
1 name="hsprof2" hotspot-address=10.0.0.1 dns-name="" html-directory=hs-hotel
html-directory-override="" rate-limit="" http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=cookie,http-chap,http-pap,mac-cookie
http-cookie-lifetime=1w split-user-domain=no use-radius=yes
radius-accounting=yes radius-interim-update=received
nas-port-type=wireless-802.11 radius-default-domain=""
radius-location-id="" radius-location-name=""
radius-mac-format=XX:XX:XX:XX:XX:XX
-----------------------------------------------------------------------------------------------------
[admin@MikroTik] /radius> print
Flags: X - disabled
# SERVICE CAL... DOMAIN ADDRESS SECRET
0 hotspot 192.168.1.55 123456
-----------------------------------------------------------------------------------------------------
[admin@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S ;;; GLOBE 20MBPS
0.0.0.0/0 120.X.X.X 2
1 A S ;;; PLDT
0.0.0.0/0 210.X.X.X 1
2 A S ;;; PLDT
0.0.0.0/0 210.X.X.X 1
3 ADC 10.0.0.0/22 10.0.0.1 vlan_hotspot 0
4 ADC 120.X.X.X/29 120.X.X.X ether6_GLOBE 0
5 ADC 172.16.10.0/24 172.16.10.1 vlan_csg 0
6 ADC 172.16.20.0/24 172.16.20.1 vlan_csx 0
7 ADC 172.16.50.0/24 172.16.50.1 vlan_resto 0
8 ADC 192.168.1.0/24 192.168.1.1 vlan_admin 0
9 ADC 192.168.2.0/24 192.168.2.1 vlan_dorm 0
10 DC 192.168.88.0/29 192.168.88.1 ether13 255
11 ADC 210.X.X.X/29 210.X.X.X ether5_PLDT 0
-----------------------------------------------------------------------------------------------------
[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client
1 D chain=hotspot action=jump jump-target=pre-hotspot
2 D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53
3 D chain=hotspot action=redirect to-ports=64872 protocol=tcp dst-port=53
4 D chain=hotspot action=redirect to-ports=64873 protocol=tcp hotspot=local-dst dst-port=80
5 D chain=hotspot action=redirect to-ports=64875 protocol=tcp hotspot=local-dst dst-port=443
6 D chain=hotspot action=jump jump-target=hs-unauth protocol=tcp hotspot=!auth
7 D chain=hotspot action=jump jump-target=hs-auth protocol=tcp hotspot=auth
8 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=80
9 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=3128
10 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=8080
11 D chain=hs-unauth action=redirect to-ports=64875 protocol=tcp dst-port=443
12 D chain=hs-unauth action=jump jump-target=hs-smtp protocol=tcp dst-port=25
13 D chain=hs-auth action=redirect to-ports=64874 protocol=tcp hotspot=http
14 D chain=hs-auth action=jump jump-target=hs-smtp protocol=tcp dst-port=25
15 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
16 chain=srcnat action=masquerade out-interface=ether6_GLOBE log=no log-prefix=""
17 chain=srcnat action=masquerade out-interface=ether5_PLDT log=no log-prefix=""
18 chain=pre-hotspot action=accept dst-address-type=!local hotspot=auth
-----------------------------------------------------------------------------------------------------
[admin@MikroTik] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; ROUTE VLAN40>ISP1
chain=prerouting action=mark-routing new-routing-mark=ISP2 passthrough=yes
src-address=192.168.2.0/24 log=no log-prefix=""
1 ;;; ROUTE HOTSPOT>ISP2
chain=prerouting action=mark-routing new-routing-mark=ISP2 passthrough=yes
src-address=10.0.0.0/22 log=no log-prefix=""
2 ;;; ROUTE VLAN10>ISP1
chain=prerouting action=mark-routing new-routing-mark=ISP2 passthrough=yes
src-address=192.168.1.0/24 log=no log-prefix=""
3 ;;; ROUTE VLAN10>ISP1
chain=prerouting action=mark-routing new-routing-mark=ISP1 passthrough=yes
src-address=192.168.100.0/24 log=no log-prefix=""
4 chain=prerouting action=mark-routing new-routing-mark=ISP2 passthrough=yes
src-address=172.16.10.0/24 log=no log-prefix=""
5 chain=prerouting action=mark-routing new-routing-mark=ISP2 passthrough=yes
src-address=172.16.20.0/24 log=no log-prefix=""
6 chain=prerouting action=mark-routing new-routing-mark=ISP2 passthrough=yes
src-address=172.16.50.0/24 log=no log-prefix=""
I setup this hotspot system with external radius server(free radius) as authentication and accounting. 3 months ago this works good as intended. I also built windows application to handle voucher/user creation this application serves as some sort of usermanager.
my problem is after 3 months my hotspot login page takes too long to load. however it is till working but it takes 10-15 seconds to load the login page which takes only 2 seconds before.
Please see attached files for diagram and other screen shots.
I want to ask apology in advance, i'm still new in RouterOS and i only follow some videos online that helps me to setup my hotspot.
-----------------------------------------------------------------------------------------------------
[admin@MikroTik] /interface vlan> print
Flags: X - disabled, R - running, S - slave
# NAME MTU ARP VLAN-ID INTERFACE
0 R vlan_admin 1500 enabled 10 ether10_LAN
1 R vlan_csg 1500 enabled 20 ether10_LAN
2 R vlan_csx 1500 enabled 30 ether10_LAN
3 R vlan_dorm 1500 enabled 40 ether10_LAN
4 R vlan_hotspot 1500 enabled 99 ether10_LAN
5 R vlan_resto 1500 enabled 50 ether10_LAN
(note i only use vlan 10, 40 and 99)
-----------------------------------------------------------------------------------------------------
[admin@MikroTik] /ip hotspot> print
Flags: X - disabled, I - invalid, S - HTTPS
# NAME INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT
0 hs-vlan_... vlan_hotspot dhcp_pool173 hsprof2 5m
-----------------------------------------------------------------------------------------------------
[admin@MikroTik] /ip hotspot profile> print
Flags: * - default
0 * name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot
html-directory-override="" rate-limit="" http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d
split-user-domain=no use-radius=no
1 name="hsprof2" hotspot-address=10.0.0.1 dns-name="" html-directory=hs-hotel
html-directory-override="" rate-limit="" http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=cookie,http-chap,http-pap,mac-cookie
http-cookie-lifetime=1w split-user-domain=no use-radius=yes
radius-accounting=yes radius-interim-update=received
nas-port-type=wireless-802.11 radius-default-domain=""
radius-location-id="" radius-location-name=""
radius-mac-format=XX:XX:XX:XX:XX:XX
-----------------------------------------------------------------------------------------------------
[admin@MikroTik] /radius> print
Flags: X - disabled
# SERVICE CAL... DOMAIN ADDRESS SECRET
0 hotspot 192.168.1.55 123456
-----------------------------------------------------------------------------------------------------
[admin@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S ;;; GLOBE 20MBPS
0.0.0.0/0 120.X.X.X 2
1 A S ;;; PLDT
0.0.0.0/0 210.X.X.X 1
2 A S ;;; PLDT
0.0.0.0/0 210.X.X.X 1
3 ADC 10.0.0.0/22 10.0.0.1 vlan_hotspot 0
4 ADC 120.X.X.X/29 120.X.X.X ether6_GLOBE 0
5 ADC 172.16.10.0/24 172.16.10.1 vlan_csg 0
6 ADC 172.16.20.0/24 172.16.20.1 vlan_csx 0
7 ADC 172.16.50.0/24 172.16.50.1 vlan_resto 0
8 ADC 192.168.1.0/24 192.168.1.1 vlan_admin 0
9 ADC 192.168.2.0/24 192.168.2.1 vlan_dorm 0
10 DC 192.168.88.0/29 192.168.88.1 ether13 255
11 ADC 210.X.X.X/29 210.X.X.X ether5_PLDT 0
-----------------------------------------------------------------------------------------------------
[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client
1 D chain=hotspot action=jump jump-target=pre-hotspot
2 D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53
3 D chain=hotspot action=redirect to-ports=64872 protocol=tcp dst-port=53
4 D chain=hotspot action=redirect to-ports=64873 protocol=tcp hotspot=local-dst dst-port=80
5 D chain=hotspot action=redirect to-ports=64875 protocol=tcp hotspot=local-dst dst-port=443
6 D chain=hotspot action=jump jump-target=hs-unauth protocol=tcp hotspot=!auth
7 D chain=hotspot action=jump jump-target=hs-auth protocol=tcp hotspot=auth
8 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=80
9 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=3128
10 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=8080
11 D chain=hs-unauth action=redirect to-ports=64875 protocol=tcp dst-port=443
12 D chain=hs-unauth action=jump jump-target=hs-smtp protocol=tcp dst-port=25
13 D chain=hs-auth action=redirect to-ports=64874 protocol=tcp hotspot=http
14 D chain=hs-auth action=jump jump-target=hs-smtp protocol=tcp dst-port=25
15 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
16 chain=srcnat action=masquerade out-interface=ether6_GLOBE log=no log-prefix=""
17 chain=srcnat action=masquerade out-interface=ether5_PLDT log=no log-prefix=""
18 chain=pre-hotspot action=accept dst-address-type=!local hotspot=auth
-----------------------------------------------------------------------------------------------------
[admin@MikroTik] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; ROUTE VLAN40>ISP1
chain=prerouting action=mark-routing new-routing-mark=ISP2 passthrough=yes
src-address=192.168.2.0/24 log=no log-prefix=""
1 ;;; ROUTE HOTSPOT>ISP2
chain=prerouting action=mark-routing new-routing-mark=ISP2 passthrough=yes
src-address=10.0.0.0/22 log=no log-prefix=""
2 ;;; ROUTE VLAN10>ISP1
chain=prerouting action=mark-routing new-routing-mark=ISP2 passthrough=yes
src-address=192.168.1.0/24 log=no log-prefix=""
3 ;;; ROUTE VLAN10>ISP1
chain=prerouting action=mark-routing new-routing-mark=ISP1 passthrough=yes
src-address=192.168.100.0/24 log=no log-prefix=""
4 chain=prerouting action=mark-routing new-routing-mark=ISP2 passthrough=yes
src-address=172.16.10.0/24 log=no log-prefix=""
5 chain=prerouting action=mark-routing new-routing-mark=ISP2 passthrough=yes
src-address=172.16.20.0/24 log=no log-prefix=""
6 chain=prerouting action=mark-routing new-routing-mark=ISP2 passthrough=yes
src-address=172.16.50.0/24 log=no log-prefix=""