Community discussions

MikroTik App
 
Xcelsium
just joined
Topic Author
Posts: 11
Joined: Tue Dec 03, 2013 6:07 pm

Hotspot Problem with Apple IoS 11.3.1, is someone having the same problem?

Wed May 16, 2018 6:35 pm

Im having troubles with Iphones and the version IOS 11.3.1 with the hotspot using RADIUS to a cloud server, they cant see the login page or cautive portal to login, iphones with previous version are working good and androids too, so i am asking if someone with the same users are having or not the same troubles with that version of IOS, to get a conclusion if is my config or the IOS version, i know this is not a problem with mikrotik RouterOS so please dont say You should ask on apple forums, i just want to know if there is people with this problems to get a conclusion about this problems,

For now my solution was to capture the devices who are making a connection to captive.apple.com (the phones make a conectivity check to that host), take them to an address list, and make a script to copy the address list to ip bindings (i didnt try if it will work with walled garden src-adress-list), so they can bypass the hotspot. (And i already try to only walled garden captive.apple.com, it just gives a false positive to the iphone making it think that it have free internet)

So far i checked that every process its ok, the mikrotik make the redirection to the hotspot rules(and the hotspot page on the mikrotik), but the iphone never get up the captive portal or the default navigator with the captiveportal url, we even tried to use the local address in a url navigator (chrome,safari), and it calls that the connection doesnt work, its like is trying to access a proxy or via a proxy like the google data saver (its a guess, not a conclusion)

Image

Edited:Added a second image of proof of correct response of the mikrotik to the user passing it the login.html
Image

After that nothing happens on the iphone,

i will pass the export compact:
/interface bridge
add fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether2 ] arp=reply-only
set [ find default-name=ether3 ] master-port=ether2
/interface pptp-client
add connect-to=x.x.x.x disabled=no name=pptp-out1 password=X-XXXxxxXx user=x-X
/interface eoip
add !keepalive mac-address=02:B3:1B:44:9F:A0 name=eoip-tunnel1 remote-address=172.16.30.9 tunnel-id=3090
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=Data-saver regexp="\\x05\\x63\\x68\\x65\\x63\\x6b\\x09\\x67\\x6f\\x6f\\x67\\x6c\\x65\\x7a\\x69\\x70\\x03\\x6e\\x65\\x74|\\x08\\x63\\x6f\\x6d\\x70\\x72\\x65\\x73\\x73\\x09\\x67\\x6f\\x6f\\x67\\x6c\\x65\\x7a\\x69\\x70\\x03\\x6e\\x65\\x74|\\x09\
    \\x64\\x61\\x74\\x61\\x73\\x61\\x76\\x65\\x72\\x0a\\x67\\x6f\\x6f\\x67\\x6c\\x65\\x61\\x70\\x69\\x73\\x03\\x63\\x6f\\x6d"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
add dns-name=hotspot.local.com hotspot-address=192.168.88.1 html-directory=flash/hotspot http-cookie-lifetime=1d login-by=cookie,http-chap,http-pap name=hsprof2 use-radius=yes
/ip hotspot user profile
set [ find default=yes ] keepalive-timeout=2h shared-users=10
/ip pool
add name=hs-pool-2 ranges=192.168.88.2-192.168.88.254
add name=dhcp_pool1 ranges=192.168.89.20-192.168.89.254
add name=hs-pool-5 ranges=10.5.50.2-10.5.50.254
/ip dhcp-server
add add-arp=yes address-pool=hs-pool-2 disabled=no interface=ether2 lease-time=4h name=dhcp1
add address-pool=dhcp_pool1 authoritative=after-2sec-delay interface=ether4 name=dhcp2
/ip hotspot
add address-pool=hs-pool-2 disabled=no idle-timeout=45m interface=ether2 name=hotspot1 profile=hsprof2
add address-pool=hs-pool-5 interface=ether5 name=hs-ether5
/queue simple
add max-limit=9M/22M name=Internet queue=pcq-upload-default/pcq-download-default target=192.168.88.0/24
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
add name=work policy=local,reboot,read,test,winbox,password,web,sniff,sensitive,api,romon,tikapp,!telnet,!ssh,!ftp,!write,!policy,!dude skin=WorkCafe
/interface bridge port
add bridge=bridge1 interface=ether4
/ip address
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
add address=192.168.89.1/24 disabled=yes interface=ether4 network=192.168.89.0
add address=10.5.50.1/24 comment="hotspot network" interface=ether5 network=10.5.50.0
add address=192.168.45.2/30 interface=eoip-tunnel1 network=192.168.45.0
/ip arp
add address=192.168.88.93 interface=ether2 mac-address=80:2A:A8:30:96:A2
/ip dhcp-client
add dhcp-options=hostname,clientid
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=192.168.88.93 client-id=1:80:2a:a8:30:96:a2 mac-address=80:2A:A8:30:96:A2 server=dhcp1
add address=192.168.88.15 client-id=1:5c:51:81:82:e9:7d mac-address=5C:51:81:82:E9:7D server=dhcp1
add address=192.168.88.16 client-id=1:b8:63:4d:e6:21:9e mac-address=B8:63:4D:E6:21:9E server=dhcp1
add address=192.168.88.17 client-id=1:b8:63:4d:ee:e2:53 mac-address=B8:63:4D:EE:E2:53 server=dhcp1
add address=192.168.88.14 client-id=1:5c:51:81:82:e9:5f mac-address=5C:51:81:82:E9:5F server=dhcp1
add address=192.168.88.13 client-id=1:b0:c0:90:ba:1e:8f mac-address=B0:C0:90:BA:1E:8F server=dhcp1
/ip dhcp-server network
add address=192.168.88.0/24 comment="hotspot network" dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1 netmask=32
add address=192.168.89.0/24 gateway=192.168.89.1
/ip dns
set allow-remote-requests=yes cache-size=20480KiB servers=208.67.222.123,208.67.220.123
/ip dns static
add address=146.112.61.106 disabled=yes name=petardas.com
add address=146.112.61.106 disabled=yes name=www.petardas.com
add address=146.112.61.106 name=check.googlezip.net
add address=146.112.61.106 name=datasaver.googleapis.com
add address=146.112.61.106 name=compress.googlezip.net
/ip firewall address-list
add address=captive.apple.com list="Captive APPLE"
/ip firewall filter
add action=drop chain=input comment="Bloqueo Chrome Data Saver" layer7-protocol=Data-saver src-address=192.168.88.0/24
add action=accept chain=input src-address=192.168.88.0/24
add action=accept chain=forward src-address-list=Iphones
add action=accept chain=input dst-address-list=Iphones
add action=add-src-to-address-list address-list=Iphones address-list-timeout=5s chain=forward dst-address-list="Captive APPLE" log=yes
add action=accept chain=forward disabled=yes dst-address=104.104.43.69 src-address=192.168.88.0/24
add action=drop chain=forward connection-limit=15,32 disabled=yes dst-address=radius.external.server.cloud dst-port=80 log=yes log-prefix=RADIUSDOS protocol=tcp
add action=drop chain=forward comment="Bloqueo Chrome Data Saver" layer7-protocol=Data-saver src-address=192.168.88.0/24
add action=accept chain=forward comment="Aceptar Conexion Contra AWS" dst-address=radius.external.server.cloud
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=drop chain=forward comment="Bloqueo Entre Clientes " dst-address=192.168.88.0/24 src-address=192.168.88.0/24
add action=drop chain=input comment="Bloqueo Flood DNS" dst-port=53 in-interface=pptp-out1 protocol=udp
/ip firewall nat
add action=accept chain=dstnat src-address-list=Iphones
add action=dst-nat chain=dstnat disabled=yes dst-port=53 protocol=udp src-address-list=Iphones to-addresses=208.67.222.123
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="Enmascaramiento General" out-interface=ether1
add action=masquerade chain=srcnat disabled=yes out-interface=*6
add action=src-nat chain=srcnat disabled=yes dst-address=192.168.88.94 to-addresses=192.168.88.1
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=yes src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=10.5.50.0/24
add action=dst-nat chain=dstnat comment="Redireccion a OpenDNS" dst-port=53 protocol=udp to-addresses=208.67.222.123
add action=dst-nat chain=dstnat comment="Redireccion a OpenDNS" dst-port=53 protocol=tcp to-addresses=208.67.222.123
/ip hotspot ip-binding
add mac-address=80:2A:A8:30:96:A2 type=bypassed
add disabled=yes mac-address=00:DB:DF:74:27:37 server=hotspot1 type=bypassed
add disabled=yes mac-address=00:1C:25:18:18:57 server=hotspot1 type=bypassed
add mac-address=A0:99:9B:79:6B:99 type=bypassed
add mac-address=B0:C0:90:BA:1E:8F type=bypassed
add mac-address=5C:51:81:82:E9:5F type=bypassed
add mac-address=5C:51:81:82:E9:7D type=bypassed
add mac-address=B8:63:4D:EE:E2:53 type=bypassed
add mac-address=B8:63:4D:E6:21:9E type=bypassed
add disabled=yes mac-address=F4:31:C3:C5:F2:50 type=bypassed
add address=192.168.88.204 type=bypassed
add address=192.168.88.236 type=bypassed
add address=192.168.88.20 type=bypassed
add address=192.168.88.253 type=bypassed
add address=192.168.88.16 type=bypassed
add address=192.168.88.17 type=bypassed
add address=192.168.88.11 type=bypassed
add address=192.168.88.6 type=bypassed
add address=192.168.88.4 type=bypassed
add address=192.168.88.23 type=bypassed
add address=192.168.88.32 type=bypassed
add address=192.168.88.33 type=bypassed
/ip hotspot user
add name=admin password=XxXxxX
/ip hotspot walled-garden
add comment="place hotspot rules here" disabled=yes
add dst-host=radius.external.server.cloud
add dst-host=radius.external.server.cloud
add dst-host=captive.apple.com
add dst-host=hotspot.local.com
add dst-host=192.168.89.253
/ip hotspot walled-garden ip
add action=accept disabled=no dst-address=radius.external.server.cloud !dst-port !protocol server=hotspot1 !src-address
add action=accept disabled=no dst-address=radius.external.server.cloud !dst-port !protocol server=hotspot1 !src-address
add action=accept disabled=no dst-address=192.168.88.1 !dst-port !protocol server=hotspot1 !src-address
add action=accept disabled=no dst-address=104.104.43.69 !dst-port !protocol server=hotspot1 !src-address
/ip route
add disabled=yes distance=1 gateway=186.121.207.161
add distance=1 dst-address=172.16.0.0/12 gateway=172.16.10.1
add distance=1 dst-address=172.16.30.9/32 gateway=172.16.10.1
/ip service
set telnet address=192.168.0.0/16,172.16.0.0/12
set ftp disabled=yes
set ssh address=192.168.0.0/16,172.16.0.0/12
set api disabled=yes
set api-ssl disabled=yes
/radius
add address=radius.external.server.cloud secret=3468849Lp service=hotspot timeout=5s
add address=192.168.89.253 disabled=yes secret=produccion123 service=hotspot timeout=5s
/system clock
set time-zone-name=America/XX_xx
NOTE: the layer 7 is matching check.googlezip.net compress.googlezip.net datasaver.googleapis.com, to force use openDNS on android and chrome user
NOTE2: The ARP is only working with DHCP Arp Leasings
NOTE3: The script is not posting here, if you have the same problem and need the script just post that you have the same problem or different problem :) and i will pass it on another post.
NOTE4: I just change my public IPs, and external radius to avoid problems.

Like i said i dont try to blame mikrotik for this error, i just dont have the equipments to test it myself, i really dont use iphones and the client is on other region of my country, i just want to get a conclusion to this problem, for my point of view is something with the new IoS Version, without the hotspot it works like a charm, but i need proofs or data collection to post it as a bug to the apple feedback program :S, if someone can help me on that. Or maybe im wrong and i really dont know how to configure a Hotspot, thats why i leave my code for evaluation :).

Thanks in advancement

BR
Xcelsium
 
2frogs
Forum Veteran
Forum Veteran
Posts: 713
Joined: Fri Dec 03, 2010 1:38 am

Re: Hotspot Problem with Apple IoS 11.3.1, is someone having the same problem?

Thu May 17, 2018 2:56 am

I just checked 5 different iOS 11.3.1 devices on ROS v6.42.1 and they all work fine. I use the trial feature for my guest network.
 
sgulyamov
just joined
Posts: 1
Joined: Thu May 17, 2018 12:47 pm
Location: Moscow

Re: Hotspot Problem with Apple IoS 11.3.1, is someone having the same problem?

Thu May 17, 2018 3:37 pm

Im having troubles with Iphones and the version IOS 11.3.1 with the hotspot using RADIUS to a cloud server, they cant see the login page or cautive portal to login, iphones with previous version are working good and androids too, so i am asking if someone with the same users are having or not the same troubles with that version of IOS, to get a conclusion if is my config or the IOS version, i know this is not a problem with mikrotik RouterOS so please dont say You should ask on apple forums, i just want to know if there is people with this problems to get a conclusion about this problems,

For now my solution was to capture the devices who are making a connection to captive.apple.com (the phones make a conectivity check to that host), take them to an address list, and make a script to copy the address list to ip bindings (i didnt try if it will work with walled garden src-adress-list), so they can bypass the hotspot. (And i already try to only walled garden captive.apple.com, it just gives a false positive to the iphone making it think that it have free internet)

So far i checked that every process its ok, the mikrotik make the redirection to the hotspot rules(and the hotspot page on the mikrotik), but the iphone never get up the captive portal or the default navigator with the captiveportal url, we even tried to use the local address in a url navigator (chrome,safari), and it calls that the connection doesnt work, its like is trying to access a proxy or via a proxy like the google data saver (its a guess, not a conclusion)

Image

Edited:Added a second image of proof of correct response of the mikrotik to the user passing it the login.html
Image

After that nothing happens on the iphone,

i will pass the export compact:
/interface bridge
add fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether2 ] arp=reply-only
set [ find default-name=ether3 ] master-port=ether2
/interface pptp-client
add connect-to=x.x.x.x disabled=no name=pptp-out1 password=X-XXXxxxXx user=x-X
/interface eoip
add !keepalive mac-address=02:B3:1B:44:9F:A0 name=eoip-tunnel1 remote-address=172.16.30.9 tunnel-id=3090
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=Data-saver regexp="\\x05\\x63\\x68\\x65\\x63\\x6b\\x09\\x67\\x6f\\x6f\\x67\\x6c\\x65\\x7a\\x69\\x70\\x03\\x6e\\x65\\x74|\\x08\\x63\\x6f\\x6d\\x70\\x72\\x65\\x73\\x73\\x09\\x67\\x6f\\x6f\\x67\\x6c\\x65\\x7a\\x69\\x70\\x03\\x6e\\x65\\x74|\\x09\
    \\x64\\x61\\x74\\x61\\x73\\x61\\x76\\x65\\x72\\x0a\\x67\\x6f\\x6f\\x67\\x6c\\x65\\x61\\x70\\x69\\x73\\x03\\x63\\x6f\\x6d"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
add dns-name=hotspot.local.com hotspot-address=192.168.88.1 html-directory=flash/hotspot http-cookie-lifetime=1d login-by=cookie,http-chap,http-pap name=hsprof2 use-radius=yes
/ip hotspot user profile
set [ find default=yes ] keepalive-timeout=2h shared-users=10
/ip pool
add name=hs-pool-2 ranges=192.168.88.2-192.168.88.254
add name=dhcp_pool1 ranges=192.168.89.20-192.168.89.254
add name=hs-pool-5 ranges=10.5.50.2-10.5.50.254
/ip dhcp-server
add add-arp=yes address-pool=hs-pool-2 disabled=no interface=ether2 lease-time=4h name=dhcp1
add address-pool=dhcp_pool1 authoritative=after-2sec-delay interface=ether4 name=dhcp2
/ip hotspot
add address-pool=hs-pool-2 disabled=no idle-timeout=45m interface=ether2 name=hotspot1 profile=hsprof2
add address-pool=hs-pool-5 interface=ether5 name=hs-ether5
/queue simple
add max-limit=9M/22M name=Internet queue=pcq-upload-default/pcq-download-default target=192.168.88.0/24
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
add name=work policy=local,reboot,read,test,winbox,password,web,sniff,sensitive,api,romon,tikapp,!telnet,!ssh,!ftp,!write,!policy,!dude skin=WorkCafe
/interface bridge port
add bridge=bridge1 interface=ether4
/ip address
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
add address=192.168.89.1/24 disabled=yes interface=ether4 network=192.168.89.0
add address=10.5.50.1/24 comment="hotspot network" interface=ether5 network=10.5.50.0
add address=192.168.45.2/30 interface=eoip-tunnel1 network=192.168.45.0
/ip arp
add address=192.168.88.93 interface=ether2 mac-address=80:2A:A8:30:96:A2
/ip dhcp-client
add dhcp-options=hostname,clientid
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=192.168.88.93 client-id=1:80:2a:a8:30:96:a2 mac-address=80:2A:A8:30:96:A2 server=dhcp1
add address=192.168.88.15 client-id=1:5c:51:81:82:e9:7d mac-address=5C:51:81:82:E9:7D server=dhcp1
add address=192.168.88.16 client-id=1:b8:63:4d:e6:21:9e mac-address=B8:63:4D:E6:21:9E server=dhcp1
add address=192.168.88.17 client-id=1:b8:63:4d:ee:e2:53 mac-address=B8:63:4D:EE:E2:53 server=dhcp1
add address=192.168.88.14 client-id=1:5c:51:81:82:e9:5f mac-address=5C:51:81:82:E9:5F server=dhcp1
add address=192.168.88.13 client-id=1:b0:c0:90:ba:1e:8f mac-address=B0:C0:90:BA:1E:8F server=dhcp1
/ip dhcp-server network
add address=192.168.88.0/24 comment="hotspot network" dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1 netmask=32
add address=192.168.89.0/24 gateway=192.168.89.1
/ip dns
set allow-remote-requests=yes cache-size=20480KiB servers=208.67.222.123,208.67.220.123
/ip dns static
add address=146.112.61.106 disabled=yes name=petardas.com
add address=146.112.61.106 disabled=yes name=www.petardas.com
add address=146.112.61.106 name=check.googlezip.net
add address=146.112.61.106 name=datasaver.googleapis.com
add address=146.112.61.106 name=compress.googlezip.net
/ip firewall address-list
add address=captive.apple.com list="Captive APPLE"
/ip firewall filter
add action=drop chain=input comment="Bloqueo Chrome Data Saver" layer7-protocol=Data-saver src-address=192.168.88.0/24
add action=accept chain=input src-address=192.168.88.0/24
add action=accept chain=forward src-address-list=Iphones
add action=accept chain=input dst-address-list=Iphones
add action=add-src-to-address-list address-list=Iphones address-list-timeout=5s chain=forward dst-address-list="Captive APPLE" log=yes
add action=accept chain=forward disabled=yes dst-address=104.104.43.69 src-address=192.168.88.0/24
add action=drop chain=forward connection-limit=15,32 disabled=yes dst-address=radius.external.server.cloud dst-port=80 log=yes log-prefix=RADIUSDOS protocol=tcp
add action=drop chain=forward comment="Bloqueo Chrome Data Saver" layer7-protocol=Data-saver src-address=192.168.88.0/24
add action=accept chain=forward comment="Aceptar Conexion Contra AWS" dst-address=radius.external.server.cloud
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=drop chain=forward comment="Bloqueo Entre Clientes " dst-address=192.168.88.0/24 src-address=192.168.88.0/24
add action=drop chain=input comment="Bloqueo Flood DNS" dst-port=53 in-interface=pptp-out1 protocol=udp
/ip firewall nat
add action=accept chain=dstnat src-address-list=Iphones
add action=dst-nat chain=dstnat disabled=yes dst-port=53 protocol=udp src-address-list=Iphones to-addresses=208.67.222.123
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="Enmascaramiento General" out-interface=ether1
add action=masquerade chain=srcnat disabled=yes out-interface=*6
add action=src-nat chain=srcnat disabled=yes dst-address=192.168.88.94 to-addresses=192.168.88.1
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=yes src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=10.5.50.0/24
add action=dst-nat chain=dstnat comment="Redireccion a OpenDNS" dst-port=53 protocol=udp to-addresses=208.67.222.123
add action=dst-nat chain=dstnat comment="Redireccion a OpenDNS" dst-port=53 protocol=tcp to-addresses=208.67.222.123
/ip hotspot ip-binding
add mac-address=80:2A:A8:30:96:A2 type=bypassed
add disabled=yes mac-address=00:DB:DF:74:27:37 server=hotspot1 type=bypassed
add disabled=yes mac-address=00:1C:25:18:18:57 server=hotspot1 type=bypassed
add mac-address=A0:99:9B:79:6B:99 type=bypassed
add mac-address=B0:C0:90:BA:1E:8F type=bypassed
add mac-address=5C:51:81:82:E9:5F type=bypassed
add mac-address=5C:51:81:82:E9:7D type=bypassed
add mac-address=B8:63:4D:EE:E2:53 type=bypassed
add mac-address=B8:63:4D:E6:21:9E type=bypassed
add disabled=yes mac-address=F4:31:C3:C5:F2:50 type=bypassed
add address=192.168.88.204 type=bypassed
add address=192.168.88.236 type=bypassed
add address=192.168.88.20 type=bypassed
add address=192.168.88.253 type=bypassed
add address=192.168.88.16 type=bypassed
add address=192.168.88.17 type=bypassed
add address=192.168.88.11 type=bypassed
add address=192.168.88.6 type=bypassed
add address=192.168.88.4 type=bypassed
add address=192.168.88.23 type=bypassed
add address=192.168.88.32 type=bypassed
add address=192.168.88.33 type=bypassed
/ip hotspot user
add name=admin password=XxXxxX
/ip hotspot walled-garden
add comment="place hotspot rules here" disabled=yes
add dst-host=radius.external.server.cloud
add dst-host=radius.external.server.cloud
add dst-host=captive.apple.com
add dst-host=hotspot.local.com
add dst-host=192.168.89.253
/ip hotspot walled-garden ip
add action=accept disabled=no dst-address=radius.external.server.cloud !dst-port !protocol server=hotspot1 !src-address
add action=accept disabled=no dst-address=radius.external.server.cloud !dst-port !protocol server=hotspot1 !src-address
add action=accept disabled=no dst-address=192.168.88.1 !dst-port !protocol server=hotspot1 !src-address
add action=accept disabled=no dst-address=104.104.43.69 !dst-port !protocol server=hotspot1 !src-address
/ip route
add disabled=yes distance=1 gateway=186.121.207.161
add distance=1 dst-address=172.16.0.0/12 gateway=172.16.10.1
add distance=1 dst-address=172.16.30.9/32 gateway=172.16.10.1
/ip service
set telnet address=192.168.0.0/16,172.16.0.0/12
set ftp disabled=yes
set ssh address=192.168.0.0/16,172.16.0.0/12
set api disabled=yes
set api-ssl disabled=yes
/radius
add address=radius.external.server.cloud secret=3468849Lp service=hotspot timeout=5s
add address=192.168.89.253 disabled=yes secret=produccion123 service=hotspot timeout=5s
/system clock
set time-zone-name=America/XX_xx
NOTE: the layer 7 is matching check.googlezip.net compress.googlezip.net datasaver.googleapis.com, to force use openDNS on android and chrome user
NOTE2: The ARP is only working with DHCP Arp Leasings
NOTE3: The script is not posting here, if you have the same problem and need the script just post that you have the same problem or different problem :) and i will pass it on another post.
NOTE4: I just change my public IPs, and external radius to avoid problems.

Like i said i dont try to blame mikrotik for this error, i just dont have the equipments to test it myself, i really dont use iphones and the client is on other region of my country, i just want to get a conclusion to this problem, for my point of view is something with the new IoS Version, without the hotspot it works like a charm, but i need proofs or data collection to post it as a bug to the apple feedback program :S, if someone can help me on that. Or maybe im wrong and i really dont know how to configure a Hotspot, thats why i leave my code for evaluation :).

Thanks in advancement

BR
Xcelsium
You may test with differenet hotspot IP in hotspot profille. Your landing page URL is mapped to this ip, so IOS 11.3.1 may somehow reject it.
I have exactly the same problem ( only with IOS 11.3.1).
 
Xcelsium
just joined
Topic Author
Posts: 11
Joined: Tue Dec 03, 2013 6:07 pm

Re: Hotspot Problem with Apple IoS 11.3.1, is someone having the same problem?

Thu May 17, 2018 5:43 pm

Thanks, i will try to recheck the external radius server then, maybe the problem is there

BR
 
korg
Member Candidate
Member Candidate
Posts: 111
Joined: Tue Apr 26, 2016 4:10 pm

Re: Hotspot Problem with Apple IoS 11.3.1, is someone having the same problem?

Fri May 18, 2018 12:40 pm

Hi...

i have almost the same problem... after ROS upgrade to 6.42.1 the captive portal has not been showing anymore... on previously normal working three hotspot servers...

As user Xcelsium i did not use wireshark to debug the network traffic... but i see that none of the Hotspot rules under NAT are 'contacted'... all of the packet numbers are at 0 (zero).

any help?

tx

korg
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: Hotspot Problem with Apple IoS 11.3.1, is someone having the same problem?

Mon Nov 12, 2018 1:46 pm

Underlying implementation of redirect to Hotspot login page is very simple. Most of the commonly used devices (mobile phones, tablets, laptops, etc.) try to open predefined HTTP site in background after you have connected to network. If site can be opened, then nothing happens. If connection is redirected to Hotspot login page, then you see authentication popup.

For example, the most common problem is that you add apple.com related sites to Walled Garden. Since site that is used in order to detect Hotspot is whitelisted, client can not detect Hotspot.

If your local network device does not open Hotspot page automatically, then disable Walled Garden entries on your router and check again.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: Hotspot Problem with Apple IoS 11.3.1, is someone having the same problem?

Thu Nov 15, 2018 9:48 am

Due to reports from our clients, we have found out that iOS devices can not open Hotspot pop-up if Hotspot server has domain name which includes "local" in it. This can happen only if Hotspot administrator by himself has configured such name on server.
 
korg
Member Candidate
Member Candidate
Posts: 111
Joined: Tue Apr 26, 2016 4:10 pm

Re: Hotspot Problem with Apple IoS 11.3.1, is someone having the same problem?

Fri Nov 16, 2018 8:11 am

Hi,

my domain name does not have name local in it and it still does not show pop up.

korg
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26290
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Hotspot Problem with Apple IoS 11.3.1, is someone having the same problem?

Fri Nov 16, 2018 9:27 am

Korg, and you are sure you have nothing in "Walled Garden" menu?

Who is online

Users browsing this forum: ameliask, miks and 64 guests