Community discussions

MUM Europe 2020
 
hasak
just joined
Topic Author
Posts: 9
Joined: Thu Feb 21, 2019 6:49 pm

Forwarding to login page of Hotspot

Wed Sep 25, 2019 12:10 pm

Hi, I am testing hotspot. When I open web page (test http or https) web browser show web is unreachable. Does not funct automatic forwarding to login page of hotspot. I scanned the ports with nmap tool and ports 64872 - 64875 are open. I have as client station Windows 10 and Android phone.
# sep/25/2019 11:02:46 by RouterOS 6.45.6
# software id = D0WF-K8C6
#
# model = RB941-2nD
# serial number = 93710A6C2368
/interface bridge
add admin-mac=74:4D:28:5A:A0:2A auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor \
    mode=ap-bridge ssid=MikroTik-5AA02E wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add dns-name=t.cz hotspot-address=192.168.87.1 login-by=http-pap,trial,mac-cookie name=hsprof1 rate-limit=5M/5M trial-uptime-limit=5m \
    trial-uptime-reset=10m
/ip hotspot user profile
set [ find default=yes ] shared-users=10
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=hs-pool-1 ranges=192.168.87.2-192.168.87.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=hs-pool-1 disabled=no interface=wlan1 lease-time=1h name=dhcp1
/ip hotspot
add address-pool=hs-pool-1 disabled=no interface=wlan1 name=hotspot1 profile=hsprof1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=pwr-line1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set allow-fast-path=no
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=wlan1 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.87.1/24 comment=defconf interface=wlan1 network=192.168.87.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.87.0/24 comment="hotspot network" gateway=192.168.87.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
    in-interface-list=WAN
/ip firewall nat
add action=log chain=hotspot comment=hledani disabled=yes
add action=log chain=hs-unauth disabled=yes log-prefix=Pdr
add action=redirect chain=hs-unauth dst-port=80 in-interface=wlan1 log=yes protocol=tcp to-ports=64874
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=192.168.87.0/24
/ip hotspot user
add name=admin
/ip service
set www-ssl disabled=no
/system clock
set time-zone-name=Europe/Prague
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
Zacharias
Forum Guru
Forum Guru
Posts: 1075
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Forwarding to login page of Hotspot

Wed Sep 25, 2019 1:49 pm

If you try with the hotspot's address (http://x.y.z.w) manually in your browser, does it work?
 
hasak
just joined
Topic Author
Posts: 9
Joined: Thu Feb 21, 2019 6:49 pm

Re: Forwarding to login page of Hotspot

Wed Sep 25, 2019 2:20 pm

If you try with the hotspot's address (http://x.y.z.w) manually in your browser, does it work?
Yes, if I give to browser ip / hostname of Mikrotik, login page is show.
 
Zacharias
Forum Guru
Forum Guru
Posts: 1075
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Forwarding to login page of Hotspot

Wed Sep 25, 2019 2:32 pm

I guess the device you use doesn't detect that it is behind a hotspot.. As long as your configuration is correct then it has totally to do with your computer.
If you try with your mobile phone does the hotspot portal pop up???
 
hasak
just joined
Topic Author
Posts: 9
Joined: Thu Feb 21, 2019 6:49 pm

Re: Forwarding to login page of Hotspot

Wed Sep 25, 2019 3:27 pm

Unfortunately, it is the same on mobile phone with OS Android 7.0. When phone showed notification about hotspot, I click on it, is open page on browser "connectivitycheck.gstatic.com/generate_204". But page does not load.
 
zakynthoswifi
Frequent Visitor
Frequent Visitor
Posts: 74
Joined: Thu Jul 17, 2014 12:38 am
Location: Zakynthos
Contact:

Re: Forwarding to login page of Hotspot

Wed Sep 25, 2019 3:32 pm

try removing dns name of your hotspot.
Ilias Theodosis
Network & Security Engineer
Cisco CCNA,CCNP,CCIE
Network Solutions Ltd.
Zakynthos, Greece
 
hasak
just joined
Topic Author
Posts: 9
Joined: Thu Feb 21, 2019 6:49 pm

Re: Forwarding to login page of Hotspot

Wed Sep 25, 2019 4:11 pm

try removing dns name of your hotspot.
OK. I was test it, but status not change. Automatic redirection to hotspot login page still doesn't work. :(
Current configuration
# sep/25/2019 15:13:12 by RouterOS 6.45.6
# software id = D0WF-K8C6
#
# model = RB941-2nD
# serial number = 93710A6C2368
/interface bridge
add admin-mac=74:4D:28:5A:A0:2A auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor \
    mode=ap-bridge ssid=MikroTik-5AA02E wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add hotspot-address=192.168.87.1 login-by=http-pap,trial,mac-cookie name=hsprof1 rate-limit=5M/5M trial-uptime-limit=5m trial-uptime-reset=\
    10m
/ip hotspot user profile
set [ find default=yes ] shared-users=10
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=hs-pool-1 ranges=192.168.87.2-192.168.87.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=hs-pool-1 disabled=no interface=wlan1 lease-time=1h name=dhcp1
/ip hotspot
add address-pool=hs-pool-1 disabled=no interface=wlan1 name=hotspot1 profile=hsprof1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=pwr-line1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set allow-fast-path=no
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=wlan1 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.87.1/24 comment=defconf interface=wlan1 network=192.168.87.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.87.0/24 comment="hotspot network" gateway=192.168.87.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
    in-interface-list=WAN
/ip firewall nat
add action=log chain=hotspot comment=hledani disabled=yes
add action=log chain=hs-unauth disabled=yes log-prefix=Pdr
add action=redirect chain=hs-unauth dst-port=80 in-interface=wlan1 log=yes protocol=tcp to-ports=64874
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=192.168.87.0/24
/ip hotspot user
add name=admin
/ip service
set www-ssl disabled=no
/system clock
set time-zone-name=Europe/Prague
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

 
Zacharias
Forum Guru
Forum Guru
Posts: 1075
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Forwarding to login page of Hotspot

Wed Sep 25, 2019 7:00 pm

Although am not sure, inside your dhcp server network add under DNS your hotspot address 192.168.87.1 so your client gets a DNS...
 
zakynthoswifi
Frequent Visitor
Frequent Visitor
Posts: 74
Joined: Thu Jul 17, 2014 12:38 am
Location: Zakynthos
Contact:

Re: Forwarding to login page of Hotspot

Wed Sep 25, 2019 10:17 pm

Although am not sure, inside your dhcp server network add under DNS your hotspot address 192.168.87.1 so your client gets a DNS...
Bingo!
Zacharia you are right,
If you don't specify DNS on your dhcp server you wont be able to open hotspot landing page automaticaly, in most devices will open but some of them are not working.
Attention!
You must specify your hotspot gateway address as your dns server under DHCP > NETWORKS
Ilias Theodosis
Network & Security Engineer
Cisco CCNA,CCNP,CCIE
Network Solutions Ltd.
Zakynthos, Greece
 
hasak
just joined
Topic Author
Posts: 9
Joined: Thu Feb 21, 2019 6:49 pm

Re: Forwarding to login page of Hotspot

Thu Sep 26, 2019 8:25 am

Hi men,
ok, I am set ip of DNS server (192.168.87.1) to DHCP->Network (when IP not set, is as default use IP of router). But nothing. :( :( :( :oops:
# sep/26/2019 07:19:46 by RouterOS 6.45.6
# software id = D0WF-K8C6
#
# model = RB941-2nD
# serial number = 93710A6C2368
/interface bridge
add admin-mac=74:4D:28:5A:A0:2A auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor \
    mode=ap-bridge ssid=MikroTik-5AA02E wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add dns-name=t.cz hotspot-address=192.168.87.1 login-by=http-pap,trial,mac-cookie name=hsprof1 rate-limit=5M/5M trial-uptime-limit=5m \
    trial-uptime-reset=10m
/ip hotspot user profile
set [ find default=yes ] shared-users=10
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=hs-pool-1 ranges=192.168.87.2-192.168.87.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=hs-pool-1 disabled=no interface=wlan1 name=dhcp1
/ip hotspot
add address-pool=hs-pool-1 disabled=no interface=wlan1 name=hotspot1 profile=hsprof1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=pwr-line1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set allow-fast-path=no
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=wlan1 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.87.1/24 comment=defconf interface=wlan1 network=192.168.87.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.87.0/24 comment="hotspot network" dns-server=192.168.87.1 gateway=192.168.87.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
add address=192.168.87.1 name=connectivitycheck.gstatic.com
/ip firewall filter
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
    in-interface-list=WAN
/ip firewall nat
add action=log chain=hotspot comment=hledani disabled=yes
add action=log chain=hs-unauth disabled=yes log-prefix=Pdr
add action=redirect chain=hs-unauth dst-port=80 in-interface=wlan1 log=yes protocol=tcp to-ports=64874
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=192.168.87.0/24
/ip hotspot user
add name=admin password=admin
/ip service
set www-ssl disabled=no
/system clock
set time-zone-name=Europe/Prague
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
Zacharias
Forum Guru
Forum Guru
Posts: 1075
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Forwarding to login page of Hotspot

Thu Sep 26, 2019 10:16 am

Your current configuration works just fine to me. I am redirected to the hotspot login page.
 
hasak
just joined
Topic Author
Posts: 9
Joined: Thu Feb 21, 2019 6:49 pm

Re: Forwarding to login page of Hotspot

Thu Sep 26, 2019 10:48 am

Your current configuration works just fine to me. I am redirected to the hotspot login page.
Please tell me what client station (OS, platform) you are use? And what type of MK and version fo RouterOS?
 
Zacharias
Forum Guru
Forum Guru
Posts: 1075
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Forwarding to login page of Hotspot

Thu Sep 26, 2019 11:07 am

The client was a windows 10 computer. The router os verion was 6.4x.x something, and the device an RBmAP2nD
 
hasak
just joined
Topic Author
Posts: 9
Joined: Thu Feb 21, 2019 6:49 pm

Re: Forwarding to login page of Hotspot

Thu Sep 26, 2019 1:45 pm

Ok I have new knowledge. In stable RouterOS 6.45.6 the hotspot not forwarding to login page, but in older firmware 6.43.16 yes. The solution is downgrade.
I will not look for the latest firmware in which everything works. I think, this is a bug in ROS 6.45.6.

Thanks you guys

Who is online

Users browsing this forum: No registered users and 88 guests