I've got a big problem with my MikroTik RB4011iGS+ HotSpot solution:
- MikroTik LOG: every few minutes dhcp1 deassigned IP from MAC and then dhcp1 assigned IP to MAC
- Wi-Fi hotspot client: sometimes it takes quite some time to get an IP from DHCP Server
- Wi-Fi hotspot client: while roaming to another access point hotspot user will be logged out (lost DHCP lease)
- Wi-Fi hotspot client: sometimes after a few minutes and sometimes after a few hours hotspot user were logged out (maybe lost DHCP lease, too)
Log (hotspot & DHCP):
Code: Select all
17:08:03 dhcp,info DHCP: dhcp1 assigned 10.10.6.232 to 82:3F:72:77:20:63
17:08:07 dhcp,info DHCP: dhcp1 deassigned 10.10.6.232 from 82:3F:72:77:20:63
17:08:07 dhcp,info DHCP: dhcp1 assigned 10.10.6.232 to 82:3F:72:77:20:63
17:08:07 hotspot,info,debug ->: a14dtdrk (10.10.6.232): trying to log in by mac-cookie
17:08:07 hotspot,info,debug HOTSPOT: a14dtdrk (10.10.6.232): trying to log in by mac-cookie
17:08:07 hotspot,account,info,debug ->: a14dtdrk (10.10.6.232): logged in
17:08:07 hotspot,account,info,debug HOTSPOT: a14dtdrk (10.10.6.232): logged in
17:08:32 dhcp,info DHCP: dhcp1 deassigned 10.10.2.163 from A8:9C:ED:C1:64:6A
17:08:37 hotspot,info,debug ->: Pl085 (10.10.2.163): logged out: lost dhcp lease
17:08:37 hotspot,info,debug HOTSPOT: Pl085 (10.10.2.163): logged out: lost dhcp lease
17:08:49 dhcp,info DHCP: dhcp1 deassigned 10.10.6.186 from 58:20:59:B5:67:C4
17:08:52 dhcp,warning dhcp1 offering lease 10.10.6.186 for 58:20:59:B5:67:C4 without success
17:08:52 dhcp,info DHCP: dhcp1 assigned 10.10.6.186 to 58:20:59:B5:67:C4
17:09:05 dhcp,warning dhcp1 offering lease 10.10.2.163 for A8:9C:ED:C1:64:6A without success
17:09:11 dhcp,info DHCP: dhcp1 deassigned 10.10.6.179 from E2:E5:9F:37:A9:6E
17:09:12 dhcp,info DHCP: dhcp1 assigned 10.10.6.179 to E2:E5:9F:37:A9:6E
17:09:12 hotspot,info,debug ->: a3dyi4g (10.10.6.179): trying to log in by mac-cookie
17:09:12 hotspot,info,debug HOTSPOT: a3dyi4g (10.10.6.179): trying to log in by mac-cookie
17:09:12 hotspot,account,info,debug ->: a3dyi4g (10.10.6.179): logged in
17:09:12 hotspot,account,info,debug HOTSPOT: a3dyi4g (10.10.6.179): logged in
17:09:14 dhcp,info DHCP: dhcp1 assigned 10.10.2.163 to A8:9C:ED:C1:64:6A
17:09:15 hotspot,info,debug ->: Pl085 (10.10.2.163): trying to log in by mac-cookie
17:09:15 hotspot,info,debug HOTSPOT: Pl085 (10.10.2.163): trying to log in by mac-cookie
17:09:15 hotspot,account,info,debug ->: Pl085 (10.10.2.163): logged in
17:09:15 hotspot,account,info,debug HOTSPOT: Pl085 (10.10.2.163): logged in
Code: Select all
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,relat
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="WebGUI Userman" dst-address=192.168.1.12 dst-port=80 protocol=tcp
add action=accept chain=input comment="Winbox WAN Administration" dst-port=8291 protocol=tcp
add action=accept chain=input comment="FTP Server MikroTik Router" dst-port=20,21 in-interface=ether1 protocol=tcp
add action=accept chain=input comment="API von aaPanel Webserver" dst-port=8728,8729 in-interface=ether1 protocol=tcp sr
10.0.0.107
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,re
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-
in-interface-list=WAN
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=10.10.0.0/20
Code: Select all
Code: Select all
Code: Select all
Code: Select all