Community discussions

MUM Europe 2020
 
User avatar
omega-00
Forum Guru
Forum Guru
Topic Author
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

IE Problems with internal hotspot dns

Thu Oct 16, 2008 1:45 pm

Heads up for anyone using hotspots elsewhere that starts seeing a similar issue.
tags: internet explorer, IE, Vista, XP, Windows, Microsoft, DNS, hotspot, internal, lan, firefox, hosts, ssl, https

Seeing an issue pop up occasionally, mostly affecting Vista computers using IE but also the occasional XP computer where IE will refuse to redirect to the hotspot page, won't resolve the internal dns name of the hotspot to redirect to (In IE) even thou an nslookup from the same computer gives the correct result. Have had it happen on laptops, desktops, even once on 2 Wyse thinclients running XP embedded edition after about a year of solid use with no problems.

Specifically: the user calls up saying they can access walled garden sites (one which we allow is http://www.google.com) and can browse those fine but try anywhere else and the browser simply won't bring up a page.

Another user can then sit down with their laptop at exactly the same port or wireless point and connect with no issue.

Solution: there are 2 known solutions to this issue and 1 possible fix that can be applied.
1) Install firefox. We have a local ftp sever that the users can access for free to download a copy of firefox which works straight away without any problems.
2) add entries to the host file. For the thinclients, adding static host entries made the page start working fine even thou the system was already able to properly resolve.
3) On vista, doing a "netsh winsock reset" in command prompt, along with disabling the IPv6 bindings in windows file and printersharing (followed by a restart) has all resolved the issue in some circumstances. (Note: I will not be responsible if you break someones computer playing around with commandline settings)

For anyone who wants to speculate on why this occurs attached is a slightly modified copy of the hotspot config (names and IP's changed)
/ip hotspot profile
add dns-name=hotspots.example.com hotspot-address=10.60.8.1 html-directory=HS http-proxy=0.0.0.0:0 login-by=https name=site1-hs nas-port-type=ethernet \
    radius-accounting=yes radius-default-domain="" radius-interim-update=5m radius-location-id=site1 radius-location-name=site1 rate-limit="" smtp-server=0.0.0.0 \
    split-user-domain=no ssl-certificate=cert1 use-radius=yes
add dns-name=hotspots.example.com hotspot-address=0.0.0.0 html-directory=HS http-proxy=0.0.0.0:0 login-by=https name=site2-hs nas-port-type=ethernet \
    radius-accounting=yes radius-default-domain="" radius-interim-update=5m radius-location-id=site2 radius-location-name=site2 rate-limit="" smtp-server=\
    0.0.0.0 split-user-domain=no ssl-certificate=cert1 use-radius=yes
/ip hotspot
add address-pool=site1-dhcp-pool addresses-per-mac=2 disabled=no idle-timeout=none interface=site1 keepalive-timeout=none name=site1-hotspot profile=site1-hs
add address-pool=site2-dhcp-pool addresses-per-mac=2 disabled=yes idle-timeout=none interface=site2-BACKUP keepalive-timeout=none name=site2-hotspot profile=site2-hs
/ip hotspot user profile
set default idle-timeout=30m keepalive-timeout=5m name=default on-login=\
    ":foreach n in=[/queue simple find priority=4] do={ /queue simple move \$n [:pick [/queue simple find] 0] }" rate-limit=256k/1512k shared-users=2 status-autorefresh=\
    5m transparent-proxy=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot walled-garden
add action=allow comment="place hotspot rules here" disabled=yes
add action=allow comment=Paypal-allowance disabled=no dst-host=":^www\\.paypal\\.com\$" dst-port=443
add action=allow comment=Paypal-allowance disabled=no dst-host=":^content\\.paypalobjects\\.com\$" dst-port=443
add action=allow comment=Paypal-allowance disabled=no dst-host=*.akamaiedge.net
add action=allow comment="Stops invalid ssl cert prompts from occuring on firefox by allowing access" disabled=no dst-host=addons.mozilla.org dst-port=443
add action=allow comment="Stops invalid ssl cert prompts from occuring on firefox by allowing access" disabled=no dst-host=sb-ssl.google.com dst-port=443
/ip hotspot walled-garden ip
add action=accept comment="Allow access to #### Network" disabled=no dst-address=1.1.1.1
add action=accept comment="Allow access to hotspot server" disabled=no dst-address=2.2.2.2
We use a custom hotspot server which the mikrotik html redirects to, other than that the functions are similar to how a regular mikrotik hotspot functions.

Any other questions post here and I'll reply as soon as I can.
 
lukef
newbie
Posts: 35
Joined: Mon Jul 07, 2008 4:48 am

Re: IE Problems with internal hotspot dns

Tue Feb 03, 2009 8:34 am

We have just come across the exact same issue using a wyse terminal with windows xp embedded. Hotspot resolves through dns lookup but fails in the browser. A simple host entry fixes the problem. What worries me is all the road warriors that may have this issue without us knowing about it.
 
User avatar
omega-00
Forum Guru
Forum Guru
Topic Author
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: IE Problems with internal hotspot dns

Thu Feb 05, 2009 7:58 am

G'day mate, thanks for the post on this as I had seen the same issue with the WYSE clients but hadn't thought to post an update here.

Regards,
Omega-00
 
lukef
newbie
Posts: 35
Joined: Mon Jul 07, 2008 4:48 am

Re: IE Problems with internal hotspot dns

Wed Jun 17, 2009 3:19 pm

Hey, Have you ever been able to sort this out. Im still seeing this crop up, especially with wyse terminals
 
User avatar
omega-00
Forum Guru
Forum Guru
Topic Author
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: IE Problems with internal hotspot dns

Wed Jun 17, 2009 6:30 pm

Not recently, but we only have 2 wyse terminals in a site far away from our main office that we don't maintain so not easy for me to check sorry.

If you have a bunch of them I'd recommend just testing with a hotspot in your office and see what works/doesnt.. you could even do a packet sniff to see if the WYSE is sending out a dns request for the site and what it's getting returned to see where the problem lies.
 
FutureProof
newbie
Posts: 34
Joined: Fri Sep 25, 2009 4:24 am
Contact:

Re: IE Problems with internal hotspot dns

Sat Jun 19, 2010 11:02 am

I know this thread has last been accessed about a year ago, but I could finally narrow the problem down to mDNS (multicast DNS). Road warriors with local mDNS responder/package will see the described problem. Sniffing the traffic revealed UDP/5353 traffic.
I myself used at last Ubuntu Karmic and had libnss-mdns installed. As soon as I removed this package, everything worked as expected.
The remaining question is: how can I address mdns in ROS and respond properly to the mdns request?

Thanks.
/Stefan
 
User avatar
omega-00
Forum Guru
Forum Guru
Topic Author
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: IE Problems with internal hotspot dns

Sat Jun 19, 2010 11:06 am

Thanks for the update! Hopefully an MT rep can shed some light on this for you.

Who is online

Users browsing this forum: yogi and 58 guests