Community discussions

MikroTik App
 
hrodriguesvt
just joined
Topic Author
Posts: 18
Joined: Tue Mar 03, 2009 1:58 pm

MIKROTIK HOTSPOT CRASH

Tue Mar 03, 2009 2:10 pm

Hi Folks,

I'm facing a critical problem with RB450 using Hotspot.
I've already tried V3.6, v3.16, v3.19
We upgraded one of our RB450 systems to V3.20 mikrotik, but still have problems with hotspot.
Our system handles about 50 to 90 users.
The problem is that once or twice a day the Hotspot page stop appearing, seems like the web proxy died.
We also tried to change that current RB450 to another boards, no success. I've already tried MK support, but got no answer.
As we are facing critical no-access situation, our workaround was to create a huge ip-binding list on entire dhcp scope, so every person is getting anoying free access... It's becoming a nightmare. We have just started to revert back the RB+MK routers to our last PC+NOCAT solution.
Im attaching two print screens, one with the web browsers showing when Mikrotik web proxy declined to serve hotspot page, and another when the web proxy was almost dead. In both situations, the ips on binding list were surfing normally.

Please Help!

Best regards
You do not have the required permissions to view the files attached to this post.
 
User avatar
nest
Forum Veteran
Forum Veteran
Posts: 820
Joined: Tue Feb 27, 2007 1:52 am
Location: UK
Contact:

Re: MIKROTIK HOTSPOT CRASH

Wed Mar 04, 2009 12:21 am

If you've upgraded the firmware, but it's made no difference that suggests to me that the most likely candidate is a configuration error. Therefore would need a lot more info than the fact that the hotspot no longer serves web pages.

What else stops? Can the client still ping the IP of the MK Hotspot? Is the client able to resolve any DNS names? What do the logs suggest is going on? If not much, add debug logging and look again at the logs when it stops. What happens if you add a test site into the walled garden? Does that work, but nothing else? Has the firewall been altered or is it still the same default from Mikrotik when you created the Hotspot? Is the Hotspot DNS name in the DNS server as a static entry? Look in the DNS Cache to see if the DNS forwarding for other websites are resolving correctly. Check your primary and secondary external DNS servers. Are they correct / working?

That should give you some ideas for now!

Ron.
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: MIKROTIK HOTSPOT CRASH

Wed Mar 04, 2009 5:20 am

Hello hrodriguesvt,

I've been dealing with the hotspot since 2.9.40 and have been able to fix most of the problems I've encountered, theres a couple of things you need to check and we can go from there.

1. If your hotspot uses a dns name, when you go to ip -> dns, does it show up under the static list?
2.a) If you're using a https certificate head to certificates in winbox and confirm the cert shows 'KR' to the left of the listing.
b) Open your hotspot server profile and confirm that the certficate selected there matches the name of the certificate in the previous window
c) Go to the Hotspot server tab and confirm the hotspot server has an 'S' next to it (indicating httpS is enabled)
3. Check under ip -> web-proxy -> connections to see if there is a number of connection with no dst address (0.0.0.0) and very small download amounts (10-1000bytes) as this is normally an indication of the http/proxy service crashing.

You can then try the following:
For 1. disable and re-enable the hotspot without a dns listing (it should recreate it)
For 2. re-add and decrypt the hotspot cert then attach it to the hotspot-server-profile (may need to disable and re-enable the hotspot server)
For 3. ensure that in the web-proxy settings max-cache-size = none

Let me know how you go with this.

In extreme cases (around v3.10 we had this problem) the service would appear to crash and not start working again until we either upgraded or downgraded the device (essentially replacing the affected package)
 
hrodriguesvt
just joined
Topic Author
Posts: 18
Joined: Tue Mar 03, 2009 1:58 pm

Re: MIKROTIK HOTSPOT CRASH

Wed Mar 04, 2009 3:17 pm

HI OMEGA,

Your attention is VERY apreciated.
I'll try to answer the questions in-line..

1. If your hotspot uses a dns name, when you go to ip -> dns, does it show up under the static list?
I used to have a name hotspot.local, but it wasn't at my ip->dns entry, so we removed the hotspot name and left the hotspot being called only by the IP (192.168.0.1). Now the login page is fast and reliable.
2.a) If you're using a https certificate head to certificates in winbox and confirm the cert shows 'KR' to the left of the listing. b) Open your hotspot server profile and confirm that the certficate selected there matches the name of the certificate in the previous window
We don't use SSL certificate, the auth is done over HTTP.
c) Go to the Hotspot server tab and confirm the hotspot server has an 'S' next to it (indicating httpS is enabled)
3. Check under ip -> web-proxy -> connections to see if there is a number of connection with no dst address (0.0.0.0) and very small download amounts (10-1000bytes) as this is normally an indication of the http/proxy service crashing.


The box "Enabled" at Web proxy settings is unchecked, i think it's because we don't use web proxy itself, it is only used by the MK to serve the hotspot login and status pages.


You can then try the following:
For 1. disable and re-enable the hotspot without a dns listing (it should recreate it) DONE
For 2. re-add and decrypt the hotspot cert then attach it to the hotspot-server-profile (may need to disable and re-enable the hotspot server) - Don't use SSL
For 3. ensure that in the web-proxy settings max-cache-size = none
Yes it Is!


Any other tips?
 
hrodriguesvt
just joined
Topic Author
Posts: 18
Joined: Tue Mar 03, 2009 1:58 pm

Re: MIKROTIK HOTSPOT CRASH

Wed Mar 04, 2009 3:20 pm

Hi Omega
Here goes the first screenshots of my config.
You do not have the required permissions to view the files attached to this post.
 
hrodriguesvt
just joined
Topic Author
Posts: 18
Joined: Tue Mar 03, 2009 1:58 pm

Re: MIKROTIK HOTSPOT CRASH

Wed Mar 04, 2009 3:32 pm

If you've upgraded the firmware, but it's made no difference that suggests to me that the most likely candidate is a configuration error. Therefore would need a lot more info than the fact that the hotspot no longer serves web pages.

What else stops? Can the client still ping the IP of the MK Hotspot? Is the client able to resolve any DNS names? What do the logs suggest is going on? If not much, add debug logging and look again at the logs when it stops. What happens if you add a test site into the walled garden? Does that work, but nothing else? Has the firewall been altered or is it still the same default from Mikrotik when you created the Hotspot? Is the Hotspot DNS name in the DNS server as a static entry? Look in the DNS Cache to see if the DNS forwarding for other websites are resolving correctly. Check your primary and secondary external DNS servers. Are they correct / working?

That should give you some ideas for now!

Ron.

Hi Nest,

Thank you so much for your help.

Answering in line:

The hotspot is working fine, but when when i got this kind of error, the Login page stops being served. Customers can still communicate with hotspot, but only get error page. Everybody who is in binding list still surfing normally.
I've added a DEBUG with remote logging, so i will check what DEBUG says when it happens.
I also added a website to walled garden, and will test if it can be acessed when proxy crashes.
My hotspot is being called only by the IP address. (192.168.0.1)
DNS forwarding is resolving ok, the primary and secondary too.

Thank you so much!
 
hrodriguesvt
just joined
Topic Author
Posts: 18
Joined: Tue Mar 03, 2009 1:58 pm

Re: MIKROTIK HOTSPOT CRASH

Wed Mar 04, 2009 3:34 pm

Hi Omega,

I answered on the next lines.

Your help have much value for us.
Hello hrodriguesvt,

I've been dealing with the hotspot since 2.9.40 and have been able to fix most of the problems I've encountered, theres a couple of things you need to check and we can go from there.

1. If your hotspot uses a dns name, when you go to ip -> dns, does it show up under the static list?
2.a) If you're using a https certificate head to certificates in winbox and confirm the cert shows 'KR' to the left of the listing.
b) Open your hotspot server profile and confirm that the certficate selected there matches the name of the certificate in the previous window
c) Go to the Hotspot server tab and confirm the hotspot server has an 'S' next to it (indicating httpS is enabled)
3. Check under ip -> web-proxy -> connections to see if there is a number of connection with no dst address (0.0.0.0) and very small download amounts (10-1000bytes) as this is normally an indication of the http/proxy service crashing.

You can then try the following:
For 1. disable and re-enable the hotspot without a dns listing (it should recreate it)
For 2. re-add and decrypt the hotspot cert then attach it to the hotspot-server-profile (may need to disable and re-enable the hotspot server)
For 3. ensure that in the web-proxy settings max-cache-size = none

Let me know how you go with this.

In extreme cases (around v3.10 we had this problem) the service would appear to crash and not start working again until we either upgraded or downgraded the device (essentially replacing the affected package)
 
hrodriguesvt
just joined
Topic Author
Posts: 18
Joined: Tue Mar 03, 2009 1:58 pm

Re: MIKROTIK HOTSPOT CRASH

Wed Mar 04, 2009 3:38 pm

Webproxy config
You do not have the required permissions to view the files attached to this post.
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: MIKROTIK HOTSPOT CRASH

Wed Mar 04, 2009 3:58 pm

Start by setting the max-cache size to none and do a reboot as well if you can. The web-proxy is a part of the hotspot in that it is part of how users get redirected to the login page (I think, I'm going mainly on tests i've done and some info that mikrotik have replied with when I've had problems with earlier versions).
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: MIKROTIK HOTSPOT CRASH

Wed Mar 04, 2009 4:01 pm

also, something else I remembered.. check the user-profile and ensure that the "transparent proxy" option (on the general tab of the user profile) also is NOT ticked, I would then recommend a restart if you're able to do so without causing many problems. Let me know how this goes for you.

Regards,
Omega-00
 
hrodriguesvt
just joined
Topic Author
Posts: 18
Joined: Tue Mar 03, 2009 1:58 pm

Re: MIKROTIK HOTSPOT CRASH

Wed Mar 04, 2009 6:48 pm

Hey Omega

Looks like our minds are connected.

I have just done this at morning in all my systems.

Hope this works.

If not, I will set the "none" as you mentioned and retest systems again.

Will keep you informed.


also, something else I remembered.. check the user-profile and ensure that the "transparent proxy" option (on the general tab of the user profile) also is NOT ticked, I would then recommend a restart if you're able to do so without causing many problems. Let me know how this goes for you.

Regards,
Omega-00
 
User avatar
etnconnect
just joined
Posts: 2
Joined: Thu Sep 06, 2007 8:59 am
Location: Lagos, Nigeria
Contact:

Re: MIKROTIK HOTSPOT CRASH

Thu Mar 05, 2009 1:36 am

I face the same problem and it occurs almost 5 times in a 12 hour period. Its definately a problem with the web proxy. I have noticed that if there is 0.0.0.0 in the ip> dns , then people see the "web administrator is webmaster" error. As earlier said, clients on bypass are able to browse and they can get to wall garden sites.

TEMPORARY SOLUTIONS WE HAVE IN PLACE

1: Disable and Enable the HOTSPOT SERVER

When this issue happens, disable and then reenable the hotspot server. If the IP OF DNS NAME shows 0.0.0.0 .By disabing and then immediately reenabling, the ip address will be set to the ip address of the hotspot server and clients can browse.

If this is not the issue

2: CLEAR HOTSPOT COOKIES AND FLUSH CACHE

If the IP OF DNS is normal, i immediately clear all client cookies and then flush cache ip>dns>flush cache. Usually this solves the issue because in there you will probably see some sites tagged with 0.0.0.0 as their ip address.

If this doesnt solve the issue

3: DO A HARD REBOOT

Not just a shut down and restart now. That doesnt solve the problem. You have to reboot, wait for 10 secs or about and then restart. This allows the data to be dumped off memory. THIS ALWAYS WORKS....

However, im still not satisfied. How do we absolutely stop this from happening. Its actually extremely annoying and frustrating. but these are what we do when it happens in our environment.
....Extreme Software Programming.......Internet Everywhere
 
hrodriguesvt
just joined
Topic Author
Posts: 18
Joined: Tue Mar 03, 2009 1:58 pm

Re: MIKROTIK HOTSPOT CRASH

Thu Mar 05, 2009 3:30 am

Yeah buddy,

Looks like the MK webproxy crashes in case of any unhandled received requests. I'm wondering it's caused by any misconfiguration (eg DNS, Hotspot).
Specially in your case, i've read that DNS problems cause that kind of issue.

Check Omega's and Nest's post and come to fight this issue until the end.


I face the same problem and it occurs almost 5 times in a 12 hour period. Its definately a problem with the web proxy. I have noticed that if there is 0.0.0.0 in the ip> dns , then people see the "web administrator is webmaster" error. As earlier said, clients on bypass are able to browse and they can get to wall garden sites.

TEMPORARY SOLUTIONS WE HAVE IN PLACE

1: Disable and Enable the HOTSPOT SERVER

When this issue happens, disable and then reenable the hotspot server. If the IP OF DNS NAME shows 0.0.0.0 .By disabing and then immediately reenabling, the ip address will be set to the ip address of the hotspot server and clients can browse.

If this is not the issue

2: CLEAR HOTSPOT COOKIES AND FLUSH CACHE

If the IP OF DNS is normal, i immediately clear all client cookies and then flush cache ip>dns>flush cache. Usually this solves the issue because in there you will probably see some sites tagged with 0.0.0.0 as their ip address.

If this doesnt solve the issue

3: DO A HARD REBOOT

Not just a shut down and restart now. That doesnt solve the problem. You have to reboot, wait for 10 secs or about and then restart. This allows the data to be dumped off memory. THIS ALWAYS WORKS....

However, im still not satisfied. How do we absolutely stop this from happening. Its actually extremely annoying and frustrating. but these are what we do when it happens in our environment.
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: MIKROTIK HOTSPOT CRASH

Thu Mar 05, 2009 3:48 am

Its interesting thou, I have a couple of machines running 3.13 that had no end of problems with the 'transparent proxy' option being ticked by default (was a mikrotik change) and since turning it off the machines had other problems for a week or so then settled down, have had 3 high use boxes running for over 130 days without issue then randomly one of them starts acting up again :-/

so I don't know, for routing etc I have no problem with mikrotik devices and bugs that are reported are normally fixed next release, but as for high user hotspots I'm still not convinced that the system is stable.

I don't see these issues at all on small sites with 1-10 users, only on ones where I have 100-500 users online.
 
User avatar
etnconnect
just joined
Posts: 2
Joined: Thu Sep 06, 2007 8:59 am
Location: Lagos, Nigeria
Contact:

Re: MIKROTIK HOTSPOT CRASH

Thu Mar 05, 2009 10:15 am

The truth is that most of omega's recommendations have been applied on the router with no improvements. We are thinking of creating an external cache server maybe on a CF card see if this solves the problem... a this point we have nothing to loose.

An idea i have is to write a script that auto detects when the data entry in the dns is 0.0.0.0 and then either delete those entries or flush the entire cache.


Any ideas?
....Extreme Software Programming.......Internet Everywhere
 
hrodriguesvt
just joined
Topic Author
Posts: 18
Joined: Tue Mar 03, 2009 1:58 pm

Re: MIKROTIK HOTSPOT CRASH

Thu Mar 05, 2009 4:03 pm

Hi etnconnect,

In my case, we have stopped usage of web proxies, as it wasn't a good cost x benefit. This decision is old, because when we used to have
Linux boxes with squid and the cache-hit never got over 5%, but the cache related problems appear at least
once a month, obligating us to flush the cache, etc..

On our MK systems, we don't use web proxy. Omega is completely right, the MK devices work 100% for routing-only/shaping purposes, but we are hard trying to make it stable for HOTSPOT systems with 40-100 users.

Hey etnconnect, if your problem is the 0.0.0.0 entries, why not try telling your DHCP to inform external DNS servers, so your MK DNS will be idle?

We still testing the results after disabling the "transparent proxy" default option in user profiles... HOPE it WORKS, and stop this nightmare.

The truth is that most of omega's recommendations have been applied on the router with no improvements. We are thinking of creating an external cache server maybe on a CF card see if this solves the problem... a this point we have nothing to loose.

An idea i have is to write a script that auto detects when the data entry in the dns is 0.0.0.0 and then either delete those entries or flush the entire cache.


Any ideas?
 
hrodriguesvt
just joined
Topic Author
Posts: 18
Joined: Tue Mar 03, 2009 1:58 pm

Re: MIKROTIK HOTSPOT CRASH

Thu Mar 05, 2009 4:04 pm

Looks like this is the hottest tip until now!! =cD
Its interesting thou, I have a couple of machines running 3.13 that had no end of problems with
the 'transparent proxy' option being ticked by default (was a mikrotik change) and since turning it off the machines had other problems for a week or so then settled down, have had 3 high use boxes running for over 130 days without issue then randomly one of them starts acting up again :-/

so I don't know, for routing etc I have no problem with mikrotik devices and bugs that are reported are normally fixed next release, but as for high user hotspots I'm still not convinced that the system is stable.

I don't see these issues at all on small sites with 1-10 users, only on ones where I have 100-500 users online.
 
User avatar
nest
Forum Veteran
Forum Veteran
Posts: 820
Joined: Tue Feb 27, 2007 1:52 am
Location: UK
Contact:

Re: MIKROTIK HOTSPOT CRASH

Fri Mar 06, 2009 12:49 am

The web proxy that you can see and configure via Winbox or command console is not the same proxy that is used by the internal hotspot. In fact, in the Winbox screenshots in hrodriguesvt's post it is clearly showing that the proxy is not enabled, yet there clearly IS a proxy enabled, otherwise the hotspot would not work at all. As said, this is because the screenshots are not of the internal proxy used by the hotspot.

I have found that you should always use a DNS name for the hotspot. Make it an internal fake one, such as 'hotspot.local' or something. The hotspot setup wizard will then add a static entry in the DNS server to point that DNS name to the IP of the hotspot interface. Then the 'IP of DNS Name' field will no longer show 0.0.0.0 but the true IP of the hotspot interface.

Ron
Ron Touw - Mikrotik Certified Trainer
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/category/166
Largest Official UK MikroTik Distributor
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: MIKROTIK HOTSPOT CRASH

Mon Mar 09, 2009 5:45 am

problem with using the dns name is that a) when you disable and enable a bunch of hotspot servers, not all the dns names are always recrated (same when the system restarts)

that and I've also seen it a couple of times on v3.20 where the dns server doesn't respond to the static names its got, I'm currently trying to get a packet cap of this to send back to mikrotik.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: MIKROTIK HOTSPOT CRASH

Mon Mar 09, 2009 11:36 am

are you talking about several hotspot instances on different interfaces in one router?
 
hrodriguesvt
just joined
Topic Author
Posts: 18
Joined: Tue Mar 03, 2009 1:58 pm

Re: MIKROTIK HOTSPOT CRASH

Mon Mar 09, 2009 10:52 pm

HI All,

In my case, we use one hotspot server listening in only one interface.

We are still using ip address instead of dns on hotspot name, and it's running fine and fast.

Today we restarted testing all the hotspots implementing omega's TIPs.

We havent had any problems yet. Our critical period is at night.

We'll see on next days.
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: MIKROTIK HOTSPOT CRASH

Tue Mar 10, 2009 7:12 am

janisk - yes in my case I am talking about several different hotspot interfaces (attached to different vlans)
I have an open support ticket on this with sergejs at the moment - 2009030566000104
 
hrodriguesvt
just joined
Topic Author
Posts: 18
Joined: Tue Mar 03, 2009 1:58 pm

Re: MIKROTIK HOTSPOT CRASH

Thu Mar 12, 2009 7:01 pm

Hi Buddies,

Hello Omega!

It's not much but we are now counting 100 hours al hotspots working like a champ.

Seems that the hottest tip belongs to you.

We talk soon.
 
rkj
just joined
Posts: 15
Joined: Sun Jun 11, 2006 7:38 pm

Re: MIKROTIK HOTSPOT CRASH

Sat Mar 14, 2009 3:01 am

What are the current numbers being seen as maximum concurrent connections capacity for MT acting as Hotspot alone (no OSPF, no BGP, no wireless cards, no PPPoE server) ?
We are considering both dual-core Xeon PC and RB-1000 for the task, but whas hoping to achieve two/five/ten thousand connections.


What version is more stable for only running Hotspot with MAC-based provisioning, i.e., customer MAC address is used as RADIUS login instead of presenting a web page ?
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: MIKROTIK HOTSPOT CRASH

Sat Mar 14, 2009 6:32 pm

The web proxy that you can see and configure via Winbox or command console is not the same proxy that is used by the internal hotspot. In fact, in the Winbox screenshots in hrodriguesvt's post it is clearly showing that the proxy is not enabled, yet there clearly IS a proxy enabled, otherwise the hotspot would not work at all. As said, this is because the screenshots are not of the internal proxy used by the hotspot.
Ron
You can see connections in the webproxy's connections tab when the hotspot is enabled regardless of if the proxy is turned on or off.
Anyone got updates from MT on this?

Regards,
Omega-00
 
User avatar
nest
Forum Veteran
Forum Veteran
Posts: 820
Joined: Tue Feb 27, 2007 1:52 am
Location: UK
Contact:

Re: MIKROTIK HOTSPOT CRASH

Sat Mar 14, 2009 10:08 pm

I suspect that it is still using the same single instance of Squid as a proxy, just not the same ports. I.e. the hotspot and "your" proxy that "you" can control are actually two separate proxy servers shared by the same engine. Not very well explained, but hopefully you'll understand! That is why when you try to configure the hotspot proxy, you can't. You can only configure "your own" one. However as they share the same engine, you see the data packets incrementing etc. as Mikrotik didn't stop the screen from seeing the hotspot proxy. Maybe because to separate the logging of the data into two would have meant even more work. May have even been impossible?

Anyway, that's my guess.

Ron
Ron Touw - Mikrotik Certified Trainer
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/category/166
Largest Official UK MikroTik Distributor
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: MIKROTIK HOTSPOT CRASH

Mon Mar 16, 2009 5:13 pm

I understand, either way its handy to have there as it's a good indication for when the hotspot server proxy does crash (you'll see hundreds of connections all with transfer amounts under 1kb)
 
User avatar
desertadmin
Member Candidate
Member Candidate
Posts: 232
Joined: Tue Jul 26, 2005 6:09 pm
Location: Las Vegas, New Mexico
Contact:

Re: MIKROTIK HOTSPOT CRASH

Wed Apr 01, 2009 2:29 am

Greets to all,

Well I have always had problems here and there using the DNS name. Since the problems I never have re-enabled it and all went well. One of the biggest problems that I had in the past was with the hotspot DNS name ending in local. Like this: hotspot.desertgate.local .. This did not work and I lost 26 hours plus of sleep until I changed that local ending to a .com or something else. Then everything had cleared up. Now-a-days I do not have a fancy DNS entry name on my hotspots and they seem to work fine if not better with not compatibility issues at all.

-Sincerely,
DesertAdmin
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: MIKROTIK HOTSPOT CRASH

Wed Apr 01, 2009 9:56 am

the problem with not using a dns name is that you can't then use a valid SSL cert for your login page.. not a good idea allowing unencrypted logins if you're running a wireless hotspot.
 
User avatar
desertadmin
Member Candidate
Member Candidate
Posts: 232
Joined: Tue Jul 26, 2005 6:09 pm
Location: Las Vegas, New Mexico
Contact:

Re: MIKROTIK HOTSPOT CRASH

Wed Apr 01, 2009 10:36 am

True but my point was more that you can not use the dns name ending in .local ( a none encrypted splash page.) Not sure if this is a bug or not. I do agree that all auth pages must be encrypted.

Sorry didn.t mean to confuse.

-Sincerely,
DesertAdmin
 
User avatar
nest
Forum Veteran
Forum Veteran
Posts: 820
Joined: Tue Feb 27, 2007 1:52 am
Location: UK
Contact:

Re: MIKROTIK HOTSPOT CRASH

Wed Apr 01, 2009 11:33 am

If you use an unencrypted login page, the username and password is still encrypted and passed from the client to the hotspot encrypted with MD5.

I appreciate a MD5 password can be brute forced, but the point I am making is that the login traffic itself IS encrypted and not sent in the clear. Unlike the login page itself. Therefore you can use internal DNS names "if you want to" and you will still have a secure login.

I agree that best practise is to use a fully SSL encrypted page and then of course you are quite correct that you can't use an internal DNS name if you want the Certificate to be automatically trusted by the client web browser. Self-signed certificates now create headaches for clients as they don't understand all the 'nasty' warning messages from their browser, especially since Firefox 3.x. They are easily confused and instead of reading and following the click-by-click instructions, they just panic and disconnect from the hotspot. :?
Ron Touw - Mikrotik Certified Trainer
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/category/166
Largest Official UK MikroTik Distributor

Who is online

Users browsing this forum: Google [Bot], joegoldman, wichets and 121 guests