Page 1 of 1
Hotspot bypass temporaly
Posted: Wed Mar 26, 2014 12:28 pm
by oooscar
Hi everyone !
I have a hotpost running throw wifi.
When someone attach to the wifi first time has to open navigator,
get redirected to the captive portal log in with user and password and then gets internet.
I'm working with cookies 3days.
But when someone gets disconnected and come back has to open the browser and navigate to
allow internet Access. (most of the time cookies Works and alogin apears)
I would like to know is there any possibility to allow a user that has been logged in to bypass
hotspot during x days afeter.
I mean tan second time attach to the wifi and gets internet without open any browser.
Thank's
Re: Hotspot bypass temporaly
Posted: Wed Mar 26, 2014 2:08 pm
by airforce1
On the user profile change the "Open status page option" to "HTTP Login"
Re: Hotspot bypass temporaly
Posted: Wed Mar 26, 2014 2:19 pm
by oooscar
Hi,
thank's for the aswer....
I forgot to mention that i'm using Radius (DoloRadius) for users to Access.
This option you write may be only for mikrotik's users isn't it ?
Thank's a lot.
Oscar.
Re: Hotspot bypass temporaly
Posted: Wed Mar 26, 2014 2:46 pm
by airforce1
It should work for radius also, just make sure u enable it under the default user
Re: Hotspot bypass temporaly
Posted: Wed Mar 26, 2014 4:42 pm
by oooscar
Is not working for me.
Test i've don.
1) Hotspot + No cookies + open status page=always
connect wifi (in ip->hotspot-> hosts: shows mac)
open browser-captive page-login (ip->hotspot-> active: shows mac)
disconnect wifi
in ip->hotspot-> hosts: desapear mac
ip->hotspot-> active: desapear mac
connect wifi (in ip->hotspot-> hosts: shows mac)
have to to active: open browser-captive page-login (ip->hotspot-> active: shows mac)
2) Hotspot + cookies 3h + open status page=always
connect wifi (in ip->hotspot-> hosts: shows mac)
open browser-captive page-login (ip->hotspot-> active: shows mac)
disconnect wifi
in ip->hotspot-> hosts: desapear mac
ip->hotspot-> active: desapear mac
connect wifi (in ip->hotspot-> hosts: shows mac)
have to to active: open browser-captive page-redirects to alogin page (ip->hotspot-> active: shows mac)
SAME with open status page=HTTP login
I would like not to make open browser again to logg in user. Just connect wifi (same day o 3 days cookies) and goes automatically ACTIVE.
Thank's
Re: Hotspot bypass temporaly
Posted: Sat Mar 29, 2014 3:28 am
by airforce1
Your config should be
Hotspot + cookies 3d + open status page=HTTP Login
Re: Hotspot bypass temporaly
Posted: Sat Mar 29, 2014 3:47 am
by nerdtron
Make sure also that "keep-alive" on the user profile is set to 3 days. So that even when the user disconnects on wifi, it will take 3 days before he is removed on the active queue.
Of course, he will be logged out once he request log-out or when radius servers says that the user should be logged out.
Re: Hotspot bypass temporaly
Posted: Sat Mar 29, 2014 12:07 pm
by rextended
If you have RouterOS 6.0+
paste this on new terminal of hotspot (there is no need to be modified):
/ip hotspot
set [find] addresses-per-mac=2 idle-timeout=5m keepalive-timeout=5m
/ip hotspot profile
set [find] http-cookie-lifetime=3d login-by=mac-cookie,cookie,http-chap
/ip hotspot user profile
set [find] add-mac-cookie=yes mac-cookie-timeout=3d keepalive-timeout=2m status-autorefresh=1m idle-timeout=none session-timeout=0
The script activate the MAC cookie feature described here:
http://wiki.mikrotik.com/wiki/Manual:Ho ... MAC_Cookie
and also revert all the changes made on timing, for the tests made, and for set the right timing for MAC Cookie work correctly.
If I solved your problem, remember to add Karma, Thanks.
Re: Hotspot bypass temporaly
Posted: Sun Mar 30, 2014 3:02 pm
by oooscar
rextended Karma added !!
Thank's.
Works nice.
I add HTTPS because i'm working with certificates.
A couple of cuestions:
Why Works with both mac-cookies and cookies .. may only mac-cookes will be all right ?
Why addresses-per-mac=2 ?
one more:
diferences between idle-timeout and keepalive-timeout ?
Do you know that the livetime of the cookes is reset to the begining (3days) each time the router has power off ?
Thank's.
Re: Hotspot bypass temporaly
Posted: Sun Mar 30, 2014 4:05 pm
by rextended
>>>Why Works with both mac-cookies and cookies .. may only mac-cookes will be all right ?
Yes.
>>>Why addresses-per-mac=2 ?
Because sometime the client can have fixed IP address (for example fixed address at work office) and the HotSpot transparently identifyng and translate this situation.
If you put =1 can not be able to work properly.
>>>diferences between idle-timeout and keepalive-timeout ?
remember: session-timeout must be 0 for mac-cookies to works!
idle-timeout:period of inactivity for UNAUTHENTICATED clients, after that time user is dropped from the HotSpot host list and its used address becomes available again.
keepalive-timeout: Value shows how long AUTHENTICATED host can stay out of reach, after that time the client is removed from the HotSpot active sessions (but the mac-cookies or normal cookies are not deteted!), and its used address becomes available again.
>>>Do you know that the livetime of the cookes is reset to the begining (3days) each time the router has power off ?
Everytime the machine reboot, all dynamic item disappear, like mac-cookies, address-list, etc.