Community discussions

MUM Europe 2020
 
User avatar
mbfound
Member Candidate
Member Candidate
Topic Author
Posts: 134
Joined: Tue Jul 01, 2014 1:18 pm
Location: South Africa

Virtual ap

Fri May 15, 2015 1:58 pm

Hi guys, I'm trying to figure out how to run an open hotspot (as the virtualap) along with an encrypted private network, I think I've got most of the stuff correct but somehow the private network doesn't want to work eg. no internet connectivity but I do get an IP address. For some odd reason only my android phone works, iphones, win 8 tablet and macbook wont work on it.

Might it have to do with firewall rules for the hotspot? They dont seem to get exported.
v2.rsc
# may/15/2015 11:44:41 by RouterOS 6.21.1
# software id = JMA5-T5NA
#
/interface bridge
add name=private_bridge
add name=wds-bridge
/interface wireless security-profiles
set [ find default=yes ] eap-methods="" interim-update=1m \
    radius-mac-accounting=yes supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
    allowed mode=dynamic-keys name=private_profile supplicant-identity="" \
    wpa-pre-shared-key=00000000 wpa2-pre-shared-key=00000000
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
    band=2ghz-b/g country="south africa" dfs-mode=no-radar-detect disabled=no \
    frequency=auto frequency-mode=regulatory-domain l2mtu=2290 mode=ap-bridge \
    security-profile=private_profile ssid=Test wds-default-bridge=wds-bridge \
    wds-mode=dynamic wireless-protocol=802.11
add disabled=no l2mtu=2290 mac-address=4E:5E:0C:BE:36:4B master-interface=\
    wlan1 name=hotspot_ap ssid="Test HS" wds-cost-range=0 wds-default-cost=0
/ip hotspot profile
add dns-name=hotspot.xxx hotspot-address=10.1.1.1 http-proxy=\
    0.0.0.0:8080 login-by=http-chap name=hsprof1 radius-interim-update=10m \
    use-radius=yes
/ip pool
add name=dhcp ranges=10.10.1.2-10.10.10.254
add name=no-https ranges=10.10.21.1-10.10.30.254
add name=wds ranges=10.10.20.1-10.10.20.254
add name=private-pool ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=wds-bridge lease-time=30m name=\
    hotspot_dhcp use-radius=yes
add address-pool=private-pool disabled=no interface=private_bridge name=\
    private_dhcp
/ip hotspot
add address-pool=dhcp disabled=no idle-timeout=none interface=wds-bridge \
    name=hotspot1 profile=hsprof1
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=no address-pool=dhcp \
    keepalive-timeout=1h rate-limit="100k/1M 100k/2M 100K/512k 10/10" \
    session-timeout=2h shared-users=unlimited
/system logging action
set 2 remember=yes
/interface bridge port
add bridge=wds-bridge interface=hotspot_ap
add bridge=private_bridge interface=wlan1
/ip address
add address=10.10.1.1/16 interface=wds-bridge network=10.10.0.0
add address=192.168.10.1/24 interface=private_bridge network=192.168.10.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=10.10.0.0/16 dns-server=10.10.1.1,8.8.8.8,8.8.4.4 gateway=\
    10.10.1.1
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat out-interface=ether1
/ip hotspot user
add name=hotspot-user password=123456
/ip hotspot walled-garden
add comment="place hotspot rules here" disabled=yes
add dst-host=*.google-analytics.com
add dst-host=*.akamaihd.net
add dst-host=xxxxx
add dst-host=xxxxx
add dst-host=xxxxx
add dst-host=xxxxx
/ip hotspot walled-garden ip
add action=accept disabled=no dst-port=443 protocol=tcp src-address=\
    10.10.1.2-10.10.10.254
add action=accept disabled=no src-address=10.10.20.1-10.10.20.254
/ip proxy
set enabled=yes
/ip upnp
set allow-disable-external-interface=no
/radius
add address=xxx.163 secret="xxxx" service=\
    hotspot,wireless,dhcp timeout=600ms
/snmp
set trap-community=public
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name=4AC704F9643D
/system leds
set 5 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=196.25.1.9 secondary-ntp=41.216.204.3
/system scheduler
	*scripts to check if router is online and send updates to router*
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
Above is the config with all confidentials edited.
You do not have the required permissions to view the files attached to this post.
 
User avatar
mbfound
Member Candidate
Member Candidate
Topic Author
Posts: 134
Joined: Tue Jul 01, 2014 1:18 pm
Location: South Africa

Re: Virtual ap

Fri May 15, 2015 3:20 pm

I found the issue and I'm thoroughly pissed at myself for not noticing.

I forgot to add a DHCP network, so most devices didn't know the gateway address. Android must have some gateway finding magic somewhere.

Anyway, leaving this here so that others may look up how to set up a virtual ap.

Code that was needed:

/ip dhcp-server network
add address=192.168.10.1/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1

Who is online

Users browsing this forum: No registered users and 217 guests