Community discussions

MikroTik App
 
warllo
just joined
Topic Author
Posts: 16
Joined: Thu Mar 26, 2015 3:26 pm

iOS Devices Connecting but no internet

Thu Oct 29, 2020 8:02 pm

I have a HAP AC and I have most everything up and running working the way I'd like it to other than any Apple devices running IOS will connected to wifi and get valid dhcp info however they are unable to browse the internet and any of the apps that require data are not working. Any suggestions on what to check? I searched the forums and most everything pertains to Apple devices not being able to get dhcp info but as I mentioned that is not my issue. My smart tv's laptop and other devices work fine on the wifi.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: iOS Devices Connecting but no internet

Thu Oct 29, 2020 8:45 pm

/export hide-sensitive file=anynameyouwish
 
maigonis
Member Candidate
Member Candidate
Posts: 180
Joined: Sat Jul 20, 2019 8:16 pm

Re: iOS Devices Connecting but no internet

Thu Oct 29, 2020 8:49 pm

Do they get DNS server from DHCP?
 
warllo
just joined
Topic Author
Posts: 16
Joined: Thu Mar 26, 2015 3:26 pm

Re: iOS Devices Connecting but no internet

Thu Oct 29, 2020 9:42 pm

/export hide-sensitive file=anynameyouwish
Clients do indeed get DNS from DHCP

# oct/29/2020 14:32:53 by RouterOS 6.47.3
# software id = 0MJ8-LSD8
#
# model = RBD52G-5HacD2HnD
# serial number = D7170C4DA49B
/interface bridge
add admin-mac=48:8F:5A:73:59:6B auto-mac=no comment=defconf name=bridge \
protocol-mode=stp
/interface ethernet
set [ find default-name=ether1 ] comment="WAN Interface"
set [ find default-name=ether2 ] comment=\
"LAN - Uplink to 24 port backbone switch"
set [ find default-name=ether3 ] comment=Unused
set [ find default-name=ether4 ] comment=Unused
set [ find default-name=ether5 ] comment=Unused
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n comment="Integrated Wifi" \
country="united states" disabled=no distance=indoors frequency=auto \
installation=indoor mode=ap-bridge ssid=MT2 station-roaming=enabled \
wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX comment="Integrated Wifi" country="united states" \
distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\
MT5 station-roaming=enabled wireless-protocol=802.11
/interface wireless manual-tx-power-table
set wlan1 comment="Integrated Wifi"
set wlan2 comment="Integrated Wifi"
/interface wireless nstreme
set wlan1 comment="Integrated Wifi"
set wlan2 comment="Integrated Wifi"
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=vpn ranges=192.168.89.2-192.168.89.255
add name=dhcp ranges=192.168.2.50-192.168.2.99
/ip dhcp-server
add add-arp=yes address-pool=dhcp disabled=no interface=bridge lease-time=8h \
name=dhcp-server-lan
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/snmp community
add addresses=::/0 name=warllo
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set authentication=chap,mschap2 enabled=yes use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.2.1/24 comment=defconf interface=ether2 network=\
192.168.2.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.2.85 mac-address=B8:27:EB:0E:AA:E1 server=dhcp-server-lan
/ip dhcp-server network
add address=192.168.2.0/24 comment=defconf gateway=192.168.2.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.2.2,192.168.2.1
/ip dns static
add address=192.168.2.1 comment=defconf name=router.lan
add address=192.168.2.14 name=unifi.warllo.org
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \
protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=accept chain=input comment="Allow Managment from VPN" dst-port=\
8443 protocol=tcp src-address=192.168.89.0/24
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=dst-nat chain=dstnat comment="NAT for HTTPS traffic to Web Proxy" \
dst-port=443 in-interface=ether1 protocol=tcp to-addresses=192.168.2.14 \
to-ports=443
add action=dst-nat chain=dstnat comment="NAT for HTTP traffic to Web Proxy" \
dst-port=80 in-interface=ether1 protocol=tcp to-addresses=192.168.2.14 \
to-ports=80
add action=dst-nat chain=dstnat comment="Open VPN" dst-port=1194 \
in-interface=ether1 protocol=udp to-addresses=192.168.2.5
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
192.168.89.0/24
/ip route
add distance=1 dst-address=10.12.13.0/24 gateway=192.168.2.5
/ip service
set www port=8080
set www-ssl certificate=https-cert disabled=no port=8443
/ppp secret
add name=vpn
/snmp
set contact="Lloyd Warren" enabled=yes location=Home trap-community=warllo
/system clock
set time-zone-name=America/Chicago
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
huntah
Member Candidate
Member Candidate
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

Re: iOS Devices Connecting but no internet

Thu Oct 29, 2020 10:15 pm

You have set the IP Address on interface instead of bridge
/ip address
add address=192.168.2.1/24 comment=defconf interface=ether2 network=\
192.168.2.0
You should change that to Bridge and everthing should work...
/ip address add address=192.168.2.1/24 comment=defconf interface=bridge network=192.168.2.0
 
warllo
just joined
Topic Author
Posts: 16
Joined: Thu Mar 26, 2015 3:26 pm

Re: iOS Devices Connecting but no internet

Thu Oct 29, 2020 10:49 pm

You have set the IP Address on interface instead of bridge
/ip address
add address=192.168.2.1/24 comment=defconf interface=ether2 network=\
192.168.2.0
You should change that to Bridge and everthing should work...
/ip address add address=192.168.2.1/24 comment=defconf interface=bridge network=192.168.2.0
Thanks for the suggestion, I did as suggested however I am still experiencing the same issue. Here is the updated config. I find it odd that most devices are working, except for the Apple iOS devices.

# oct/29/2020 15:40:33 by RouterOS 6.47.3
# software id = 0MJ8-LSD8
#
# model = RBD52G-5HacD2HnD
# serial number = D7170C4DA49B
/interface bridge
add admin-mac=48:8F:5A:73:59:6B auto-mac=no comment=defconf name=bridge \
protocol-mode=stp
/interface ethernet
set [ find default-name=ether1 ] comment="WAN Interface"
set [ find default-name=ether2 ] comment=\
"LAN - Uplink to 24 port backbone switch"
set [ find default-name=ether3 ] comment=Unused
set [ find default-name=ether4 ] comment=Unused
set [ find default-name=ether5 ] comment=Unused
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n comment="Integrated Wifi" \
country="united states" disabled=no distance=indoors frequency=auto \
installation=indoor mode=ap-bridge ssid=MT2 station-roaming=enabled \
wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX comment="Integrated Wifi" country="united states" \
distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\
MT5 station-roaming=enabled wireless-protocol=802.11
/interface wireless manual-tx-power-table
set wlan1 comment="Integrated Wifi"
set wlan2 comment="Integrated Wifi"
/interface wireless nstreme
set wlan1 comment="Integrated Wifi"
set wlan2 comment="Integrated Wifi"
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=vpn ranges=192.168.89.2-192.168.89.255
add name=dhcp ranges=192.168.2.50-192.168.2.99
/ip dhcp-server
add add-arp=yes address-pool=dhcp disabled=no interface=bridge lease-time=8h \
name=dhcp-server-lan
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/snmp community
add addresses=::/0 name=warllo
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set authentication=chap,mschap2 enabled=yes use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.2.1/24 comment=defconf interface=bridge network=\
192.168.2.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.2.85 mac-address=B8:27:EB:0E:AA:E1 server=dhcp-server-lan
/ip dhcp-server network
add address=192.168.2.0/24 comment=defconf gateway=192.168.2.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.2.2,192.168.2.1
/ip dns static
add address=192.168.2.1 comment=defconf name=router.lan
add address=192.168.2.14 name=unifi.warllo.org
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \
protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=accept chain=input comment="Allow Managment from VPN" dst-port=\
8443 protocol=tcp src-address=192.168.89.0/24
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=dst-nat chain=dstnat comment="NAT for HTTPS traffic to Web Proxy" \
dst-port=443 in-interface=ether1 protocol=tcp to-addresses=192.168.2.14 \
to-ports=443
add action=dst-nat chain=dstnat comment="NAT for HTTP traffic to Web Proxy" \
dst-port=80 in-interface=ether1 protocol=tcp to-addresses=192.168.2.14 \
to-ports=80
add action=dst-nat chain=dstnat comment="Open VPN" dst-port=1194 \
in-interface=ether1 protocol=udp to-addresses=192.168.2.5
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
192.168.89.0/24
/ip route
add distance=1 dst-address=10.12.13.0/24 gateway=192.168.2.5
/ip service
set www port=8080
set www-ssl certificate=https-cert disabled=no port=8443
/ppp secret
add name=vpn
/snmp
set contact="Lloyd Warren" enabled=yes location=Home trap-community=warllo
/system clock
set time-zone-name=America/Chicago
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: iOS Devices Connecting but no internet

Thu Oct 29, 2020 11:14 pm

protocol-mode=stp
I would suggest that this be changed to RSTP or none and see if that helps.

/interface detect-internet
set detect-interface-list=all
try changing that to LAN only

Otherwise maybe its something funky in our wifi settings ( I have not used nstreme for ex.)
 
warllo
just joined
Topic Author
Posts: 16
Joined: Thu Mar 26, 2015 3:26 pm

Re: iOS Devices Connecting but no internet

Thu Oct 29, 2020 11:34 pm

Thank you all for your suggestions I have tried them all :-) I'm still not able to get IOS devices working it's so strange. If you have any other suggestions I'd be grateful but I don't want to take up too much of your time.
 
warllo
just joined
Topic Author
Posts: 16
Joined: Thu Mar 26, 2015 3:26 pm

Re: iOS Devices Connecting but no internet

Fri Oct 30, 2020 3:14 pm

I've done some additional troubleshooting and have discovered that while receiving a valid IP address 192.168.2.74, 255.255.255.0, and a gateway of 192.168.2.1 I am unable to ping the router or anything else on the local network from WIFI but again only on Apple devices. If I use a laptop running Windows 10 it works great. Very odd.
 
jult
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Sat Dec 26, 2020 1:16 am

Re: iOS Devices Connecting but no internet

Sat Sep 25, 2021 5:58 pm

Did you find any solution to this, if so what was it?
 
olui
just joined
Posts: 2
Joined: Sun Mar 10, 2024 9:21 am

Re: iOS Devices Connecting but no internet

Sun Mar 10, 2024 9:23 am

I have this exact same problem.
hAP ax3, iPhone can connect to both 2.4ghz and 5ghz, but doesn't get any access to the internet.
I also cannot ping to the iPhone's local IP from the router.
 
tangent
Forum Guru
Forum Guru
Posts: 1333
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: iOS Devices Connecting but no internet

Sun Mar 10, 2024 10:43 am

hAP ax3, iPhone can connect to both 2.4ghz and 5ghz, but doesn't get any access to the internet.

My iPhone connects to the Internet through my ax³ just fine. Post your sanitized configuration /export in a "code" block. You've almost certainly got something configured improperly.
 
olui
just joined
Posts: 2
Joined: Sun Mar 10, 2024 9:21 am

Re: iOS Devices Connecting but no internet

Sun Mar 10, 2024 11:43 am

Fixed!

It was like this:

/ip address
add address=192.168.10.0/24 interface=bridge network=192.168.10.0
/ip dhcp-client
interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.10.0 gateway=192.168.10.0

It had to be like this:

/ip address
add address=192.168.10.1/24 interface=bridge network=192.168.10.0
/ip dhcp-client
interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.10.0 gateway=192.168.10.1

For some reason, Windows and Android had no issues working with the wrong settings, iPhone wouldn't take it.

I'm still learning 😅

Who is online

Users browsing this forum: No registered users and 29 guests