Community discussions

 
Xcelsium
just joined
Topic Author
Posts: 11
Joined: Tue Dec 03, 2013 6:07 pm

Hotspot Problem with Apple IoS 11.3.1, is someone having the same problem?

Wed May 16, 2018 6:35 pm

Im having troubles with Iphones and the version IOS 11.3.1 with the hotspot using RADIUS to a cloud server, they cant see the login page or cautive portal to login, iphones with previous version are working good and androids too, so i am asking if someone with the same users are having or not the same troubles with that version of IOS, to get a conclusion if is my config or the IOS version, i know this is not a problem with mikrotik RouterOS so please dont say You should ask on apple forums, i just want to know if there is people with this problems to get a conclusion about this problems,

For now my solution was to capture the devices who are making a connection to captive.apple.com (the phones make a conectivity check to that host), take them to an address list, and make a script to copy the address list to ip bindings (i didnt try if it will work with walled garden src-adress-list), so they can bypass the hotspot. (And i already try to only walled garden captive.apple.com, it just gives a false positive to the iphone making it think that it have free internet)

So far i checked that every process its ok, the mikrotik make the redirection to the hotspot rules(and the hotspot page on the mikrotik), but the iphone never get up the captive portal or the default navigator with the captiveportal url, we even tried to use the local address in a url navigator (chrome,safari), and it calls that the connection doesnt work, its like is trying to access a proxy or via a proxy like the google data saver (its a guess, not a conclusion)

Image

Edited:Added a second image of proof of correct response of the mikrotik to the user passing it the login.html
Image

After that nothing happens on the iphone,

i will pass the export compact:
/interface bridge
add fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether2 ] arp=reply-only
set [ find default-name=ether3 ] master-port=ether2
/interface pptp-client
add connect-to=x.x.x.x disabled=no name=pptp-out1 password=X-XXXxxxXx user=x-X
/interface eoip
add !keepalive mac-address=02:B3:1B:44:9F:A0 name=eoip-tunnel1 remote-address=172.16.30.9 tunnel-id=3090
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=Data-saver regexp="\\x05\\x63\\x68\\x65\\x63\\x6b\\x09\\x67\\x6f\\x6f\\x67\\x6c\\x65\\x7a\\x69\\x70\\x03\\x6e\\x65\\x74|\\x08\\x63\\x6f\\x6d\\x70\\x72\\x65\\x73\\x73\\x09\\x67\\x6f\\x6f\\x67\\x6c\\x65\\x7a\\x69\\x70\\x03\\x6e\\x65\\x74|\\x09\
    \\x64\\x61\\x74\\x61\\x73\\x61\\x76\\x65\\x72\\x0a\\x67\\x6f\\x6f\\x67\\x6c\\x65\\x61\\x70\\x69\\x73\\x03\\x63\\x6f\\x6d"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
add dns-name=hotspot.local.com hotspot-address=192.168.88.1 html-directory=flash/hotspot http-cookie-lifetime=1d login-by=cookie,http-chap,http-pap name=hsprof2 use-radius=yes
/ip hotspot user profile
set [ find default=yes ] keepalive-timeout=2h shared-users=10
/ip pool
add name=hs-pool-2 ranges=192.168.88.2-192.168.88.254
add name=dhcp_pool1 ranges=192.168.89.20-192.168.89.254
add name=hs-pool-5 ranges=10.5.50.2-10.5.50.254
/ip dhcp-server
add add-arp=yes address-pool=hs-pool-2 disabled=no interface=ether2 lease-time=4h name=dhcp1
add address-pool=dhcp_pool1 authoritative=after-2sec-delay interface=ether4 name=dhcp2
/ip hotspot
add address-pool=hs-pool-2 disabled=no idle-timeout=45m interface=ether2 name=hotspot1 profile=hsprof2
add address-pool=hs-pool-5 interface=ether5 name=hs-ether5
/queue simple
add max-limit=9M/22M name=Internet queue=pcq-upload-default/pcq-download-default target=192.168.88.0/24
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
add name=work policy=local,reboot,read,test,winbox,password,web,sniff,sensitive,api,romon,tikapp,!telnet,!ssh,!ftp,!write,!policy,!dude skin=WorkCafe
/interface bridge port
add bridge=bridge1 interface=ether4
/ip address
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
add address=192.168.89.1/24 disabled=yes interface=ether4 network=192.168.89.0
add address=10.5.50.1/24 comment="hotspot network" interface=ether5 network=10.5.50.0
add address=192.168.45.2/30 interface=eoip-tunnel1 network=192.168.45.0
/ip arp
add address=192.168.88.93 interface=ether2 mac-address=80:2A:A8:30:96:A2
/ip dhcp-client
add dhcp-options=hostname,clientid
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=192.168.88.93 client-id=1:80:2a:a8:30:96:a2 mac-address=80:2A:A8:30:96:A2 server=dhcp1
add address=192.168.88.15 client-id=1:5c:51:81:82:e9:7d mac-address=5C:51:81:82:E9:7D server=dhcp1
add address=192.168.88.16 client-id=1:b8:63:4d:e6:21:9e mac-address=B8:63:4D:E6:21:9E server=dhcp1
add address=192.168.88.17 client-id=1:b8:63:4d:ee:e2:53 mac-address=B8:63:4D:EE:E2:53 server=dhcp1
add address=192.168.88.14 client-id=1:5c:51:81:82:e9:5f mac-address=5C:51:81:82:E9:5F server=dhcp1
add address=192.168.88.13 client-id=1:b0:c0:90:ba:1e:8f mac-address=B0:C0:90:BA:1E:8F server=dhcp1
/ip dhcp-server network
add address=192.168.88.0/24 comment="hotspot network" dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1 netmask=32
add address=192.168.89.0/24 gateway=192.168.89.1
/ip dns
set allow-remote-requests=yes cache-size=20480KiB servers=208.67.222.123,208.67.220.123
/ip dns static
add address=146.112.61.106 disabled=yes name=petardas.com
add address=146.112.61.106 disabled=yes name=www.petardas.com
add address=146.112.61.106 name=check.googlezip.net
add address=146.112.61.106 name=datasaver.googleapis.com
add address=146.112.61.106 name=compress.googlezip.net
/ip firewall address-list
add address=captive.apple.com list="Captive APPLE"
/ip firewall filter
add action=drop chain=input comment="Bloqueo Chrome Data Saver" layer7-protocol=Data-saver src-address=192.168.88.0/24
add action=accept chain=input src-address=192.168.88.0/24
add action=accept chain=forward src-address-list=Iphones
add action=accept chain=input dst-address-list=Iphones
add action=add-src-to-address-list address-list=Iphones address-list-timeout=5s chain=forward dst-address-list="Captive APPLE" log=yes
add action=accept chain=forward disabled=yes dst-address=104.104.43.69 src-address=192.168.88.0/24
add action=drop chain=forward connection-limit=15,32 disabled=yes dst-address=radius.external.server.cloud dst-port=80 log=yes log-prefix=RADIUSDOS protocol=tcp
add action=drop chain=forward comment="Bloqueo Chrome Data Saver" layer7-protocol=Data-saver src-address=192.168.88.0/24
add action=accept chain=forward comment="Aceptar Conexion Contra AWS" dst-address=radius.external.server.cloud
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=drop chain=forward comment="Bloqueo Entre Clientes " dst-address=192.168.88.0/24 src-address=192.168.88.0/24
add action=drop chain=input comment="Bloqueo Flood DNS" dst-port=53 in-interface=pptp-out1 protocol=udp
/ip firewall nat
add action=accept chain=dstnat src-address-list=Iphones
add action=dst-nat chain=dstnat disabled=yes dst-port=53 protocol=udp src-address-list=Iphones to-addresses=208.67.222.123
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="Enmascaramiento General" out-interface=ether1
add action=masquerade chain=srcnat disabled=yes out-interface=*6
add action=src-nat chain=srcnat disabled=yes dst-address=192.168.88.94 to-addresses=192.168.88.1
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=yes src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=10.5.50.0/24
add action=dst-nat chain=dstnat comment="Redireccion a OpenDNS" dst-port=53 protocol=udp to-addresses=208.67.222.123
add action=dst-nat chain=dstnat comment="Redireccion a OpenDNS" dst-port=53 protocol=tcp to-addresses=208.67.222.123
/ip hotspot ip-binding
add mac-address=80:2A:A8:30:96:A2 type=bypassed
add disabled=yes mac-address=00:DB:DF:74:27:37 server=hotspot1 type=bypassed
add disabled=yes mac-address=00:1C:25:18:18:57 server=hotspot1 type=bypassed
add mac-address=A0:99:9B:79:6B:99 type=bypassed
add mac-address=B0:C0:90:BA:1E:8F type=bypassed
add mac-address=5C:51:81:82:E9:5F type=bypassed
add mac-address=5C:51:81:82:E9:7D type=bypassed
add mac-address=B8:63:4D:EE:E2:53 type=bypassed
add mac-address=B8:63:4D:E6:21:9E type=bypassed
add disabled=yes mac-address=F4:31:C3:C5:F2:50 type=bypassed
add address=192.168.88.204 type=bypassed
add address=192.168.88.236 type=bypassed
add address=192.168.88.20 type=bypassed
add address=192.168.88.253 type=bypassed
add address=192.168.88.16 type=bypassed
add address=192.168.88.17 type=bypassed
add address=192.168.88.11 type=bypassed
add address=192.168.88.6 type=bypassed
add address=192.168.88.4 type=bypassed
add address=192.168.88.23 type=bypassed
add address=192.168.88.32 type=bypassed
add address=192.168.88.33 type=bypassed
/ip hotspot user
add name=admin password=XxXxxX
/ip hotspot walled-garden
add comment="place hotspot rules here" disabled=yes
add dst-host=radius.external.server.cloud
add dst-host=radius.external.server.cloud
add dst-host=captive.apple.com
add dst-host=hotspot.local.com
add dst-host=192.168.89.253
/ip hotspot walled-garden ip
add action=accept disabled=no dst-address=radius.external.server.cloud !dst-port !protocol server=hotspot1 !src-address
add action=accept disabled=no dst-address=radius.external.server.cloud !dst-port !protocol server=hotspot1 !src-address
add action=accept disabled=no dst-address=192.168.88.1 !dst-port !protocol server=hotspot1 !src-address
add action=accept disabled=no dst-address=104.104.43.69 !dst-port !protocol server=hotspot1 !src-address
/ip route
add disabled=yes distance=1 gateway=186.121.207.161
add distance=1 dst-address=172.16.0.0/12 gateway=172.16.10.1
add distance=1 dst-address=172.16.30.9/32 gateway=172.16.10.1
/ip service
set telnet address=192.168.0.0/16,172.16.0.0/12
set ftp disabled=yes
set ssh address=192.168.0.0/16,172.16.0.0/12
set api disabled=yes
set api-ssl disabled=yes
/radius
add address=radius.external.server.cloud secret=3468849Lp service=hotspot timeout=5s
add address=192.168.89.253 disabled=yes secret=produccion123 service=hotspot timeout=5s
/system clock
set time-zone-name=America/XX_xx
NOTE: the layer 7 is matching check.googlezip.net compress.googlezip.net datasaver.googleapis.com, to force use openDNS on android and chrome user
NOTE2: The ARP is only working with DHCP Arp Leasings
NOTE3: The script is not posting here, if you have the same problem and need the script just post that you have the same problem or different problem :) and i will pass it on another post.
NOTE4: I just change my public IPs, and external radius to avoid problems.

Like i said i dont try to blame mikrotik for this error, i just dont have the equipments to test it myself, i really dont use iphones and the client is on other region of my country, i just want to get a conclusion to this problem, for my point of view is something with the new IoS Version, without the hotspot it works like a charm, but i need proofs or data collection to post it as a bug to the apple feedback program :S, if someone can help me on that. Or maybe im wrong and i really dont know how to configure a Hotspot, thats why i leave my code for evaluation :).

Thanks in advancement

BR
Xcelsium
 
2frogs
Member
Member
Posts: 348
Joined: Fri Dec 03, 2010 1:38 am

Re: Hotspot Problem with Apple IoS 11.3.1, is someone having the same problem?

Thu May 17, 2018 2:56 am

I just checked 5 different iOS 11.3.1 devices on ROS v6.42.1 and they all work fine. I use the trial feature for my guest network.
 
sgulyamov
just joined
Posts: 1
Joined: Thu May 17, 2018 12:47 pm
Location: Moscow

Re: Hotspot Problem with Apple IoS 11.3.1, is someone having the same problem?

Thu May 17, 2018 3:37 pm

Im having troubles with Iphones and the version IOS 11.3.1 with the hotspot using RADIUS to a cloud server, they cant see the login page or cautive portal to login, iphones with previous version are working good and androids too, so i am asking if someone with the same users are having or not the same troubles with that version of IOS, to get a conclusion if is my config or the IOS version, i know this is not a problem with mikrotik RouterOS so please dont say You should ask on apple forums, i just want to know if there is people with this problems to get a conclusion about this problems,

For now my solution was to capture the devices who are making a connection to captive.apple.com (the phones make a conectivity check to that host), take them to an address list, and make a script to copy the address list to ip bindings (i didnt try if it will work with walled garden src-adress-list), so they can bypass the hotspot. (And i already try to only walled garden captive.apple.com, it just gives a false positive to the iphone making it think that it have free internet)

So far i checked that every process its ok, the mikrotik make the redirection to the hotspot rules(and the hotspot page on the mikrotik), but the iphone never get up the captive portal or the default navigator with the captiveportal url, we even tried to use the local address in a url navigator (chrome,safari), and it calls that the connection doesnt work, its like is trying to access a proxy or via a proxy like the google data saver (its a guess, not a conclusion)

Image

Edited:Added a second image of proof of correct response of the mikrotik to the user passing it the login.html
Image

After that nothing happens on the iphone,

i will pass the export compact:
/interface bridge
add fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether2 ] arp=reply-only
set [ find default-name=ether3 ] master-port=ether2
/interface pptp-client
add connect-to=x.x.x.x disabled=no name=pptp-out1 password=X-XXXxxxXx user=x-X
/interface eoip
add !keepalive mac-address=02:B3:1B:44:9F:A0 name=eoip-tunnel1 remote-address=172.16.30.9 tunnel-id=3090
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=Data-saver regexp="\\x05\\x63\\x68\\x65\\x63\\x6b\\x09\\x67\\x6f\\x6f\\x67\\x6c\\x65\\x7a\\x69\\x70\\x03\\x6e\\x65\\x74|\\x08\\x63\\x6f\\x6d\\x70\\x72\\x65\\x73\\x73\\x09\\x67\\x6f\\x6f\\x67\\x6c\\x65\\x7a\\x69\\x70\\x03\\x6e\\x65\\x74|\\x09\
    \\x64\\x61\\x74\\x61\\x73\\x61\\x76\\x65\\x72\\x0a\\x67\\x6f\\x6f\\x67\\x6c\\x65\\x61\\x70\\x69\\x73\\x03\\x63\\x6f\\x6d"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
add dns-name=hotspot.local.com hotspot-address=192.168.88.1 html-directory=flash/hotspot http-cookie-lifetime=1d login-by=cookie,http-chap,http-pap name=hsprof2 use-radius=yes
/ip hotspot user profile
set [ find default=yes ] keepalive-timeout=2h shared-users=10
/ip pool
add name=hs-pool-2 ranges=192.168.88.2-192.168.88.254
add name=dhcp_pool1 ranges=192.168.89.20-192.168.89.254
add name=hs-pool-5 ranges=10.5.50.2-10.5.50.254
/ip dhcp-server
add add-arp=yes address-pool=hs-pool-2 disabled=no interface=ether2 lease-time=4h name=dhcp1
add address-pool=dhcp_pool1 authoritative=after-2sec-delay interface=ether4 name=dhcp2
/ip hotspot
add address-pool=hs-pool-2 disabled=no idle-timeout=45m interface=ether2 name=hotspot1 profile=hsprof2
add address-pool=hs-pool-5 interface=ether5 name=hs-ether5
/queue simple
add max-limit=9M/22M name=Internet queue=pcq-upload-default/pcq-download-default target=192.168.88.0/24
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
add name=work policy=local,reboot,read,test,winbox,password,web,sniff,sensitive,api,romon,tikapp,!telnet,!ssh,!ftp,!write,!policy,!dude skin=WorkCafe
/interface bridge port
add bridge=bridge1 interface=ether4
/ip address
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
add address=192.168.89.1/24 disabled=yes interface=ether4 network=192.168.89.0
add address=10.5.50.1/24 comment="hotspot network" interface=ether5 network=10.5.50.0
add address=192.168.45.2/30 interface=eoip-tunnel1 network=192.168.45.0
/ip arp
add address=192.168.88.93 interface=ether2 mac-address=80:2A:A8:30:96:A2
/ip dhcp-client
add dhcp-options=hostname,clientid
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=192.168.88.93 client-id=1:80:2a:a8:30:96:a2 mac-address=80:2A:A8:30:96:A2 server=dhcp1
add address=192.168.88.15 client-id=1:5c:51:81:82:e9:7d mac-address=5C:51:81:82:E9:7D server=dhcp1
add address=192.168.88.16 client-id=1:b8:63:4d:e6:21:9e mac-address=B8:63:4D:E6:21:9E server=dhcp1
add address=192.168.88.17 client-id=1:b8:63:4d:ee:e2:53 mac-address=B8:63:4D:EE:E2:53 server=dhcp1
add address=192.168.88.14 client-id=1:5c:51:81:82:e9:5f mac-address=5C:51:81:82:E9:5F server=dhcp1
add address=192.168.88.13 client-id=1:b0:c0:90:ba:1e:8f mac-address=B0:C0:90:BA:1E:8F server=dhcp1
/ip dhcp-server network
add address=192.168.88.0/24 comment="hotspot network" dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1 netmask=32
add address=192.168.89.0/24 gateway=192.168.89.1
/ip dns
set allow-remote-requests=yes cache-size=20480KiB servers=208.67.222.123,208.67.220.123
/ip dns static
add address=146.112.61.106 disabled=yes name=petardas.com
add address=146.112.61.106 disabled=yes name=www.petardas.com
add address=146.112.61.106 name=check.googlezip.net
add address=146.112.61.106 name=datasaver.googleapis.com
add address=146.112.61.106 name=compress.googlezip.net
/ip firewall address-list
add address=captive.apple.com list="Captive APPLE"
/ip firewall filter
add action=drop chain=input comment="Bloqueo Chrome Data Saver" layer7-protocol=Data-saver src-address=192.168.88.0/24
add action=accept chain=input src-address=192.168.88.0/24
add action=accept chain=forward src-address-list=Iphones
add action=accept chain=input dst-address-list=Iphones
add action=add-src-to-address-list address-list=Iphones address-list-timeout=5s chain=forward dst-address-list="Captive APPLE" log=yes
add action=accept chain=forward disabled=yes dst-address=104.104.43.69 src-address=192.168.88.0/24
add action=drop chain=forward connection-limit=15,32 disabled=yes dst-address=radius.external.server.cloud dst-port=80 log=yes log-prefix=RADIUSDOS protocol=tcp
add action=drop chain=forward comment="Bloqueo Chrome Data Saver" layer7-protocol=Data-saver src-address=192.168.88.0/24
add action=accept chain=forward comment="Aceptar Conexion Contra AWS" dst-address=radius.external.server.cloud
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=drop chain=forward comment="Bloqueo Entre Clientes " dst-address=192.168.88.0/24 src-address=192.168.88.0/24
add action=drop chain=input comment="Bloqueo Flood DNS" dst-port=53 in-interface=pptp-out1 protocol=udp
/ip firewall nat
add action=accept chain=dstnat src-address-list=Iphones
add action=dst-nat chain=dstnat disabled=yes dst-port=53 protocol=udp src-address-list=Iphones to-addresses=208.67.222.123
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="Enmascaramiento General" out-interface=ether1
add action=masquerade chain=srcnat disabled=yes out-interface=*6
add action=src-nat chain=srcnat disabled=yes dst-address=192.168.88.94 to-addresses=192.168.88.1
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=yes src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=10.5.50.0/24
add action=dst-nat chain=dstnat comment="Redireccion a OpenDNS" dst-port=53 protocol=udp to-addresses=208.67.222.123
add action=dst-nat chain=dstnat comment="Redireccion a OpenDNS" dst-port=53 protocol=tcp to-addresses=208.67.222.123
/ip hotspot ip-binding
add mac-address=80:2A:A8:30:96:A2 type=bypassed
add disabled=yes mac-address=00:DB:DF:74:27:37 server=hotspot1 type=bypassed
add disabled=yes mac-address=00:1C:25:18:18:57 server=hotspot1 type=bypassed
add mac-address=A0:99:9B:79:6B:99 type=bypassed
add mac-address=B0:C0:90:BA:1E:8F type=bypassed
add mac-address=5C:51:81:82:E9:5F type=bypassed
add mac-address=5C:51:81:82:E9:7D type=bypassed
add mac-address=B8:63:4D:EE:E2:53 type=bypassed
add mac-address=B8:63:4D:E6:21:9E type=bypassed
add disabled=yes mac-address=F4:31:C3:C5:F2:50 type=bypassed
add address=192.168.88.204 type=bypassed
add address=192.168.88.236 type=bypassed
add address=192.168.88.20 type=bypassed
add address=192.168.88.253 type=bypassed
add address=192.168.88.16 type=bypassed
add address=192.168.88.17 type=bypassed
add address=192.168.88.11 type=bypassed
add address=192.168.88.6 type=bypassed
add address=192.168.88.4 type=bypassed
add address=192.168.88.23 type=bypassed
add address=192.168.88.32 type=bypassed
add address=192.168.88.33 type=bypassed
/ip hotspot user
add name=admin password=XxXxxX
/ip hotspot walled-garden
add comment="place hotspot rules here" disabled=yes
add dst-host=radius.external.server.cloud
add dst-host=radius.external.server.cloud
add dst-host=captive.apple.com
add dst-host=hotspot.local.com
add dst-host=192.168.89.253
/ip hotspot walled-garden ip
add action=accept disabled=no dst-address=radius.external.server.cloud !dst-port !protocol server=hotspot1 !src-address
add action=accept disabled=no dst-address=radius.external.server.cloud !dst-port !protocol server=hotspot1 !src-address
add action=accept disabled=no dst-address=192.168.88.1 !dst-port !protocol server=hotspot1 !src-address
add action=accept disabled=no dst-address=104.104.43.69 !dst-port !protocol server=hotspot1 !src-address
/ip route
add disabled=yes distance=1 gateway=186.121.207.161
add distance=1 dst-address=172.16.0.0/12 gateway=172.16.10.1
add distance=1 dst-address=172.16.30.9/32 gateway=172.16.10.1
/ip service
set telnet address=192.168.0.0/16,172.16.0.0/12
set ftp disabled=yes
set ssh address=192.168.0.0/16,172.16.0.0/12
set api disabled=yes
set api-ssl disabled=yes
/radius
add address=radius.external.server.cloud secret=3468849Lp service=hotspot timeout=5s
add address=192.168.89.253 disabled=yes secret=produccion123 service=hotspot timeout=5s
/system clock
set time-zone-name=America/XX_xx
NOTE: the layer 7 is matching check.googlezip.net compress.googlezip.net datasaver.googleapis.com, to force use openDNS on android and chrome user
NOTE2: The ARP is only working with DHCP Arp Leasings
NOTE3: The script is not posting here, if you have the same problem and need the script just post that you have the same problem or different problem :) and i will pass it on another post.
NOTE4: I just change my public IPs, and external radius to avoid problems.

Like i said i dont try to blame mikrotik for this error, i just dont have the equipments to test it myself, i really dont use iphones and the client is on other region of my country, i just want to get a conclusion to this problem, for my point of view is something with the new IoS Version, without the hotspot it works like a charm, but i need proofs or data collection to post it as a bug to the apple feedback program :S, if someone can help me on that. Or maybe im wrong and i really dont know how to configure a Hotspot, thats why i leave my code for evaluation :).

Thanks in advancement

BR
Xcelsium
You may test with differenet hotspot IP in hotspot profille. Your landing page URL is mapped to this ip, so IOS 11.3.1 may somehow reject it.
I have exactly the same problem ( only with IOS 11.3.1).
 
Xcelsium
just joined
Topic Author
Posts: 11
Joined: Tue Dec 03, 2013 6:07 pm

Re: Hotspot Problem with Apple IoS 11.3.1, is someone having the same problem?

Thu May 17, 2018 5:43 pm

Thanks, i will try to recheck the external radius server then, maybe the problem is there

BR
 
korg
newbie
Posts: 34
Joined: Tue Apr 26, 2016 4:10 pm

Re: Hotspot Problem with Apple IoS 11.3.1, is someone having the same problem?

Fri May 18, 2018 12:40 pm

Hi...

i have almost the same problem... after ROS upgrade to 6.42.1 the captive portal has not been showing anymore... on previously normal working three hotspot servers...

As user Xcelsium i did not use wireshark to debug the network traffic... but i see that none of the Hotspot rules under NAT are 'contacted'... all of the packet numbers are at 0 (zero).

any help?

tx

korg

Who is online

Users browsing this forum: No registered users and 28 guests