Community discussions

MUM Europe 2020
 
User avatar
harvey
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Apr 05, 2012 8:16 pm

Caravan WiFi

Sun Aug 26, 2018 4:48 pm

Quite often when we go on holiday in our caravan the campsites we stay at have WiFi which you typically have to pay for and often limited to one or two devices. They will always have a captive portal.

I have often thought about putting in a Mikrotik in the caravan which would connect to the campsite WiFi but also broadcast our own WiFi to my families various phones and tablets.

My question is, how will the captive portal be handled? When connecting, would the captive portal of the campsite WiFi be passed through to the clients connected to the Mikrotik in the caravan? If not how would this be achieved?

Secondly, I'd probably want to set up a VPN tunnel back to my Mikrotik at home. Is there anyway to prevent outbound internet traffic until the VPN is established. Traffic to the campsite WiFi would still need to be required to make sure the captive portal is accessible.

Is anyone doing anything similar? Any advice would be appreciated.

Thanks.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1312
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Caravan WiFi

Sun Aug 26, 2018 6:28 pm

You should be able to use a MT as a repeater with nat.
This way it does connect to the Caravan campsite and then use another SSID to brodcast internally.
This way the campsite sees only one mac. One PC needs to connect an login use the portal.
Then the rest will work automatically.

If this is better than to connect one and one device to campsite I am not sure,
If you pay for number of mac address to use, you will be good to go :)

Here is the minimum configuration needed: (I did use a RouterBOARD 941-2nD)
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=\
    Campsite supplicant-identity="" wpa2-pre-shared-key=campsite_ssid_password
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=\
    Caravan supplicant-identity="" wpa2-pre-shared-key=MyPassword
/interface wireless
set [ find default-name=wlan1 ] disabled=no name=Campsite_wifi security-profile=Campsite ssid=campsite_ssid
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:05:82:39 master-interface=Campsite_wifi \
    multicast-buffering=disabled name=Caravan_wifi security-profile=Caravan ssid=MyLocalSSID \
    wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip pool
add name=dhcp_pool_caravan ranges=172.30.10.20-172.30.10.254
/ip dhcp-server
add address-pool=dhcp_pool_caravan disabled=no interface=Caravan_wifi name=dhcp_caravan
/ip address
add address=172.30.10.1/24 interface=Caravan_wifi network=172.30.10.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=Campsite_wifi
/ip dhcp-server network
add address=172.30.10.0/24 gateway=172.30.10.1
/ip firewall nat
add action=masquerade chain=srcnat
If the campsite do not use password change
set [ find default-name=wlan1 ] disabled=no name=Campsite_wifi security-profile=Campsite ssid=campsite_ssid
to
set [ find default-name=wlan1 ] disabled=no name=Campsite_wifi security-profile=default ssid=campsite_ssid

To use this, you need to set the SSID (and password if needed) to the Campsite
-
.
Basic block diagram:
Wifi-Wifi.jpg
You do not have the required permissions to view the files attached to this post.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
User avatar
harvey
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Apr 05, 2012 8:16 pm

Re: Caravan WiFi

Sun Aug 26, 2018 10:33 pm

Thanks. Pretty happy with the general wifi configuration.

So would you expect the campsite captive portal to pop up/pass through to the first connected client on the "LAN" side? This was my main concern.

You show the example of the Virtual wireless AP, would that suffice or would two separate cards be better?

Thanks.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1312
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Caravan WiFi

Sun Aug 26, 2018 10:48 pm

Depending of speed of your lines, you may gain some using two radios.
Eks 802.11n on 2.4Ghz, you may be able to get around 60-70mbps.
Using one radio going inn/out at the same time would divide speed in half.
So if you only get 25-30mbps at your campsite, you are ok.

Normal with portal, you need to connect a PC and start a browser then login to get data going.
AP would connect to Campsite, but data does not travers before you login.

Here is an example with all interface connected to the inside net, so you can also connect cabled devices.
To make this to work we need to use bridging.
.
/interface bridge
add name=bridge1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=\
    External supplicant-identity="" wpa2-pre-shared-key=MoldeBrasil
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=\
    Internal supplicant-identity="" wpa2-pre-shared-key=caravan1234
/interface wireless
set [ find default-name=wlan1 ] disabled=no name=Campsite_wifi security-profile=External ssid=pipapipa
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:05:82:39 master-interface=Campsite_wifi \
    multicast-buffering=disabled name=Caravan_wifi security-profile=Internal ssid=caravan_ssid \
    wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip pool
add name=caravan_pool ranges=172.30.10.20-172.30.10.254
/ip dhcp-server
add address-pool=caravan_pool disabled=no interface=bridge1 name=dhcp_caravan
/interface bridge port
add bridge=bridge1 interface=Caravan_wifi
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
/ip address
add address=172.30.10.1/24 interface=bridge1 network=172.30.10.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=Campsite_wifi
/ip dhcp-server network
add address=172.30.10.0/24 gateway=172.30.10.1
/ip firewall nat
add action=masquerade chain=srcnat
/system clock
set time-zone-name=Europe/Oslo
/system routerboard settings
set silent-boot=no
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
mkx
Forum Guru
Forum Guru
Posts: 3370
Joined: Thu Mar 03, 2016 10:23 pm

Re: Caravan WiFi

Sun Aug 26, 2018 11:04 pm

If you use single radio for both uses (client of campsite WAP and your camper AP) then not only you split whatever speed avaliable to two halves but you introduce interference (even when not actively using your AP its still transmitting beacon) to campsite WAP users. So it will be much better go with twin radio solution. Then you use one radio (preferrably 2.4 GHz) as client of campsite and second radio (preferrably 5GHz) as your AP. As you'll be mostly limited with (slow) uplink, you may decide to be nice even on 5GHz spectrum and limit yourself to using single 20MHz channel for your own use. Or, if you decide to go with low power low end device such as hAP ac lite with only single-chain radio on 5GHz, use 40MHz channel.
BR,
Metod
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1312
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Caravan WiFi

Sun Aug 26, 2018 11:14 pm

@mkx
You are correct. Should have thought about interference. But depending on how many other Wifi networks that are present there and the speed of the network it may be a problem or not. Best solution is of course two MT, but it double the price or even more if you would like to get 5GHz as well.

You can also setup everything in bridge modus and remove the NAT. But then you would be visible with all your devices to the campsite.

Here is layout of the bridge solution.
.
Wifi-Wifi-Bridge.jpg
You do not have the required permissions to view the files attached to this post.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
mkx
Forum Guru
Forum Guru
Posts: 3370
Joined: Thu Mar 03, 2016 10:23 pm

Re: Caravan WiFi

Mon Aug 27, 2018 7:34 am

Best solution is of course two MT, but it double the price or even more if you would like to get 5GHz as well.
It's not necessary to use 2 MT devices, as I already wrote one device with two radios will do. Usual price premium for twin-radio device is around 10 USD / EUR over price for sigle-radio counterpart.

The "problem" with bridged version is that all local devices will be seen by camp-site and every one of them will have to go through registration process. Which kind of defeats the purpose as OP put it forward.
BR,
Metod
 
sindy
Forum Guru
Forum Guru
Posts: 4197
Joined: Mon Dec 04, 2017 9:19 pm

Re: Caravan WiFi

Mon Aug 27, 2018 9:04 am

I guess two hAP mini back2back might be a better choice than a single dual band device because some price-sensitive gadgets may not support the 5 GHz band. Two independent 2.4 GHz radios allow you to run your redistribution network on a different channel than the campsite one and still have the frequency separation. Do read something about the 2.4 GHz channel pattern, only few of the channels actually don't interfere with each other, and running two networks on exactly the same channel causes less harm than running them on two partially overlapping channels.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
harvey
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Apr 05, 2012 8:16 pm

Re: Caravan WiFi

Mon Aug 27, 2018 10:32 am

Thanks for all the advice. I was going to pick up two hap lite's but for a few extra quid I've ordered a hap ac2. I can make more use of that if needed. I'll use 2.4 for site WiFi and 5ghz for caravan WiFi. All my devices should be ok on 5ghz.
 
mkx
Forum Guru
Forum Guru
Posts: 3370
Joined: Thu Mar 03, 2016 10:23 pm

Re: Caravan WiFi

Mon Aug 27, 2018 10:38 am

For sake of completeness (as @harvey already ordered his gear): hAP ac lite would also do the job. Indeed it only has single-chain on 5GHz, but using 80MHz channel width it still supports speeds up to 150 Mbps easily. I guess that for whatever camp-site WiFi can offer, hAP ac lite is more than capable doing whatever you need CPU wise. It also runs much cooler than hAP ac² and the price difference is significant.
BR,
Metod
 
User avatar
harvey
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Apr 05, 2012 8:16 pm

Re: Caravan WiFi

Mon Aug 27, 2018 10:58 am

Thanks. I did consider the ac lite too. He ac2 was only £12 more and if this doesn't work as a test I can make use of the ac2 at home. As for ac2 running hotter, it's always freezing when we camp so it'll act as a nice heater 😂
 
User avatar
harvey
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Apr 05, 2012 8:16 pm

Re: Caravan WiFi

Mon Aug 27, 2018 8:16 pm

May I ask what you guys are using for your block diagrams?

Thanks.
 
sindy
Forum Guru
Forum Guru
Posts: 4197
Joined: Mon Dec 04, 2017 9:19 pm

Re: Caravan WiFi

Mon Aug 27, 2018 8:33 pm

I'm using ASCII-art. @Jotne is using Visio. The best graphic editor is the one you've already learned to use before :-)
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
w32pamela
Member Candidate
Member Candidate
Posts: 127
Joined: Fri Jul 12, 2013 4:22 pm

Re: Caravan WiFi

Tue Aug 28, 2018 4:26 pm

My question is, how will the captive portal be handled? When connecting, would the captive portal of the campsite WiFi be passed through to the clients connected to the Mikrotik in the caravan? If not how would this be achieved?
I use Groove 52's for the client that are usually connected to 951ui-2hnd's in the RV or boat. I've found that sometimes the captive portal page will come up with any attempt to access a URL but with others the sign in page only appears if you are trying to access a non-encrypted URL (an http:// rather than https://). I suggest that my customers use "http://www.example.com" if they are expecting to get a sign in page.

I don't know anything about the setup options for Captive Portals but I do know some of them can't handle a request to an "https://" site.
 
User avatar
harvey
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Apr 05, 2012 8:16 pm

Re: Caravan WiFi

Tue Aug 28, 2018 8:01 pm

My question is, how will the captive portal be handled? When connecting, would the captive portal of the campsite WiFi be passed through to the clients connected to the Mikrotik in the caravan? If not how would this be achieved?
I use Groove 52's for the client that are usually connected to 951ui-2hnd's in the RV or boat. I've found that sometimes the captive portal page will come up with any attempt to access a URL but with others the sign in page only appears if you are trying to access a non-encrypted URL (an http:// rather than https://). I suggest that my customers use "http://www.example.com" if they are expecting to get a sign in page.

I don't know anything about the setup options for Captive Portals but I do know some of them can't handle a request to an "https://" site.
Thanks. That's very useful information. I'll test it all out tonight.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1312
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Caravan WiFi  [SOLVED]

Tue Aug 28, 2018 9:53 pm

Captive portal at our work passed trough.

I did setup 3 different Wifi scenario, so I can select what to connect to.
Was thinking about program the push button on 951 so that I could cycle trough the profiles, but it seems that it does not react on the button when I push it. (WPS works, so button is alive)
Also thought about a script that cycle trough the profile until one connects, but my script knowlage is limited.
I do use Visio for the diagram.
.
Here is the config:
# aug/28/2018 14:50:56 by RouterOS 6.42.7
#
# model = RouterBOARD 941-2nD
/interface bridge
add fast-forward=no name=bridge_external
add fast-forward=no name=bridge_internal
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk comment=Test1234 eap-methods="" management-protection=allowed mode=\
    dynamic-keys name=security_prifile_internal supplicant-identity="" wpa2-pre-shared-key=Test1234
add authentication-types=wpa2-eap eap-methods=peap management-protection=allowed mode=dynamic-keys \
    mschapv2-password=secret mschapv2-username=my_user name=security_profile_work \
    supplicant-identity="" tls-mode=dont-verify-certificate
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=\
    security_profile_mobil supplicant-identity="" wpa2-pre-shared-key=Mobil1234
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge name=wifi_internal security-profile=\
    security_prifile_internal ssid=wifi_internal wps-mode=disabled
add keepalive-frames=disabled mac-address=66:D1:54:05:82:3B master-interface=wifi_internal mode=station \
    multicast-buffering=disabled name=wifi_mobil security-profile=security_profile_mobil ssid=pipapipa \
    wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:05:82:3A master-interface=wifi_internal \
    mode=station multicast-buffering=disabled name=wifi_guest ssid=guest wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
add keepalive-frames=disabled mac-address=66:D1:54:05:82:39 master-interface=wifi_internal mode=station \
    multicast-buffering=disabled name=wifi_work security-profile=security_profile_work ssid=work \
    wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip pool
add name=dhcp_pool_internal ranges=192.168.200.20-192.168.200.254
/ip dhcp-server
add address-pool=dhcp_pool_internal disabled=no interface=bridge_internal name=dhcp_internal
/interface bridge port
add bridge=bridge_internal interface=wifi_internal
add bridge=bridge_internal interface=ether1
add bridge=bridge_internal interface=ether2
add bridge=bridge_internal interface=ether3
add bridge=bridge_internal interface=ether4
add bridge=bridge_external interface=wifi_work
add bridge=bridge_external interface=wifi_guest
add bridge=bridge_external interface=wifi_mobil
/ip address
add address=192.168.200.1/24 interface=bridge_internal network=192.168.200.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=bridge_external
/ip dhcp-server network
add address=192.168.200.0/24 gateway=192.168.200.1
/ip firewall nat
add action=masquerade chain=srcnat
And the Visio:
.
Wifi-Wifi-Bridge.jpg
You do not have the required permissions to view the files attached to this post.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
User avatar
harvey
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Apr 05, 2012 8:16 pm

Re: Caravan WiFi

Wed Aug 29, 2018 11:28 am

Everything was pretty simple to setup. Connected without issue to the campsite WiFi. Captive portal didn't just pop up but on accessing a http based webpage it redirected to the captive portal. Payed my fee and internet worked fine. Multiple devices working so far without issue.

When I get a bit more time I'll setup a vpn tunnel back to my home.

Thank you all for your help!

Who is online

Users browsing this forum: Google [Bot], MSN [Bot] and 73 guests