Community discussions

MikroTik App
 
koos147
just joined
Topic Author
Posts: 14
Joined: Fri Sep 25, 2020 8:42 pm

travel router

Sun Nov 15, 2020 4:39 pm

Good day,

for long time i used a smal travel router.
simply plugin connect to the router. choose upstream wifi network. done.

however i want a litle bit more. so i found the MAP2nd and it looks promising.
after a lot of trial and error i got "something" working.
when i boot the device at home. it connect to the wifi and i can connect to its wifi.

however this weekend i was in an hotel and put it to the test.
power up the device...... and that is all there was happening.

I think (but was not able to confirm) the the router is waiting for the upstram wifi to choose the right wifi channel before it starts sending it own wifi.

so the question is. do i have the right device (and simply don't understand how to configure it)
my wishes are...
1. wan connection to cable or wifi.
2. lan network (with wifi and cable)
3. guest network (wifi only)
4. ipsec tunnel for the lan network to home.

i need to be able to configure the device from my mobile phone.(after the initial setup of course)
so without an upstream wifi network there should still be a lan wifi network availible.
 
koos147
just joined
Topic Author
Posts: 14
Joined: Fri Sep 25, 2020 8:42 pm

Re: travel router

Sun Dec 06, 2020 11:17 am

Hello everyone,

Is there nobody here using this device?
It was a little bit to expensive for a useless device. But i simply won't belive that a device with such a small formfactor and even Mobile in its name is not made for traveling.

There must be something simple i did wrong. But it is my first Mikrotik device.
 
erlinden
Forum Guru
Forum Guru
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: travel router

Sun Dec 06, 2020 11:41 am

I think this blog post is a great example to start with:
https://www.justinho.com/blog/2017/07/1 ... -lite.html

It can perform, just as any other Routerboard, everything you require. Just don't expect too much of it performance wise.

To help you a bit further, can you please share your current config: /export hide-sensitive file=anythingyoulike
 
User avatar
erkexzcx
Member Candidate
Member Candidate
Posts: 263
Joined: Mon Oct 07, 2019 11:42 pm

Re: travel router

Sun Dec 06, 2020 1:10 pm

Your device is fine. It will work.

Since you want encrypted tunnel to your home, I would suggest picking a router with IPSEC hardware acceleration, something like HAP AC2 would be great because it's cheap and supports both 5ghz/2.4ghz wifi.

Everything else that you mentioned is possible. Even if you have ridiculous requirements, most of them can be satisfied in some way using scripting. :D Just let us know on which part you are struggling with and we will help. Write your requirements step by step, so maybe someone could be nice and provide example configuration for you, since what you want seems to be incredibly "beginner basics". :)
 
koos147
just joined
Topic Author
Posts: 14
Joined: Fri Sep 25, 2020 8:42 pm

Re: travel router

Mon Dec 07, 2020 9:35 pm

Thanks all for the response,

Performance is not a real issue. most wifi's on holiday's are crap anyway.

@erkexzcx i think your suggestion has to do with the speed of the ipsec.
maybey it will be a good idea in the future. but for now i want to use the device i bought.
I have some experice with networking. but for work i use Juniper.
They have no compact devices (and no compact prices) so RouterOs is a complete new world for me.

@Erlinden
The link looks prommising.
The export isn't working since for some reason i was not abel to connect to the router and needed to factory reset it (again :( )

It is a great ide to split the wishes.

Lets start with a basic one network travel router.

When i choose the quickset CPE i am able to set the correct ip ranges for lan and connect to an upstream wifi.
this looks a great baseline to start with.
- Connect to "Hotspot-test"
- Choose Router mode
- set wifi interface to automatic ip
- set local ip to 172.16.31.254 / Mask 255.255.255.0
- enable dhcp with 172.16.31.100-172.16.31.20
- enable nat.
- apply config
set static ip to network card.
goto ip > dhcp server (and pool) and remove the old 192.168.88 range (!?)

that is the first point i got stuck.
my computer don't get any ip.

my next step would be to add a virtual interface for the ""lan" wifi. however then we have the problem that when the master interface doesn't connect the "lan" wifi also doens't come up.

config
mark-router6-20201207.log
You do not have the required permissions to view the files attached to this post.
 
User avatar
w32pamela
Member Candidate
Member Candidate
Posts: 212
Joined: Fri Jul 12, 2013 4:22 pm

Re: travel router

Tue Dec 08, 2020 12:02 am

One quick thing I noticed in your export was the "/ip address" should have the "interface" set to "bridge" rather than "ether1" since "ether1" is in the bridge.

What static IP did you set on your network card? Is this the network card in your computer? If so it would be simpler to let the computer get its IP automatically.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: travel router

Tue Dec 08, 2020 12:32 am

I use this very often. Had the same problem, and hated the "config reset" workaround to get in wirelessly to set the host SSID & security.

With the "connect list" with all your known SSID's that you ever use or used its 100% automatic. Just in case of a new situation one of those used SSID's (BPWL) is my own smartphone hotspot.
No need to carry an ethernet cable or have a client device with an ethernet port. It automatically selects the right SSID, even @home.
It also connects to my Woobm or my RBMQS.
Once connected to any SSID in the list, you can get in via wireless, and edit the connect list if needed.

viewtopic.php?f=2&t=163896&#p806874
Klembord-1.jpg
.
This mAP Lite connects to my home hAP Lite (dedicated TURN server) with SSTP, where all my to be managed networks connect to via SSTP. viewtopic.php?f=13&t=166267&#p818218
You do not have the required permissions to view the files attached to this post.
 
koos147
just joined
Topic Author
Posts: 14
Joined: Fri Sep 25, 2020 8:42 pm

Re: travel router

Sun Dec 13, 2020 6:09 pm

Good day,

Thanks for your reply's

@w32pamela
after changing the adress to the bridge the dhcp server showed "invalid"
I removed them and added a new one.
Now it is working.
(the part of the static ip was to get access to the router)

@bpwl
The connectionlist is a great part. this means i can add the "most used" networks to the list.
the part with the hotspot is better then nothing. however not perfect.
This means i need to set my phone to an hotspot, get my wifes phone and connect to the "lan" wifi. to change the configuration.
otherwise we need to allow configuration from the wan interface.....from an untrusted network. (wich is disabled by default)

for the connection list, is it possible to re-order them?
and when i add a profile without an ssid and security to none. will it connect to any network without encryption?

last question for today,
i was planning to ad the eth1 device to a bridge called wan.
however i think that isn't the correct methode.
What is the best option to make ETH1 also availible as wan interface (when connected to this interface the wireless interface should not connect to an upstream wifi. but make the "lan" wifi availible.

Again many thanks for all the effort to learn this mikrotik-noob that the product isn't as bad as it looked the first day ;)
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: travel router

Sun Dec 13, 2020 7:28 pm

i was planning to ad the eth1 device to a bridge called wan.
however i think that isn't the correct methode.
What is the best option to make ETH1 also availible as wan interface (when connected to this interface the wireless interface should not connect to an upstream wifi. but make the "lan" wifi availible.
You probably do not want ether1 bridged to the "WAN" WiFi. If both ether1 and the "WAN" WiFi interfaces are added to the WAN interface list the appropriate NAT & firewall rules will be applied.
All you should have to do is change the default-route-distance for the DHCP client on "WAN" WiFi interface from 1 to 2 - if both interfaces are active and have acquired IP addresses using DHCP then external traffic will use ether1. However, if only one interface is active and has acquired IP addresses using DHCP then external traffic will use that interface.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: travel router

Mon Dec 14, 2020 12:37 am

@bpwl
The connectionlist is a great part. this means i can add the "most used" networks to the list.
the part with the hotspot is better then nothing. however not perfect.
This means i need to set my phone to an hotspot, get my wifes phone and connect to the "lan" wifi. to change the configuration.
otherwise we need to allow configuration from the wan interface.....from an untrusted network. (wich is disabled by default)
.
Yes, unfortunately so far you need two devices (one as AP, and one as client) to be able to connect and modify.
I have my 7" tablet and my smartphone. The laptop would be no problem as this one has ethernet. But I travel light.
Even opening the WAN WLAN interface will not help. The WLAN stays down until connected, once any AP is connected both are open.
You could swap the functions AP-bridge and station-bridge between the physical and the virtual WLAN interface. But then only AP's at the same frequency are connectable.
I had no success in trying to use the little push-button to start a special configuration on the press of that button.
That's why I included my Woobm and my RBMQS as AP's in the list, two interesting Mikrotik tools, smaller and almost as small as the mAP Lite.
.
for the connection list, is it possible to re-order them?
and when i add a profile without an ssid and security to none. will it connect to any network without encryption?
.
The connection list can be sorted by dragging the items in Winbox. Something similar must be there in Webfig, but I use Winbox or the Mikrotik APP in Android.
Never tried "without SSID" what that one does. In the log with /system/logging set with Topics=wireless it gives the impression it could work. Interesting thought.
last question for today,


i was planning to ad the eth1 device to a bridge called wan.
however i think that isn't the correct methode.
What is the best option to make ETH1 also availible as wan interface (when connected to this interface the wireless interface should not connect to an upstream wifi. but make the "lan" wifi availible.
I'm afraid this won't work as intended. It is not having an active ethernet interface ported to the bridge that will activate the WLAN interface. It is the connection to the physical WLAN that activates that master WLAN and all the virtual slave WLAN's.
Again many thanks for all the effort to learn this mikrotik-noob that the product isn't as bad as it looked the first day ;)

On my todo list ... as I stumbled upon this one in the wiki ....(@strods says it's only for X86 for ethernet ports, but hey this is in the wiki at the wireless page)

disable-running-check (yes | no; Default: no) When set to yes interface will always have running flag. If value is set to no', the router determines whether the card is up and running - for AP one or more clients have to be registered to it, for station, it should be connected to an AP.
 
koos147
just joined
Topic Author
Posts: 14
Joined: Fri Sep 25, 2020 8:42 pm

Re: travel router

Sun Dec 20, 2020 9:09 pm

Good day all,

Sorry for the late reply. it isn't fair to the great help of you all.

at the moment i am on a holiday location (we are still allowed to go on holiday inside the country.)
I was able to get the device online with help of the 2 phones. after connection to the hotspot wifi the dns wasn't changing. so the device needed a reboot to show the sign in page. i guess that is how it is. i can accept that :) )

/edit. you can skip al the steps. for today there is no question :) added it anyway for the people who want to follow.

for the moment i made the following changes.
Go to DHCP client.
edit Wlan1 set to Default Route Distance 2
add ether1 Default Route Distance 1 (DHCP options hostname / clientid)

Go to interface list.
add new entry in the WAN list for ether1

login with putty since i couldn't find a gui option
/interface wireless set disable-running-check=yes
numbers: 1 (don't understand the question but guess it is the number of the wlan adapter?)

Go to connection list. add a new entry without an SSID. (for the open networks)
And here i can drag and drop to reorder (sometimes the solution is so simple that you don't see it)

I can't test it right now. but will test in the coming week if the device will go online without an upstream wifi.

Next step "Add second wifi"

Goto Wireless
add new virtual interface named wlan-guest
provide an ssid & security profile

Goto bridge
add a guest-bridge (in case we want to switch the lan port)
add wlan-guest to guest-bridge (that is the moment i realize my names are not consistent)
Goto ip adresss
add new entry for guest-bridge (172.18.31.254/24)
add pool guest-pool (172.18.31.100-172.18.31.200)
add dhcp server (dhcp-guest with pool guest-pool) added to guest-bridge
add dhcp network
adress 172.18.31.0/24
gateway 172.18.31.254
netmas 255.255.255.0
dns server 1.1.1.1

next step will be adding the IPSEC
that will be in the coming week.
 
koos147
just joined
Topic Author
Posts: 14
Joined: Fri Sep 25, 2020 8:42 pm

Re: travel router

Sun Jan 03, 2021 7:18 pm

Good day,

Wish you all the best for the new year.

i managed to establish the ipsec tunnel (Yeah)

there are only small problems left now.
1. when there is no known wifi. the wireless interface is not coming online.
login with putty since i couldn't find a gui option
/interface wireless set disable-running-check=yes
numbers: 1 (don't understand the question but guess it is the number of the wlan adapter?)
the trick with a mobile hotspot and a second phone is working. but not ideal

it would be nice if i was able to manage the router from the home network.
i can connect to devices on the mikrotik network. however i can't reach the mikrotik self. (ping / http)
During initial setup there was an option only allow management from lan.
i can't find this option back in the config. how can i add a second subnet (or the ipsec tunnel interface) to this list?
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: travel router

Mon Jan 04, 2021 12:39 am

/interface wireless set disable-running-check=yes
numbers: 1 (don't understand the question but guess it is the number of the wlan adapter?)
WLAN1 (the first WLAN interface) is number "0"

it would be nice if i was able to manage the router from the home network.
i can connect to devices on the mikrotik network. however i can't reach the mikrotik self. (ping / http)
During initial setup there was an option only allow management from lan.
i can't find this option back in the config. how can i add a second subnet (or the ipsec tunnel interface) to this list?
Ping should be possible. Use the WAN side IP address.
For punching a hole in the firewall you can either add this as I do (unsafe, I know, but it is only a travel router)
/ip firewall filter
add action=accept chain=input comment="allow SSTP connections" dst-port=xxxxx protocol=tcp
add action=accept chain=input comment="accept winbox" dst-port=8291 protocol=tcp
Or you can add an interface to the LAN list.(Interfaces that are ports of the bridge follow the bridge definitions, so it is over specified here)
This is found under menu "Interfaces" , tab page "Interface lists".

In the CLI:
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=LAN
add interface=wlan1 list=WAN
add interface=wlan2 list=LAN
Adding to the LAN list also acts on this:
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
koos147
just joined
Topic Author
Posts: 14
Joined: Fri Sep 25, 2020 8:42 pm

Re: travel router

Tue Jan 05, 2021 1:55 pm

Thanks,

the disable-running-check was indead the wrong number. it is working as expected.
for the firewall i added an extra input rule with source ip "home subnet" destenation ip "router lan ip" action accept. and this was exactly what i needed.

it was an adventure to set this up. but thanks to you all the Mikrotik world is less scarry. and i have a great travel router now.
 
petterg
Member Candidate
Member Candidate
Posts: 230
Joined: Wed Sep 16, 2009 2:55 pm

Re: travel router

Thu Jan 21, 2021 9:08 am

the disable-running-check was indead the wrong number. it is working as expected.
Is it? What version of ROS are you on? It's not working for me using ROS 6.48. Maybe our expectations are different. When I set disable-running-check=yes on wlan1 (mode=station) it keeps the running flag when disconnecting from AP. But the slave wlan (mode=AP bridge) are still down. In which modes are your interfaces running?
 
protagonista
just joined
Posts: 12
Joined: Wed Feb 28, 2018 9:45 pm

Re: travel router

Thu Aug 26, 2021 11:50 pm

the disable-running-check was indead the wrong number. it is working as expected.
Is it? What version of ROS are you on? It's not working for me using ROS 6.48. Maybe our expectations are different. When I set disable-running-check=yes on wlan1 (mode=station) it keeps the running flag when disconnecting from AP. But the slave wlan (mode=AP bridge) are still down. In which modes are your interfaces running?
can confirm the same for me. No way to keep virtual ap bridge up when station is not connected, which should be technically possible in theory
 
slvnet
newbie
Posts: 28
Joined: Wed Feb 12, 2014 4:23 pm

Re: travel router

Thu Nov 25, 2021 1:44 pm

@bpwl
Yes, unfortunately so far you need two devices (one as AP, and one as client) to be able to connect and modify.
I have my 7" tablet and my smartphone. The laptop would be no problem as this one has ethernet. But I travel light.
Even opening the WAN WLAN interface will not help. The WLAN stays down until connected, once any AP is connected both are open.
You could swap the functions AP-bridge and station-bridge between the physical and the virtual WLAN interface. But then only AP's at the same frequency are connectable.
I had no success in trying to use the little push-button to start a special configuration on the press of that button.
That's why I included my Woobm and my RBMQS as AP's in the list, two interesting Mikrotik tools, smaller and almost as small as the mAP Lite.

My update to this mobile AP. For me it's works as expected

1) in new place (not on connect list), run AP on smarthphone. Everyone have it, isn't it ? :)
2) configure firewall. Add input on the top (position 0), allow to any connection from WAN
chain=input action=accept in-interface=<WAN> log=no log-prefix=""

3) add in firewall rule, for keep connection
chain=input action=accept connection-state=established,related,untracked in-interface=<WAN> log=no log-prefix=""

4) configure "reset button", to open for 10s ANY connection from WAN after button press
/system routerboard reset-button print
enabled: yes
hold-time: 0s..2s
on-event:
/ip dhcp-client release numbers=0
/ip firewall filter enable 0

:delay 10s

/ip firewall filter disable 0

5) use Winbox mobile to connect to mAP

If we are in new location (not in connect list), share AP on mobile phone.
After mAP connect to phone AP, press button on mAP. mAP is connected to Your own phone, so it's secure to allow connection from Your phone.
Connect by Winbox mobile to map.
After 10s, mAP will disable new connection from WAN. Open connection will keep.
Add new hotel ssid/security profile.
Reset map
Switch off ap on phone

For sure I add
/system scheduler print
Flags: X - disabled
# NAME START-DATE START-TIME INTERVAL ON-EVENT RUN-COUNT
0 atboot startup 0s /ip firewall filter disable 0 \r\n 1

to block new connection from WAN (dissable firewall rule to allow new connection from WAN)

For me its working as expected :)
Hoper will help someone
 
Guscht
Member Candidate
Member Candidate
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

Re: travel router

Thu Apr 27, 2023 1:30 pm

Is this limitation (master = ap bridge) not running solved?
I tried to configure a travel router and in default config (no default configuration), the salve connects without the master running:

Screenshot 2023-04-27 121650.jpg

In this setup I can connect via my phone to the wlan1 (ap bridge) interface and configure the wlan2 (station) interface to connect to the Hotel-WiFi. Even if a captive-portal is in place. Simply connect once via your phone, accept the conditions, connect via wlan1 to your router and change the MAC of wlan2 to the MAC of your phone. This way the captive-portal will "think" your wlan2-interface is your phone.

The only "limitation" is, you have to do once a Background-Scan and set the frequency/width (of the wlan1-interface) to the values of the SSID you want to connect to (via wlan2). Because wlan2 will use the same frequency/width as the master. If you want to connect via wlan2 to the Hotel-WiFi, you have to change the frequency/width in the master (wlan1) interface.

Tested with ROS 6.49.7 and ROS7.8.
You do not have the required permissions to view the files attached to this post.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: travel router

Thu Apr 27, 2023 6:15 pm

Yes this should work this way.

Master is AP or AP-bridge.
Slave is station or station-pseudobridge (there are 2 scenario's here!) Station, with masquerade or SRC-NAT is expected to be the most stable, and will allow the master interface with AP to have it's own DHCP server and range. Everything sent to the hotel AP, has the WLAN2 interface as source. So if any device does the captive portal interaction, eg via WLAN1, the captive portal will only see the WLAN2 IP and MAC address, independent how many other devices are connected to WLAN1, all will be seen as just one device.

Only reason to change the MAC address of WLAN2 , that I see, is when the hotel would block MAC-address-recognised routers.
(Like campings that block known repeaters (EnGenius ENH200) because of too many abuses (account sharing and illegal TX power)

Trick is indeed is to set the correct frequency in WLAN1 (master), for WLAN2 to work on the hotel frequency.

PS: My setup with WLAN1 as station, and a long connect list with all my known hotel SSID works automatically. But for a new localion this setup here is indeed easier.
Preferred Setup to be switched with a reset button push? (reset button script is not supported in the version I run now ... https://doc.i4e.com.bd/networking/doc/mode-button)

Who is online

Users browsing this forum: jookraw and 52 guests