/ip dns static
add address=<hotspot-address> name=".*\\..*"
/ip dns static
add address=<address-where-page-not-internet-available-are> name=".*\\..*"
Do not believe, this can be done reliably: The browser (or clients PC) usually has a private DNS-cache. When connection to internet goes down, browser does not know about it. With next request, browser might use a cached DNS entry. Only when this fails, browser tries to do new DNS, getting your no-connect-page.the browser tries to browse anything on first attemtp it gets page not found 404 error and on the second it gets the "Sorry internet not available" So it looks like it can be done, please give me a suggestion on how to get it on the first try to browse.
Has nothing to do with MT. In case, there is no DNS entry in browsers or clients PC DNS-cache, the proposed solution will work, as there has to be a DNS request, immediately going to your no-connection-page. In case, user just navigates to another page in same domain, it will only work on second attempt. Or later. Thats, why I said, it can not work reliably in all cases on first attempt. So your wish, to always work on first attempt, can not be fulfilled in all cases.that there is something that Mikrotik cannot do
is less complex than you think......So My guess is that a more complex solution is needed to capture and redirect with layer7 on the firewall...
/ip dns static add address=1.2.3.4 comment=MAINTENANCE disabled=yes name=".*" ttl=10s
/ip dns static add address=1.2.3.4 comment=MAINTENANCE disabled=yes regexp=".*" ttl=10s
/tool netwatch
add down-script="{\\\r\
\n/ip dns static enable [/ip dns static find where comment~\"MAINTENANCE\"];\\\r\
\n/ip hotspot profile set [/ip hotspot profile find where html-directory~\"NORMALDIRECTORY\"] html-directory=\"maintenancePage\";\\\r\
\n/ip hotspot active remove [/ip hotspot active find];\\\r\
\n/radius disable [/radius find];\\\r\
\n}" host=REMOTEHOSTTOBEPINGED timeout=2s up-script="{\\\r\
\n/ip dns static disable [/ip dns static find where comment~\"MAINTENANCE\"];\\\r\
\n/ip hotspot profile set [/ip hotspot profile find where html-directory~\"maintenancePage\"] html-directory=\"NORMALDIRECTORY\";\\\r\
\n/radius enable [/radius find];\\\r\
\n}"
Thank you, Muqatil for your answer.Create a directory called maintenancePage and put there your html with the maintenance page files. No external references, a simple html page with few images would work.
Add fake DNS resolution (depending on ROS version, one of them will fail)Add a Netwatch to enable these entries, change the directory of the hotspot and kick everyone out to force them to reauthCode: Select all/ip dns static add address=1.2.3.4 comment=MAINTENANCE disabled=yes name=".*" ttl=10s /ip dns static add address=1.2.3.4 comment=MAINTENANCE disabled=yes regexp=".*" ttl=10s
If you have custom configs on your device, adjust the script accordinglyCode: Select all/tool netwatch add down-script="{\\\r\ \n/ip dns static enable [/ip dns static find where comment~\"MAINTENANCE\"];\\\r\ \n/ip hotspot profile set [/ip hotspot profile find where html-directory~\"NORMALDIRECTORY\"] html-directory=\"maintenancePage\";\\\r\ \n/ip hotspot active remove [/ip hotspot active find];\\\r\ \n/radius disable [/radius find];\\\r\ \n}" host=REMOTEHOSTTOBEPINGED timeout=2s up-script="{\\\r\ \n/ip dns static disable [/ip dns static find where comment~\"MAINTENANCE\"];\\\r\ \n/ip hotspot profile set [/ip hotspot profile find where html-directory~\"maintenancePage\"] html-directory=\"NORMALDIRECTORY\";\\\r\ \n/radius enable [/radius find];\\\r\ \n}"
{\
/ip dns static enable [/ip dns static find where comment~"MAINTENANCE"];\
/ip hotspot profile set [/ip hotspot profile find where html-directory~"NORMALDIRECTORY"] html-directory="maintenancePage";\
/ip hotspot active remove [/ip hotspot active find];\
/radius disable [/radius find];}
{\
/ip dns static disable [/ip dns static find where comment~"MAINTENANCE"];\
/ip hotspot profile set [/ip hotspot profile find where html-directory~"maintenancePage"] html-directory="NORMALDIRECTORY";\
/radius enable [/radius find];}
quoted for keep on forum without the original author can not delete that...So I managed to get it working.
You need to do few additional things though, to get it to redirect properly and to fool the clients.
This is my down script
{\
/ip dns static remove [/ip dns static find where name~"your hotspot fqdn"];\
/ip dns cache flush ;\
/ip dns static disable [/ip dns static find where comment~"CORRECTION"];\
/ip dns static enable [/ip dns static find where comment~"MAINTENANCE"];\
/ip hotspot profile set [/ip hotspot profile find where html-directory~"flash/hotspot"] html-directory="flash/maintenancePage";\
/ip hotspot active remove [/ip hotspot active find];\
:log warning "Internet down, showing maintenance page"
;}
&
This is up script
{\
/ip dns static disable [/ip dns static find where comment~"MAINTENANCE"];\
/ip dns static enable [/ip dns static find where comment~"CORRECTION"];\
/ip dns cache flush ;\
/ip hotspot profile set [/ip hotspot profile find where html-directory~"flash/maintenancePage"] html-directory="flash/hotspot";\
/ip hotspot profile set [/ip hotspot profile find where html-directory~"flash/hotspot"] dns-name="www. Your hotpot fqfn";\
/ip hotspot profile set [/ip hotspot profile find where html-directory~"flash/hotspot"] dns-name="your site fqdn";\
:log warning "Internet up, showing normal hotspot page"
;}
And be sure to add a static dns entry for your site at priority
As attached screenshot with "comments as written" using regex entry.
Yes agreed some of the above is redundant and unnecessary but i do it anyway to be super safe.
Essentially the static dns gives priority to static entry over dynamic ones so when we add a static entry to fool dns (when internet is down) it effects the hotspot static entry too, making it impossible to use another ip other than hotpot ip to fool clients as when we add a different ip the pages do not redirect.
Adding these entries helps to successfully fake dns to a non working ip while still making sure hotspot ip works as intended.