MikroTik

sublimespot

I also have the TP Link smart plug (branded Kasa) and ran into this issue. I found that it is dropping off the network exactly at the 1/2 way mark for the DHCP lease when it tries to renew. I had my lease time on the network set to 30m. After extending the lease on this device to longer time like 2d...

sublimespot

Aren't you using "The Dude" to have a network map and manage them now?

sublimespot

Radius Accounting will send this information to your database. Enable it and check out your radius database.

sublimespot

I'm curious. What is the largest implementation of Mikrotik out there?

What is the most powerful and massive server that is running RouterOS, and also wondering how many users are running on that server?

sublimespot · SYN Cookies How do you enable SYN Cookies on the new 2.9.16?

How do you enable SYN Cookies on the new 2.9.16?

sublimespot

I would like the ability to set "Comment" on a user in Hotspot from the Radius reply message

sublimespot · Looks like 2.9.13 may fix the Radius Incoming instability

Looks like 2.9.13 may fix the Radius Incoming instability

sublimespot

I also experience this where the IP number for a hotspot user keeps changing. Its driving me nuts

sublimespot

Using php's exec() command with the following:

$cmd = "echo NAS-IP-Address=$nas_ip_address,User-Name=$mac,Framed-IP-Address=$framed_ip_address,Acct-Session-Id=$acct_session_id | radclient $nas_ip_address:1700 disconnect $radius_password";

sublimespot

Radius Incoming on the Mikrotik crashes very often. (You can also crash Radius Incoming by sending invalid data). Disabling and Re-Enabling Radius Incoming gets it working again. How would I write a script to automatically reset the Radius Incoming service every 10 minutes? I would like to put this ...

sublimespot

Turn on Radius Incoming and send a Radius Disconnect message. I use php to fire off a command line command to do this.

sublimespot

With radius you can set the customer Queue by sending Rate-Limit. According to the Mikrotik Manual, Rate limit only sets 4 items: "tx/rx speed", "Burst Limit tx/rx", "Burst Thresh tx/rx", "Burst Time" However, In Queue I see 5 items: "Max Limit", &qu...

sublimespot

Use Radius Accounting it logs this information to a radius server (and to mysql server). Then you can use php or something to make a web page to show usage

sublimespot

I have a support contract with MT. So if they do not pick up on it then I will let them know.

sublimespot

savage, thanks for all this information. I was able to crash the listener with invalid information. Disabling the listener and re-enabling brought it back.

sublimespot

It worked with Framed-Ip-Address

sublimespot

I enabled Radius with /radius incoming set accept=yes I tried to perform (Disconnect-Message) via command line: echo 'User-Name = 00:00:00:00:00:00" | radclient 192.168.10.10:1700 "disconnect" radpasswd Mikrotik Log says "Radius disconnect with no ip provided' How can I disconnec...

sublimespot

I enabled Radius with /radius incoming set accept=yes I tried to perform (Disconnect-Message) via command line: echo 'User-Name = 00:00:00:00:00:00" | radclient 192.168.10.10:1700 "disconnect" radpasswd Mikrotik Log says "Radius disconnect with no ip provided' echo 'ip = 00:00:00...

sublimespot

On regular linux, enabling "syn cookies" can help a little in trying to keep the server alive during a dos attack. Usually a dos attack eats up all your available bandwidth. No software setting can fix that.

sublimespot

PREROUTING is the chain where things like Masquerade or SRC NAT are defined.

Every packet that is forwarded by the router to another location goes through the FORWARD chain. In order to do a port forward, or NAT/Masquerade, a packet must also go through FORWARD.

sublimespot

I would like to De-Authenticate Hotspot user after using 10GB Monthly bandwidth usage. They will jump back to the signup screens where they can buy some more gigs of bandwidth. Is the best way to accomplish this by using scripts? I saw the script to auto-send-email when a user hits a certain bandwid...

sublimespot

I am also using this Freeradius to monitor bandwidth usage. What I am looking for now is a way to de-authenticate a hotspot account after it uses too much bandwidth.

sublimespot

disable transparent proxy.

make sure you have masquerade rule to allow traffic.

sublimespot

Yes thank you

sublimespot

I think you misunderstand what I'm saying

I want user A and user B to share a 512k rate limit

So if user A is downloading at full speed, then user B will only have half the available bandwidth.

I do not want user A to have 512k and user B to have 512k. They should share the bandwidth.

sublimespot

Freeradius

sublimespot

I'm using Radius to assign Rate-Limit to Hotspot users.

Is it possible to group two users together to share a Rate-Limit?

For example - two different MACs that share a 512k rate-limit. I read about Profile based Rate-Limit when using PPP, but I am not using PPP.

sublimespot

Yes Im using Rate-Limit with Radius with success.

Mine looks more like this:
64k/64k 256k/256k 128k/128k 10/10

For a 64k line with 10s burst.

If it works , you should find the Rate Limit in Winbox->Queues

sublimespot

The port 80 solution is do disable transparent proxy

sublimespot

Yes use the PROXY ARP howto SOLVED thread. Set up a ip route to handle passing traffic to and from the public IPs behind hotspot You dont want the masquerade rule to take effect for the public IPS behind hotspot or else they will show as if they are coming from the router itself. The howto suggests ...

sublimespot

I'm trying to get HTTPS working with Walled Garden. On some routers it works, on others I get "page can not be displayed" for all clients. The HTTPS walled garden support is not working well. So I am trying to set up firewall/mangle/nat rules to allow to get out to the HTTPS server without...

sublimespot

Things are working for the most part with one problem now.. I've got people behind hotspot in the way the original poster does. There are no NAT rules at all. We are using the Route table and the customer has a Public IP address set behind hotspot. When the clients behind hotspot (with public IP) co...

sublimespot

I found a solution.

I used Framed-IP-Address to create a public IP address.
Used Framed-Route to create a dynamic route.

This essentially gives the customer a public IP and they still have to authenticate with hotspot. Perfect!

sublimespot

Man I feel like such an idiot!

I checked Interfaces and it has a setting "ARP: enabled".

I assumed this meant proxy arp was enabled. It does not.

The setting had to be changed to "ARP: proxy arp" - then things started working for me.

sublimespot

Yes I also have the manual here. That bit of information in the documentation is very limited. I was hoping for more detailed information on how it is used and maybe a sample.

sublimespot

Radius Access-Accept has the option Filter-Id which appears to allow a dynamic firewall rule.

Is is possible to have Radius respond to create a dynamic SRC-NAT and DST-NAT for that user?

Where can I get more information on how to use the radius Filter-Id option?

sublimespot

In the following, when I say "DHCP server" I am referring to a Linux DHCP server, not the Mikrotik. I want to try DHCP relay. The MT manual says how to set up the MT for DHCP relay, but I'm confused how the DHCP server is configured. For testing, my DHCP server is on a 192.168.4.0 subnet a...

sublimespot

Hmm. My setup is a bit different. I want them to authenticate on the login screen, but then to have a public IP address so they can run services etc. Maybe I'm barking up the wrong tree. In the past Ive left them with a private IP, then setup SRC and DST NAT to route the public IP in to them. Though...

sublimespot

I set this up like you said and have one problem. If I try to connect to a computer behind hotspot (which has a public IP), the connection goes into the machine but the machine can not respond back. I can see the incoming connection with personal firewall on this machine. The syn request gets sent i...

sublimespot

I found one method here that is quite nice: http://forum.mikrotik.com/viewtopic.php?t=4402&highlight=proxyarp This method uses IP Routes. The only problem here is that if the DHCP server gives out a differnt private IP to them, then the route is broken. So it requires the DHCP static private IP ...

sublimespot

Ive got a hotspot with many users. Most of them are happy with NAT'ed addresses, but some want public IPs. Ive experimented and found a couple different ways to accomplish this but they are kind of a pain to set up. Firewall rules, Static DHCP entries, etc... What is the easiest and best way to hand...

sublimespot

I think you can use the walled garden feature to allow access to any site even though the user is not authenticated

You could set an "allow" rule to any site where destination is NOT (click the box) abcdefg.com . Then they could access any site but that one.

sublimespot

I am doing MAC-auth-only with Hotspot. Here is my situation: user tries to go to google.com. Radius auth fails. user is redirected to my signup page. signs up. user's mac address is added as username into my radius server At this point, if the Radius is queried, it will send back an Allow. but the M...

sublimespot

I got MAC username auth working with the DHCP radius feature.

sublimespot

Thank you. Ive got it authenticating against my FreeRadius now.

Now I'd like to figure out how to make it auto-send the MAC address as the username, and some string as password, instead of prompting the user for a username/pass.

sublimespot

I am trying to enable Radius client . If I click "Disable" , the lower status bar on the window says "disabled" in light grey. If I click "Enable", the lower status bar says "disabled" but it is dark grey. I cant turn it on! I noticed in the title bar in winbo...

Search found 46 matches

Re: TP Link Smart Plug Minis Not Keeping Connection to TP Link Cloud [SOLVED]

Largest Mikrotik implementation

SYN Cookies

Radius Incoming crashes. Howto script to reset the service?

Queues, Radius, Max-Limit, Limit-At

Radius Disconnect

De-Authenticate Hotspot user after using 10GB Monthly

Grouping Multiple MACs into one Rate-Limit

2.9 Walled Garden alternatives. HTTPS support is not working

Radius Access-Accept Filter-ID -> Create Dynamic NAT?

DHCP Relay - DHCP Server Setup

Public IPs behind hotspot

Flushing Hotspot Hosts table - to allow Radius re-query

Radius - disabled or disabled - cant enable