Hotspot Apple Login Page HELP!

ds12345 · Thu Feb 21, 2019 11:23 am

Hi All,

Banging my head against a wall with this one. I have a hotspot on v6.42.9. Login page. With android, apple phones connecting and and the login page pops up as soon as you connect. Same with Windows Laptops / PC's.

BUT Apple Mac Book air and other apple laptops just connect to the wifi, but no login page. I have to go find it, which isnt ideal for obvious reasons.

Fixes tried - Adding a DNS name to the hotspot server profile (domain.hotspot), tried a few. None make a difference. I've tried rebooting mac book, forgetting network, clearing cache, installing firefox. Nothing seems to work.

I'm also connecting through a mikrotik wifi AP, but doesnt make a difference if I hard wire in.

I'm assuming this is an easy fix im missing as apple is one of the most common devices out there.

Any ideas?

Thu Feb 21, 2019 1:35 pm

Make sure you don't have any entries in the walled garden.
Does the login page appear when you open a non-ssl website? Only the auto-popup doesn't work, right?

ds12345 · Thu Feb 21, 2019 1:51 pm

Hi,

Nothing in the walled garden.

Yeah so the auto popup doesnt happen. But yes if you open a browser and go to a non ssl site you see the login screen.

Its the auto popup I'm looking for when you connect to the wireless network. Works on everything except Mac. It wouldnt matter so much, but most people try to go google which is ssl so they just get page cannot be displayed.

Why is it Mac is reacting different to all other devices?

Thu Feb 21, 2019 1:54 pm

I can't answer right away, but what I can tell you, is that my macBook also doesn't always make the popup with other brand hotspots, when I am in hotels. So, it may be something in the macOS system.

ds12345 · Thu Feb 21, 2019 2:01 pm

I mean, Mac's are like half the computers in existence now, surely someone has a fix for this? I've seen posts of people saying theirs pops up so it can't be all of them. Could be an iOS version maybe.

Thu Feb 21, 2019 2:12 pm

How long have you waited? Sometimes it takes a minute. The device checks in background (not sure how often) if it can read the text "Success" on the page captive.apple.com - if not, it assumes there is a login page.

ds12345 · Thu Feb 21, 2019 3:07 pm

Yeah I read that about captive.apple.com, but nothing happens. I can stay signed on to the wifi or plugged in an hour, but nothing.

Redmor · Fri Feb 22, 2019 1:26 am

The problem appears because iPhone tries to load captive.apple.com, but I think if you have 4G and you're connected to an hotspot, then captive.apple.com is reachable and captive portal won't trigger.
Have you tried disabling 4G? If in that case works, you should study a way to make iPhones believe they can connect, and then drop captive.apple.com.
Try to redirect captive.apple.com IP to your hotspot RB.

ds12345 · Fri Feb 22, 2019 10:59 am

Just an update, the mac's I was testing on were on Sierra. Upgraded to Mojave and the issue has gone.

Connecting to the network shows a popup join window.

So looks like an Apple issue with various versions of iOS.

ds12345 · Fri Feb 22, 2019 11:00 am

The problem appears because iPhone tries to load captive.apple.com, but I think if you have 4G and you're connected to an hotspot, then captive.apple.com is reachable and captive portal won't trigger.
Have you tried disabling 4G? If in that case works, you should study a way to make iPhones believe they can connect, and then drop captive.apple.com.
Try to redirect captive.apple.com IP to your hotspot RB.

I was using a Macbook with no alternative connection and it was failing. But upgrading the software has fixed it.

However, I did test with an iPhone and it was working fine.

Jotne · Fri Feb 22, 2019 11:06 am

In my work we have a large WIFI guest network (not MikroTik) with around 1600 active users all time.
And there we see the same with all Apple units.

Problem is that they to chache lot of data and when you try to visit the a site it tries to open it from cache and not using portal.
This results in that the portal page does not show up.

Solution:
Block all Apple units, since they do not follow the wifi standard

Or tell all Apple user to visit tree-four pages that they have not visited before (not in cache). This should bring up the portal page.

Fri Feb 22, 2019 11:16 am

Actually, the end user doesn't care. He connects to your hotspot and tries to surf the web - boom, login page opens. No need for popup.

Redmor · Sat Feb 23, 2019 8:01 pm

We're in 2019 and mobile operators sell 50GB/month for 5€, who needs hotspots anymore?

pcunite · Sat Feb 23, 2019 9:09 pm

We're in 2019 and mobile operators sell 50GB/month for 5€, who needs hotspots anymore?

Hotels, mainly. All those laptops and tablets. Clients want free wifi, so before they hit the internet, you've gotten see that login page.

Jotne · Sun Feb 24, 2019 9:48 am

We're in 2019 and mobile operators sell 50GB/month for 5€, who needs hotspots anymore?

Not in Norway and many other country.
OneCall 16GB nearly 50 €/month
Telenor Yng 30GB 60 €/month
+++

Pea · Sun Feb 24, 2019 10:01 am

We're in 2019 and mobile operators sell 50GB/month for 5€, who needs hotspots anymore?

And which mobile operators?

Czech Vodafone 50GB for about 97€/month

GuJack20 · Sun Feb 24, 2019 9:38 pm

To not talk about Albanian operators

The fact that hotspot login page doesn't show is a known fact from many years. It is a client side issue, so MikroTik can't do anything in this point.

And YES, hotspot is widely used anywhere in Europe, in hotels, venues etc.

Jotne · Mon Feb 25, 2019 8:26 am

Only Apple can fix this. And how Apple are, they will never do.
As I write above, workaround is to open tre-four pages you have not used before.

Redmor · Tue Feb 26, 2019 9:05 am

Answer to my quotes:

Don't you have MVNO? When Iliad arrived in Italy, prices dropped down.
I pay 5.99€ for 50GB, Vodafone made a MVNO to lower prices in my country, even other operators did that.

By the way hotels can give away Wi-Fi password, if someone wants to buy drugs on Internet he can always provide fake personal information in hotspot registration and use a SIM that hasn't a legal owner.

Jotne · Tue Feb 26, 2019 9:18 am

@Redmor

Your prices for internet does not help us

Hotspot portal are used to many things
* Control who logs inn.
* Bandwidth control
* Information to the users
* People coming from other country without roaming included.
* +++

I do not like to go down from my hotel room late in the evening when I found out that I can not log inn to internet without an voucher..

RENOLPH · Tue Jun 09, 2020 12:35 am

Good day team, I have the same problem as the above, I am not good with Mikrotik devices or configuration, and not sure how to resolve the above issue, I will appreciate your help, my client is not in a good mood since the apple devices cannot be directed to the landing page.

mstephens · Mon Nov 23, 2020 4:53 pm

We have this problem ONLY on iOS 14.Our client has an iOS 13 and all Android devices work perfectly. There was also an update patch iOS 14.1. It was listed as an issue connecting to Unifi, but did not fix the issue with the page loading. Any iOS 14 device simply gets a blank screen. Any help would be appreciated. Thank you.

Tue Nov 24, 2020 12:18 pm

Do you have anything in the walled garden menu?

mstephens · Tue Dec 01, 2020 7:29 pm

Yes we do. Everything has 0 hits.

mstephens · Tue Dec 01, 2020 8:19 pm

Yes we do. Everything has 0 hits.I will disable the static entries by the customer and see if that helps.

mstephens · Mon Dec 07, 2020 7:44 pm

Do you have anything in the walled garden menu?

Everything has been disabled. Same problem, blank page shows up. Kindly advise, and thanks in advance!

mstephens · Mon Dec 14, 2020 8:57 pm

Do you have anything in the walled garden menu?

Hey Normis, do you have any other suggestions? Thank you.

mducharme · Mon Dec 14, 2020 10:11 pm

Hey Normis, do you have any other suggestions? Thank you.

Export the full config of the device with hide-sensitive.

mstephens · Mon Dec 14, 2020 10:23 pm

Hey Normis, do you have any other suggestions? Thank you.
Export the full config of the device with hide-sensitive.

OK, do I email to support@mikrotik.com?
Thank you.

mducharme · Mon Dec 14, 2020 10:47 pm

OK, do I email to support@mikrotik.com?
Thank you.

Post it here, if you want to get feedback.

mstephens · Tue Dec 15, 2020 2:37 am

OK, do I email to support@mikrotik.com?
Thank you.
Post it here, if you want to get feedback.

I appreciate that. However the client does not want their config posted. We have setup a ton of Hotspot Managers, I was just hoping someone else knew of the existing iOS14 issues.
Thanks.

mducharme · Tue Dec 15, 2020 3:01 am

I appreciate that. However the client does not want their config posted. We have setup a ton of Hotspot Managers, I was just hoping someone else knew of the existing iOS14 issues.

Hi,

There are no "existing iOS14 issues". I've tested iOS 14 clients and have zero issues with them seeing the hotspot login page. It always comes up automatically.

mstephens · Tue Dec 15, 2020 3:08 am

I appreciate that. However the client does not want their config posted. We have setup a ton of Hotspot Managers, I was just hoping someone else knew of the existing iOS14 issues.
Hi,

There are no "existing iOS14 issues". I've tested iOS 14 clients and have zero issues with them seeing the hotspot login page. It always comes up automatically.

Hello, the customer also has access to their router, so maybe there is something wrong with the config. This problem ONLY happens with iOS 14 clients. Everything else is fine. Funny thing, we only have the one customer with this issue. Thanks.

mducharme · Tue Dec 15, 2020 3:33 am

Hello, the customer also has access to their router, so maybe there is something wrong with the config. This problem ONLY happens with iOS 14 clients. Everything else is fine. Funny thing, we only have the one customer with this issue. Thanks.

Hi,

As normis explained, the devices try to fetch the captive portal detection page (in this case, captive.apple.com) on connection. If they get the expected result, they know that they can get online, otherwise they know they are behind a captive portal and trigger the detection of the captive portal page. So the only way this can happen is either with walled garden settings or ip firewall settings that allow customers access to outside resources without having to go through the captive portal. Those outside resources need not include the actual captive.apple.com site, but can instead include sites that are served from the same IP address as captive.apple.com, which can be a large number of sites potentially if it is served from a CDN. The result is that you have to be very very careful whenever you give unauthenticated users access to anything outside as you can easily break captive portal detection in the event that something is allowing traffic from the hotspot client to that IP prior to authentication.

iOS 14 also has a new feature where you can tell iOS that it is behind a captive portal via DHCPv4 option 114:

https://developer.apple.com/news/?id=q78sq5rv

Please note that you shouldn't *have* to use that option to correct this issue, your issue is certainly caused by allowing unauthenticated hotspot users access to some outside resource, and access to that outside resource is making the device think it isn't actually behind a captive portal and it doesn't show the login page as a result.

mstephens · Tue Dec 15, 2020 3:44 am

Awesome! Thanks for your help, I really appreciate the information.

lindend · Thu Jul 15, 2021 7:21 pm

We just setup a hotspot on 6.47.10 and Windows, iOS and Android clients all detect that they're behind a captive portal and immediately show a popup/login screen for authentication with the hotspot. However, tested it with a Macbook running Big Sur and no CNA was shown. If I bring up a fresh Chrome browser, I get the portal login screen. However, if Safari is already running and I try to reload a previously loaded site in a tab, it just spins and then fails the load the page (no login screen is offered).

The walled garden is empty and captive.apple.com is not reachable (which is expected and should result in the CNA being shown). Should Big Sur and the hotspot reliably show the CNA login?

lindend · Fri Jul 16, 2021 2:56 pm

Isolated the problem a little. OS X isn't able to resolve the hostname of our hotspot. Windows/Android/iOS resolve it.

The format of the hostname I'm using is

routername.wifi

nslookup on Windows reports that it's a non-authoritative answer coming from the router. Are non-authoritative answers a problem for OS X?

Fri Jul 16, 2021 3:04 pm

could be Apple bug/feature, as per this post here:
viewtopic.php?f=1&t=174354&p=866621&hil ... ns#p866375

lindend · Fri Jul 16, 2021 6:22 pm

Interesting. Thanks for the pointer to that discussion.

From reading that thread and the web on mDNS, isn't the Apple Bonjour (mDNS) only search limited to .local? If so, shouldn't my hostname

router.wifi

be exempt from that bug/feature? Or are they doing this for multiple domain suffixes and not just .local?

lindend · Fri Jul 16, 2021 9:36 pm

The DNS error was user error on my part. The iMac had an ethernet cable plugged in and chose not to check the Mikrotik to help resolve the router DNS address. I unplugged it and the CNA popped up (but it was blank). Also, connected a Macbook and it didn't even show the CNA popup. Both were able to resolve/ping the router. I then noticed that all https requests weren't being redirected to the portal in browsers but http requests were being redirected. So it appears like this issue can be traced back to some failure intercepting and redirecting https requests.

Checked Windows and it also fails to redirect https requests (but that doesn't matter as much since there's an immediate login browser window shown).

Edit: Found the instructions to enable https redirection.

lindend · Tue Jul 20, 2021 12:22 am

Using a self-signed certificate to allow Big Sur users to login to the hotspot crated a miserable experience for Android, iOS and Windows users (along with BIg Sur once logged in)--every secure web site generated a security warning popup and that identity of the certificate could not be confirmed.

Is there a way to get OS X/Big Sur to accept the http portal redirects just like Android, iOS and Windows?

rextended · Tue Jul 20, 2021 12:43 am

Ask the awesome, mega-galactic, formidable, foolproof, matchless, super-cool, innovative, mega-super...
Apple...
...mind thinking for you,
what you need to do or not with a device,
what you need to click, you don't have to be compatible with others, and you don't have to ask.