I know this has already been discussed, but has anyone had success?
This is what i have done for now.
We have valid certificate installed, and dhcp option 114 enabled.
I see requests for option 114 coming from the clients in wireshark
Option: (55) Parameter Request List
Length: 9
Parameter Request List Item: (1) Subnet Mask
Parameter Request List Item: (121) Classless Static Route
Parameter Request List Item: (3) Router
Parameter Request List Item: (6) Domain Name Server
Parameter Request List Item: (15) Domain Name
Parameter Request List Item: (108) Removed/Unassigned
Parameter Request List Item: (114) DHCP Captive-Portal
Parameter Request List Item: (119) Domain Search
Parameter Request List Item: (252) Private/Proxy autodiscovery
And the ACK looks like this:
Option: (114) DHCP Captive-Portal
Length: 38
Captive Portal: https://hotspot.xxxxxx.com/api
This is what i get when i enter this page, accesed via HTTPS.
{
"captive": true,
"user-portal-url": "https://hotspot.xxxxx.com/login",
"can-extend-session": true,
"info-venue-url": "https://hotspot.xxxxxx.com"
}
The api.json is stored in hotspot folder.
But, I dont see any requests for the captive portal API, instead I see the old method (captive.apple.com - get-hotspot / Generate 204 + 302 redirections) happening.
Tested with Android 11, IOS 15, and Big Sur.
Any clue to go further? What more could I debug?
Is there anything more to do to make this happen? I read you have to make the client capable to reach oscp or ntp servers to validate your certificate, but how could I know if this is what is happening here?
Mikrotik says:
"This DHCP option field is enabled automatically, but only if the router has a DNS name configured and has a valid SSL certificate (so that the login page can be accessed over HTTPS). When these requirements are met, a special DHCP option will be sent, containing a link to https://<dns-name-of-hotspot>/api. This link contains information in JSON format, instructing the client device of the captive portal status, and the location of the login page."
Re: RFC8910 Captive Portal
Not that many people are interested in hotspot at all. And the whole thing seems like chicken and egg problem, most clients don't support it, and most hotspots probably don't either. It will take years to catch on. In the meantime, any client must expect that random hotspot doesn't support it yet, and must be able to use old method. So there's no pressure for hotspots to add this, because every client can use old method, which mostly works. It's like IPv6 adoption, why bother when everyone can use IPv4, which mostly works. I'm not saying that I like it.
I have nothing I could test this with, but if client asks for dhcp option and router provides it, then next action should come from client, I assume.
I have nothing I could test this with, but if client asks for dhcp option and router provides it, then next action should come from client, I assume.
Re: RFC8910 Captive Portal
Thank you for answering,
I am aware there isn't much interest in it, but we are an Hotel, and for now, I don't know how to get rid of hotspot and give the same kind of service.
I see in older post about this ppl complaining about the inability of mikrotik to "force dhcp options", but it's not the case. And since I can see clients asking for DHCP option 114 (android, IOS, and OSX), I was wondering if they already switched to the new method.
Android support states that devices (from android 11) will ask for the API support First, and then, if the server doesn't support, it will change to the old method.
https://developer.android.com/about/ver ... ive-portal
I wouldn't care about this that much, because I could bypass this, but we have a Chromecast solution that need the client to login to pair him with his chromecast, so bypass is not an option. We are a luxury hotel and any loss of service leads to complaints.
So I am just looking for someone who can confirm that my "server side" is configured properly. I saw in other pages people saying that we had success in it, but using packetfence or dnsmasq.
https://developer.apple.com/forums/thread/660827
https://github.com/inverse-inc/packetfence/issues/5638
Thank you,
I am aware there isn't much interest in it, but we are an Hotel, and for now, I don't know how to get rid of hotspot and give the same kind of service.
I see in older post about this ppl complaining about the inability of mikrotik to "force dhcp options", but it's not the case. And since I can see clients asking for DHCP option 114 (android, IOS, and OSX), I was wondering if they already switched to the new method.
Android support states that devices (from android 11) will ask for the API support First, and then, if the server doesn't support, it will change to the old method.
https://developer.android.com/about/ver ... ive-portal
I wouldn't care about this that much, because I could bypass this, but we have a Chromecast solution that need the client to login to pair him with his chromecast, so bypass is not an option. We are a luxury hotel and any loss of service leads to complaints.
So I am just looking for someone who can confirm that my "server side" is configured properly. I saw in other pages people saying that we had success in it, but using packetfence or dnsmasq.
https://developer.apple.com/forums/thread/660827
https://github.com/inverse-inc/packetfence/issues/5638
Thank you,
Re: RFC8910 Captive Portal
I think it's still the case, it's about sending some option even when client doesn't ask for it. But yours do, so it's not a problem.I see in older post about this ppl complaining about the inability of mikrotik to "force dhcp options", but it's not the case.
According to changelog, since 6.48 there's this:
It was replaced by RFC8910, but I don't see any mention of that in RouterOS changelog. But since it says that:*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
And you see option 114, it looks like it was updated.This document replaces RFC 7710 [RFC7710], which used DHCP code point 160. Due to a conflict, this document specifies 114.
If I was you, I'd try to test some other hotspot server, to make sure that client works with it, and then the same client should work also with RouterOS. If not, you could compare what's different. A bit annoying, because it should just work, but what else can you do when it doesn't.
-
-
olivier2831
Member
- Posts: 312
- Joined:
Re: RFC8910 Captive Portal
Reading this not so old thread, have OP met success with RFC8910 since asking here ?
What about Win10 and Win11 clients ?
What about Win10 and Win11 clients ?
Re: RFC8910 Captive Portal
All should be compatible, as far as we have seen. The standard is implemented.
Re: RFC8910 Captive Portal
Unfortunately the standard is awkward. It would be quite helpful when the built-in http server would include some capability to return a JSON file (with the proper mime type) as required by the RFC8910 spec.
(of course the definition of that option is completely silly but that is not something "we" can change)
(of course the definition of that option is completely silly but that is not something "we" can change)
Re: RFC8910 Captive Portal
Well Normunds, thats a bit vague:
BTW: As Mikrotik (!!!!!!!!!!!!!!!) to tell people RTFM, YOU GUYS NEED TO WRITE AT FRIST A GOOD MANUAL!!!
Wehre do I have to place the file? Anywhere, a special location or folder? Which filename is used? Which DHCP-Option "a special DHCP option will be sent" should we add and how? Is the manual adding supported by ROSv6 too? In wour Wiki you write on top ROS v6.48 but in the manual adding section you mention only ROS v7.3.[...]or manually add/edit the api.json file to have the above contents, for Hotspot detection to work.
BTW: As Mikrotik (!!!!!!!!!!!!!!!) to tell people RTFM, YOU GUYS NEED TO WRITE AT FRIST A GOOD MANUAL!!!
Last edited by Guscht on Tue Aug 22, 2023 4:08 pm, edited 1 time in total.
Re: RFC8910 Captive Portal
Please read the next sentence too!
> It is located in the router files menu.
It continues "you will have to use "Reset HTML" function, or manually add/edit the api.json file". If you click on the "reset html" button, the file is generated for you. You will not have to make or place it anywhere. It will be there automatically!
as for the contents, the link is provided with full example:
https://developer.apple.com/news/?id=q78sq5rv
We do make manuals, but people do not read them, even when provided with links.
> It is located in the router files menu.
It continues "you will have to use "Reset HTML" function, or manually add/edit the api.json file". If you click on the "reset html" button, the file is generated for you. You will not have to make or place it anywhere. It will be there automatically!
as for the contents, the link is provided with full example:
https://developer.apple.com/news/?id=q78sq5rv
We do make manuals, but people do not read them, even when provided with links.
Re: RFC8910 Captive Portal
P.S: forget about v6. Everything is about v7 now for 2 years already. Time to move on.
Re: RFC8910 Captive Portal
I'm not sure Windows respects the DHCP Option 114 / RFC-7110 / RFC-8910 scheme in the first place – Mikrotik can't change that 
Windows does older check for redirects, which /ip/hotspot supports.
Windows does older check for redirects, which /ip/hotspot supports.
Re: RFC8910 Captive Portal
Did you already tell that to the department that runs the performance tests and puts the results on the products website?P.S: forget about v6. Everything is about v7 now for 2 years already. Time to move on.
I think it is time to update them to v7 numbers,
-
-
BrianHiggins
Forum Veteran
- Posts: 720
- Joined:
- Location: Norwalk, CT
- Contact:
Re: RFC8910 Captive Portal
confirmed it does not.I'm not sure Windows respects the DHCP Option 114 / RFC-7110 / RFC-8910 scheme in the first place – Mikrotik can't change that
Also, for anyone trying to replicate this by uploading a text file to a webserver with the appropriate JSON string, that will not work. The webserver response content type must be set to Content-Type: application/captive+json in order for clients to accept & act on the values. Simply uploading a text file to a webserver will display the correct JSON string in your webbrowser, but it will be transmitted as Content-Type: text/plain and when accessed by the client, no redirection actions will be performed.
Re: RFC8910 Captive Portal
new products have them. devices that ship with v6 have v6 results. we cant change devices that are already in distributor shops.Did you already tell that to the department that runs the performance tests and puts the results on the products website?P.S: forget about v6. Everything is about v7 now for 2 years already. Time to move on.
I think it is time to update them to v7 numbers,
Re: RFC8910 Captive Portal
But to be clear, content type is actually set when using /ip/hotspot AFAIK. To @normis point, I tested /ip/hotspot docs a few a months ago actually, and if you follow them – especially the ones about HTTPS and certs — you end up with a hotspot that seem to work on Apple things at least.The webserver response content type must be set to Content-Type: application/captive+json in order for clients to accept & act on the values.
Now when you files uploaded via branding/etc and do NOT use /ip/hotpot... totally right you cannot set a content-type of those files.
Re: RFC8910 Captive Portal
As you know very well, there are devices that were initially shipped with v6, have v6 test results on the site, but at this moment are shippednew products have them. devices that ship with v6 have v6 results. we cant change devices that are already in distributor shops.
Did you already tell that to the department that runs the performance tests and puts the results on the products website?
I think it is time to update them to v7 numbers,
with v7 and cannot be downgraded to v6 to get the performance that was advertised.
Are you going to update all the performance figures for shipping devices to v7?
Why is it so difficult to add the information like RouterOS version used to get these test result (and IP protocol version) to each test result table?
-
-
BrianHiggins
Forum Veteran
- Posts: 720
- Joined:
- Location: Norwalk, CT
- Contact:
Re: RFC8910 Captive Portal
I made no claim one way or another regarding the content type on the data returned from the hotspot service. My point was relating to lobo83's comments regarding uploading the files somewhere and that it loaded correctly from their webbrowser but didn't redirect from the client.But to be clear, content type is actually set when using /ip/hotspot AFAIK. To @normis point, I tested /ip/hotspot docs a few a months ago actually, and if you follow them – especially the ones about HTTPS and certs — you end up with a hotspot that seem to work on Apple things at least.The webserver response content type must be set to Content-Type: application/captive+json in order for clients to accept & act on the values.
Now when you files uploaded via branding/etc and do NOT use /ip/hotpot... totally right you cannot set a content-type of those files.
Re: RFC8910 Captive Portal
I think @normis thinks it works... because /ip/hotspot does in fact work correctly in V7.My point was relating to lobo83's comments regarding uploading the files somewhere and that it loaded correctly from their webbrowser but didn't redirect from the client.
But you're right there is still a feature request/bug here, outside of /ip/hotspot. You should be able to upload the api.json needed for Option 114 via branding kit and have it work independently of /ip/hotspot. e.g. RouterOS http server using the right MIME-type for the captive portal JSON file, by uploading it to a specific path using branding kit. That would be useful.
-
-
BrianHiggins
Forum Veteran
- Posts: 720
- Joined:
- Location: Norwalk, CT
- Contact:
Re: RFC8910 Captive Portal
I would be more surprised if it didn't work than hearing it does work. It's a pretty simple function to implement there really isn't much to it code wise, I wrote the whole functionality to support it for our platform in 1 day, including testing and release.
I think @normis thinks it works... because /ip/hotspot does in fact work correctly in V7.
I actually disagree, I think there's little reason it should be supported on the built in web server via any uploaded file. I even disagree that the hotspot should even read a config file at all. I think the hotspot should simply have a settings parameter that can specify the URL and then a static path defined on the webserver like hotspot/redirect that when called it just computationally generates the 4 lines of JSON text needed. There is no need for the api.json text file at all unless it can be demonstrated somehow that reading the file, parsing the contents, replacing the variables, then rendering the output, is somehow faster than just appending the variables and a few strings then rendering the output.But you're right there is still a feature request/bug here, outside of /ip/hotspot. You should be able to upload the api.json needed for Option 114 via branding kit and have it work independently of /ip/hotspot. e.g. RouterOS http server using the right MIME-type for the captive portal JSON file, by uploading it to a specific path using branding kit. That would be useful.
Remember all it needs to do is generate the following string, there's more characters of variables than there is content that's being read from the file on disk/flash
Code: Select all
{
"captive":"true",
"user-portal-url":"https://yoururl.com/landingpage"
}