Community discussions

MikroTik App
  4. RouterOS
  5. General

V7.5 HOTSPOT RoutingMark HOTSPOT-Redirection to Login-Page

Post Reply
 
User avatar
ofendt
just joined
Topic Author
Posts: 23
Joined: Mon Jun 20, 2011 10:17 pm

V7.5 HOTSPOT RoutingMark HOTSPOT-Redirection to Login-Page

Tue Sep 13, 2022 12:56 am

Hi, i upgraded my RB from 6.XXX to 7.5. Most things work, but the

HOTSPOT-Loginpage-Redirection
does not work.
I have 2 Lines and i do PREROUTING random ADRSSLIST and then "Set-Routing-Mark" to Route traffic to 2 diffrent DSL Lines.

Everything works - except the automatik HOTSPOT Login.

The HOTSPOT-Login does work if i

1) enter the IP of the Route in Browser manual
OR / AND it works
2) if i disable the Routing-MARK

Is there a workaround for example:
to set Users AFTER HOTSPOT-Login to an Adress-List ... so i can MANGLE only Users from that list,
or
to add Entrys in the other Routing-Tables (other than main) so the redirection works.

Thanks
Top
 
AidanAus
Member Candidate
Member Candidate
Posts: 177
Joined: Wed May 08, 2019 7:35 am
Location: Australia
Contact:
Contact AidanAus

Re: V7.5 HOTSPOT RoutingMark HOTSPOT-Redirection to Login-Page

Tue Sep 13, 2022 4:36 am

Can you please post at least your firewall (filter, nat and mangle) so we can see what you have added and more important where you placed the rules, adding a masquerade to do some policy routing shouldn't be an issue but you have to realize we need to allow this to go through the proper steps first.
If you have a look at the default hotspot rules (if you have edited these or removed any just disable and re-enabling the hotspot service will bring them back) you can see a number of custom chains, things like pre-auth etc that processes the traffic so the first thing we will need to look at is to see why your rules are effecting this.

Please note that the forwarding to the logging page etc is not to do with the routes but to do with the firewall rule (nat for this one) to process the traffic accordingly (forwarding the traffic to its hotspot dns name)

Again for more of a direct answer please send through your configuration or at least the firewall section of it, please make sure to remove any confidential information before posting however :)
Top
 
User avatar
ofendt
just joined
Topic Author
Posts: 23
Joined: Mon Jun 20, 2011 10:17 pm

Re: V7.5 HOTSPOT RoutingMark HOTSPOT-Redirection to Login-Page

Tue Sep 13, 2022 9:56 am

Thanks for replay - here is the firewall and routing.
The Problem is the Routing to 2 diffrent DSL-lines by randomly putting each IP to a ADRESS-LIST ("Liste1" or "Liste2")
and to a Liste "Gesamt" to find out witch adresses are "new".

These lines have to be disabled to work...
Code: Select all
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
    ToMNetVDSL1 passthrough=yes src-address=192.168.0.0/16 src-address-list=\
    Liste1
add action=mark-routing chain=prerouting disabled=yes dst-address=\
    !192.168.0.0/16 new-routing-mark=TKOMrm passthrough=yes src-address=\
    192.168.0.0/16 src-address-list=Liste2
add action=mark-routing chain=prerouting disabled=yes dst-address-list=\
    !Intern new-routing-mark=TKOMrm passthrough=yes src-address=\
    10.0.2.2-10.0.2.254
Complete Firewall section
Code: Select all
# sep/12/2022 23:32:18 by RouterOS 7.5

/ip firewall address-list
add address=10.0.2.0/24 list=ListePrivat
add address=10.0.0.0/8 list=DNSOK
add address=192.168.0.0/16 list=DNSOK
add address=8.8.8.8 list=DNSOK
add address=192.168.0.0/16 list=DNS
add address=10.0.0.0/8 list=DNS
add address=10.7.1.120 list=DNS
add address=192.168.0.0/16 list=SIP
add address=10.0.0.0/8 list=SIP
add address=217.10.79.9 list=SIP
add address=80.237.128.10 list=DNS
add address=10.0.0.0/8 list=Intern
add address=192.168.1.0/24 list=Intern
add address=217.10.68.0/24 list=SIP
add address=proxy.live.sipgate.de list=SIP
add address=sipgate.de list=SIP
add address=217.7.253.232 list=SIP
add address=217.7.253.232 list=DNS
add address=sipconnect.sipgate.de list=SIP
add address=176.10.119.57 list=Intern
/ip firewall connection tracking
set enabled=yes generic-timeout=2h icmp-timeout=13s tcp-syn-received-timeout=\
    10s tcp-syn-sent-timeout=10s udp-stream-timeout=6m udp-timeout=30s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=accept chain=forward dst-address=10.8.0.10 log-prefix=TELANLAGE
add action=accept chain=forward log-prefix=TELANLAGE src-address=10.8.0.10
add action=accept chain=forward dst-address=10.0.0.0/8 src-address=10.0.0.0/8
add action=accept chain=input dst-address=10.0.0.0/8 src-address=10.0.0.0/8
add action=accept chain=forward dst-address=192.168.0.0/16 src-address=\
    10.0.0.0/8
add action=accept chain=input dst-address=192.168.0.0/16 src-address=\
    10.0.0.0/8
add action=accept chain=forward dst-address=192.168.0.0/16 src-address=\
    192.168.0.0/16
add action=accept chain=forward dst-address=10.0.0.0/8 src-address=\
    192.168.0.0/16
add action=accept chain=input dst-address=10.0.0.0/8 src-address=\
    192.168.0.0/16
add action=accept chain=forward disabled=yes dst-address-list=DNSOK \
    src-address-list=DNSOK
add action=drop chain=input dst-port=53 protocol=tcp src-address-list=!DNSOK
add action=drop chain=input dst-port=53 protocol=udp src-address-list=!DNSOK
add action=drop chain=input dst-port=161-162 protocol=udp src-address-list=\
    !Intern
add action=tarpit chain=input dst-port=80,21 protocol=tcp src-address-list=\
    !Intern
add action=accept chain=forward dst-port=53 protocol=udp src-address=\
    10.0.0.0/8
add action=accept chain=input disabled=yes dst-address=192.168.0.0/16 \
    src-address=192.168.0.0/16
add action=accept chain=output disabled=yes dst-address=192.168.0.0/16 \
    src-address=192.168.0.0/16
add action=accept chain=forward src-address=10.0.0.0/8
add action=accept chain=forward dst-address=10.0.0.0/8
add action=accept chain=input src-address=10.0.0.0/8
add action=accept chain=input dst-address=10.0.0.0/8
add action=accept chain=output src-address=10.0.0.0/8
add action=accept chain=output dst-address=10.0.0.0/8
add action=accept chain=input protocol=icmp
add action=accept chain=forward
add action=accept chain=input dst-port=53 protocol=udp src-address-list=DNSOK
add action=reject chain=input dst-port=53 protocol=udp reject-with=\
    icmp-network-unreachable src-address-list=!DNSOK
add action=reject chain=forward dst-port=53 protocol=udp reject-with=\
    icmp-network-unreachable src-address-list=!DNSOK
add action=accept chain=input dst-port=53 protocol=tcp src-address-list=DNSOK
add action=reject chain=input dst-port=53 protocol=tcp reject-with=\
    icmp-network-unreachable src-address-list=!DNSOK
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=2w6d chain=input connection-state=new dst-port=23 \
    protocol=tcp src-address-list=!Intern
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=2w6d chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=5m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=5m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=5m chain=input connection-state=new dst-port=22 \
    protocol=tcp
add action=reject chain=forward dst-address-list=!Intern reject-with=\
    icmp-network-unreachable src-address=10.7.1.11
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes \
    protocol=tcp tcp-flags=syn
add action=change-mss chain=forward new-mss=1410 out-interface=all-ppp \
    passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1411-65535
add action=mark-routing chain=prerouting dst-port=53 new-routing-mark=DNSSLOW \
    passthrough=yes protocol=tcp
add action=mark-routing chain=prerouting dst-port=53 new-routing-mark=DNSSLOW \
    passthrough=yes protocol=udp
add action=mark-connection chain=input connection-mark=no-mark in-interface=\
    MNET_VDSL300_PPPOE new-connection-mark=cmMNET1 passthrough=yes
add action=mark-connection chain=input connection-mark=no-mark in-interface=\
    VDSL250_1905_Telekom new-connection-mark=cmTKOM1 passthrough=yes
add action=mark-routing chain=output connection-mark=cmMNET1 \
    new-routing-mark=ToMNetVDSL1 passthrough=yes
add action=mark-routing chain=output connection-mark=cmTKOM1 \
    new-routing-mark=TKOMrm passthrough=yes
add action=accept chain=prerouting dst-address=10.0.0.0/8
add action=mark-routing chain=prerouting dst-address=176.10.119.57 \
    new-routing-mark=main passthrough=no
add action=accept chain=prerouting dst-address=192.168.0.0/16
add action=change-mss chain=forward in-interface=all-ppp new-mss=1410 \
    passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1411-65535
add action=add-src-to-address-list address-list=Liste1 address-list-timeout=\
    4h chain=prerouting connection-mark=no-mark random=40 src-address=\
    192.168.0.0/16 src-address-list=!Gesamt
add action=add-src-to-address-list address-list=Liste2 address-list-timeout=\
    4h chain=prerouting connection-mark=no-mark random=80 src-address=\
    192.168.0.0/16 src-address-list=!Gesamt
add action=add-src-to-address-list address-list=Gesamt address-list-timeout=\
    4h chain=prerouting connection-mark=no-mark src-address=192.168.0.0/16 \
    src-address-list=Liste2
add action=add-src-to-address-list address-list=Gesamt address-list-timeout=\
    4h chain=prerouting connection-mark=no-mark src-address=192.168.0.0/16 \
    src-address-list=Liste1 tcp-flags=""
[b]add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
    ToMNetVDSL1 passthrough=yes src-address=192.168.0.0/16 src-address-list=\
    Liste1
add action=mark-routing chain=prerouting disabled=yes dst-address=\
    !192.168.0.0/16 new-routing-mark=TKOMrm passthrough=yes src-address=\
    192.168.0.0/16 src-address-list=Liste2
add action=mark-routing chain=prerouting disabled=yes dst-address-list=\
    !Intern new-routing-mark=TKOMrm passthrough=yes src-address=\
    10.0.2.2-10.0.2.254[/b]
/ip firewall nat
add action=dst-nat chain=dstnat disabled=yes dst-address=10.0.2.1 dst-port=80 \
    protocol=tcp src-address=10.8.0.0/16 to-addresses=192.168.164.98 \
    to-ports=80
add action=dst-nat chain=dstnat disabled=yes dst-address=10.8.0.10 dst-port=\
    80 protocol=tcp src-address=192.168.0.0/16 to-addresses=10.8.0.10 \
    to-ports=84
add action=dst-nat chain=dstnat disabled=yes dst-address=10.8.0.10 dst-port=\
    80 protocol=tcp src-address=10.0.2.0/24 to-addresses=10.8.0.10 to-ports=\
    84
add action=masquerade chain=srcnat disabled=yes dst-port=80 protocol=tcp \
    src-address=10.8.0.82
add action=masquerade chain=srcnat disabled=yes dst-address=10.8.0.10
add action=dst-nat chain=dstnat dst-address=8.8.8.8 dst-port=53 protocol=udp \
    src-address=192.168.0.0/16 to-addresses=10.0.2.1
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.16.0/25 \
    dst-address-type="" fragment=no hotspot="" psd=21,3s,3,1 src-address=\
    192.168.1.0/24 src-address-type="" time=0s-1d,sun,mon,tue,wed,thu,fri,sat
add action=src-nat chain=srcnat disabled=yes dst-address=192.168.16.0/24 \
    src-address=192.168.1.0/24 to-addresses=192.168.16.8
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.16.128/25 \
    src-address=192.168.1.0/24 to-addresses=192.168.16.1
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat src-address=192.168.144.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.154.0/24 to-addresses=0.0.0.0
add action=masquerade chain=srcnat src-address=192.168.136.0/24
add action=masquerade chain=srcnat src-address=192.168.138.0/24
add action=masquerade chain=srcnat src-address=192.168.137.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.178.0/24 to-addresses=0.0.0.0
add action=masquerade chain=srcnat src-address=192.168.179.0/24 to-addresses=\
    0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.138.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.164.0/24 to-addresses=0.0.0.0
add action=masquerade chain=srcnat out-interface=MNET_VDSL300_PPPOE
add action=masquerade chain=srcnat out-interface=VDSL250_1905_Telekom
add action=accept chain=srcnat dst-address=10.0.0.0/8 src-address=10.0.0.0/8
add action=accept chain=srcnat dst-address=192.168.0.0/16 src-address=\
    10.0.0.0/8
add action=accept chain=srcnat dst-address=10.0.0.0/8 src-address=\
    192.168.0.0/16
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=accept chain=srcnat dst-address=10.0.3.0/24 src-address=\
    10.0.200.0/24
/ip firewall service-port
set pptp ports=1723
Top
 
User avatar
ofendt
just joined
Topic Author
Posts: 23
Joined: Mon Jun 20, 2011 10:17 pm

Re: V7.5 HOTSPOT RoutingMark HOTSPOT-Redirection to Login-Page

Tue Sep 13, 2022 11:32 am

Solution (for the moment)

I found a working - but not very good solution:

The trick is to define the adress-lists ONLY when the user has a functionl Connection - (i test by "connection-rate=500k-200M")

add action=add-src-to-address-list address-list=Liste1 address-list-timeout=\
14h chain=prerouting connection-mark=no-mark connection-rate=500k-200M \
random=15 src-address=192.168.0.0/16 src-address-list=!Gesamt

Hope that helps others
Code: Select all
# sep/13/2022 10:22:01 by RouterOS 7.5
# software id = 00X4-I7Y2
#
# model = CCR1009-8G-1S-1S+
# serial number = 5A1804B95DCC
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes \
    protocol=tcp tcp-flags=syn
add action=change-mss chain=forward in-interface=all-ppp new-mss=1410 \
    passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1411-65535
add action=change-mss chain=forward new-mss=1410 out-interface=all-ppp \
    passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1411-65535
add action=mark-connection chain=input connection-mark=no-mark in-interface=\
    MNET_VDSL300_1 log-prefix=Test new-connection-mark=MNET1 passthrough=no
add action=mark-connection chain=input connection-mark=no-mark in-interface=\
    VDSL175_1566_Telekom log-prefix=Test new-connection-mark=TKOM \
    passthrough=no
add action=mark-connection chain=input connection-mark=no-mark in-interface=\
    MNET_VDSL300_2 log-prefix=Test new-connection-mark=MNET2 passthrough=no
add action=mark-routing chain=output connection-mark=TKOM new-routing-mark=\
    TKOMrm passthrough=yes
add action=mark-routing chain=output connection-mark=MNET1 new-routing-mark=\
    ToMNetVDSL1 passthrough=yes
add action=mark-routing chain=output connection-mark=MNET2 new-routing-mark=\
    ToMNetVDSL2 passthrough=yes
add action=accept chain=prerouting connection-mark=no-mark dst-address=\
    192.168.0.0/16
add action=accept chain=prerouting connection-mark=no-mark dst-address=\
    10.0.0.0/8
add action=jump chain=prerouting connection-mark=no-mark disabled=yes \
    jump-target=ttt src-address=192.168.0.0/16 src-address-list=!Gesamt
add action=add-src-to-address-list address-list=Liste1 address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark connection-rate=500k-200M \
    random=15 src-address=192.168.0.0/16 src-address-list=!Gesamt
add action=add-src-to-address-list address-list=Gesamt address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark src-address=192.168.0.0/16 \
    src-address-list=Liste1
add action=add-src-to-address-list address-list=Liste2 address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark connection-rate=500k-200M \
    random=21 src-address=192.168.0.0/16 src-address-list=!Gesamt
add action=add-src-to-address-list address-list=Gesamt address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark src-address=192.168.0.0/16 \
    src-address-list=Liste2
add action=add-src-to-address-list address-list=Liste3 address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark connection-rate=500k-200M \
    random=23 src-address=192.168.0.0/16 src-address-list=!Gesamt
add action=add-src-to-address-list address-list=Gesamt address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark src-address=192.168.0.0/16 \
    src-address-list=Liste3
add action=add-src-to-address-list address-list=Liste4 address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark connection-rate=500k-200M \
    random=25 src-address=192.168.0.0/16 src-address-list=!Gesamt
add action=add-src-to-address-list address-list=Gesamt address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark src-address=192.168.0.0/16 \
    src-address-list=Liste4
add action=add-src-to-address-list address-list=Liste5 address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark connection-rate=500k-200M \
    random=6 src-address=192.168.0.0/16 src-address-list=!Gesamt
add action=add-src-to-address-list address-list=Gesamt address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark src-address=192.168.0.0/16 \
    src-address-list=Liste5
add action=mark-routing chain=prerouting new-routing-mark=ToMNetVDSL1 \
    passthrough=yes src-address=192.168.0.0/16 src-address-list=Liste1
add action=mark-routing chain=prerouting new-routing-mark=ToMNetVDSL2 \
    passthrough=yes src-address=192.168.0.0/16 src-address-list=Liste2
add action=mark-routing chain=prerouting new-routing-mark=ToKabeld \
    passthrough=yes src-address=192.168.0.0/16 src-address-list=Liste3
add action=mark-routing chain=prerouting new-routing-mark=ToEntertain \
    passthrough=yes src-address=192.168.0.0/16 src-address-list=Liste4
add action=mark-routing chain=prerouting new-routing-mark=TKOMrm passthrough=\
    yes src-address=192.168.0.0/16 src-address-list=Liste5
add action=mark-routing chain=prerouting new-routing-mark=ToMNetVDSL1 \
    passthrough=yes src-address=10.0.0.0/8 src-address-list=ListePrivat
add action=mark-routing chain=prerouting connection-mark=no-mark disabled=yes \
    new-routing-mark=TKOMrm passthrough=yes src-address=192.168.157.0/24
add action=mark-routing chain=prerouting connection-mark=MNET disabled=yes \
    new-routing-mark=ToMNetVDSL passthrough=yes
add action=mark-routing chain=prerouting disabled=yes hotspot=!auth \
    new-routing-mark=main passthrough=no

my COMPLETE Setup
Code: Select all
# sep/13/2022 10:25:41 by RouterOS 7.5
# software id = 00X4-I7Y2
#
# model = CCR1009-8G-1S-1S+
# serial number = 5A1804B95DCC
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=XX frequency=\
    2412 name=2GHz1
add band=2ghz-g/n control-channel-width=20mhz extension-channel=XX frequency=\
    2437 name=2GHz6
add band=2ghz-g/n control-channel-width=20mhz extension-channel=XX frequency=\
    2462 name=2GHz11
add band=5ghz-onlyac control-channel-width=20mhz name=5GHz reselect-interval=\
    5h skip-dfs-channels=no
/interface pptp-client
add connect-to=88.217.185.150 disabled=no mrru=1600 name=C118 user=ema
add connect-to=217.7.253.232 disabled=no name=WW32_to user=emaneu
/interface pptp-server
add name=IN_PPTP user=""
/interface bridge
add fast-forward=no name=BRG10_200
add add-dhcp-option82=yes dhcp-snooping=yes fast-forward=no name=BRG_FENDT
add add-dhcp-option82=yes dhcp-snooping=yes fast-forward=no name=BRG_Student
add add-dhcp-option82=yes dhcp-snooping=yes name=Test
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1588 name=ETH01_Zuleitung speed=\
    100Mbps
set [ find default-name=ether2 ] l2mtu=1588 name=ETH02_Zyxel_neu speed=\
    100Mbps
set [ find default-name=ether3 ] l2mtu=1588 name=ETH03_Videoueberwachung \
    speed=100Mbps
set [ find default-name=ether4 ] disabled=yes l2mtu=1588 name=\
    ETH04_100MBit_toMNET_VDSL1 speed=100Mbps
set [ find default-name=ether5 ] disabled=yes l2mtu=1590 name=\
    ETH05_100MBit_toMNET_VDSL2 speed=100Mbps
set [ find default-name=ether6 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full l2mtu=1590 \
    name=ETH06_2500MBit_toTK_2020/05_Phys speed=100Mbps
set [ find default-name=ether7 ] advertise=\
    10M-full,100M-full,1000M-half,1000M-full full-duplex=no l2mtu=1590 name=\
    ETH07_VDSL300_1 speed=100Mbps
set [ find default-name=ether8 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full l2mtu=1590 \
    name=ETH08_VDSL300_2 speed=100Mbps
set [ find default-name=sfp1 ] advertise=10M-full,100M-full,1000M-full l2mtu=\
    1590
set [ find default-name=sfp-sfpplus1 ] advertise=\
    10M-full,100M-full,1000M-full l2mtu=1590 name=sfpplus-to-mainswitch
/interface sstp-server
add name=IN_STP user=""
/interface eoip
add allow-fast-path=no arp=proxy-arp disabled=yes local-address=10.0.1.1 \
    mac-address=02:55:F2:89:68:95 name=eoip-WW32 remote-address=192.168.1.1 \
    tunnel-id=0
/interface vlan
add interface=ETH06_2500MBit_toTK_2020/05_Phys name=\
    "E6V7_Modem_Telekom 175_2020/05" vlan-id=7
add interface=ETH01_Zuleitung name=VLAN1V1 vlan-id=1
add interface=ETH01_Zuleitung name=VLAN1V2_Fendt vlan-id=2
add interface=ETH01_Zuleitung name=VLAN1V4_Student2 vlan-id=4
add interface=ETH01_Zuleitung name=VLAN1V5_Student3 vlan-id=5
add interface=ETH01_Zuleitung name=VLAN1V99 vlan-id=99
add interface=sfpplus-to-mainswitch name=VLAN1_SFP_Student vlan-id=1
add interface=ETH02_Zyxel_neu name=VLAN2V1_StudentMain vlan-id=1
add interface=ETH02_Zyxel_neu name=VLAN2V2_Fendt_Main vlan-id=2
add interface=ETH02_Zyxel_neu name=VLAN2V99_Test vlan-id=99
add interface=sfpplus-to-mainswitch name=VLAN2_FendtSFP vlan-id=2
add interface=ETH07_VDSL300_1 name=VLAN_40_7 vlan-id=40
add interface=ETH08_VDSL300_2 name=VLAN_40_8 vlan-id=40
add interface=sfpplus-to-mainswitch name=vlan99_Service_SFP vlan-id=99
/caps-man datapath
add bridge=BRG_FENDT client-to-client-forwarding=yes local-forwarding=no \
    name=LocalFendt
add bridge=BRG_Student client-to-client-forwarding=yes local-forwarding=no \
    name=VLAN222
add bridge=BRG10_200 name=Bridge
/interface pppoe-client
add add-default-route=yes default-route-distance=4 disabled=no interface=\
    VLAN_40_7 name=MNET_VDSL300_1 use-peer-dns=yes user=\
    XXXXXXXXXXXXXXX
add add-default-route=yes default-route-distance=3 disabled=no interface=\
    VLAN_40_8 name=MNET_VDSL300_2 user=XXXXXXXXXXX
/caps-man rates
add basic=12Mbps ht-basic-mcs="" ht-supported-mcs="" name=rate1 supported=\
    12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps vht-basic-mcs="" \
    vht-supported-mcs=""
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip name=\
    fendtprivat
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip name=\
    student
add authentication-types="" encryption="" name=free
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip name=Bridge
/caps-man configuration
add channel.band=2ghz-onlyn .control-channel-width=20mhz .extension-channel=\
    XX .reselect-interval=6h40m .tx-power=0 country=germany datapath=\
    LocalFendt datapath.bridge=BRG_FENDT .local-forwarding=no max-sta-count=\
    40 mode=ap name=CFG_FENDT rates=rate1 security=fendtprivat ssid=\
    FENDT_2017CAP
add datapath=VLAN222 datapath.bridge=BRG_Student name=Student_1 security=\
    student ssid=STUDENT_SLOW
add datapath=VLAN222 datapath.bridge=BRG_Student name=StudentFree security=\
    free ssid=STUDENT_SLOW_FREE
add channel=5GHz channel.band=5ghz-a/n .reselect-interval=12h10m country=\
    germany datapath=LocalFendt datapath.bridge=BRG_FENDT .local-forwarding=\
    no max-sta-count=30 mode=ap name=CFG_Fendt5GHz security=fendtprivat ssid=\
    FENDT_2017CAP5
add datapath=VLAN222 datapath.bridge=BRG_Student name=Student5free security=\
    free ssid=STUDENT_CAP5_FREE
add datapath=VLAN222 datapath.bridge=BRG_Student name=Student_51 security=\
    student ssid=STUDENT_CAP5
add channel=5GHz channel.reselect-interval=12h40m country=germany datapath=\
    LocalFendt datapath.bridge=BRG_FENDT .local-forwarding=no max-sta-count=\
    90 mode=ap name=CFG_Fendt_AC security=fendtprivat ssid=FENDT_2017CAP5AC
add datapath=VLAN222 datapath.bridge=BRG_Student name=Student5AC_Free \
    security=free ssid=STUDENT_CAP5AC_FREE
add datapath=VLAN222 datapath.bridge=BRG_Student name=Student_5AC security=\
    student ssid=STUDENT_CAP5AC
add datapath=Bridge datapath.bridge=BRG10_200 name=BridgeHof security=\
    fendtprivat ssid=BRG_HOF
add channel=5GHz channel.band=5ghz-onlyac .extension-channel=XX \
    .reselect-interval=20h40m .skip-dfs-channels=yes country=germany \
    datapath=LocalFendt datapath.bridge=BRG_FENDT .local-forwarding=no \
    distance=2 hw-retries=0 max-sta-count=40 mode=ap name=BRG rates=rate1 \
    security=fendtprivat ssid=BRG_FENDT
/interface list
add exclude=dynamic name=discover
add name=wan
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=EMA18_2015
/ip dhcp-server option
add code=66 name=boot value="'10.8.0.10'"
/ip dhcp-server option sets
add name=set1 options=boot
/ip hotspot profile
set [ find default=yes ] radius-interim-update=20m use-radius=yes
add dns-name=hotspot.info hotspot-address=192.168.178.1 http-cookie-lifetime=\
    5d login-by=cookie,http-chap,http-pap,mac-cookie name=WLAN_VLAN222 \
    radius-interim-update=20m radius-location-id=WLANEMA rate-limit=\
    "30k/50k 60k/300k 10k/10k 20/20 8" use-radius=yes
add hotspot-address=192.168.178.1 login-by=cookie,http-chap,https,http-pap \
    name=hsprof1
/ip hotspot user profile
set [ find default=yes ] idle-timeout=2h keepalive-timeout=2h rate-limit=\
    "402k/12M 600k/25M 160k/3M 40/40 8 140k/800k" session-timeout=10h \
    shared-users=4
add idle-timeout=2h keepalive-timeout=2h name=HSP_Kabel_V1 rate-limit=\
    "402k/12M 600k/25M 160k/3M 40/40 8 140k/800k" session-timeout=10h \
    shared-users=4
add idle-timeout=2h keepalive-timeout=2h name=HSP_KabelV4 rate-limit=\
    "402k/12M 600k/25M 160k/3M 40/40 8 140k/800k" session-timeout=10h \
    shared-users=4
add idle-timeout=2h keepalive-timeout=2h name=HSP_KavelV5 rate-limit=\
    "402k/12M 600k/25M 160k/3M 40/40 8 140k/800k" session-timeout=10h \
    shared-users=4
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=10_204 ranges=10.0.204.100-10.0.204.200
add name=STUDENTPPoE ranges=192.168.136.10-192.168.136.254
add name=Fendt ranges=10.0.1.100-10.0.1.254
add name=WLAN_2 ranges=192.168.179.2-192.168.179.254
add name=WLAN_Komplett next-pool=WLAN_2 ranges=192.168.178.2-192.168.178.240
add name=Pool_VLan5 ranges=192.168.139.10-192.168.139.254
add name=Pool_VLan4 ranges=192.168.137.10-192.168.137.254
add name=Pool2_Vlan1 ranges=192.168.133.10-192.168.133.254
add name=pool1 ranges=10.1.1.2-10.1.1.250
/ip dhcp-server
add address-pool=WLAN_Komplett always-broadcast=yes interface=BRG_Student \
    lease-time=4h name=Global_wlan
add address-pool=Fendt authoritative=after-10sec-delay interface=BRG_FENDT \
    lease-time=1w3d name=Fendt
/ip hotspot
add address-pool=WLAN_Komplett disabled=no interface=BRG_Student name=\
    hotspot1 profile=WLAN_VLAN222
/ip pool
add name=Pool_VLAN1 next-pool=Pool2_Vlan1 ranges=\
    192.168.138.10-192.168.138.254
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
add change-tcp-mss=yes name=DSL_PPPoE
add change-tcp-mss=yes name=TelekomVDSLProfil
add bridge=BRG10_200 name=PROF_10_200
add change-tcp-mss=yes dns-server=192.168.136.1,8.8.8.8 local-address=\
    192.168.136.1 name=Profil_PPoE_STUDENT remote-address=STUDENTPPoE \
    session-timeout=22h use-encryption=yes
add dns-server=192.168.138.1,8.8.8.8 local-address=192.168.138.1 name=\
    HOTSPOTIN only-one=no rate-limit=\
    "399k/12M 600k/25M 160k/3M 40/40 8 140k/800k" remote-address=Pool_VLAN1
add bridge=BRG10_200 change-tcp-mss=yes name=UNVERSCHL-10-200 \
    use-compression=no use-encryption=no use-mpls=yes
add change-tcp-mss=yes dns-server=8.8.8.8 local-address=192.168.138.1 name=\
    test remote-address=Pool_VLAN1 use-encryption=yes
/interface pptp-client
add connect-to=176.10.119.57 disabled=no name=Schweiz profile=default user=\
    emanuel
/interface pppoe-client
add add-default-route=yes default-route-distance=2 interface=\
    "E6V7_Modem_Telekom 175_2020/05" keepalive-timeout=60 max-mru=1480 \
    max-mtu=1480 mrru=1600 name=ALTBussines profile=TelekomVDSLProfil user=\
    feste-ip2/XXXXXXXXX@XXXXXXXX.de
add add-default-route=yes disabled=no interface=\
    "E6V7_Modem_Telekom 175_2020/05" keepalive-timeout=60 max-mru=1480 \
    max-mtu=1480 mrru=1600 name=VDSL175_1566_Telekom profile=\
    TelekomVDSLProfil user=XXXXXXXXXXXXX@t-online.de
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=no instance=default-v2 name=backbone-v2
/routing table
add disabled=no fib name=ToMNetVDSL1
add fib name=ToKabeld
add fib name=ToEntertain
add fib name=ToMNetVDSL2
add fib name=TKOMrm
add fib name=ToMNetVDSL
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
set 1 disk-file-name=""
set 3 remote=192.168.1.20
/caps-man aaa
set interim-update=20h
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes package-path=/pub \
    upgrade-policy=suggest-same-version
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=\
    BRG name-format=prefix-identity name-prefix=BRG5AC_ radio-mac=\
    D4:CA:6D:C6:18:4B slave-configurations=Student5AC_Free,Student_5AC
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
    CFG_FENDT name-format=prefix-identity name-prefix=2GHZ radio-mac=\
    00:0C:42:66:30:16 slave-configurations=Student_1,StudentFree
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=\
    CFG_Fendt_AC name-format=prefix-identity name-prefix=5AC_ \
    slave-configurations=Student_5AC,Student5AC_Free
add action=create-dynamic-enabled hw-supported-modes=an master-configuration=\
    CFG_Fendt5GHz name-format=prefix-identity name-prefix=5GHZ \
    slave-configurations=Student_51,Student5free
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
    CFG_FENDT name-format=prefix-identity name-prefix=2GHZ \
    slave-configurations=Student_1,StudentFree
add action=create-dynamic-enabled master-configuration=CFG_FENDT name-format=\
    prefix-identity name-prefix=XXx slave-configurations=\
    Student_1,StudentFree
/interface bridge port
add bridge=BRG_FENDT disabled=yes ingress-filtering=no interface=\
    ETH03_Videoueberwachung
add bridge=BRG_FENDT ingress-filtering=no interface=VLAN1V2_Fendt trusted=yes
add bridge=BRG_FENDT ingress-filtering=no interface=VLAN2V2_Fendt_Main \
    trusted=yes
add bridge=Test ingress-filtering=no interface=VLAN2V99_Test trusted=yes
add bridge=Test ingress-filtering=no interface=VLAN1V99 trusted=yes
add bridge=BRG_Student ingress-filtering=no interface=VLAN2V1_StudentMain \
    trusted=yes
add bridge=BRG_Student ingress-filtering=no interface=VLAN1V1 trusted=yes
add bridge=BRG_FENDT ingress-filtering=no interface=VLAN2_FendtSFP trusted=\
    yes
add bridge=BRG_Student ingress-filtering=no interface=VLAN1_SFP_Student \
    trusted=yes
add bridge=BRG_FENDT disabled=yes ingress-filtering=no interface=\
    sfpplus-to-mainswitch trusted=yes
/ip firewall connection tracking
set enabled=yes generic-timeout=2h icmp-timeout=13s udp-stream-timeout=6m \
    udp-timeout=30s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=1024
/interface list member
add interface=sfpplus-to-mainswitch list=discover
add interface=sfp1 list=discover
add interface=ETH01_Zuleitung list=discover
add interface=ETH02_Zyxel_neu list=discover
add interface=ETH03_Videoueberwachung list=discover
add interface=ETH04_100MBit_toMNET_VDSL1 list=discover
add interface=ETH05_100MBit_toMNET_VDSL2 list=discover
add interface=ETH06_2500MBit_toTK_2020/05_Phys list=discover
add interface=ETH07_VDSL300_1 list=discover
add interface=ETH08_VDSL300_2 list=discover
add interface=BRG10_200 list=discover
add interface=BRG_FENDT list=discover
add interface=BRG_Student list=discover
add interface=IN_STP list=discover
add interface=IN_PPTP list=discover
add interface="E6V7_Modem_Telekom 175_2020/05" list=discover
add interface=*12 list=discover
add interface=*13 list=discover
add interface=VLAN1V1 list=discover
add interface=*15 list=discover
add interface=*1A list=discover
add interface=VDSL175_1566_Telekom list=discover
add interface=*1C list=discover
add interface=*1D list=discover
add interface=WW32_to list=discover
add interface=Schweiz list=discover
add interface=C118 list=discover
add interface=ALTBussines list=discover
/interface ovpn-server server
set auth=sha1,md5 certificate=CAPsMAN-CA-9A2E04FDC6DC default-profile=\
    default-encryption
/interface pppoe-server server
add authentication=pap,chap default-profile=Profil_PPoE_STUDENT disabled=no \
    interface=BRG_Student max-mru=1480 max-mtu=1480 service-name=PPPoE_V1
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set authentication=pap,chap default-profile=PROF_10_200 enabled=yes max-mru=\
    1460 max-mtu=1460
/interface sstp-server server
set default-profile=PROF_10_200 enabled=yes
/ip address
add address=10.0.1.1/24 interface=BRG_FENDT network=10.0.1.0
add address=192.168.178.1/24 interface=BRG_Student network=192.168.178.0
add address=192.168.179.1/24 interface=BRG_Student network=192.168.179.0
add address=192.168.138.1/24 interface=VLAN1V1 network=192.168.138.0
add address=192.168.136.1/24 disabled=yes interface=BRG_Student network=\
    192.168.136.0
add address=192.168.137.1/24 interface=VLAN1V4_Student2 network=192.168.137.0
add address=192.168.139.1/24 interface=VLAN1V5_Student3 network=192.168.139.0
add address=192.168.133.1/24 interface=VLAN1V1 network=192.168.133.0
add address=192.168.99.1/24 interface=Test network=192.168.99.0
add address=192.168.1.9/24 disabled=yes interface=ETH01_Zuleitung network=\
    192.168.1.0
add address=192.168.99.91/24 interface=vlan99_Service_SFP network=\
    192.168.99.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add disabled=yes interface=ETH01_Zuleitung
add default-route-distance=2 disabled=yes interface=ETH07_VDSL300_1
add default-route-distance=10 disabled=yes interface=\
    ETH04_100MBit_toMNET_VDSL1
add default-route-distance=88 disabled=yes interface=\
    ETH04_100MBit_toMNET_VDSL1
/ip dhcp-server alert
add disabled=no interface=BRG_FENDT
add disabled=no interface=BRG_Student
/ip dhcp-server lease
add address=10.0.1.53 client-id=1:0:b:82:48:cf:59 mac-address=\
    00:0B:82:48:CF:59 server=Fendt
add address=10.0.1.44 client-id=1:d4:ca:6d:25:f2:7c mac-address=\
    D4:CA:6D:25:F2:7C server=Fendt
add address=10.0.1.50 client-id=1:d4:ca:6d:c6:18:4a mac-address=\
    D4:CA:6D:C6:18:4A server=Fendt
add address=10.0.1.45 client-id=1:6c:3b:6b:7e:0:bc mac-address=\
    6C:3B:6B:7E:00:BC server=Fendt
add address=10.0.1.47 client-id=1:e4:8d:8c:72:b4:58 mac-address=\
    E4:8D:8C:72:B4:58 server=Fendt
add address=10.0.1.46 client-id=1:64:d1:54:4f:11:b5 mac-address=\
    64:D1:54:4F:11:B5 server=Fendt
add address=10.0.1.62 client-id=1:6c:3b:6b:87:87:80 mac-address=\
    6C:3B:6B:87:87:80 server=Fendt
add address=10.0.1.104 client-id=1:74:ac:b9:d8:52:5d mac-address=\
    74:AC:B9:D8:52:5D server=Fendt
add address=10.0.1.105 client-id=1:b4:fb:e4:9f:dc:2c mac-address=\
    B4:FB:E4:9F:DC:2C server=Fendt
add address=10.0.1.102 client-id=1:18:e8:29:8:40:c9 mac-address=\
    18:E8:29:08:40:C9 server=Fendt
add address=10.0.1.103 client-id=1:e0:63:da:1:26:ac mac-address=\
    E0:63:DA:01:26:AC server=Fendt
add address=10.0.1.113 client-id=1:70:b3:d5:dc:84:f2 mac-address=\
    70:B3:D5:DC:84:F2 server=Fendt
add address=10.0.1.122 client-id=1:b8:69:f4:2:9c:28 mac-address=\
    B8:69:F4:02:9C:28 server=Fendt
add address=10.0.1.131 client-id=1:b4:fb:e4:9f:d9:2c mac-address=\
    B4:FB:E4:9F:D9:2C server=Fendt
add address=10.0.1.116 client-id=1:e0:63:da:1:28:63 mac-address=\
    E0:63:DA:01:28:63 server=Fendt
add address=10.0.1.117 client-id=1:c:11:5:11:1e:cc mac-address=\
    0C:11:05:11:1E:CC server=Fendt
add address=10.0.1.118 client-id=1:c:11:5:f:a0:a7 mac-address=\
    0C:11:05:0F:A0:A7 server=Fendt
add address=10.0.1.141 client-id=1:64:d1:54:4f:10:1d mac-address=\
    64:D1:54:4F:10:1D server=Fendt
add address=10.0.1.110 client-id=1:e8:37:7a:9f:9b:7c mac-address=\
    E8:37:7A:9F:9B:7C server=Fendt
add address=10.0.1.139 mac-address=3C:61:05:F0:5A:CD server=Fendt
add address=10.0.1.142 mac-address=34:AB:95:1C:0F:5E server=Fendt
add address=10.0.1.25 client-id=1:b8:ec:a3:ab:dc:f8 mac-address=\
    B8:EC:A3:AB:DC:F8 server=Fendt
add address=10.0.1.150 client-id=1:70:b3:d5:dc:84:f5 mac-address=\
    70:B3:D5:DC:84:F5 server=Fendt
/ip dhcp-server network
add address=10.0.1.0/24 caps-manager=10.0.1.1 dhcp-option=boot \
    dhcp-option-set=set1 dns-server=10.0.1.1,8.8.8.8 gateway=10.0.1.1 \
    ntp-server=10.0.1.1
add address=10.0.204.0/24 dns-server=10.0.204.1 gateway=10.0.204.1 netmask=24
add address=192.168.137.0/24 caps-manager=192.168.137.1 comment=\
    "Kabel und Mikrotik WLAN" dhcp-option=boot dhcp-option-set=set1 \
    dns-server=192.168.137.1 gateway=192.168.137.1 ntp-server=192.168.137.1
add address=192.168.138.0/24 caps-manager=192.168.138.1 dhcp-option=boot \
    dhcp-option-set=set1 dns-server=192.168.138.1 gateway=192.168.138.1 \
    ntp-server=192.168.138.1
add address=192.168.139.0/24 caps-manager=192.168.139.1 dhcp-option=boot \
    dhcp-option-set=set1 dns-server=192.168.139.1 gateway=192.168.139.1 \
    ntp-server=192.168.139.1
add address=192.168.178.0/24 caps-manager=192.168.178.1 comment="UNIFI WLAN" \
    dhcp-option=boot dhcp-option-set=set1 dns-server=\
    192.168.178.1,8.8.8.8,8.8.4.4 gateway=192.168.178.1
add address=192.168.179.0/24 caps-manager=192.168.179.1 dhcp-option=boot \
    dhcp-option-set=set1 dns-server=192.168.179.1,8.8.8.8,8.8.4.4 gateway=\
    192.168.179.1
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=8.8.8.8
/ip dns static
add address=10.8.0.105 name=unifi ttl=1h
add address=192.168.178.1 name=hotspot
add address=10.0.1.1 name=router
add address=10.8.0.2 name=immo-fendt.de
add address=10.8.0.2 name=android.studentenwohnheime-muc.de
add address=10.8.0.10 name=pbx.local
add address=10.8.0.2 name=data.bbasic ttl=1h
add address=10.8.0.2 name=sql.bbasic ttl=1h
add address=10.8.0.10 name=telefon.bbasic ttl=1h
add address=192.168.178.1 name=hotspot.info
/ip firewall address-list
add address=10.0.1.0/24 list=ListePrivat
add address=10.0.0.0/8 list=DNSOK
add address=192.168.0.0/16 list=DNSOK
add address=8.8.8.8 list=DNSOK
add address=192.168.0.0/16 list=DNS
add address=10.0.0.0/8 list=DNS
add address=10.7.1.120 list=DNS
add address=192.168.0.0/16 list=SIP
add address=10.0.0.0/8 list=SIP
add address=217.10.79.9 list=SIP
add address=80.237.128.10 list=DNS
add address=10.0.0.0/8 list=Intern
add address=192.168.1.0/24 list=Intern
add address=217.10.68.0/24 list=SIP
add address=proxy.live.sipgate.de list=SIP
add address=sipgate.de list=SIP
add address=217.7.253.232 list=SIP
add address=217.7.253.232 list=DNS
add address=sipconnect.sipgate.de list=SIP
add address=217.7.253.232 list=Intern
add address=192.168.0.0/16 list=Intern
/ip firewall filter
add action=accept chain=forward dst-address=10.0.0.0/8 src-address=10.0.0.0/8
add action=accept chain=input dst-address=10.0.0.0/8 src-address=10.0.0.0/8
add action=accept chain=forward dst-address=192.168.0.0/16 src-address=\
    10.0.0.0/8
add action=accept chain=input dst-address=192.168.0.0/16 src-address=\
    10.0.0.0/8
add action=tarpit chain=input disabled=yes dst-port=80,21 protocol=tcp \
    src-address-list=!Intern
add action=accept chain=input dst-port=53 protocol=udp src-address-list=DNSOK
add action=accept chain=input dst-port=53 protocol=tcp src-address-list=DNSOK
add action=reject chain=input dst-port=53 protocol=udp reject-with=\
    icmp-admin-prohibited src-address-list=!DNSOK
add action=reject chain=input dst-port=53 protocol=tcp reject-with=\
    icmp-admin-prohibited src-address-list=!DNSOK
add action=accept chain=input disabled=yes dst-address=192.168.0.0/16 \
    src-address=192.168.0.0/16
add action=accept chain=output disabled=yes dst-address=192.168.0.0/16 \
    src-address=192.168.0.0/16
add action=accept chain=forward src-address=10.0.0.0/8
add action=accept chain=forward dst-address=10.0.0.0/8
add action=accept chain=input src-address=10.0.0.0/8
add action=accept chain=input dst-address=10.0.0.0/8
add action=accept chain=output src-address=10.0.0.0/8
add action=accept chain=output dst-address=10.0.0.0/8
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=accept chain=forward dst-address=192.168.0.0/16 src-address=\
    192.168.0.0/16
add action=accept chain=forward dst-address=10.0.0.0/8 src-address=\
    192.168.0.0/16
add action=accept chain=input dst-address=10.0.0.0/8 src-address=\
    192.168.0.0/16
add action=accept chain=input protocol=icmp
add action=drop chain=input dst-port=161-162 protocol=udp src-address-list=\
    !Intern
add action=accept chain=forward
add action=accept chain=input dst-port=53 protocol=udp
add action=accept chain=input dst-port=53 protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state="" dst-port=22 \
    protocol=tcp src-address-list=!Intern
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=15m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=15m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=15m chain=input connection-state=new dst-port=22 \
    protocol=tcp
add action=drop chain=input dst-port=53 protocol=tcp src-address-list=!DNSOK
add action=drop chain=input dst-port=53 protocol=udp src-address-list=!DNSOK
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes \
    protocol=tcp tcp-flags=syn
add action=change-mss chain=forward in-interface=all-ppp new-mss=1410 \
    passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1411-65535
add action=change-mss chain=forward new-mss=1410 out-interface=all-ppp \
    passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1411-65535
add action=mark-connection chain=input connection-mark=no-mark in-interface=\
    MNET_VDSL300_1 log-prefix=Test new-connection-mark=MNET1 passthrough=no
add action=mark-connection chain=input connection-mark=no-mark in-interface=\
    VDSL175_1566_Telekom log-prefix=Test new-connection-mark=TKOM \
    passthrough=no
add action=mark-connection chain=input connection-mark=no-mark in-interface=\
    MNET_VDSL300_2 log-prefix=Test new-connection-mark=MNET2 passthrough=no
add action=mark-routing chain=output connection-mark=TKOM new-routing-mark=\
    TKOMrm passthrough=yes
add action=mark-routing chain=output connection-mark=MNET1 new-routing-mark=\
    ToMNetVDSL1 passthrough=yes
add action=mark-routing chain=output connection-mark=MNET2 new-routing-mark=\
    ToMNetVDSL2 passthrough=yes
add action=accept chain=prerouting connection-mark=no-mark dst-address=\
    192.168.0.0/16
add action=accept chain=prerouting connection-mark=no-mark dst-address=\
    10.0.0.0/8
add action=jump chain=prerouting connection-mark=no-mark disabled=yes \
    jump-target=ttt src-address=192.168.0.0/16 src-address-list=!Gesamt
add action=add-src-to-address-list address-list=Liste1 address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark connection-rate=500k-200M \
    random=15 src-address=192.168.0.0/16 src-address-list=!Gesamt
add action=add-src-to-address-list address-list=Gesamt address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark src-address=192.168.0.0/16 \
    src-address-list=Liste1
add action=add-src-to-address-list address-list=Liste2 address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark connection-rate=500k-200M \
    random=21 src-address=192.168.0.0/16 src-address-list=!Gesamt
add action=add-src-to-address-list address-list=Gesamt address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark src-address=192.168.0.0/16 \
    src-address-list=Liste2
add action=add-src-to-address-list address-list=Liste3 address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark connection-rate=500k-200M \
    random=23 src-address=192.168.0.0/16 src-address-list=!Gesamt
add action=add-src-to-address-list address-list=Gesamt address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark src-address=192.168.0.0/16 \
    src-address-list=Liste3
add action=add-src-to-address-list address-list=Liste4 address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark connection-rate=500k-200M \
    random=25 src-address=192.168.0.0/16 src-address-list=!Gesamt
add action=add-src-to-address-list address-list=Gesamt address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark src-address=192.168.0.0/16 \
    src-address-list=Liste4
add action=add-src-to-address-list address-list=Liste5 address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark connection-rate=500k-200M \
    random=6 src-address=192.168.0.0/16 src-address-list=!Gesamt
add action=add-src-to-address-list address-list=Gesamt address-list-timeout=\
    14h chain=prerouting connection-mark=no-mark src-address=192.168.0.0/16 \
    src-address-list=Liste5
add action=mark-routing chain=prerouting new-routing-mark=ToMNetVDSL1 \
    passthrough=yes src-address=192.168.0.0/16 src-address-list=Liste1
add action=mark-routing chain=prerouting new-routing-mark=ToMNetVDSL2 \
    passthrough=yes src-address=192.168.0.0/16 src-address-list=Liste2
add action=mark-routing chain=prerouting new-routing-mark=ToKabeld \
    passthrough=yes src-address=192.168.0.0/16 src-address-list=Liste3
add action=mark-routing chain=prerouting new-routing-mark=ToEntertain \
    passthrough=yes src-address=192.168.0.0/16 src-address-list=Liste4
add action=mark-routing chain=prerouting new-routing-mark=TKOMrm passthrough=\
    yes src-address=192.168.0.0/16 src-address-list=Liste5
add action=mark-routing chain=prerouting new-routing-mark=ToMNetVDSL1 \
    passthrough=yes src-address=10.0.0.0/8 src-address-list=ListePrivat
add action=mark-routing chain=prerouting connection-mark=no-mark disabled=yes \
    new-routing-mark=TKOMrm passthrough=yes src-address=192.168.157.0/24
add action=mark-routing chain=prerouting connection-mark=MNET disabled=yes \
    new-routing-mark=ToMNetVDSL passthrough=yes
add action=mark-routing chain=prerouting disabled=yes hotspot=!auth \
    new-routing-mark=main passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes dst-address=10.0.1.1 \
    protocol=tcp
add action=dst-nat chain=dstnat disabled=yes dst-address=10.0.1.1 dst-port=\
    888 protocol=tcp src-address=192.168.1.41 to-addresses=192.168.99.3 \
    to-ports=23
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=dst-nat chain=dstnat dst-port=53 protocol=udp to-addresses=\
    10.0.1.1
add action=accept chain=srcnat dst-address=10.0.0.0/8 src-address=10.0.0.0/8
add action=accept chain=srcnat dst-address=192.168.0.0/16 src-address=\
    10.0.0.0/8
add action=accept chain=srcnat dst-address=10.0.0.0/8 src-address=\
    192.168.0.0/16
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=accept chain=srcnat dst-address=10.0.3.0/24 src-address=\
    10.0.200.0/24
add action=masquerade chain=srcnat src-address=192.168.136.0/24
add action=masquerade chain=srcnat src-address=192.168.133.0/24
add action=masquerade chain=srcnat src-address=192.168.138.0/24
add action=masquerade chain=srcnat src-address=192.168.137.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.178.0/24 to-addresses=0.0.0.0
add action=masquerade chain=srcnat src-address=192.168.179.0/24 to-addresses=\
    0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.138.0/24
add action=dst-nat chain=dstnat disabled=yes dst-address=10.0.1.1 dst-port=81 \
    protocol=tcp src-address=192.168.1.41 to-addresses=192.168.99.4 to-ports=\
    80
add action=masquerade chain=srcnat out-interface=MNET_VDSL300_1
add action=masquerade chain=srcnat out-interface=VDSL175_1566_Telekom
add action=masquerade chain=srcnat out-interface=MNET_VDSL300_2
add action=masquerade chain=srcnat
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.178.0/24
/ip firewall service-port
set pptp ports=1723
/ip hotspot user
add name=admin
/ip hotspot walled-garden
add comment="place hotspot rules here" disabled=yes
add dst-host=support.bbasic.de dst-port=7615
add dst-host=www.studentenwohnheime-muc.de
add dst-host=studentenwohnheime-muc.de
/ip hotspot walled-garden ip
add action=accept disabled=no dst-address=8.8.8.8
add action=accept disabled=no dst-address=192.168.138.0/24
add action=accept disabled=no dst-address=192.168.179.0/24
add action=accept disabled=no dst-address=192.168.137.0/24
add action=accept disabled=no dst-address=192.168.139.0/24
add action=accept disabled=no dst-address=192.168.136.0/24 !dst-port \
    !protocol !src-address
add action=accept disabled=no dst-address=192.168.133.0/24 !dst-port \
    !protocol !src-address
add action=accept disabled=no dst-address=10.7.1.10 !dst-port !protocol \
    !src-address
/ip route
add disabled=no distance=4 dst-address=192.168.0.0/16 gateway=Schweiz
add check-gateway=ping disabled=yes distance=6 dst-address=10.0.0.0/8 \
    gateway=192.168.1.1 scope=10 target-scope=11
add check-gateway=ping disabled=no distance=5 dst-address=10.0.0.0/8 gateway=\
    10.0.202.1 scope=10 target-scope=11
add check-gateway=ping disabled=no distance=5 dst-address=192.168.1.0/24 \
    gateway=10.0.202.1 scope=10 target-scope=11
add disabled=no dst-address=10.0.1.0/24 gateway=BRG_FENDT
add disabled=no distance=2 dst-address=10.0.2.0/24 gateway=Schweiz
add disabled=no distance=2 dst-address=10.0.6.0/24 gateway=Schweiz
add disabled=no distance=2 dst-address=10.0.9.0/24 gateway=Schweiz
add disabled=no distance=4 dst-address=0.0.0.0/0 gateway=MNET_VDSL300_2 \
    pref-src=0.0.0.0 routing-table=TKOMrm scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=MNET_VDSL300_1 \
    pref-src=0.0.0.0 routing-table=ToMNetVDSL2 scope=30 suppress-hw-offload=\
    no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=MNET_VDSL300_2 \
    pref-src=0.0.0.0 routing-table=ToMNetVDSL2 scope=30 suppress-hw-offload=\
    no target-scope=10
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=MNET_VDSL300_2 \
    pref-src=0.0.0.0 routing-table=ToMNetVDSL1 scope=30 suppress-hw-offload=\
    no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=VDSL175_1566_Telekom \
    pref-src=0.0.0.0 routing-table=TKOMrm scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=MNET_VDSL300_1 \
    pref-src=0.0.0.0 routing-table=TKOMrm scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=MNET_VDSL300_1 \
    pref-src=0.0.0.0 routing-table=ToEntertain scope=30 suppress-hw-offload=\
    no target-scope=10
add disabled=no distance=4 dst-address=0.0.0.0/0 gateway=VDSL175_1566_Telekom \
    pref-src=0.0.0.0 routing-table=ToMNetVDSL2 scope=30 suppress-hw-offload=\
    no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=MNET_VDSL300_2 \
    routing-table=ToKabeld suppress-hw-offload=no
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=MNET_VDSL300_1 \
    pref-src=0.0.0.0 routing-table=ToKabeld scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=MNET_VDSL300_1 \
    pref-src=0.0.0.0 routing-table=ToMNetVDSL1 scope=30 suppress-hw-offload=\
    no target-scope=10
add disabled=no distance=6 dst-address=0.0.0.0/0 gateway=VDSL175_1566_Telekom \
    pref-src=0.0.0.0 routing-table=ToMNetVDSL1 scope=30 suppress-hw-offload=\
    no target-scope=10
add disabled=no dst-address=10.0.0.0/8 gateway=Schweiz routing-table=main \
    suppress-hw-offload=no
add disabled=no distance=1 dst-address=10.8.0.0/16 gateway=WW32_to \
    routing-table=main suppress-hw-offload=no
add disabled=no distance=1 dst-address=10.5.0.0/16 gateway=C118 \
    routing-table=main suppress-hw-offload=no
add disabled=no distance=2 dst-address=10.5.0.0/16 gateway=Schweiz pref-src=\
    0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=\
    10
add disabled=no distance=4 dst-address=10.5.0.0/16 gateway=WW32_to pref-src=\
    0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=\
    10
add disabled=no distance=1 dst-address=10.7.0.0/16 gateway=Schweiz \
    routing-table=main suppress-hw-offload=no
add disabled=no distance=5 dst-address=10.7.0.0/16 gateway=WW32_to pref-src=\
    0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=\
    10
add disabled=no distance=5 dst-address=10.8.0.0/16 gateway=Schweiz \
    routing-table=main suppress-hw-offload=no
add disabled=no distance=6 dst-address=10.8.0.0/16 gateway=C118 pref-src=\
    0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=\
    10
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=MNET_VDSL300_2 \
    pref-src=0.0.0.0 routing-table=ToEntertain scope=30 suppress-hw-offload=\
    no target-scope=10
add disabled=no distance=1 dst-address=192.168.178.0/24 gateway=BRG_Student \
    routing-table=ToMNetVDSL1 scope=10 suppress-hw-offload=no
add disabled=no distance=1 dst-address=192.168.178.0/24 gateway=BRG_Student \
    pref-src=0.0.0.0 routing-table=ToMNetVDSL2 scope=10 suppress-hw-offload=\
    no target-scope=10
add disabled=no distance=1 dst-address=192.168.178.0/24 gateway=BRG_Student \
    pref-src=0.0.0.0 routing-table=TKOMrm scope=10 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=1 dst-address=192.168.178.0/24 gateway=BRG_Student \
    pref-src=0.0.0.0 routing-table=ToMNetVDSL scope=10 suppress-hw-offload=no \
    target-scope=10
/ip service
set telnet disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ppp aaa
set interim-update=1m use-circuit-id-in-nas-port-id=yes use-radius=yes
/ppp secret
add local-address=10.0.200.1 name=C118 profile=PROF_10_200 remote-address=\
    10.0.200.3
add disabled=yes local-address=10.0.200.1 name=haag profile=PROF_10_200 \
    remote-address=10.0.200.6 routes=10.0.11.0/24
add local-address=10.0.200.1 name=Gabel profile=PROF_10_200 remote-address=\
    10.0.200.7 routes=10.0.2.0/24
add local-address=10.0.200.1 name=WW32 profile=PROF_10_200 remote-address=\
    10.0.200.10 routes=192.168.1.0/24
add disabled=yes local-address=10.0.200.1 name=g91_rb2011_1 profile=\
    PROF_10_200 remote-address=10.0.200.5 routes=10.0.2.0/24
add local-address=10.0.200.1 name=ufrb2011 profile=PROF_10_200 \
    remote-address=10.0.200.8 routes=10.0.3.0/24
add disabled=yes local-address=10.0.200.1 name=pftp_tutzing profile=\
    PROF_10_200 remote-address=10.0.200.9 routes=192.168.82.0/24
add disabled=yes local-address=10.0.200.1 name=paehl profile=PROF_10_200 \
    remote-address=10.0.200.11 routes=192.168.9.0/24
add local-address=10.0.200.1 name=C127 profile=PROF_10_200 remote-address=\
    10.0.200.13 routes=10.0.6.0/24
add disabled=yes local-address=10.0.200.1 name=GautingServer profile=\
    PROF_10_200 remote-address=10.0.200.15
add disabled=yes local-address=10.0.200.1 name=contabo1 profile=PROF_10_200 \
    remote-address=10.0.200.16
add local-address=10.0.200.1 name=dresden profile=PROF_10_200 remote-address=\
    10.0.200.17
add local-address=10.0.200.1 name=pontre profile=PROF_10_200 remote-address=\
    10.0.200.18
add local-address=10.0.200.1 name=Margot profile=PROF_10_200 remote-address=\
    10.0.200.15 routes=10.0.9.0/24
/radius
add address=10.8.0.2 realm=STUDENT service=ppp,hotspot,wireless src-address=\
    10.0.1.1 timeout=1s500ms
add address=10.8.0.82 realm=STUDENT service=ppp,hotspot,wireless src-address=\
    10.0.1.1 timeout=1s500ms
add address=10.8.0.30 realm=STUDENT service=ppp,hotspot,wireless src-address=\
    10.0.1.1 timeout=1s500ms
add address=10.0.9.98 realm=STUDENT service=ppp,hotspot,wireless src-address=\
    10.0.1.1 timeout=1s500ms
/radius incoming
set accept=yes
/routing ospf interface-template
add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=\
    BRG_FENDT networks=10.0.1.0/24 priority=1
/routing rule
add action=lookup disabled=no routing-mark=TKOMrm table=TKOMrm
add action=lookup disabled=no dst-address=0.0.0.0/0 routing-mark=ToMNetVDSL1 \
    table=ToMNetVDSL1
add action=lookup disabled=no dst-address=0.0.0.0/0 routing-mark=ToMNetVDSL2 \
    table=ToMNetVDSL2
add action=lookup disabled=no routing-mark=ToEntertain table=ToEntertain
add action=lookup disabled=no routing-mark=ToMNetVDSL table=ToMNetVDSL
add action=lookup disabled=no routing-mark=ToKabeld table=ToKabeld
add action=lookup-only-in-table disabled=no dst-address=192.168.0.0/16 table=\
    main
/snmp
set enabled=yes location=EMA_Keller_Schaltschrank
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=EManuel
/system leds
set 0 interface=sfpplus-to-mainswitch
set 1 interface=sfpplus-to-mainswitch
set 2 interface=sfp1
/system logging
add topics=hotspot
add disabled=yes topics=firewall
add disabled=yes topics=caps
add disabled=yes topics=ppp
add disabled=yes topics=bridge
add action=remote topics=error
add action=remote topics=warning
add action=remote topics=critical
/system ntp client
set enabled=yes
/system ntp client servers
add address=162.159.200.1
add address=84.16.73.33
/system scheduler
add interval=1w name=sched_backup on-event=backup policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    feb/17/2012 start-time=19:13:49
add disabled=yes interval=2h name=UpdateIPs on-event=\
    "/system script run updateIP" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    feb/17/2012 start-time=19:19:00
add disabled=yes interval=1d name=Reboot on-event=reboot policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    oct/01/2012 start-time=04:42:42
add interval=30m name=a on-event=ip policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
/system script
add dont-require-permissions=no name=backup owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="/export\
    \_file=([/system identity get name] . \"-\" . \\\
    \n[:pick [/system clock get date] 7 11] . [:pick [/system clock get date] \
    0 3] . [:pick [/system clock get date] 4 6]); \\\
    \n/tool e-mail send to=\"backup@XXXXX.de\" subject=([/system identi\
    ty get name] . \" Backup \" . \\\
    \n[/system clock get date]) file=([/system identity get name] . \"-\" . [:\
    pick [/system clock get date] 7 11] . \\\
    \n[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4\
    \_6] . \".rsc\"); :delay 10; \\\
    \n/file rem [/file find name=([/system identity get name] . \"-\" . [:pick\
    \_[/system clock get date] 7 11] . \\\
    \n[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4\
    \_6] . \".rsc\")]; \\\
    \n:log info (\"System Backup emailed at \" . [/sys cl get time] . \" \" . \
    [/sys cl get date])"
add dont-require-permissions=no name=updateIP owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":local \
    edinterface  \"MNET_VDSL2\"\r\
    \n\r\
    \n:local edip [ /ip address get [/ip address find interface=\$edinterface \
    ] address ]\r\
    \n:global previousIP\r\
    \n\r\
    \n\r\
    \n# strip off netmask correctly (MRz)\r\
    \n   :for i from=( [:len \$edip] - 1) to=0 do={ \r\
    \n      :if ( [:pick \$edip \$i] = \"/\") do={ \r\
    \n\t   :set edip [:pick \$edip 0 \$i];\r\
    \n      } \r\
    \n   }\r\
    \n\r\
    \n\r\
    \n# print some debug info\r\
    \n#:log info (\"dyndns-update: IP \$edinterface = \$edip\")\r\
    \n\r\
    \n# get the current IP address from the internet (in case of double-nat)\r\
    \n\r\
    \n /tool fetch url=\"http://www.studentenwohnheime-muc.de/regip.php\?id=51\
    &ip=\$edip\" mode=http dst-path=\"ip1\"\r\
    \n\r\
    \n\r\
    \n"
add dont-require-permissions=no name=reboot owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source=\
    "/system reboot"
add dont-require-permissions=no name=ip owner=admin policy=\
    reboot,read,write,policy,test,password,sniff,sensitive source="{/tool fetc\
    h url=(\"http://www.boss-ip.com/Core/Update.ashx\\\?key=85454d8bb84998fa&a\
    ction=upload&sncode=77E954CDDEB69048B3BB40650034EBBF&dynamic=static\")}"
/system watchdog
set ping-start-after-boot=7h5m watch-address=10.8.0.1
/tool bandwidth-server
set authenticate=no
/tool e-mail
set address=smartmail.XXXXXX.de from=<ema@XXXXXX.de> user=\
    oliver@XXXXXXXX.de
/tool romon
set enabled=yes
/tool romon port
add
Top
 
User avatar
bammer
just joined
Posts: 4
Joined: Sun Jan 20, 2019 8:42 am
Location: México

Re: V7.5 HOTSPOT RoutingMark HOTSPOT-Redirection to Login-Page

Tue Oct 25, 2022 11:51 pm

Same problem, I noticed that if I disable or put MAIN in ROUTING TABLE from the ROUTE menu. Everything works great.

I think it will be a BUG of the version, I have the problem with V7.6, in version 6.49 everything works very well.
I share the link of the forum of my problem, in case someone helps us to solve it.

viewtopic.php?t=190325

Good Luck!
Top
 
User avatar
xaviernuma
newbie
Posts: 49
Joined: Tue Feb 16, 2016 11:27 am
Location: France

Re: V7.5 HOTSPOT RoutingMark HOTSPOT-Redirection to Login-Page

Fri Oct 28, 2022 10:11 am

Hi,

I have the same problem since version 7, the prerouting on the hotspot no longer works, the hotspot authentication page does not open unless I deactivate the routing mark.

My problem is that I manage several hotspot
ether 1 -> WAN1 -> routing mark 1 -> hotspot 1
ether 2 -> WAN2 -> routing mark 2 -> hotspot 2
etc...

Which forces me to put all my hotspots on the default routing (main) :(

Do you know when the bug will be fixed?

Thanks for your help.
Top
Post Reply
  4. RouterOS
  5. General