Page 1 of 1
Suggestions requested: general hotspot controller improvements in functionality
Posted: Thu Jan 31, 2019 4:27 pm
by normis
We are looking for ideas on how to improve our hotspot controller. How are you using the MikroTik Hotspot software?
Have you encountered lack of a specific feature?
For example, we have been suggested an idea to manage the hotspot routers with commands issued by a RADIUS server.
In this case on RouterOS default configuration would contain only minimal radius configuration. Upon power-on:
1) RouterOS itself would act as a Radius client and would send Access-Request packet to pre-configured (through DHCP?) Radius server.
2) Radius server would send Access-Accept with a configuration to apply
3) Radius server could use CoA-Request to change RouterOS configuration or reboot router.
Currently there are few problems with this
* Radius protocol by itself is not secure. Could be fixed by TLS over Radius [
https://tools.ietf.org/html/rfc6614]. RouterOS now supports RADSEC.
* Amount of configuration is limited to radius datagram size, which is 4096 bytes for regular RADIUS. Could be increased to 65535 bytes by TLS over Radius as it uses TCP protocol instead of UDP [
https://tools.ietf.org/html/rfc7930]
* If this feature is implemented as "RouterOS forgets all configuration on every reboot" and Radius server is not accessible upon power-on, then router does not function at all until Radius server gets online and in working condition.
Re: Suggestions requested: general hotspot controller improvements in functionality
Posted: Thu Jan 31, 2019 4:50 pm
by blingblouw
Hi.
Couple of things from my side
1) Have a system whereby certain sites traffic is not calculated into the total usage (like walled garden but the data going there will not count to quota)
2) "share" the hotspot system with another router enabling fail over
3) I like the idea of the router getting details from the server, that will allow us to *hopefully* have a standardised walled garden list
Re: Suggestions requested: general hotspot controller improvements in functionality
Posted: Mon Feb 04, 2019 5:32 pm
by GreatForcez
Few points from my side:
- Fix the data counters for hotspot. For example, if I set a 10G data limit (= 10GB according to Wiki, since parameter is in Bytes), the account will reach it's limit and disconnect the user at 8,x GB used data (sum of in/out data counters of the user). Also, when I create a new account and add the remaining data formula to the status.html page, it will show 9.44 GB remaining instead of 10GB. I copied the same script from other projects, so I know the bytes to GB conversion is working correctly and showing the correct values.
- Fail-over / Redundancy would be nice, with synchronization of data and time usage (for the configured limits).
- Add a new parameter "remaining data", so that we can show the user his/her remaining data until limit reached on the status.html page. Now we have to calculate this in JavaScript and display the result, would be nice to use a parameter just like "used data". Related to point 1
- PHP Support for webpages. So, that we can make advanced webpages without visible scripts (JavaScript is visible to the user, PHP scripts are not). I know MikroTik's webserver is meant to provide the basics, but you don't always have the space and budget to place an external webserver (and no.... a Raspberry Pi webserver is not a professional or solid solution). And some programmers like to work with frameworks and MVC models and stuff like that which is mostly PHP based.
- Ability to reset data per hour/day/week/month/quarterly/half year/year, etc. For example, we have scenario's where people have persistent hotspot accounts and receive 250 MB per day or 10 GB per month. Now we accomplish this using the scheduler, but I think this should be a built-in hotspot function. Maybe as an additional option in the hotspot user profile
- Improve/fix the default webpages on mobile. The current code checks for screen width, and shows mobile version if less than x amount of pixels. Problem is, modern phones have a much higher resolution than in the old days. My phone has 1080 pixels width, therefore the desktop webpage is shown, and you have to zoom in a lot to do or see anything. Login page seems to be fine, but status and logout pages are definitely affected.
- Basic website customization/branding features. Yes, I know, most "professional" installations have an external web and RADIUS server, but in some cases this is not possible due to budget restrictions. It would be nice to have basic customization options, like background image, logo, company name, message of the day, etc.
- The ability to enable/disable a "keep me logged in" checkbox on the login page, which in turn enables/disables the cookie. Yes, we can define the time-out in the profile or disable cookies all together, but I like to offer the users the option to decide for themselves if they automatically want to log back in (for example: tourists might want to turn this off to save data, but business people might want to turn it on because they find logging in each time annoying). Also perfect for testing and demo purposes, when you are logging in with different profiles/users.
- Add data limit to the trial feature. Currently trial is based on x amount of minutes, but I would also like to have the choice to add a data limit. Ideal in combination with UserMan. For example, the first 200 MB are free and limited at 512 kbit/s, then you have to buy a ticket of (for example) 2 GB and you get a speed limit of 8 mbit/s as defined in the profile.
- Not everyone will agree on this, but Social Media login. I despise any form of Social Media integration, I don't like it when restaurants force you to like their FB/Twitter/Instagram page, share some content or sign-up for their email list, just to use their public Wi-Fi. But..... some clients just demand this feature and use it for marketing purposes. It can be done with an external webserver, but since you are looking for improvements, it's a nice key selling point when doing the tender/quotation (no additional equipment needed, just the wonderful MikroTik magicbox).
- I know this feature exists in UserMan, but it would be nice to have in the regular hotspot as well, account expiration.
Maybe I have some other ideas later, but for now these are the things that I've stumbled upon.
Re: Suggestions requested: general hotspot controller improvements in functionality
Posted: Wed Feb 06, 2019 4:38 pm
by Cha0s
- PHP Support for webpages. So, that we can make advanced webpages without visible scripts (JavaScript is visible to the user, PHP scripts are not). I know MikroTik's webserver is meant to provide the basics, but you don't always have the space and budget to place an external webserver (and no.... a Raspberry Pi webserver is not a professional or solid solution). And some programmers like to work with frameworks and MVC models and stuff like that which is mostly PHP based.
IMHO if what you want to do with PHP doesn't work well on a Raspberry Pi, then it will definitely won't work well on a RouterBoard.
Re: Suggestions requested: general hotspot controller improvements in functionality
Posted: Thu Feb 07, 2019 4:09 pm
by GreatForcez
IMHO if what you want to do with PHP doesn't work well on a Raspberry Pi, then it will definitely won't work well on a RouterBoard.
On RB951 and similar boards, I don't expect the best performance and I don't think PHP should be supported at all on these models due to the low power CPU and resources. But for the more capable models, like RB3011, RB4011, CHR and CCR-series, it could be a nice addition. The Raspberry Pi example was more meant in the sense that although it is cheap and is very capable of running such webpages, it doesn't look very professional in a server cabinet. Imagine a small hotel with 20 rooms and having to rely on a Raspberry Pi to handle the hotspot webpages. I'd rather have an Intel NUC handle it, but those are 20x more expensive and not worth the extra price for what they need to do. So, having it built into the MikroTik could be a nice to have feature for basic PHP webpages/scripts.
Re: Suggestions requested: general hotspot controller improvements in functionality
Posted: Thu Feb 07, 2019 4:18 pm
by pe1chl
As I have suggested in other topics, a lot of issues and feature requests could be solved by the addition of a user-program feature
(consider it a "metarouter light") where the user could upload a small program into a folder on flash storage and integrate it with
the router. The interface between the program and the router would be only via network sockets. The program would operate on
its own in a chrooted environment and running as a nonprivileged user that can only access configuration (and other data) files
in its own folder (directory), and the network sockets configured for it (similar to configuring a Metarouter). Such a feature does
not require the full virtualization support required for Metarouter, the program can just run in the same user environment as the rest
of RouterOS software.
Maybe some wellknown shared libaries (like libc, libssl) could be made available to it for memory and storage savings, otherwise
everything would be statically linked.
This solution can be used for so many problems.... like:
- webserver
- full-featured DNS server
- full-featured OpenVPN
- wireguard
etc.
Re: Suggestions requested: general hotspot controller improvements in functionality
Posted: Thu Feb 07, 2019 4:41 pm
by Cha0s
On RB951 and similar boards, I don't expect the best performance and I don't think PHP should be supported at all on these models due to the low power CPU and resources. But for the more capable models, like RB3011, RB4011, CHR and CCR-series, it could be a nice addition.
Yeah, but that ain't gonna happen. RouterOS is the same for all models regardless of RB power. The only difference is CPU architecture.
The Raspberry Pi example was more meant in the sense that although it is cheap and is very capable of running such webpages, it doesn't look very professional in a server cabinet. Imagine a small hotel with 20 rooms and having to rely on a Raspberry Pi to handle the hotspot webpages.
I'm confused. The problem with the Raspberry pi is the looks of it, or supposedly the fact that the hotel has to rely upon?
Both arguments do not stand in my opinion.
No hotel client will ever see the R-Pi. So looks don't matter. Not to mention that there are rack mounted cases (albeit a total waste of a whole U) for R-Pis.
Also reliability is not an issue. I run over a dozen R-Pis for years for critical and non critical tasks and I've never had any issues with them. On the contrary I find them more reliable than full fledged servers/pcs that have moving parts that fail all the time.
I don't see how a routerboard will be more stable than a raspberry pi. Both have the same chances of failing. Which are very low when it comes to hardware failure.
You can also build a cluster of R-Pis if the hotel example needs that high availability.
Re: Suggestions requested: general hotspot controller improvements in functionality
Posted: Thu Feb 07, 2019 9:50 pm
by DSK
Just to emphasize on Failover and redundancy. Implement proper synchronization so that if master hotspot server goes offline, the redundant one doesn't cause users to login again.
Do this for Capsman too so that when performing changes on CapsMan, one doesn't have to configure two routers.
Re: Suggestions requested: general hotspot controller improvements in functionality
Posted: Fri Feb 08, 2019 12:10 am
by pe1chl
That is more of a generic feature request that pertains to all of the RouterOS functionality.
When you have two routers e.g. with VRRP they should be synchronized, both for configuration and possibly also for connection tracking, DHCP pool, etc for one to be able to take over from the other.
RouterOS does not offer that. Work-arounds are possible using scripting, but only for configuration, not for active sessions.
Re: Suggestions requested: general hotspot controller improvements in functionality
Posted: Fri Feb 08, 2019 1:03 am
by GreatForcez
That is more of a generic feature request that pertains to all of the RouterOS functionality.
When you have two routers e.g. with VRRP they should be synchronized, both for configuration and possibly also for connection tracking, DHCP pool, etc for one to be able to take over from the other.
RouterOS does not offer that. Work-arounds are possible using scripting, but only for configuration, not for active sessions.
Off-Topic, sorry:
Connection tracking synchronization would be very useful! I have several use cases for this. While on the subject of fail-over and redundancy, a nice addition would be configurable gateway ping check. By default the interval is 10 seconds for the (/ip route) gateway ping check, but I have some scenario's where we need faster fail-over times. And configurable gateway ping check destination would be nice. Now we have to use custom scripts or recursive routes to accomplish this.
Re: Suggestions requested: general hotspot controller improvements in functionality
Posted: Mon Mar 25, 2019 3:43 pm
by pcunite
We are looking for ideas on how to improve our hotspot controller. How are you using the MikroTik Hotspot software?
Have you encountered lack of a specific feature?
I'm implementing a HotSpot for someone right now. For my needs, I would like a PHP processor (or some type of back-end scripting support) that could process GET and POST requests. Because of JavaScript
same-origin policy rules I had to redirect the user to an external web server, collect data and validate the user, then POST redirect the user back to the HotSpot to allow them internet access.
So for my needs, keeping the user all on the MikroTik HotSpot would simplify data gathering and validation. Then I would write that data to a local instance of MySQL.
I know, I know ... its a router. But this is what a HotSpot needs. These packages could be add-ons and not actually running unless the HotSpot is active. Anyway, that's my thoughts.
Re: Suggestions requested: general hotspot controller improvements in functionality
Posted: Mon Sep 02, 2019 9:23 pm
by mducharme
I know this is an older topic now but I have some feedback. I would like to see some kind of built-in option for hours of operation - I was able to work around this outside of the Hotspot system with firewall rules matching on the date and time and blocking traffic (redirecting to web proxy) when it is closed, but this would be simpler if the hotspot had options for that.
Also, I do not necessarily like the idea of using a RADIUS server to manage the hotspots. This is what TR-069 is for - add the hotspot settings into TR-069. I would also like to see capsman and cap settings in TR-069 but that is a different thing.