I'm having some problems with the https hotspot:
I have for many of my networks an hotspot with http pap and https option enabled, and an internal DNS address set.
The https part use a certificate signed by letsencrypt.
When a device try to load an http page (like the static one from the various OS) it's redirected to the https version of the captive portal page, but the page doesn't load and it's like the connection is closed from the CCR before sending it.
Trying to load the captive portal page in http work perfectly, and after that I've load the page in http, it also work in https.
I've looked into the web-proxy config and I can see that when I try to load the https page the counters are incremented, so the CCR receive the request in some way.
It's like the CCR have some sort of problem and doesn't reply back correctly on https request.
I've tried looking in the logs but I can't find any useful information under the topic hotspot and web-proxy.
Here's a snippet of the configuration about one of the hotspot:
Code: Select all
/ip hotspot
add address-pool=wifi_guest addresses-per-mac=unlimited disabled=no idle-timeout=1h interface="wifi_guest (302)" name=wifi_guest
add addresses-per-mac=unlimited disabled=no idle-timeout=3d interface="lab_32_33 (24)" name=lab_32_33 profile=laboratori
/ip hotspot profile
set [ find default=yes ] dns-name=router.osdb.it login-by=https,http-pap nas-port-type=ethernet radius-accounting=no ssl-certificate=router.osdb.it.cer_0 use-radius=yes
add dns-name=router.osdb.it login-by=https,http-pap name=laboratori nas-port-type=cable radius-accounting=no ssl-certificate=router.osdb.it.cer_0 use-radius=yes
/ip hotspot walled-garden
dd dst-host=*.lencr.org
add dst-host=apps.identrust.com
Thanks
Cheers
Mix