Hey I am testing out the 3.0 here at work, and can't seem to get the hotspot page like i do with all our 2.xx mikrotiks.. nearly automatically with default set up.

I see the new chains, but what am i missing? If i type in the dns entry for the hotspot, i get the portal page. It just doesnt redirect me automatically when i am an unauthorized user trying to go to a webpage.

thanks!

i still can't seem to figure out this problem.

I thought it was a DNS problem, but now I am not sure. it is like the traffic is not getting redirected.

If i go to the DNS name (hs10.whatever.local) i get the portal page fine and all is good.

but when i try to go to a webpage without being authenticated, i do not automatically get the portal page.

Any suggestions? the manual isnt helping me much here

I have many hotspots upgraded from 2.9 to 3.1 and they all seem to work. I've also created new ones starting with 3.0/3.1 without problems. Not sure what you have wrong.

Scott

epproach_lyle - are you using a bridge for the hotspot? Or any tunnels to get to the hotspot? Just curious.

bridge mode.

I'm going to redo everything.. there has to be something i goofed up on. We have 4 mikrotik's in service working great set up nearly identical (although, they are 2.90)

I'll post later with results and the config. thanks for the replies! i usually get nothing on here

there should be a redirect rule that automatically gets created that should redirect unauthed users to the hotspot page.

Try removing the hotspot domain, and see if that helps out. That way you are not relying on DNS. Also, try to use the built in DNS server for redirection.

yes, the rules are created.

like i said, everything works great if i type in the DNS name of the hotspot manually. i just dont get redirected automatically

here is my config: (i am using VLAN10 for clients to connect to).. there will be more when I get this working.

I still dont understand why it isn't working. Our 2.x mikrotiks work great out of the box.

# feb/01/2008 01:56:42 by RouterOS 3.1
# software id = KDLR-HQN
#
/interface ethernet
set 0 arp=enabled auto-negotiation=yes cable-settings=default comment="WAN" \
disable-running-check=yes disabled=no full-duplex=yes \
mac-address=00:1B:21:00:D1:E6 mtu=1500 name="ether1" speed=100Mbps
set 1 arp=enabled auto-negotiation=yes cable-settings=default comment="LAN" \
disable-running-check=yes disabled=no full-duplex=yes \
mac-address=00:19:D1:A1:DA:82 mtu=1500 name="ether2" speed=100Mbps
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s max-message-age=20s mtu=1500 \
name="BR-VLAN10" priority=0x8000 protocol-mode=none transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s max-message-age=20s mtu=1500 \
name="BR-VLAN20" priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface vlan
add arp=enabled comment="" disabled=no interface=ether2 mtu=1500 name="VLAN10" \
vlan-id=10
add arp=enabled comment="" disabled=no interface=ether2 mtu=1500 name="VLAN20" \
vlan-id=20
/ip pool
add name="pool10" ranges=192.168.10.2-192.168.10.254
/port
set 0 baud-rate=9600 data-bits=8 flow-control=hardware name="serial0" \
parity=none stop-bits=1
/queue type
add kind=pfifo name="default" pfifo-limit=50
add kind=pfifo name="ethernet-default" pfifo-limit=50
add kind=sfq name="wireless-default" sfq-allot=1514 sfq-perturb=5
add kind=red name="synchronous-default" red-avg-packet=1000 red-burst=20 \
red-limit=60 red-max-threshold=50 red-min-threshold=10
add kind=sfq name="hotspot-default" sfq-allot=1514 sfq-perturb=5
add kind=pfifo name="default-small" pfifo-limit=10
/snmp
set contact="" enabled=no engine-boots=0 engine-id="" location="" \
time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=DES \
name="public" read-access=yes security=none
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name="memory" target=memory
set disk disk-lines=100 disk-stop-on-full=no name="disk" target=disk
set echo name="echo" remember=yes target=echo
set remote name="remote" remote=0.0.0.0:514 target=remote
/user group
add name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sn\
iff,!ftp,!write,!policy
add name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password\
,web,sniff,!ftp,!policy
add name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo\
x,password,web,sniff
/ip ipsec proposal
add auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \
name="default" pfs-group=modp1024
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment="" disabled=no \
ignore-as-path-len=no name="default" out-filter="" \
redistribute-connected=no redistribute-ospf=no redistribute-other-bgp=no \
redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
add area-id=0.0.0.0 authentication=none disabled=no name="backbone" \
type=default
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
name="default" rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=no
add dns-name="hs10.shellisland.local" hotspot-address=192.168.10.1 \
html-directory=hotspot10 http-cookie-lifetime=3d http-proxy=0.0.0.0:0 \
login-by=cookie,http-chap name="hsprof10" rate-limit="" \
smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile
set default address-pool=pool10 advertise=no idle-timeout=none \
keepalive-timeout=2m name="default" open-status-page=always \
shared-users=200 status-autorefresh=1m transparent-proxy=yes
/ip dhcp-server
add address-pool=pool10 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=BR-VLAN10 lease-time=1h name="dhcp10"
/interface bridge port
add bridge=BR-VLAN10 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=VLAN10 path-cost=10 point-to-point=auto \
priority=0x80
add bridge=BR-VLAN20 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=VLAN20 path-cost=10 point-to-point=auto \
priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-vlan=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.10.1/24 broadcast=192.168.10.255 comment="hotspot network" \
disabled=no interface=BR-VLAN10 network=192.168.10.0
add address=10.8.99.2/24 broadcast=10.8.99.255 comment="WAN" disabled=no \
interface=ether1 network=10.8.99.0
add address=10.8.100.1/32 broadcast=10.8.100.255 comment="LAN gateway" \
disabled=no interface=ether2 network=10.8.100.0
add address=192.168.20.1/23 broadcast=192.168.21.255 comment="hotspot network" \
disabled=no interface=BR-VLAN20 network=192.168.20.0
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 primary-dns=4.2.2.1 secondary-dns=4.2.2.2
/ip dns static
add address=192.168.10.1 disabled=no name="hs10.shellisland.local" ttl=1d
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules \
here" disabled=no
/ip firewall nat
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.10.0/24
add action=passthrough chain=hs-unused comment="place hotspot rules here" \
disabled=no
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no
set pptp disabled=no
/ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set VLAN10 discover=no
set VLAN20 discover=no
set BR-VLAN10 discover=yes
set BR-VLAN20 discover=yes
/ip proxy
set always-from-cache=no cache-administrator="webmaster" cache-drive=system \
cache-hit-dscp=4 cache-on-disk=no enabled=no max-cache-size=none \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 \
serialize-connections=no src-address=0.0.0.0
/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set VLAN10 queue=default
set VLAN20 queue=default
set BR-VLAN10 queue=default
set BR-VLAN20 queue=default
/radius incoming
set accept=no port=1700
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start="jan/01/1970 \
00:00:00" time-zone=+00:00
/system console
add disabled=no port=serial0 term="vt102"
set [ find vcno=1 ] disabled=no term="linux"
set [ find vcno=2 ] disabled=no term="linux"
set [ find vcno=3 ] disabled=no term="linux"
set [ find vcno=4 ] disabled=no term="linux"
set [ find vcno=5 ] disabled=no term="linux"
set [ find vcno=6 ] disabled=no term="linux"
set [ find vcno=7 ] disabled=no term="linux"
set [ find vcno=8 ] disabled=no term="linux"
/system console screen
set line-count=25
/system hardware
set multi-cpu=no
/system health
set state-after-reboot=enabled
/system identity
set name="MikroTik"
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 \
secondary-server=0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m \
watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=10
/tool e-mail
set from="<>" server=0.0.0.0
/tool graphing
set store-every=5min
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 \
filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only \
filter-stream=yes interface=all memory-limit=10 only-headers=no \
streaming-enabled=no streaming-server=0.0.0.0
/user
add address=0.0.0.0/0 comment="system default user" disabled=no group=full \
name="admin"
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
/tool user-manager customer
add comment="" disabled=no login="admin" parent=admin password="" \
permissions=owner subscriber=admin time-zone=+00:00
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s \
preferred-gateway=0.0.0.0 timeout=1m ttl=50
/routing ospf
set distribute-default=never metric-bgp=20 metric-connected=20 \
metric-default=1 metric-rip=20 metric-static=20 redistribute-bgp=no \
redistribute-connected=no redistribute-rip=no redistribute-static=no \
router-id=0.0.0.0
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
timeout-timer=3m update-timer=30s
/system routerboard bios
set
/routing pim
set switch-to-spt=no switch-to-spt-bytes=0 switch-to-spt-interval=0s
/ip hotspot
add address-pool=pool10 disabled=no idle-timeout=5m interface=BR-VLAN10 \
keepalive-timeout=none name="hs-BR-VLAN10" profile=hsprof10
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name="lyle" password="lyle" profile=default
/ip hotspot walled-garden
add action=allow comment="place hotspot rules here" disabled=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.10.0/24 comment="hotspot network" dns-server=192.168.10.1 \
domain="shellisland.local" gateway=192.168.10.1 netmask=24

I know the solution to this problem. I was staring at the exact configs on two of my core routers that had duplicate configurations. There was one difference. I used hotspot.desertgate.com and on the other one I had hotspot.desertgate.local The problem is that the Mikrotik can not interpret (or seems to not interpret) the hotspot code of .local ...So change your extension on your hotspot configs as well as in the dns(it should change automatically but check it.) Then try it out. I was getting dizzy looking over my configs that were exact (except that one difference.)

Good Luck.

-Sincerely,
DesertAdmin

I have many hotspots upgraded from 2.9 to 3.1 and they all seem to work. I've also created new ones starting with 3.0/3.1 without problems. Not sure what you have wrong.

Scott

Hi Scott. Sorry for my bad english. I have troubles with my hotspot in V.3.x.... but it's all ok in v.2.9.50....is there any diference (in setup) between theses versions ?
thanks.

My mail is megasei@hotmail.com.... You can add to your msn messenger. Thanks.