Page 1 of 1

Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Thu Nov 03, 2011 10:55 pm
by ZeroByte
We're seeing a problem with users of "newer" PC operating systems - mostly Macbook Pro and Windows7.
Our APs at the location in question are open APs operating as bridges.
Users with these devices can connect to the hard-wired ethernet, and authenticate / surf without any issues.
If these users connect to any of the wireless APs, however, they get IP addresses and show up in the hotstpot > hosts list, as well as DHCP leases, etc.

When they try to use the web browser, it simply times out and gives a "page cannot be displayed" error.

Has anyone else experienced anything similar to this behavior? Windows XP, and older Mac's have no trouble using the service.

Mikrotik is a RB1000 running v4.17

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Sun Nov 06, 2011 6:07 am
by jandafields
We're seeing a problem with users of "newer" PC operating systems - mostly Macbook Pro and Windows7.
Our APs at the location in question are open APs operating as bridges.
Users with these devices can connect to the hard-wired ethernet, and authenticate / surf without any issues.
If these users connect to any of the wireless APs, however, they get IP addresses and show up in the hotstpot > hosts list, as well as DHCP leases, etc.

When they try to use the web browser, it simply times out and gives a "page cannot be displayed" error.

Has anyone else experienced anything similar to this behavior? Windows XP, and older Mac's have no trouble using the service.

Mikrotik is a RB1000 running v4.17
Do the wireless users get to the hotspot auth page, and do they auth successfully? Or do they never get to the auth page?

If they do auth, then can they ping to an public IP address (like 4.2.2.1) successfully?

Then, can they ping to a public domain name (like yahoo.com) successfully?

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Mon Nov 07, 2011 4:37 pm
by ZeroByte
No - they do not get to the auth page at all. Even if we go into the Hosts tab and create a Bypassed binding on their MAC address, they cannot surf.

If we put in a Linksys router with a wireless AP, and enable NAT on the router, the customers can connect to that and surf successfully. The login page works properly on that as well.

It's only when it's an open AP in bridge mode that these customers have issues. It's quite peculiar.

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Mon Nov 07, 2011 4:54 pm
by JJCinAZ
Almost sounds like an MTU problem.

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Mon Nov 07, 2011 10:55 pm
by richedav
Ive seen this on other captive portal solutions as well, we having a lot of calls from site that has high MAC(apple) usage with the same error. Still unresolved as to why Apple Mac's cause so many problems.

I was wondering if its the http post redirection thats causing the problem and was going to try a meta refresh instead but have yet to test

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Fri Dec 30, 2011 8:45 pm
by ZeroByte
Actually, even if we create a bypassed binding in the hotspot, the Apple products (including iPads and iPhones, as we've gotten some tickets on these as well) can't get on the web.

We solved this issue at the original location by making a configuration change in the Ubiquiti access points. We found that going into the advanced settings and changing aggregation from 32 frames to 31 frames, this fixed the problem.

However, over the past 2 weeks, we've started getting this same issue all over the place.

A previous poster suggested that this sounds like an MTU issue. I tend to agree. If we have the user adjust the MTU in their own configuration, they are able to get online. This is obviously not an acceptable solution. I've tried using a mangle rule to adjust TCP MSS, and this is only moderately effective. Some users begin working, but it starts failing again afterwards. Some users never start working, and some are fixed - all by this one modification.

We're finding that other applications than the web seem to function properly, including iTunes.
Transparent proxy is disabled on these hotspots.

This is a real head scratcher. (I'll post the solution if I find one)

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Sun Jan 01, 2012 8:25 pm
by brosky
This is a real head scratcher. (I'll post the solution if I find one)
And i though that i'm the only one...

http://forum.mikrotik.com/viewtopic.php?f=2&t=57776
http://forum.mikrotik.com/viewtopic.php?f=2&t=48074

it's almost a year , and found no solution.

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Mon Jan 02, 2012 6:16 pm
by brosky
Almost sounds like an MTU problem.
almost... but if i disable the hotspot, everything is ok.

I didn't see any MTU setting in hotspot.

This is getting so bad that i have to disable some hotspots during the holidays to have some peace.

Weirdest thing is that it tends to happen' to same people over time.

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Wed Jan 04, 2012 4:53 pm
by ZeroByte
Update-

We've found that when an affected device (Mac, iPhone, iPad, etc - apparently Win7 is not a widespread problem here) reboots, it fixes the problem, with no interaction on the Mikrotik.

So if a user attaches to an AP, gets the problem, then reboots without us adding any bindings, disabling the hotspot, or making any MTU settings changes, everything works properly, including the hotspot login page.

(Still scratching me head)

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Mon Feb 06, 2012 1:32 am
by telstra
its a dns problem... use this 8.8.8.8
8.8.4.4
ip dhcp-server network add address=Lan/24 gateway=gateway netmask=24
dns-server=8.8.8.8,8.8.4.4

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Sat Dec 01, 2012 6:55 am
by redsalamander
Had the same issue

Hotspot was working fine with iPad / iPhone / Android
Windows 8 didn’t like it at all ( wind 7 / XP ) same issues

I noted the previous post about DNS and it made sense however adding Google's DNS wont fix it.
My configuration is RB433 2x WiFi cards
Lan post is just that
WiFi 1 is setup as my own AP
WiFi 2 I setup as a hotspot

I have a linux firewall that controls internet access for the entire network (the RB433 does not do a PPPoe dialup)
Thus my Linux box essentially is the authoritative DNS gateway for the lan

What I did to fix this
I added the hotspot IP to the DHCP config under ip/dhcp server/networks as the first DNS server with my linux box IP as the seccond
This will assign the Routerboard as the primary DNS and then the actual one as the next one

This still didnt fix it but under windows I noted that when joining the network it tried to redirect to http://hotspot/login..... this is needs to be something windows will interperet as an adress it can work with. so under IP/Hotspot/server profiles the general tab change the DNS name to something like hotspot.local

BTW instead of setting the DHCP to have the RB as the 1st DNS if your gateway is capable you can add a redirect for hotspot.local to the IP, should also work.

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Fri Jan 11, 2013 11:11 am
by redsalamander
Has anyone had any further luck with this.

I thought I had resolved it but apparently not. I saw another post suggesting adding apple.com to the walled garden I tried that but no success. It does appear to be a DNS issue as it's not resolving the hotspot. it does see my firewall and I tried adding a static route there that points to the hotspot IP address also with no success.

Found this seems to work:
The trick is to do the following:

Code:
/ip hotspot profile set hsprof1 dns-name=""
/ip hotspot walled-garden
add action=allow comment="" disabled=no dst-host=www.apple.com path=/library/test/success.html


For some reason the iPhone and iPad won't resolve the dns-name of the hot spot properly, so don't set it and it will use the IP instead.

The next trick is to allow http://www.apple.com/library/test/success.html in the walled-garden. If IOS can't see that URL, it pops up the annoying login screen. The user can then go run a browser on the device and will be presented with the hotspot login screen.

This is of course a workaround. The proper way to do it is to figure out what the little login popup screen wants to see as a signal that the user was authenticated, but I haven't been able to figure that one out yet.

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Fri Jan 11, 2013 11:43 am
by brosky
I kinda solve it ( i mean, i didn't see it in a few months now)
what was changed:

- added hotspot name (users auth at hotspot.local)
- hotspot radius
- cookies synchronized (1d hotspot/dhcp)

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Sat Jan 12, 2013 10:58 am
by redsalamander
Ok I implemented the changes I made here at the client site and it worked.

Here are the changes.
Under the hotspot server profile
General > DNS Name: hotspot.info (hotspot.local didn’t work)
Login > Mac :0 / Cookie :1 / HTTP CHAP:1 / HTTPS :0 / HTTP PAP:0 / Trial :0

Walled Garden
Allow :1
Dst Host : apple.com
Path: /library/test/success.html

DNS Settings > Static
hotsport.info 192.168.0.1 (ip of interface people will connect to)

Once complete I tested from Apple iOS6 / Android ICS / Windows8 all logged in without trouble.

I would be quite happy to export and post the configuration if someone tells me how. ;-)

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Sat Jan 12, 2013 12:28 pm
by brosky
/export file=somename.txt

copy the file and paste here the relevant parts :)
or,
/ip hotspot profile print detail
/ip dns print detail

etc...

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Sat Jan 12, 2013 3:51 pm
by redsalamander
I think this is all of it. Hope it helps someone else, but sadly I suspect it will be me looking this up in a few months when I have to set one again and cant remember what I did. :-)
/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=17 \
    antenna-mode=ant-a area="" arp=enabled band=2ghz-b/g basic-rates-a/g=\
    6Mbps basic-rates-b=1Mbps bridge-mode=disabled burst-time=disabled \
    channel-width=20mhz compression=no country="south africa" \
    default-ap-tx-limit=0 default-authentication=yes default-client-tx-limit=\
    0 default-forwarding=yes dfs-mode=none disable-running-check=no disabled=\
    no disconnect-timeout=3s distance=dynamic frame-lifetime=0 frequency=2417 \
    frequency-mode=manual-txpower frequency-offset=0 hide-ssid=no \
    hw-fragmentation-threshold=disabled hw-protection-mode=none \
    hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=\
    00:0C:42:62:52:CC max-station-count=2007 mode=ap-bridge mtu=1500 \
    multicast-helper=default name=wlan1 noise-floor-threshold=default \
    nv2-cell-radius=30 nv2-noise-floor-offset=default nv2-preshared-key="" \
    nv2-qos=default nv2-queue-count=2 nv2-security=disabled \
    on-fail-retry-time=100ms periodic-calibration=default \
    periodic-calibration-interval=60 preamble-mode=both \
    proprietary-extensions=post-2.9.25 radio-name=000C426252CC \
    rate-selection=advanced rate-set=default scan-list=default \
    security-profile=default ssid="my hotspot" \
    station-bridge-clone-mac=00:00:00:00:00:00 supported-rates-a/g=\
    6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
    1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default \
    update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=\
    none wds-default-cost=100 wds-ignore-ssid=no wds-mode=disabled \
    wireless-protocol=unspecified wmm-support=disabled

/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
    hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
    cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 \
    split-user-domain=no use-radius=no
add dns-name=hotspot.info hotspot-address=10.5.50.1 html-directory=hotspot \
    http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
    name=hsprof2 nas-port-type=wireless-802.11 radius-accounting=yes \
    radius-default-domain="" radius-interim-update=received \
    radius-location-id="" radius-location-name="" radius-mac-format=\
    XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
    use-radius=yes
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default \
    shared-users=1 status-autorefresh=1m transparent-proxy=no

Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Sun Jan 13, 2013 12:32 pm
by TheWiFiGuy
I kinda solve it ( i mean, i didn't see it in a few months now)
what was changed:

- added hotspot name (users auth at hotspot.local)
- hotspot radius
- cookies synchronized (1d hotspot/dhcp)

.local is a reserved dns domain by the apple os and should not be used if you expect apple devices to work as expected. I know you found it did npt work,but it may help others in the same situation.

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Wed Jan 16, 2013 8:27 pm
by Felix
Hi,

take a look a the post from "redsalamander"

the dns and walled garden settings are necessary.

Windows 7 and 8 do the same like apple devices. They try to reach a txt file from microsoft servers to determine if the network has internet access.
http://www.msftncsi.com/ncsi.txt
see also here: http://blog.superuser.com/2011/05/16/wi ... awareness/


hope this helps.

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Thu Mar 21, 2013 10:36 pm
by redsalamander
Just thought I would follow up on this, since the changes as above it's been working like a dream.

Re: Hotspot Redirect Problems with Macbook Pro and Windows 7

Posted: Thu May 30, 2013 6:01 am
by risipetillo
NOTE to Self: Apple OS has problems redirecting if you set hotspot FQDN to *.local