Mikrotik Hotspot Quick Setup Guide

A HOTSPOT is way to provide internet access to subscribers by means of an easy to use login interface as it does not require any client software/driver/dialer at user end. To log in, users may use almost any web browser , so they are not required to install additional software.It is also possible to allow users to access some web pages without authentication using Walled Garden feature.

In my personnel opinion, Hotspot is best suited for ad hoc situations, where you cannot control how the client has their machines configured. This is generally useful in Conference Rooms, Hotels, Cafe’s , Restaurants and likewise since people will come and go and you have few permanent users.

One big advantage of using hotspot is that HotSpot does not require any client software/driver/dialer. One disadvantage of using HotSpot is that its usually requires your client to open up his browser to log in before he can use your service . So users wanting to connect to your service using a router or some kind usually have a problem (as routers usually don’t support logging in via HTTP).

Following is a quick setup guide (CLI version) on how-to setup HOTSPOT server in Mikrotik using command interface.

This guide will help you in setting up . . .

# HOTSPOT server,

# It will also configure DHCP to assign users IP Address from 172.16.0.1-172.16.0.255 ip pool .
Change it accordingly.

# I will add two Speed / Rate Limit Profiles, 256k and 512k, it will add a new user ‘zaib‘ password=test with 512k profile and user ‘test‘ Password=test with 256k  Limit.

# It will Add Default Route to internet which is DSL router ip 192.168.2.2 ,
Change it accordingly.

In this examples, Mikrotik have two interface cards.

Ether1 LAN = 172.16.0.1  / Connected with LAN/Hotspot users
Ether2 WAN = 192.168.2.1 / Connected with DSL router
DSL Router = 192.168.2.2

Script Starts Below.

/ip address
add address=172.16.0.1/24 comment=LAN disabled=no interface=ether1 network=172.16.0.0
add address=192.168.2.1/24 comment=WAN disabled=no interface=ether2 network=192.168.2.0


/ip pool
add name=hs-pool-1 ranges=172.16.0.10-172.16.0.255


/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=10000KiB max-udp-packet-size=512 servers=192.168.2.2


/ip dhcp-server
add address-pool=hs-pool-1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=ether1 lease-time=1h name=dhcp1


/ip dhcp-server config set store-leases-disk=5m


/ip dhcp-server network add address=172.16.0.0/24 comment="hotspot network" gateway=172.16.0.1


/ip hotspot profile


set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no


add dns-name=login.aacable.net hotspot-address=172.16.0.1 html-directory=hotspot http-cookie-lifetime=1d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=hsprof1 rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no


/ip hotspot
add address-pool=hs-pool-1 addresses-per-mac=2 disabled=no idle-timeout=5m interface=ether1 keepalive-timeout=none name=hotspot1 profile=hsprof1


/ip hotspot user profile


set default idle-timeout=none keepalive-timeout=2m name=default shared-users=1 status-autorefresh=1m transparent-proxy=no


add address-pool=hs-pool-1 advertise=no idle-timeout=none keepalive-timeout=2m name="512k Limit" open-status-page=always rate-limit=512k/512k shared-users=1 status-autorefresh=1m transparent-proxy=yes


add address-pool=hs-pool-1 advertise=no idle-timeout=none keepalive-timeout=2m name="256k Limit" open-status-page=always rate-limit=256k/256k shared-users=1 status-autorefresh=1m transparent-proxy=yes


/ip hotspot service-port set ftp disabled=yes ports=21


/ip hotspot walled-garden ip add action=accept disabled=no dst-address=172.16.0.1


/ip hotspot set numbers=hotspot1 address-pool=none


/ip firewall nat add action=masquerade chain=srcnat disabled=no


/ip hotspot user
add disabled=no name=admin password=123 profile=default
add disabled=no name=zaib password=test profile="512k Limit" server=hotspot1
add disabled=no name=test-256k password=test profile="256k Limit" server=hotspot1


/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.2 scope=30 target-scope=10

Mikrotik Limiting User Access via DHCP via /32 + Forcing Users to use your DHCP Server Only

Recently a friend of mine who is operating local internet service in my area was annoyed by virus flooding / broadcast and Vypress Chat softwares via which users communicate with each other and get united against the service provider :p and he can’t afford to install manageable switches on his network to isolate users, So he asked my help to isolate them. I used this little trick to Minimize the network flooding and to isolate users. But Remember It’s not 100% fool proof , It just makes it a bit more difficult to scan other users using this trick, but it is easier to change IP and your MAC address as client have full control over there pc’s. It just At it’s best, prevents normal/casual users, but there is nothing to prevent people that are determined to do so. If you want to isolate your clients , set up client isolation on the AP’s/ OR Do Port isolation on the switch ports . Then no matter what settings user places on their PC, they will not be able to scan and find other hosts on the network. In this example, this Operator had PPPoE Server with DHCP service. All users gets ip of 10.0.0.0/8 subnet via his mikrotik’s dhcp server , This way flooding from one pc can be broadcast to all over the pc’s on the network, so I just change the netmask to 32 , this way user will not be able to communicate with any other pc on the lan, even with the server, but You can connect the pppoe service because it works on mac address broadcast. After connecting to pppoe , user will be able to use internet without any issue. This trick is also useful for wireless networks, where you want to minimize file sharing between users which can also be done via AP.

 Goto IP > DHCP SERVER >Double click on your DHCP server, Click on “Add ARP For Leases “

Now Goto IP > DHCP SERVER > Networks ,
CLick on + icon,
in Address, type 0.0.0.0/0
in Netmask , type 32

Also if you want to restrict users that only those users who gets ips from your DHCP  server should be able to communicate with your server, Follow the tip below.

Goto Interface > Double Click on your LAN interface
in ARP , select reply-only

This way, You will Force anyone to use your DHCP only, If a user manually enters IP  address on his PC , he will not be able to communicate with your server and use the internet service.

For More Detail Visit :- http://aacable.wordpress.com/2012/01/05/mikrotik-limiting-user-access-via-dhcp-via-32-forcing-users-to-use-your-dhcp-server-only/

Access Mikrotik Remotely via DynamicDNS

If you have Mikrotik Server with DSL connection with dynamic ip , which changes on every reboot / reset, and you want to access mikrotik from the Internet then you can use changeip.com (DynamicDNS) service, using this service, you don’t have to query the DSL IP every time, all you have to remember the domain name that you register on the site, and rest of things will be handled by the DDNS script configured on the Mikrotik.

Mikrotik Routing Youtube to another WAN Link

If you have two DSL links, and you want to dedicate one link for the YOUTUBE and FACEBOOK traffic only, you can do it with Mikrotik in few simple steps.

First understand the logic, Main idea is to first create Address list with YOUTUBE ip addresses. (u can get them from goggling) then , in mangle, create rule to mark packets with the above created address list, name it 
youtube-addresses, then in route create rule to route youtube address list to go via DSL 2 .

Some examples . . .

/ip firewall mangle chain=prerouting action=mark-routing new-routing-mark=youtube passthrough=yes src-address=0.0.0.0/0 dst-address=208.65.152.0/21
(or destination address list you created in starting, U have to create Several IP address lists)

then create ROUTE for this list.

/ip route add comment=”" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=youtube scope=255 target-scope=10

Its amazing, you can route any Website/traffic to specific WAN link, for example dedicated DSL link for streaming media sites or FB. its kewl 

For more info and ideas, please visit following link.

http://aacable.wordpress.com/2011/06/04/mikrotik-routing-youtube-to-another-wan-link-trick/

http://wiki.mikrotik.com/wiki/Per-Traffic_Load_Balancing

Howto to enable Mikrotik RouterOS Web Proxy in Transparent Mode

Always try NOT to use the same storage disk to store your your cache and your your Router OS, to ensure there is always enough space on your router OS Disk for logs, upgrade / update packages & Backups. Therefore It is highly recommended that the web-proxy cache is stored on a physically separate drive (store) other than the Router OS. Placing the cache on a separate drive ensures maximum performance and reduces problems if the disk becomes full or fails as the OS will then still be OK! Caching Internet access will require a lot of read and writes to the disk, chose fast disk as for maximum performance / concurrent user request support. Cache performance also largely depends on RAM size, the More RAM you have in your server, the Better performance you will get. We will divide this article in 3 Sections.

1# Preparing Secondary Partition for Cache 
2# Configuring Web Proxy
3# Transparent Proxy Let’s BEGIN . . .


1# Preparing Secondary Drive for CACHE First we will Format secondary harddrive (to be used for cache ), IF YOU DON’T WANT TO USE SECONDARY HARD-DIVE, SKIP THIS STEP. Goto SYSTEM > STORES > DISKS Select the Secondary Hard drive and click on FORMAT DRIVE

Now go to STORES tab (by navigating to SYSTEM > STORES) Select the WEB-Proxy package and click on COPY It will ask you where to copy WEB-Proxy package, Select Secondary Drive in TO box.

2# Configuring Web Proxy Now We have to Enable Mikrotik Web Proxy by navigating to IP > WEB PROXY

Now Click on “Enable” in Port, Type 8080 Max Cache Size , Select Unlimited from drop down menu, OR if you have limited Disk Space, then use your desired amount. You have to specify space in KiloBytes for example 1024 KB = 1MB , so if you want to set 5 GB Cache, then use 5242880 , I am using 5 GB in this example. The cache size is really based off of how much RAM you have in the machine

Click on Apply and your Mikrotik’s Web Proxy is Ready to be used, But Every client have to set proxy address pointing to Mikrotik IP to be able to use Proxy Service. 3# Transparent Proxy If we want that every user must be automatically redirected to Proxy transparently, then we have to create additional rule to forcefully redirect users to proxy service, which is called TRANSPARENT PROXY. . Goto IP > FIREWALL > NAT and create new rule In Chain , Select dsntant, In Protocol, Select 6 (tcp) In Dst. Port, Type 80

Now goto Action Tab, In Action, Select redirct In To Ports, Type 8080

Now your newly created rule will look like something below image. As shown in the image below . . .

OR the CLI version of above rule would be something like below.


 /ip firewall nat add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp to-ports=8080

Done. Now Mikrotik web proxy will perform as TRANSPARENT PROXY , Every user’s HTTP PORT 80 request will automatically be redirected to Mikrotik built-in Web Proxy. You can View Proxy Status and other info via going to IP > WEB PROXY > SETTINGS > STATUS and other tabs in the same window.

For More Detail Visit :- http://aacable.wordpress.com/2011/12/29/howto-to-enable-mikrotik-routeros-web-proxy-in-transparent-mode/

Mikrotik 2 Wan Load Balancing

Mikrotik Load balancing 2 Wan

Load Balancing Script Mikrotik 2 Wan

 

How to Edit Hotspot Login Page

Mikrotik Hotspot Login Page Edit

Mikrotik Hotspot In Urdu

Mikrotik Hotspot Guide in Urdu

For More Detail Visit :- www.adeelkml.com

Mikrotik PPPOE Server In Urdu

PPPOE Server Quick Guide In Urdu

For More detail Visit :- http://www.adeelkml.com

PPPOE Server

Mikrotik PPPOE Server

you can use this configuration for PPPoe server that users get public ip. if range of public ip is 192.168.1.0/24 and ip of router is 192.168.1.4 and ip of gateway is 192.168.1.1 first for router set this ip

 then write 1 route for describe gateway:

 NOTE: is better in interface change ARP condition to proxy-arp

 then for user you can provide ip. we provide 245 ip for users in IP>POOL:

 if pppoe setup over other ethernet port like LOCAL

 now for setup PPPOE server look for PPP and in Profiles and click on add bottom:

 well now router for made PPPoE server is ready in PPP click PPPoE servers tab and click add bottom:

 for make username and passoword in light scale in Secrets tab in PPP click on add bottom :

for better manage on users traffic you can apply radius server and for bandwidth use queue.

For More Detail :- http://wiki.mikrotik.com/wiki/PPPOE_Server