Mikrotik Hotspot (Advanced)
Introduction
Although the instructions on this page makes use of the RB751, the same principles should also apply to other Mikrotik Routerboards. The following advanced configurations will be covered in this document:
- Central Login pages
Central Login Pages
- RADIUSdesk allows you to have one centrally managed location to serve the same Login Page to many Mikrotik devices.
- This allows you to
- Group Mikrotik devices together and serve one common login page to them all.
- Serve a modern login page (Bootstrap based) that makes use of AJAX techniques to connect and display session details.
- To enjoy this enhancement you will need to:
- Ensure the Hotspot configuration on the Mikrotik includes PAP support.
- Replace some static hotspot login pages located and served from the Mikrotik router.
- Enable HTTPS (Certificates required) on the Hotspot.
Include PAP support on Hotspot
- Connect to the Mikrotik router through the web interface.
- Select IP → Hotspot.
- Select the Server Profiles sub-tab.
- A list of server profiles will be shown.
- Select the one used by the current Hotspot. (Usually called hsprof1).
- Ensure Login by includes HTTP PAP.
- Apply the changes if there were any.
Fetch Replacement Login Pages
- Check out the rdcore git repository.
cd ~ sudo git clone https://github.com/RADIUSdesk/rdcore.git
- The replacement files will be under the rdcore/cake4/cake4/rd_cake/setup/mikrotik folder.
The rdcore git repo is used to install RADIUSdesk which means these files will be on your RADIUSdesk server.
You can also download the files individually from the Github website:
- The following files will be replaced:
| filename |
|---|
| 1.) alogin.html |
| 2.) fstatus.html |
| 3.) login.html |
| 4.) logout.html |
| 5.) status.html |
Link a Dynamic Key to a selected Login Page
- On your local machine (or where you have the replacement files), change directory to the rdcore/cake4/cake4/rd_cake/setup/mikrotik/ folder and edit the login.html file to redirect to your RADIUSdesk server.
- Pick an item which you want to use as a Dynamic Key to link to on a Login Page.
- When this link is established, the detail of that specific Login Page will be displayed to the user.
- The presentation of that Login Page in turn depends on the config of that Login Page.
- In the sample code we for instance have the nasid item and give it a value of $(identity).
- This is dynamic (sort of like PHP) and will be automatically substituted with za-gp-jhb-001.
- Another use case is if we have deployed 15 of these Mikrotik devices in Gauteng; we can simply include an item like ssid=Gauteng with the login.html's redirect instruction and use ssid as a Dynamic key.
- In this way we group these 15 devices to all show the one Login Page.
- login.html
$(if error == '') <html> <head><title>...</title></head> <body> $(if chap-id) <noscript> <center><b>JavaScript required. Enable JavaScript to continue.</b></center> </noscript> $(endif) <center>If you are not redirected in a few seconds, click 'continue' below<br> <form name="redirect" action="https://cloud.radiusdesk.com/cake4/rd_cake/dynamic-details/mikrotik-browser-detect" method="post"> <input type="hidden" name="loginlink" value="$(link-login-only)"> <input type="hidden" name="nasid" value="$(identity)"> <input type="hidden" name="link_status" value="$(link-status)"> <input type="hidden" name="link_login_only" value="$(link-login-only)"> <input type="hidden" name="link_logout" value="$(link-logout)"> <input type="hidden" name="mac" value="$(mac-esc)"> <input type="hidden" name="type" value="mikrotik"> <input type="hidden" name="ssid" value="Gauteng"> <input type="submit" value="continue"> </form> <script language="JavaScript"> <!-- document.redirect.submit(); //--> </script> </center> </body> </html> $(else) $(var)({ 'logged_in' : '$(logged-in)', 'link_login_only' : '$(link-login-only)', 'error_orig' : '$(error-orig)', 'error' : '$(error)' }) $(endif)
- The screenshot below shows where we added a Dynamic Key for SSID = Gauteng to the HotspotTwo Login Page.
When you are done editing the login.html page and also added the Dynamic key to the Login Page which you want to serve on the Mikrotik; you can copy the replacement pages to the Mikrotik router.
Enable HTTPs support on Mikrotik
- To Enable HTTPS support on the Mikrotik you need to configure the following:
- We first upload the cert and key files.
- Then we can import the SSL certificate onto the Mikrotik. (We select the uploaded cert and key files we copied over)
- Specify a DNS name in the Hotspot setup that matches the certificate. Here we used uam.mesh-manager.com
- Enable Login By option HTTPS (Deselect HTTP PAP) and also select the SSL Certificate you imported along with HTTPS Redirect.
Add an entry to the Mikrotik Walled Garden
- You need to open the Mikrotik to serve the central login page from a server that is usually outside your network.
- Connect to the web interface of the Mikrotik router.
- Select IP → Hotspot
- Select the Walled garden IP List sub-tab to add an entry.
- The destination IP Address will be the IP Address of the RADIUSdesk server.
- The screenshot below assume the RADIUSdesk server has an IP Address of 178.32.59.137
Replace the existing pages on the Mikrotik
- Copy these files over to the Mikrotik router's hotspot folder. (You may want to back-up the old files first).
- Everything should now be in place.
- Try to connect to the Mikrotik hotspot.
- You should be redirected to the server serving the Central login pages.