SSL Certificate is required to enable HTTPS Login and HTTPS Redirect in MikroTik Hotspot. In one of my last articles I discussed how to configure MikroTik Hotspot HTTPS redirect and HTTPS login with MikroTik self-signed certificate. But self-signed certificate is not trusted by operating system. So, we get the following two issues if we configure HTTPS Login and HTTPS Redirect with self-signed certificate.
Ask to proceed unsafe site: As browsers cannot trust self-signed certificate, it shows a warning message and asks to proceed unsafe site every time the login page redirected with HTTPS redirect. Users may face disgusting seeing this warning message again and again.
Error or Warning icon in URL bar: Although we proceed the login page warning, browser also shows a red or yellow icon in URL bar. It also makes us confused whether the connection is secured or not.
Although self-signed certificate always establish secure connection by encrypting data, the above two issues make us confused and disgusting sometimes. To solve the above two issues we need to use public CA certificate that will be trusted by operating system and browsers.
Public CA requires yearly subscription fee to get their service. Although this payment is not so high for enterprise organizations but small business companies sometimes face trouble to pay yearly subscription fee. Don’t be worried if subscription fee goes out of budget. Some public CA organizations provide free SSL certificate to make internet completely secure. ZeroSSL is one of them who provides fast, reliable and free SSL/TL certificate for anyone. In my previous article I discussed how to get free SSL certificate from ZeroSSL. In this article I will discuss how to configure MikroTik Hotspot HTTPS Login and HTTPS Redirect with trusted public SSL certificate to overcome the above two issues.
MikroTik Hotspot with ZeroSSL
MikroTik Hotspot HTTPS Redirect Configuration with Free ZeroSSL Certificate
We will now configure MikroTik Hotspot HTTPS Redirect with trusted ZeroSSL certificate. Complete HTTPS redirect configuration with free ZeroSSL certificate can be divided into the following four steps.
Getting free SSL Certificate from ZeroSSL
Importing SSL certificate to MikroTik certificate store
Enabling HTTPS Server in MikroTik Router and
Enabling HTTPS Login and HTTPS Redirect in MikroTik Hotspot
Step 1: Getting Free SSL Certificate from ZeroSSL
In my last article I discussed how to get free SSL certificate from ZeroSSL. If you don’t have free SSL certificate from ZeroSSL yet, visit how to get free SSL certificate from ZeroSSL and get your free SSL certificate now. According to my previous article I have free SSL certificate from ZeroSSL for mikrotik.itechsheet.com subdomain like the following image.
Free ZeroSSL Certificate
If you buy SSL certificate from any trusted public CA, you will have similar certificate (ca-bundle.crt, certificate.crt and private.key) files those you can rename like me or whatever you like.
Step 2: Importing SSL Certificates to MikroTik Certificate Store
After getting SSL certificate from public CA, we will now import certificate files in MikroTik certificate store. The following steps will show how to import SSL certificate to MikroTik SSL certificate store.
Login to MikroTik with Winbox using full permission user credentials.
Click on Files menu item. File List window will appear.
Drag and drop certificate files downloaded from ZeroSSL into this File List window.
Uploaded certificate files in File List window will look like the following image.
Uploading SSL certificate to Files Directory.
Now go to System > Certificates menu item. Certificates window will appear.
From Certificates tab, click on Import button. Import window will appear.
Choose CA certificate (example: ZeroSSL CA.crt) from Only File dropdown menu and click on Import button. CA certificate will be imported now. Imported certificate will be named appending a numeric value. It will be better to rename the CA file with a meaning name rather keeping auto generated name. For this, double click on imported CA file and put a meaning name in Name input filed and click Apply and OK button.
Click on Import button again and choose certificate file (example: mikrotik.itechsheet.com.crt) from Only File dropdown menu and then click Import button. Certificate file will be uploaded. Rename the auto generated certificate file like the CA file.
Click on Import button again and choose key file (example: mikrotik.itechsheet.key) from Only File dropdown menu and then click on Import button. Key file will be uploaded and accumulate with certificate file. So, K flag will be found before certificate file name.
Importing SSL Certificates in MikroTik Certificate Store
Step 3: Enabling HTTPS Server in MikroTik Router
After importing certificates, we will now enable HTTPS Server in MikroTik Router. The following steps will show how to enable HTTPS Server in MikroTik Router.
From Winbox, go to IP > Services. IP Service List window will appear and you will find all available services are present here.
Double click on www-ssl service. IP Service <www-ssl> window will appear.
From Certificate drop down menu, choose SSL certificate (mikrotik.itechsheet.com.crt) that we have imported at second step.
Click Apply and OK button.
Enabling HTTPS Server in MikroTik Router
Suggestion: it is better to disable HTTP (Port 80) service so that HTTP login page does not appear accidently.
Step 4: Enabling HTTPS Login and HTTPS Redirect in MikroTik Hotspot
After enabling HTTPS Server, we will now enable HTTPS Login and HTTPS Redirect in MikroTik Hotspot. The following steps will show how to enable HTTPS Redirect in MikroTik Hotspot Server.
From Winbox, go to IP > Hotspot. Hotspot window will appear.
Click on Server Profiles tab and double click on your Server profile. Hotspot Server Profile window will appear.
From general tab, put domain or subdomain name (example: mikrotik.itechsheet.com) for which SSL certificate has been issued in DNS Name input field.
Click on Login tab and from Login By panel, click on HTTPS checkbox.
From SSL Certificate drop down menu, choose SSL certificate (mikrotik.itechsheet.com.crt) that we have imported at second step.
Make sure HTTPS Redirect checkbox is checked.
Click Apply and OK button.
Enabling HTTPS Redirect in MikroTik Hotspot
HTTPS Redirect is now enabled in MikroTik Hotspot Server. Visit any HTTPS website (example: https://systemzone.net) before authentication and you will find the redirected HTTPS Login Page.
You will also find that the login page is appearing without certificate warning because ZeroSSL certificate is a trusted certificate. Also you will find that there is no yellow or warning icon in URL bar.
Hotspot HTTPS Login Page
OOPS!!! I visit Facebook, YouTube or Google but HTTPS Login Page don’t appear. Why?
Because Facebook, YouTube and Google use HSTS (HTTP Strict Transport Security) and HTTPS Redirection is not possible to HSTS enabled websites that was visited before. In this case, use another HTTPS site such as https://systemzone.net or https://www.itechsheet.com or any other website that doesn’t use HSTS will redirect to HTTPS Login Page.
How to Configure HTTPS Redirect and HTTPS Login in MikroTik Hotspot with free SSL certificate from ZeroSSL has been discussed in this article. I hope you will now be able to configure HTTPS Redirect and HTTPS Login in MikroTik Hotspot Server with free public SSL certificate. However, if you face any confusion to configure HTTPS Redirect and HTTPS Login, feel free to discuss in comment or contact me from Contact page. I will try my best to stay with you.
MikroTik Hotspot is one of the most popular services in MikroTik Router. It is a policy to authorize network clients before to access local network resources as well as public network resources through MikroTik Router. In my previous article I discussed MikroTik Hotspot Configuration using Winbox. But default MikroTik Hotspot configuration faces HTTPS Redirect and HTTPS Login issues. To solve these issues, MikroTik Hotspot HTTPS configuration is required. So, in this article I will discuss how to configure MikroTik Hotspot HTTPS to solve HTTPS Redirect and HTTPS Login issues.
MikroTik Hotspot HTTPS
MikroTik Hotspot HTTPS Redirect
When a Hotspot user browses any site from any browser before authentication, Hotspot will redirect the user to Hotspot login page and ask to authenticate. It is the default behavior of MikroTik Hotspot. But when a user browses HTTPS site, Hotspot does not redirect to the login page rather it will show secure connection error. It was not a problem a few years ago when all sites were HTTP. But recently all websites have been upgraded to HTTPS. So, HTTPS websites cause this problem. Configuring MikroTik Hotspot HTTPS, this issue can be solved.
MikroTik Hotspot HTTPS Login Page
By default MikroTik Hotspot provide HTTP login page but HTTP is not secure for login because HTTP transmits plain text data which can cause middle-man-attack issue and login credential can be leaked. So, HTTP login page can hamper business continuity. Configuring MikroTik Hotspot HTTPS, this issue can also be solved.
MikroTik Hotspot HTTPS Configuration
Data follow between a HTTP server and client is plain text. So, passing login credential over HTTP connection is never safe. So, it is always better to implement a HTTPS login page to Hotspot user.
Complete HTTPS configuration in MikroTik Hotspot Server can be divided into the following three steps.
Creating SSL Certificate for HTTPS Server
Enabling HTTPS in MikroTik Router
Enabling HTTPS Redirect in MikroTik Hotspot
Step 1: Creating SSL Certificate for HTTPS Server
HTTPS Server requires SSL certificate for secure communication. MikroTik RouterOS v6 gives ability to create, store and manage certificates in certificate store. So, we will create required HTTPS Server certificate in MikroTik RouterOS. HTTPS Server requires two types of certificates:
CA (Certification Authority) Certificate and
Server Certificate
Creating CA certificate
MikroTik RouterOS provides a self-signed certificate and self-signed requires a CA (Certification Authority) Certificate to sign Server Certificate. The following steps will show how to create a CA certificate in MikroTik RouterOS.
From Winbox, go to System > Certificates menu item and click on Certificates tab and then click on PLUS SIGN (+). New Certificate window will appear.
Put CA certificate name (for example: CA) in Name input field and Common Name input field.
You will find some optional fields in General tab. You can fill those if you wish. All fields are self-defined.
Click on Key Usage tab and uncheck all checkboxes except crl sign and key cert. sign
Click on Apply button and then click on Sign button. Sign window will appear now.
Your created CA certificate template will appear in Certificate dropdown menu. Select your newly created certificate template if it is not selected.
Put MikroTik Router’s LAN Gateway IP address or WAN IP address (example: 172.22.22.1) in CA CRL Host input field.
Click on Sign button. Your Signed certificate will be created within few seconds.
Click on OK button to close New Certificate window.
If newly created CA certificate does not show T flag or Trusted property shows no, double click on your CA certificate and click on Trusted checkbox located at the bottom of General tab and then click on Apply and OK button.
Creating CA Certificate
Creating Server Certificate
After creating CA certificate, we will now create Server Certificate that will be signed by the created CA. Server Certificate will be used by the HTTPS Server. The following steps will show how to create Server Certificate in MikroTik RouterOS.
Click on PLUS SIGN (+) again. New Certificate window will appear.
Put server certificate name (for example: Hotspot Server) in Name input field and Common Name input field.
If you have put any optional field in CA certificate, put them here also.
Click on Key Usage tab and uncheck all checkboxes except digital signature, key encipherment and tls server checkboxes.
Click on Apply button and then click on Sign button. Sign window will appear now.
Your newly created Server certificate template will appear in certificate dropdown menu. Select newly created certificate template if it is not selected.
Also select CA certificate from CA dropdown menu.
Click on Sign button. Your Signed certificate will be created within few seconds.
Click on OK button to close New Certificate window.
If newly created server certificate does not show T flag or Trusted property shows no, double click on your server certificate and click on Trusted checkbox located at the bottom of General tab and then click on Apply and OK button.
Hotspot Server Certificate
We have successfully created required CA and Server Certificates. After creating and signing CA and Server certificates, the Certificate lists will look like the following image.
Created CA and Server Certificates
Step 2: Enabling HTTPS in MikroTik Router
After creating certificates, we will now enable HTTPS Server in MikroTik Router. The following steps will show how to enable HTTPS Server in MikroTik Router.
From Winbox, go to IP > Services. IP Service List window will appear and you will find all available services are present here.
Double click on www-ssl service. IP Service <www-ssl> window will appear.
From Certificate drop down menu, choose Hotspot Server certificate that we have created in previous step.
Click Apply and OK button.
MikroTik HTTPS Server
Suggestion: it is better to disable HTTP (Port 80) service so that HTTP login page does not appear accidentally.
Step 3: Enabling HTTPS Redirect in MikroTik Hotspot
After enabling HTTPS Server, we will now enable HTTPS Redirect in MikroTik Hotspot. The following steps will show how to enable HTTPS Redirect in MikroTik Hotspot Server.
From Winbox, go to IP > Hotspot. Hotspot window will appear.
From Hotspot window, click on Server Profiles tab and double click on your Server profile. Hotspot Server Profile window will appear.
From Hotspot Server Profile window, click on Login tab.
From Login By panel, click on HTTPS checkbox.
From SSL Certificate drop down menu, choose Hotspot Server certificate that we have created at first step.
Make sure HTTPS Redirect checkbox is checked.
Click Apply and OK button.
Enabling HTTPS Redirect in MikroTik Hotspot
HTTPS Redirect is now enabled in MikroTik Hotspot Server. Visit any HTTPS website before authentication and you will find the redirected HTTPS Login Page.
MikroTik Hotspot HTTPS Login Page
OPPS!!! I visit Facebook, YouTube or Google but HTTPS Login Page don’t appear. Why?
Because Facebook, YouTube and Google use HSTS (HTTP Strict Transport Security) and HTTPS Redirection is not possible to HSTS enabled websites that was visited before. In this case, use another HTTPS site such as https://systemzone.net or https://www.itechsheet.com or any other website that doesn’t use HSTS will redirect to HTTPS Login Page.
How to Configure HTTPS Redirect and HTTPS Login Page in MikroTik Hotspot has been discussed in this article. I hope you will now be able to configure HTTPS Redirect and HTTPS Login Page in your Hotspot Server. However, if you face any confusion to configure HTTPS Redirect and HTTPS Login Page, feel free to discuss in comment or contact me from Contact page. I will try my best to stay with you.
If you are a network administrator and want to establish a network that will have data limitation package with prepaid billing system, MikroTik Hotspot Server with MikroTik User Manager Radius Server will be your best solution. Because, MikroTik User Manager is a poplar Radius application that will give facility to manage user data package as well as prepaid billing system efficiently. On the other hand, MikroTik Hotspot is a popular service that will help to connect your network user without any hassle.
So, it is time to know about MikroTik Hotspot Configuration with User Manager Radius Server and this article will guide you how to configure a Hotspot Server with User Manager Radius Server that will have Data Limit and Prepaid Billing System facility.
Article Purpose
The purpose of this article is to design a MikroTik Hotspot network with User Manager Radius Server that will have
Data Limitation Package and
Prepaid Billing System with Scratch Card.
Network Diagram
For the configuration of this article I am going to establish a network like below network diagram.
MikroTik Hotspot Network with User Manager Radius Server
This is a simple and basic network diagram. In real situation, your network might be larger than this network but the basic diagram will remain same. In this network, the WAN Distribution Switch is connected to internet gateway. MikroTik Router’s (NAS) WAN interface and MikroTik User Manager Radius Server are also connected to this WAN Distribution Switch. Hotspot users will be connected to NAS Router through LAN Switch and will get internet access and MikroTik Router will communicate to Radius Server through WAN interface.
Core Devices and IP Information
To setup a Hotspot network according to above network diagram, I have installed and completed initial configuration of MikroTik User Manager Radius Server Package in a dedicated physical server where MikroTik RouterOS is running. I have also a physical MikroTik RouterOS (MikroTik RouterBOARD 1100AHX2) which is the NAS (Network Access Server) RouterOS of this network. IP information that I am using for this network configuration are given below.
Radius Server IP: 192.168.110.10/28
MikroTik RouterOS (NAS) WAN IP: 192.168.110.2/28
LAN IP Block: 192.168.10.0/24
Hotspot Server IP: 192.168.10.1
This IP information is just for my RND purpose. So, change this information according to your network requirements.
MikroTik Hotspot and Radius Server Configuration with Data Limit and Prepaid Billing System
We are now going to start our Hotspot network configuration with User Manager Radius Server according to the above network diagram. The complete configuration can be divided into two parts.
Part 1: MikroTik RouterOS Configuration (NAS Router)
Part 2: MikroTik User Manager Radius Server Configuration
Part 1: MikroTik RouterOS Configuration (NAS Router)
In the first part, we will configure our MikroTik RouterOS (NAS) so that it can turn into a Hotspot Server and can communicate with Radius Server to authenticate users. Complete RouterOS configuration can be divided into below topics.
Basic MikroTik RouterOS Configuration
Hotspot Configuration in MikroTik RouterOS
Radius Client Configuration in MikroTik RouterOS
Basic MikroTik RouterOS Configuration
MikroTik Router basic configuration includes WAN IP Assign, DNS IP Assign and Default Gateway Configuration. The following steps will show how to perform these topics in your MikroTik RouterOS.
Login to your MikroTik Router using Winbox with full permission user such as admin user.
Go to IP > Addresses menu item. Address List window will appear. Click on PLUS SIGN (+). New Address window will appear.
Put RouterOS WAN IP (RouterOS WAN IP: 192.168.110.2/28) in Address input field and choose WAN interface from Interface dropdown menu and then click Apply and OK button.
Now go to IP > DNS. DNS Settings window will appear. Put your DNS server IP (Public DNS IP: 8.8.8.8 or 8.8.4.4) in Servers input field and then click Apply and OK button.
Go to IP > Routes. Route List window will appear. Click on PLUS SIGN (+). New Route window will appear. Click on Gateway input box and put your internet gateway IP (in this network: 192.168.110.1) in this input field. Click on Apply and OK button.
MikroTik Router basic configuration has been completed. Now we will configure Hotspot Server in our NAS RouterOS.
Hotspot Configuration in MikroTik RouterOS
After completing MikroTik Router basic configuration, we will now setup Hotspot Server in our MikroTik RouterOS. The following steps will show how to setup Hotspot Server in your MikroTik RouterOS.
Go to IP > Hotspot menu item. Hotspot window will appear.
Click on Hotspot Setup button from this window. Hotspot Setup will appear now.
Choose your LAN interface on which you want to setup Hotspot Server from Hotspot Interface drop-down menu. Now click Next button.
Put your LAN address (in this case: 192.168.10.1/24) in Local Address of Network input box. Also check the Masquerade Network checkbox is checked and then click Next button.
Now it is time to choose address pool for your Hotspot network from where IP address will be assigned to clients. Normally, it will show your network IP range without gateway IP. You can change default IP range as your wish or can keep the default range. Click Next button now.
If you have SSL certificate, you can import by choosing import other certificate option or select none if you do not have any SSL certificate. Now click Next button.
If you have SMTP server, you can put your SMTP server address in IP Address of SMTP Server input box or you can keep blank if you do not want to use SMTP server. Click Next button.
Now it is option to setup DNS. DNS servers that you have provided in basic configuration will automatically be selected here. So, nothing to do, just click Next button now.
Now it is time to put DNS name which is a mandatory field. DNS name will be used to get Hotspot login page. So, put a standard DNS name such as systemzone.mk or systemzone.hotspot etc. and click Next button.
Now put a local Hotspot user. By default it is admin. You can keep this user or can change as your wish. Also put password in Password for the User input box. Click Next button.
Hotspot server setup will be completed and you will get a successful message now.
Click on Servers tab and you will find a new server has been created. Click on it and change your automated created server name if you wish and then find what the server profile is from Profile dropdown menu.
Now click on ServerProfiles tab and you will find your Hotspot Server profile here. Click on it. Hotspot Server Profile window will come.
Under General tab, change your server profile name if you wish.
Click on Login tab and uncheck Cookie and check HTTP CHAP, HTTPS and HTTP PAP from Login By panel.
Click on RADIUS tab and click on Use RADIUS checkbox and Accounting checkbox and then click Apply and OK button.
MikroTik Hotspot server configuration has been completed. In the next step, we will configure Radius client in our MikroTik RouterOS.
Radius Client Configuration in MikroTik RouterOS
The following steps will show you how to configure Radius client in MikroTik RouterOS.
Click on Radius menu item from left menu bar. Radius window will appear now.
Click on PLUS SIGN (+). New Radius Server window will appear now.
Click on hotspot checkbox from Service panel.
Put Radius Server IP address (in this article: 192.168.110.10) in Address input field.
Provide a password in Shared Secret input field. This password is important and has to provide when client router will be configured in User Manager Radius Server.
Click Apply and OK.
Now click on Incoming button and Radius Incoming window will appear.
Click on Accept checkbox and put 1700 in Port input box and then click Apply and OK.
Radius client configuration has been completed. Now MikroTik RouterOS is able to communicate with Radius Server to authenticate Hotspot users.
Part 2: MikroTik User Manager Radius Server Configuration
MikroTik User Manager Radius Server installation and initial configuration has been discussed in my previous article. If you don’t have enough introduction with User Manager Radius Server installation and initial configuration, first spend some time to study that article and complete your Radius Server installation and initial configuration and then continue my below section. In this section, I will do below topics in our Radius Server for Hotspot user authentication, authorization and accounting.
Adding Client Router (NAS) in Radius Server
User Profile Configuration for Data Limitation
Creating Voucher Template
Adding User in Radius Server
Accessing User Page
Adding Client Router (NAS) in Radius Server
The following steps will show you how to add client router in User Manager Radius Server.
Click on Routers button from left button panel and then click on Add > New menu item from top menu bar. Router Details window will appear now.
In Main panel, put a meaningful name for your client router in Name input field. Also choose owner from Owner dropdown menu.
Put your client router IP address (RouterOS IP: 192.168.110.2) in IP address input field.
Now put shared secret password that you have provided at Radius client configuration in MikroTik RouterOS Shared secret input field.
In Radius incoming panel, click on CoA support check box and put 1700 in CoA port input box.
Click on Add button to add this router in Radius Server Router list.
MikroTik RouterOS has been added in User Manager Radius Server as a client router. Now User Manager will reply any query that will be asked by our MikroTik RouterOS.
User Profile Configuration for Data Limitation
We will now create two Data Limitation packages (512MB for 2 week validation and 1GB for 30 days validation) in User Manager Radius Server. The following steps will show how to create Data Limit packages in User Manager Radius Server.
Click on Profiles button from left button panel and then click on Limitations
Click on Add > New menu item from top menu bar. Limitation details window will appear now.
In Main panel, put your package name what you want in Name input field. As I am creating my first 512MB package, I am providing 512MB Package in name field. Also choose owner from Owner dropdown menu.
In limits panel, put 512M in Transfer input field. We don’t want to apply any download and upload limit. If total download and upload exceeds 512MB, the user will not be able to connect more.
We don’t also apply any bandwidth limitation because it is valueless to apply bandwidth limitation in Data Limit package.
In Constraints panel, put IP Pool name that you will find at IP > Pool window in your NAS RouterOS.
Click Save button to save this limitation package.
Similarly, create 1GB Package. Just put 1G in Transfer input filed and put this package name as your wish.
Now click on Profiles tab and click on PLUS SIGN (+). Create profile window will appear. Put profile name what you want in Name input field. For my configuration, I am providing 512MB as name. Click on Create Similarly, create 1GB profile.
From Profiles dropdown menu, select 512MB and put 1w in Validity input box. Choose package starting time At first logon from Starts dropdown menu. Put price of this package in Price input box and keep Shared users value 1 so that only one user can login at a time with a username and password.
Click Save profile button to save your information.
At the bottom of this profile, you will find Unlimited profile that mean there is no limitation for this profile. So, click Add new limitationProfile part window will appear now.
You will find your limitation packages that you have created in Limits Click 512MB Package checkbox and the click Add button to add this limitation for this profile.
Again select 1GB from Profiles dropdown menu and 4w2d in Validity input box. Choose package starting time At first logon from Starts dropdown menu. Put price of this package in Price input box and keep Shared users value 1 so that only one user can login at a time with a username and password. Click Save profile to save this information.
Now click Add new limitation button and click 1GB Package checkbox from Limits panel and then click Add button to add this limitation.
We have created two Data Limit packages in our profile configuration. Similarly you can create as many Limitation packages as you want following the above steps properly. In the next section, we will create Voucher or Scratch card Template in our Radius Server.
Creating Voucher Template
Now we are going to create scratch card template so that after creating users we can print scratch card according to this template. The following steps will show how to create scratch card or voucher template in User Manager Radius Server.
Click on Settings button from left button panel and then click on Templates
<div class="box"> <h2>System Zone - Internet Card $%u_moneyPaid%</h2> <div class="txtbox"> How to use this card? <br> Type systemzone.mk in your browser and <br> Put the <b>UsreName</b> & <b>Password</b> in required field and click <b>OK </b> button.</b> </br> </div> <p align="left"> UserName: <h3>%u_username%</h3> </p> <p align="left"> Password: <h3>%u_password%</h3></p> <h5 style="margin-top: -70px; margin-left: 195px; font: bold 25px Arial; color: #fff; text-shadow: black 0.1em 0.1em 0.6em;">%u_actualProfileName%/%u_timeLeft% </h5> <p style="margin-top: -40px; margin-left: 195px;"> Price: $%u_moneyPaid%</p> <h4>Contact for more info. sayeedsezan@gmail.com</h4> </div>
Click Save button to save this voucher template.
You can change this card design if you have a little HTML and CSS idea. If you need to change only card text, just change texts in Row textarea according to your requirement.
Adding User in User Manager Radius Server
The following steps will show how to add random users in your User Manager Radius Server.
Click on Users button from left button panel. Now click on Add > Batch menu item from top menu bar. User details window will appear.
In Main panel, choose owner from Owner dropdown menu and provide number of users you want to create at a time. You can also provide username prefix as well as username and password length in this panel.
Choose your desired profile package for these users from Assign profile dropdown menu and then click on Add button to add these users. All the created users will be available in Users
Now click on all the users checkbox for whom you want to create scratch card.
Click on Generate menu and then choose VouchersVouchers window will appear.
Now click on Generate button and you will find your entire scratch cards in a HTML page like below image.
Now sell these cards to your nearest shop and get auto revenue monthly or your desired time period.
Hotspot Server is now ready to authenticate users via User Manager Radius Server. Now it is time to test our Hotspot server. For this, connect any IP device to your network. After connecting, a dynamic IP will be assigned to your device from DHCP server that was created while installing Hotspot server. Usually, Hotspot uses DHCP server to assign IP address and other related information that are necessary to get login page. Now open any web browser and try to visit any web page. You can see the login page of your Hotspot server. If you do not get login page for any cause, type your DNS name that was provided while installing Hotspot server. Now you can see your Hotspot login page like below image.
Hotspot Login Page
Accessing User Page
Radius Server offers a user page where user can login their profile page and can show their account status as well as can change their account information and password. The following steps will show how to access this user page in your Radius Server.
Type https://radius_server_ip_address/user to get user login page if you have only one subscriber or customer in your Radius Server. But if you have more than one customer or subscribe, you have to type https://radius_server_ip_address/user/public_id where public_id is Public ID of the customer or subscriber. This Public ID must provide when customer or subscriber is created.
Type username and password of your desired user in Login and Password input field and then hit login button.
Now user can show his account status, profile, sessions and payment option from this page. Also he can change his password from Settings menu.
Following the above described method, you can easily create a data limitation and prepaid billing system network with MikroTik Hotspot and User Manager Radius Server. However, if you face any confusion to follow above method, watch my video about MikroTik Hotspot Configuration with Data Limit and Prepaid Billing System. I hope, it will reduce your any confusion.
MikroTik Hotspot Configuration with Data Limit and Prepaid billing System has been explained in this article. I hope you are now able to setup a Hotspot Server with Radius Server that will have data limitation and prepaid billing system. However, if you face any confusion, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.
Say, you are a network administrator and want to establish a network that will have user bandwidth package management facility with prepaid billing system as well as partner advertisement facility. Then, MikroTik Hotspot Server Configuration with MikroTik User Manager Radius Server will be a wise decision. Because, MikroTik User Manager Radius Server is a user authentication, authorization and accounting application that will give facility to manage user bandwidth package with prepaid billing system. On the other hand, you can easily advertise your partner banner using MikroTik Hotspot Server. Because, to get connected through MikroTik Hotspot Server, Hotspot client must provide login credentials in a HTML page and you can easily put your partner banner in this HTML page knowing basic HTML and CSS coding.
So, it is time to learn MikroTik Hotspot Server Configuration with MikroTik User manager Radius Server for managing a bandwidth limitation and prepaid billing system network. In this article, I will discuss how to configure MikroTik Hotspot Server with User Manager Radius Server bandwidth limitation and prepaid billing system.
Article Purpose
The purpose of this article is to design a Hotspot network with User Manager Radius Server that will have
User bandwidth package management and
Prepaid billing system with scratch card facility.
Network Diagram
For the configuration of this article I am going to establish a network like below network diagram.
MikroTik Hotspot Network with User Manager Radius Server
This is a simple and basic network diagram. In real situation, your network might be larger than this network but the basic diagram will remain same. In this network, the WAN Distribution Switch is connected to internet gateway. MikroTik Router’s (NAS) WAN interface and MikroTik User Manager Radius Server are also connected to this WAN Distribution Switch. Hotspot users will be connected to NAS Router through LAN Switch and will get internet access and MikroTik Router will communicate to Radius Server through WAN interface.
Core Devices and IP Information
To setup a Hotspot network according to above network diagram, I have installed and completed initial configuration of MikroTik User Manager Radius Server Package in a dedicated physical server where MikroTik RouterOS is running. I have also a physical MikroTik RouterOS (MikroTik RouterBOARD 1100AHX2) which is the NAS (Network Access Server) RouterOS of this network. IP information that I am using for this network configuration are given below.
Radius Server IP: 192.168.110.10/28
MikroTik RouterOS (NAS) WAN IP: 192.168.110.2/28
LAN IP Block: 192.168.10.0/24
Hotspot Server IP: 192.168.10.1
This IP information is just for my RND purpose. So, change this information according to your network requirements.
MikroTik Hotspot Server Configuration with User Manager Prepaid Billing System
We are now going to start our Hotspot network configuration with User Manager Radius Server according to the above network diagram. The complete configuration can be divided into two parts.
Part 1: MikroTik RouterOS Configuration (NAS Router)
Part 2: MikroTik User Manager Radius Server Configuration
Part 1: MikroTik RouterOS Configuration (NAS Router)
In the first part, we will configure our MikroTik RouterOS (NAS) so that it can turn into a Hotspot Server and can communicate with Radius Server to authenticate users. Complete RouterOS configuration can be divided into below topics.
Basic MikroTik RouterOS Configuration
Hotspot Configuration in MikroTik RouterOS
Radius Client Configuration in MikroTik RouterOS
Basic MikroTik RouterOS Configuration
MikroTik Router basic configuration includes WAN IP Assign, DNS IP Assign and Default Gateway Configuration. The following steps will show how to perform these topics in your MikroTik RouterOS.
Login to your MikroTik Router using Winbox with full permission user such as admin user.
Go to IP > Addresses menu item. Address List window will appear. Click on PLUS SIGN (+). New Address window will appear.
Put RouterOS WAN IP (RouterOS WAN IP: 192.168.110.2/28) in Address input field and choose WAN interface from Interface dropdown menu and then click Apply and OK button.
Now go to IP > DNS. DNS Settings window will appear. Put your DNS server IP (Public DNS IP: 8.8.8.8 or 8.8.4.4) in Servers input field and then click Apply and OK button.
Go to IP > Routes. Route List window will appear. Click on PLUS SIGN (+). New Route window will appear. Click on Gateway input box and put your internet gateway IP (in this network: 192.168.110.1) in this input field. Click on Apply and OK button.
MikroTik Router basic configuration has been completed. Now we will configure Hotspot Server in our NAS RouterOS.
Hotspot Configuration in MikroTik RouterOS
After completing MikroTik Router basic configuration, we will now setup Hotspot Server in our MikroTik RouterOS. The following steps will show how to setup Hotspot Server in your MikroTik RouterOS.
Go to IP > Hotspot menu item. Hotspot window will appear.
Click on Hotspot Setup button from this window. Hotspot Setup will appear now.
Choose your LAN interface on which you want to setup Hotspot Server from Hotspot Interface drop-down menu. Now click Next button.
Put your LAN address (in this case: 192.168.10.1/24) in Local Address of Network input box. Also check the Masquerade Network checkbox is checked and then click Next button.
Now it is time to choose address pool for your Hotspot network from where IP address will be assigned to clients. Normally, it will show your network IP range without gateway IP. You can change default IP range as your wish or can keep the default range. Click Next button now.
If you have SSL certificate, you can import by choosing import other certificate option or select none if you do not have any SSL certificate. Now click Next button.
If you have SMTP server, you can put your SMTP server address in IP Address of SMTP Server input box or you can keep blank if you do not want to use SMTP server. Click Next button.
Now it is option to setup DNS. DNS servers that you have provided in basic configuration will automatically be selected here. So, nothing to do, just click Next button now.
Now it is time to put DNS name which is a mandatory field. DNS name will be used to get Hotspot login page. So, put a standard DNS name such as systemzone.mk or systemzone.hotspot etc. and click Next button.
Now put a local Hotspot user. By default it is admin. You can keep this user or can change as your wish. Also put password in Password for the User input box. Click Next button.
Hotspot server setup will be completed and you will get a successful message now.
Click on Servers tab and you will find a new server has been created. Click on it and change your automated created server name if you wish and then find what the server profile is from Profile dropdown menu.
Now click on ServerProfiles tab and you will find your Hotspot Server profile here. Click on it. Hotspot Server Profile window will come.
Under General tab, change your server profile name if you wish.
Click on Login tab and uncheck Cookie and check HTTP CHAP, HTTPS and HTTP PAP from Login By panel.
Click on RADIUS tab and click on Use RADIUS checkbox and Accounting checkbox and then click Apply and OK button.
MikroTik Hotspot server configuration has been completed. In the next step, we will configure Radius client in our MikroTik RouterOS.
Radius Client Configuration in MikroTik RouterOS
The following steps will show you how to configure Radius client in MikroTik RouterOS.
Click on Radius menu item from left menu bar. Radius window will appear now.
Click on PLUS SIGN (+). New Radius Server window will appear now.
Click on hotspot checkbox from Service panel.
Put Radius Server IP address (in this article: 192.168.110.10) in Address input field.
Provide a password in Shared Secret input field. This password is important and has to provide when client router will be configured in User Manager Radius Server.
Click Apply and OK.
Now click on Incoming button and Radius Incoming window will appear.
Click on Accept checkbox and put 1700 in Port input box and then click Apply and OK.
Radius client configuration has been completed. Now MikroTik RouterOS is able to communicate with Radius Server to authenticate Hotspot users.
Part 2: MikroTik User Manager Radius Server Configuration
MikroTik User Manager Radius Server installation and initial configuration has been discussed in my previous article. If you don’t have enough introduction with User Manager Radius Server installation and initial configuration, first spend some time to study that article and complete your Radius Server installation and initial configuration and then continue my below section. In this section, I will do below topics in our Radius Server for Hotspot user authentication, authorization and accounting.
Adding Client Router (NAS) in Radius Server
User Profile Configuration for Bandwidth Limitation
Creating Voucher Template
Adding User in Radius Server
Accessing User Page
Adding Client Router (NAS) in Radius Server
The following steps will show you how to add client router in User Manager Radius Server.
Click on Routers button from left button panel and then click on Add > New menu item from top menu bar. Router Details window will appear now.
In Main panel, put a meaningful name for your client router in Name input field. Also choose owner from Owner dropdown menu.
Put your client router IP address (RouterOS IP: 192.168.110.2) in IP address input field.
Now put shared secret password that you have provided at Radius client configuration in MikroTik RouterOS Shared secret input field.
In Radius incoming panel, click on CoA support check box and put 1700 in CoA port input box.
Click on Add button to add this router in Radius Server Router list.
MikroTik RouterOS has been added in User Manager Radius Server as a client router. Now User Manager will reply any query that will be asked by our MikroTik RouterOS.
User Profile Configuration for Bandwidth Limitation
We will now create three bandwidth packages (512kbps package, 1Mbps package and 2Mbps package) in User Manager Radius Server so that different user gets different bandwidth. The following steps will show how to create bandwidth packages in User Manager Radius Server.
Click on Profiles button from left button panel and then click on Limitations
Click on Add > New menu item from top menu bar. Limitation details window will appear now.
In Main panel, put your package name what you want in Name input field. As I am creating my first 512kbps package, I am providing 512kbps Package in name field. Also choose owner from Owner dropdown menu.
In Rate limits panel, put your bandwidth limitation parameter. For a 512kbps package, I am providing below information.
Parameter name
Rx
Tx
Rate limit
512k
512k
Burst rate
1M
1M
Burst threshold
512k
512k
Burst time
60
60
Min rate
32k
32k
Also choose priority from Priority dropdown menu. For my configuration I am choosing 8 that mean lowest priority.
In Constraints panel, put IP Pool name that you will find at IP > Pool window in your NAS RouterOS.
Click Save button to save this limitation package.
Similarly, create 1Mbps and 2Mbps package limitations. Just change Rate limits parameter according to your package requirements.
Now click on Profiles tab and click on PLUS SIGN (+). Create profile window will appear. Put profile name what you want in Name input field. For my configuration, I am providing 512kbps users as name. Click on Create
First profile will be created and shown in Profiles dropdown menu.
Select your created profile from Profiles dropdown menu and then put your package validity value in Validity input box. For example, if you want 30 days validity, put 4w2d in Validity input field.
Choose package starting time At first logon from Starts dropdown menu.
Put price of this package in Price input box.
Keep Shared users value 1 so that only one user can login at a time with a username and password.
Click Save profile button to save your information.
At the bottom of this profile, you will find Unlimited profile that mean there is no limitation for this profile. So, click on Add new limitationProfile part window will appear now.
You will find your limitation packages that you have created in Limits Click on your desired package (512kbps package for 512kbps users) and click on Add button to add this limitation for this profile.
Similarly, create 1Mbps and 2Mbps user profile. In this case, just change price value and limitation package for these packages.
Creating Voucher Template
Now we are going to create scratch card template so that after creating users we can print scratch card according to this template. The following steps will show how to create scratch card or voucher template in User Manager Radius Server.
Click on Settings button from left button panel and then click on Templates
<div class="box"> <h2>System Zone - Internet Card $%u_moneyPaid%</h2> <div class="txtbox"> How to use this card? <br> Type systemzone.mk in your browser and <br> Put the <b>UsreName</b> & <b>Password</b> in required field and click <b>OK </b> button.</b> </br> </div> <p align="left"> UserName: <h3>%u_username%</h3> </p> <p align="left"> Password: <h3>%u_password%</h3></p> <h5 style="margin-top: -70px; margin-left: 230px; font: bold 30px Arial; color: #fff; text-shadow: black 0.1em 0.1em 0.6em;">%u_timeLeft%</h5> <p style="margin-top: -40px; margin-left: 250px;"> Price: $%u_moneyPaid%</p> <h4>Contact for more info. sayeedsezan@gmail.com</h4> </div>
Click Save button to save this voucher template.
You can change this card design if you have a little HTML and CSS idea. Card text can also be changed without having knowledge on HTML and CSS. In Row textarea, you just change card text according to your requirement.
Adding User in User Manager Radius Server
The following steps will show how to add random users in your User Manager Radius Server.
Click on Users button from left button panel. Now click on Add > Batch menu item from top menu bar. User details window will appear.
In Main panel, choose owner from Owner dropdown menu and provide number of users you want to create at a time. You can also provide username prefix as well as username and password length in this panel.
Choose your desired profile package for these users from Assign profile dropdown menu and then click on Add button to add these users. All the created users will be available in Users
Now click on all the users checkbox for whom you want to create scratch card.
Click on Generate menu and then choose VouchersVouchers window will appear.
Now click on Generate button and you will find your entire scratch cards in a HTML page like below image.
Now sell these cards to your nearest shop and get auto revenue monthly or your desired time period.
Hotspot Server is now ready to authenticate users via User Manager Radius Server. Now it is time to test our Hotspot server. For this, connect any IP device to your network. After connecting, a dynamic IP will be assigned to your device from DHCP server that was created while installing Hotspot server. Usually, Hotspot uses DHCP server to assign IP address and other related information that are necessary to get login page. Now open any web browser and try to visit any web page. You can see the login page of your Hotspot server. If you do not get login page for any cause, type your DNS name that was provided while installing Hotspot server. Now you can see your Hotspot login page like below image.
Hotspot Login Page
Put username and password that you find in your scratch card and then click OK button. You will now be able to visit any webpage if you provide correct username and password.
Accessing User Page
Radius Server offers a user page where user can login their profile page and can show their account status as well as can change their account information and password. The following steps will show how to access this user page in your Radius Server.
Type https://radius_server_ip_address/user to get user login page if you have only one subscriber or customer in your Radius Server. But if you have more than one customer or subscribe, you have to type https://radius_server_ip_address/user/public_id where public_id is Public ID of the customer or subscriber. This Public ID must provide when customer or subscriber is created.
Type username and password of your desired user in Login and Password input field and then hit login button.
Now user can show his account status, profile, sessions and payment option from this page. Also he can change his password from Settings
You will be able to configure a Hotspot network with bandwidth limitation and prepaid billing system if you follow the above steps properly. However, if you face any confusion to do above steps, watch my video about MikroTik Hotspot configuration with bandwidth limitation and prepaid billing system carefully. I hope, it will reduce your any confusion.
MikroTik Hotspot Configuration with Bandwidth Limitation and Prepaid billing System has been explained in this article. I hope you are now able to setup a Hotspot Server with Radius Server that will have bandwidth limitation and prepaid billing system. However, if you face any confusion, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.
Hotspot is one of the most popular services in MikroTik Router. It is popularly used in Hotel and Restaurant, Railway Station or Airport, School or University Campus and so on. Even ISP network and office network also use MikroTik Hotspot for authenticating network clients/users. Hotspot user can be managed with Hotspot’s local user database or with a Radius Server. Radius Server gives facility to manage Hotspot user’s bandwidth and accounting easily and centrally. So, Hotspot setup with Radius Server can be a wise decision. MikroTik User Manager Radius Server is a centralized user authentication and accounting application that gives the ISP or network administrator ability to manage PPP users, Hotspot users and login users from one server throughout a large network. It also has an awesome user bandwidth package management feature. So, network configuration with MikroTik Hotspot and MikroTik User Manager Radius Server will be a smart decision. For this, in this article I will discuss how to configure a smart network with MikroTik Hotspot and MikroTik User Manager Radius Server.
Article Purpose
The purpose of this article is to get ability to configure a Hotel and Restaurant network, Railway Station or Airport network, School or University Campus network, ISP network or Office network with MikroTik Hotspot and MikroTik User Manager Radius Server.
Network Diagram
For the configuration of this article I am going to establish a network like below network diagram.
MikroTik Hotspot Network with User Manager Radius Server
This is a simple and basic network diagram. In a real situation, your network might be larger than this network but the basic diagram will remain same. In this network, the WAN Distribution Switch is connected to internet gateway. MikroTik Router’s (NAS) WAN interface and MikroTik User Manager Radius Server is connected to this WAN Distribution Switch. Hotspot users will be connected to NAS Router through LAN Switch and will get internet access.
Core Devices and IP Information
To setup a Hotspot network according to above network diagram, I have installed and completed initial configuration of MikroTik User Manager Radius Server Package in a dedicated physical server where MikroTik RouterOS is running. I have also a physical MikroTik RouterOS (MikroTik RouterBOARD 1100AHX2) which is the NAS (Network Access Server) RouterOS in this network. IP information that I am using for this network configuration are given below.
Radius Server IP: 192.168.110.10/28
MikroTik RouterOS (NAS) WAN IP: 192.168.110.2/28
LAN IP Block: 192.168.10.0/24
Hotspot Server IP: 192.168.10.1
This IP information is just for my RND purpose. So, change this information according to your network requirements.
MikroTik Hotspot Configuration with MikroTik User Manager Radius Server
We are now going to start our Hotspot network configuration with User Manager Radius Server according to the above network diagram. The complete configuration can be divided into two parts.
Part 1: MikroTik RouterOS Configuration (NAS Router)
Part 2: MikroTik User Manager Radius Server Configuration
Part 1: MikroTik RouterOS Configuration (NAS Router)
In the first part, we will configure our MikroTik RouterOS (NAS) so that it can turn into a Hotspot Server and can communicate with Radius Server to authenticate users. Complete configuration can be divided into below topics.
Basic MikroTik RouterOS Configuration
Hotspot Configuration in MikroTik RouterOS
Radius Client Configuration in MikroTik RouterOS
Basic MikroTik RouterOS Configuration
MikroTik Router basic configuration includes WAN IP Assign, DNS IP Assign, Default Gateway Configuration and NAT Configuration. The following steps will show how to perform these topics in your MikroTik RouterOS.
Login to your MikroTik Router using Winbox with full permission user such as admin user.
Go to IP > Addresses menu item. Address List window will appear. Click on PLUS SIGN (+). New Address window will appear.
Put RouterOS WAN IP (RouterOS WAN IP: 192.168.110.2/28) in Address input field and choose WAN interface from Interface dropdown menu and then click Apply and OK button.
Now go to IP > DNS. DNS Settings window will appear. Put your DNS server IP (Public DNS IP: 8.8.8.8 or 8.8.4.4) in Servers input field and then click Apply and OK button.
Go to IP > Routes. Route List window will appear. Click on PLUS SIGN (+). New Route window will appear. Click on Gateway input box and put your internet gateway IP (in this network: 192.168.110.1) in this input field. Click on Apply and OK button.
MikroTik Router basic configuration has been completed. Now we will configure Hotspot Server in our NAS RouterOS.
Hotspot Configuration in MikroTik RouterOS
After completing MikroTik Router basic configuration, we will now setup Hotspot Server in our MikroTik RouterOS. The following steps will show how to setup Hotspot Server in your MikroTik RouterOS.
Go to IP > Hotspot menu item. Hotspot window will appear.
Click on Hotspot Setup button from this window. Hotspot Setup will appear now.
Choose your LAN interface on which you want to setup Hotspot Server from Hotspot Interface drop-down menu. Now click Next button.
Put your LAN address (in this case: 192.168.10.1/24) in Local Address of Network input box. Also check the Masquerade Network checkbox is checked and then click Next button.
Now it is time to choose address pool for your Hotspot network from where IP address will be assigned to clients. Normally, it will show your network IP range without gateway IP. You can change default IP range as your wish or can keep the default range. Click Next button now.
If you have SSL certificate, you can import by choosing import other certificate option or select none if you do not have any SSL certificate. Now click Next button.
If you have SMTP server, you can put your SMTP server address in IP Address of SMTP Server input box or you can keep blank if you do not want to use SMTP server. Click Next button.
Now it is option to setup DNS configuration. DNS servers that you have provided in basic configuration will automatically be selected here. So, nothing to do, just click Next button now.
Now it is time to put DNS name which is a mandatory field. DNS name will be used to get Hotspot login page. So, put a standard DNS name such as systemzone.mk or systemzone.hotspot etc. and click Next button.
Now put a local Hotspot user. By default it is admin. You can keep this user or change as your wish. Also put password in Password for the User input box. Click Next button.
Hotspot server setup will be completed and you will get a successful message now.
Click on Servers tab and you will find a new server has been created. Click on it and change your automated created server name if you wish and then find what the server profile is from Profile dropdown menu.
Now click on ServerProfiles tab and you will find your Hotspot Server profile here. Click on it and under General tab, change your server profile name if you wish and then Click on RADIUS tab and click on Use RADIUS checkbox and Accounting checkbox and then click Apply and OK button.
MikroTik Hotspot server configuration has been completed. In the next step, we will configure Radius client in our MikroTik RouterOS.
Radius Client Configuration in MikroTik RouterOS
The following steps will show you how to configure Radius client in MikroTik RouterOS.
Click on Radius menu item from left menu bar. Radius window will appear now.
Click on PLUS SIGN (+). New Radius Server window will appear now.
Click on hotspot checkbox from Service panel.
Put Radius Server IP address (in this article: 192.168.110.10) in Address input field.
Provide a password in Shared Secret input field. This password is important and has to provide when client router will be configured in User Manager Radius Server.
Click Apply and OK button.
Now click on Incoming button and Radius Incoming window will appear.
Click on Accept checkbox and put 1700 in Port input box and then click Apply and OK button.
Radius client configuration has been completed. Now MikroTik RouterOS is able to communicate with Radius Server to authenticate Hotspot users.
Part 2: MikroTik User Manager Radius Server Configuration
MikroTik User Manager Radius Server installation and initial configuration has been discussed in my previous article. If you don’t have enough introduction with User Manager Radius Server installation and initial configuration, first spend some time to study that article and complete your Radius Server installation and initial configuration and then continue my below section. In this section, I will do below topics in our Radius Server for Hotspot user authentication.
Add Client Router (NAS) in Radius Server Router list
User Profile Configuration in Radius Server
Add User in Radius Server
Add Client Router (NAS) in Radius Server Router list
The following steps will show you how to add client router in User Manager Radius Server.
Click on Routers button from left button panel and then click on Add > New menu item from top menu bar. Router Details window will appear now.
In Main panel, put a meaningful name for your client router in Name input field. Also choose owner from Owner dropdown menu.
Put your client router IP address (RouterOS IP: 192.168.110.2) in IP address input field.
Now put shared secret password that you have provided at Radius client configuration in MikroTik RouterOS Shared secret input field.
In Radius incoming panel, click on CoA support check box and put 1700 in CoA port input box.
Click on Add button to add this router in Radius Server Router list.
MikroTik RouterOS (NAS) has been added in User Manager Radius Server as a client router. Now User Manager will reply any query that will ask by our NAS RouterOS.
User Profile Configuration in Radius Server
The following steps will show how to isolate Hotspot users based on their bandwidth usage using Radius Server’s user profile.
Click on Profiles button from left button panel and then click on Limitations tab.
Click on Add > New menu item from top menu bar. Limitation details window will appear now.
In Main panel, put your package name what you want in Name input field. As I am creating my first 512kbps package, I am providing 512kbps Package in name field. Also choose owner from Owner dropdown menu.
In Rate limits panel, put your bandwidth limitation parameter. For a 512kbps package, I am providing below information.
Parameter name
Rx
Tx
Rate limit
512k
512k
Burst rate
1M
1M
Burst threshold
512k
512k
Burst time
60
60
Min rate
32k
32k
Also choose priority from Priority dropdown menu. For my configuration I am choosing 8 that is the lowest priority.
In Constraints panel, put IP Pool name that you will find at IP > Pool window in your NAS RouterOS.
Click Save button to save this limitation package.
Similarly, create 1Mbps or 2Mbps package limitations that you want. Just change Rate limits parameter according to your package requirements.
Now click on Profiles tab and click on PLUS SIGN (+). Create profile window will appear now. Put profile name what you want in Name input field. For my configuration, I am providing 512kbps users as name. Click on Create button.
First profile will be created and shown in Profiles dropdown menu.
At the bottom of this profile, you will find Unlimited profile that mean there is no limitation for this profile. So, click on Add new limitationProfile part window will appear now.
You will find your limitation packages that you have created in Limits panel. Click on your desired package (512kbps package for 512kbps users) and click on Add button to add this limitation for this profile.
Similarly, create more user profiles as you wish and assign limitation on your created profiles.
Radius user profile has been created successfully. In the next section, we will add user in our Radius Server.
Add User in User Manager Radius Server
The following steps will show how to add users in User Manager Radius Server.
Click on Users button from left button panel. Now click on Add > One menu item from top menu bar. User details window will appear.
In Main panel, put client’s username and password that will be used to connect to Hotspot Server. Also choose owner from Owner dropdown menu.
Choose your desired profile package for this user from Assign profile dropdown menu and then click on Add button to add this user.
You can add as many users as you want and can assign bandwidth package according to their demand following the above steps carefully.
Our Hotspot Server is ready to authenticate users via User Manager Radius Server. Now it is time to test our Hotspot server. For this, connect any IP device to your network. After connecting, a dynamic IP will be assigned to your device from DHCP server that was created while installing Hotspot server. Usually, Hotspot uses DHCP server to assign IP address and other related information that are necessary to get login page. Now open any web browser and try to visit any web page. You can see the login page of your Hotspot server. If you do not get login page for any cause, type your DNS name that was provided while installing Hotspot server. Now you can see your Hotspot login page like below image.
Hotspot Login Page
Put Radius username and password and then click OK button. You are now able to visit any webpage if you provide correct username and password.
I hope, you will be able to configure a Hotspot network with MikroTik User Manager Radius Server if you follow the above steps properly. However, if you face any confusion, watch my video tutorial about MikroTik Hotspot Configuration with User Manager Radius Server. I hope, it will reduce your any confusion.
MikroTik Hotspot Configuration with User Manager Radius Server has been explained in this article. I hope you are now able to setup a Hotspot Server with Radius Server in your network. However, if you face any confusion, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.
Hotspot is one of the most popular services in MikroTik router. MikroTik Hotspot Gateway is a policy to authorize network clients before to access local network resources as well as public network resources through MikroTik router. In a Hotspot network, the user can login or authenticate using almost any web browser, so there is no need to install any additional software to client end. As Hotspot login prompt is a webpage, Hotspot service can effectively be used as an advertising medium of your company as well as your partner company. MikroTik Hotspot has a lot of features which help to customize your network as your demand. So, this article is designed to show you how to apply various customize options in your MikroTik Hotspot network.
MikroTik Hotspot Network Diagram
MikroTik Hotspot Server Customization
MikroTik Hotspot has a lot of features which help to customize Hotspot network as our demand. In this article, I will show you how to customize below Hotspot topics.
How to customize Hotspot login page
How to enable trial login in Hotspot Server
Advertisement According to Different User Profile
How to avoid frequent Hotspot login
How to bypass special users without Hotspot authentication
How to allow services without Hotspot authentication
But before going to start these customizations, you have to configure Hotspot service in your MikroTik router. If you are new about MikroTik Hotspot service, feel free to study my previous article about MikroTik Hotspot configuration using winbox and configure Hotspot in your MikroTik router and then continue the rest of this article.
How to Customize Hotspot Login Page
As no Hotspot user can get access to internet without authentication from login page, your login page can be a way to advertise your company as well as your partner company. For this, you need to customize Hotspot login page as your demand. To customize your Hotspot login page, follow my below steps.
Click on Files menu from your winbox. You will find a lot of Hotspot files are there. Find hotspot/login.html file and drag and drop it to your Desktop.
Now edit this file as your demand and then upload it to Files
Similarly you can edit hotspot/status.html and hotspot/logout.html
For editing login page, you just need some HTML and CSS knowledge. If you don’t have enough knowledge on HTML and CSS, hire an expert person who knows HTML and CSS or you can contact with me. I will customize your login page as your demand with conditions.
How to Enable Trial Login in Hotspot Server
It is possible to enable trial login in your Hotspot server that means you can allow users to login to Hotspot without authentication and these free users can use internet for a period of time that you will assign. If you wish to allow trial login in your Hotspot server, follow my below steps carefully.
Go to IP > Hotspot and click on Server Profiles You will find a default profile as well as another profile that was created while installing Hotspot server. Double click on the newly created profile. Hotspot Server Profile window will appear now.
Click on Login tab and then click on Trial checkbox.
Now provide trial user uptime limit that means how much time any user can use internet with this trial service, in Trial Uptime Limit input box. Default time is 30 minutes.
Now provide trial user uptime reset time that means how much time later the user can again access internet with this trial user feature, in Trial Uptime Reset input box. The default time is 1 day.
Now choose the trial user profile from Trial User Profile drop-down menu.
Click Apply and OK button.
Now refresh login page and you will see a message like Free trial available click here. By clicking click here link, you will be able to login without authentication.
Advertisement According to Different User Profile
MikroTik Hotspot allows you to create different user profile. It also allows you to do advertisement according to different user profile that means you can advertise different ads to your different user according to your user profile periodically. If you wish to advertise different ads according to your user profile, follow below steps carefully.
Go to IP > Hotspot menu and click on User Profiles tab and then double click on any user profile that you have created before. Hotspot User Profile window will appear now.
Now click on Advertise checkbox.
In Advertise tab, check the Advertise checkbox and provide below information. Advertise URL: Fully qualified domain URL for your advertisement page. For example, if you wish to advertise my System Zone website, put URL as https://systemzone.net. Advertise Interval: Period of time to show advertisement. If you wish that after every 30 minutes ads will be showed, put interval as 00:30:00. Advertise Timeout: How much time the ads will be shown. If you wish that ads will be disappear after 1 minute, put timeout value as 00:01:00.
Click Apply and OK button.
After this configuration, your Hotspot user can be shown the ads that you have specified here within the time interval that you have provided.
How to Avoid Frequent Hotspot Login
Hotspot user must login every time to access internet through Hotspot server. But frequent login might be annoying to the Hotspot user. So, forcing to save user username and password might be a better idea. MikroTik Hotspot allows saving user login credentials in cookie. If you wish to save user login credentials in cookie, follow my below steps carefully.
Go to IP > Hotspot menu and click on Server Profiles
Now double click on your active server profile. Hotspot Server Profile window will appear.
Click on Login tab and then click on Cookie checkbox.
Click Apply and OK button.
Now your Hotspot user’s login credentials will be saved in cookie and your user will be happy not to login frequently.
How to Bypass Special Users without Hotspot Authentication
Sometimes it may be your requirement to allow special users without Hotspot authentication. MikroTik Hotspot has a feature to bypass special user without authentication. If you wish to bypass any user without Hotspot authentication, follow my below steps carefully.
Collect MAC address of your desired user.
Go to IP > Hotspot menu and click on IP Bindings tab.
Click on PLUS SIGN (+) to add a new IP Bindings. New Hotspot IP Bindings window will appear.
Put user MAC address in MAC Address input box and choose bypassed option from Type dropdown menu.
Click Apply and OK button.
Now your desired user is able to get internet without Hotspot authentication through your MikroTik router.
How to Allow Services without Hotspot Authentication
Sometimes you may wish to allow some services without Hotspot authentication. For example, you may allow your clients to access your company web page without registration. Walled Garden system of MikroTik Hotspot is responsible for this type of job. So, if you wish to allow a specific services without Hotspot authentication, follow my below steps carefully.
Go to IP > Hotspot menu and click on Walled Garden IP List tab.
Click on PLUS SIGN (+) to add a new walled garden IP entry. New Walled Garden IP Entry window will appear now.
Click on accept radio button from Action radio button group.
Choose your active Hotspot server from Server dropdown menu.
Now put your desired server IP which you want to allow publicly in Address input box.
Click Apply and OK button.
Now your clients will be able to access your desired server without Hotspot authentication. Similarly, you can allow as many servers as you want.
If you face any confusion to follow above steps properly, please watch my below video about MikroTik Hotspot customization carefully. I hope it will reduce your any confusion.
Various Hotspot customization options have been discussed in this article. I hope you are now able to apply any customization in your MikroTik Hotspot server as your demand. However, if you face any problem to apply any customization options, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.
