2/9/2014

Quick Mikrotik Howto w/WiFiRush

User Name

Password

Log in

Help

Register

Remember Me?

Forum

What's New?
Forum Actions Quick Links Advanced Search

Today's Posts FAQ Calendar

Forum

WiFiRUSH Users Support!

Quick Mikrotik Howto w/WiFiRush

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

+ Reply to Thread
Thread: Quick Mikrotik Howto w/WiFiRush

Results 1 to 6 of 6

Thread Tools

Display

01-24-2012 colishay
Junior Member

12:49 AM
Join Date: Posts:

#1
Apr 2011 5

Quick Mikrotik Howto w/WiFiRush

For those of you looking for a quick howto for setting up your mikrotik RouterBoard with WifiRush, well here you go. Keep in mind that there are many options available in RouterOS, and each network is different, but this should as least get you up and running. The idea here is that the Mikrotik will be handling all captive portal responsibilities. It will be acting as a radius client with WiFirush as a radius server. The one thing you should be aware of is the way in which the Mikrotik handles MAC authentication with WifiRush. There are a couple of workarounds for that, but for now we'll just focus on getting your users authenticated via username/password authentication. You can accomplish this setup via the command line, but for ease of use, I suggest starting with winbox... If you aren't familiar with Winbox, it is a great utility that runs on Linux and Windows. You can download Winbox from your mikrotik router or from mikrotik.com. It is highly recommended that you download it from mikrotik.com due to the fact that you will have the most current version of winbox by doing so. The version on most routerboards is a bit dated. Step 1B: Plug your routerboard into an active Internet connection. If you have any of the 750 boards the default script will set up your DHCP client, your default route, and your DHCP server with a default of 192.168.88.1 as the routerboard IP, ether-1 will be your wan port, and ether 2 through ether 5 will be switched lan ports. If you have any other Mikrotik, you will have to do some reading and setup your own routing, DHCP, etc.... Step 1A: Log into your routerboard with winbox. Please be aware that you can log into the routerboard via the ip address (default 192.168.88.1) or the mac ID of your routerboard. When setting up your routerboard for the first time, I highly recommend that you log in via MAC ID. If you choose IP address
http://wifirush.com/forums/showthread.php?2233-Quick-Mikrotik-Howto-w-WiFiRush&p=3764 1/6

2/9/2014

Quick Mikrotik Howto w/WiFiRush

log in you will be disconnected immediately when you setup the hotspot. Step 2A: Go to system -> identity change the identity of your Mikrotik to the NAS ID of your WifiRush Database. Go to system -> password, and change the admin password to a secure password for you to use when logging into the router. Step 2B: Go to system -> SNTP or NTP client (you will have one or the other available to you. If you have NTP Client then you are not running the latest version of Winbox) Change the mode to unicast. Enter in us.pool.ntp.org for both primary and secondary ntp servers. Click the checkbox for enabled, then click on apply. You should see the domain name for us.pool.ntp.org resolve. If you do not, or you get an error, then your Routerboard is not configured correctly or your Internet connection is not working. Step 3: Go to IP -> Hotspot Click on Hotspot setup. Set your Hotspot Interface to Ether-2-local-master, click next. At this point, you can keep the default local address if you would like. If you want to change IP pools when users log in, you will have to change the default subnet here. keep the checkbox in Masquerade network checked. Click next. Make sure your address range is in the same subnet as the network that you have established in the previous step. If you kept the default address, then just click next. next it will ask you for an SSL Certificate, just click next. If you would like to set up SSL you will have to research that on your own, as it can get to be quite a bugger at times. Next you will be asked for the IP address of the SMTP server. If you plan on using netwatch to monitor your access points you will want to establish that here. It is not required to setup an SMTP server to use the routeboard, so you can just leave the ip address as 0.0.0.0. Click next. next it will ask for your DNS Servers. It is always good practice to have at least 2 in here. Do Not enter the IP address for the router. Either enter in the DNS servers that your ISP gave you, or use something like OpenDNS (208.67.220.220, 208.67.222.222). Click next. Leave the DNS name blank. Step 4: If you connected to the routerboard via an IP address you will be disconnected at this point. You will have to reset the routerboard to get access at this point. If you connected via MAC ID, you're still connected and you're half way there. While still in IP -> Hotspot, click on the tab that says Server Profiles. then click on the red plus sign (+) Name your new server profile something like wifirush. In the Hotspot Address field enter in the router IP address (default 192.168.88.1) Click on the tab that says Login uncheck everything except for MAC and HTTP-PAP. You should not provide a password for Mac Authentication. Click on the tab that says Radius.
http://wifirush.com/forums/showthread.php?2233-Quick-Mikrotik-Howto-w-WiFiRush&p=3764 2/6

2/9/2014

Quick Mikrotik Howto w/WiFiRush

Click on the check box that says Use Radius. Change the MAC format to XX-XX-XX-XX-XX-XX Make sure accounting is checked. Set Interim update to any number between 00:05:00 and 00:10:00, leave the default for the NAS Port (19 wireless). Click Ok. Find the tab in IP -> Hotspot that says Walled Garden Enter in all of the rest of your allowed domains by clicking on the plus sign and entering them one at a time in the destination hosts field. Be sure it is set to allowed. Be sure to enter your wifirush server here. If you are using a server without a FQDN be sure to enter the IP address in IP Walled Garden instead. Step 5: Go To Radius (left hand side of winbox menu) Click on the red plus (+) sign Check hotspot. Enter the address for your WifiRush radius server (It can be either IP or domain name) Enter wificpa for the Radius Secret Click on the status tab, then click apply. If you do not see a Accepted packet listed, you did something wrong. Go back and retrace your steps. Step 6: Go back to IP -> Hotspot. Click on the Server tab and click on the red X. (this will disable your hotspot for now, and allow you to upload your login page. Go to your wifirush server, login, and click on add on modules. Download and save your login.html file With winbox still open, open the folder containing your login.html file. Drag it and drop it into winbox in the "hotspot" directory (Note: if you are using linux you will have to ftp it to the routerboard. You can do so by going to system -> services and enabling your ftp service, then login and ftp it to the hotspot directory. The login.html file will upload quickly. Go back to IP -> Hotspot in winbox, and click on the green checkbox with your hostpot server highlighted to enable the hotspot. Step 7: open your web browser, and browse to a website not listed in your walled garden. (Note: if you are trying to open a secure web address i.e. https:// you will not get redirected. You have to navigate to a non SSL webpage to get redirected. Your wifirush login page should display and you should be able to login. If it appears that the page is constantly trying to load again and again, then your radius settings or hotspot address is not correct. I hope this helps some of you. RouterOS is very powerful and there are a lot of things that you can do with it. Please keep in mind that these instruction will at least get you going in the right direction. Keep in mind that MAC Authentication with the wifirush server does not work simply by authenticating the mac on the server. You have to authenticate MAC ID's at this time on each router. Also keep in mind that there are many useful tools that you can use to help manage your system with these Mikrotiks. You can perform some massive traffic shaping with queues and also setup your Mikrotik to alert you of when an access point goes down, amongst other things.
http://wifirush.com/forums/showthread.php?2233-Quick-Mikrotik-Howto-w-WiFiRush&p=3764 3/6

2/9/2014

Quick Mikrotik Howto w/WiFiRush

Really, you have a lot at your disposal with these little routers. Also, please be aware of the different RouterOS license levels... general rule of thumb is for access points you should only use anything with RouterOS level 4 or higher. the higher you go, the more active connections you can have. If you have any questions, please post them here.

Reply With Quote

01-24-2012 Wimax
Moderator

09:41 PM
Join Date: Posts:

#2
Jan 2010 209

Thank you for taking the time putting this tutorial together. Would you happen to have screenshots?

[Only Registered Users Can See LinksClick Here To Register]

Reply With Quote

08-22-2012 rwf
Junior Member

11:04 PM
Join Date: Posts:

#3
Aug 2012 8

Here is a questionWe are a new wifirush customer. We have a lot of hotspots, all Mikrotik and most run by another portal service currently. We are converting one of the Municipal Mesh networks we have into a "free" system. We do not desire to have users log in with user name and password. After they first accept "terms and conditions:, we want it to recognize the MAC of their device (may be a PC, iPhone, Android, etc) and log them in automatically each time. We thought we were going to use an ability of wifirush to learn MAC addresses and automatically log users in. I think I am understanding that it cannot do this, am I correct? You said something about it not doing it on the server and us having to authenticate the MACs on the local router. Is this true? We cannot enter each MAC in manually to each Mikrotik. Any ideas of what we can do?

Reply With Quote

11-15-2013

07:08 PM
Join Date:

#4
Aug 2012
4/6

http://wifirush.com/forums/showthread.php?2233-Quick-Mikrotik-Howto-w-WiFiRush&p=3764

2/9/2014

Quick Mikrotik Howto w/WiFiRush

rwf
Junior Member

Posts:

I was sure hoping I could get some input on this, Over a year now with nothing.

Reply With Quote

11-15-2013 velocitystar
Administrator

07:37 PM
Join Date: Posts:

#5
Dec 2009 148

Try this... Here is a guide for another system that would be mostly applicable to WiFiRUSH... [Only Registered Users Can See LinksClick Here To Register] You would replace Radius.hotspotsystem.com with cpa5.wifirush.com and replace hotsys123 with wificpa on step 5. On Step 7, ignore the entries listed and use the following: *.wifirush.com *.paypal.com *.paypalobjects.com *.paypal-metrics.com *.altfarm.mediaplex.com *.akamaiedge.net Step 9, set the NASID from MikroTik to your NASID from your profile. Step 10... Use the login.html found under 'HotSpot Setup' > 'Add-on Modules' > MikroTik Skip step 13 (for now)

Reply With Quote

11-27-2013 rwf
Junior Member

10:16 AM
Join Date: Posts:

#6
Aug 2012 8

I tried to comment on your post by telling you what we did on that issue, plus the latest new Mikrotik Hotspot/WiFiRush developments, but because I referred to your mention of hotspotsystems with the dot com on the end in my reply, this stupid forum software called me "Retarded" and changed my message to one saying I needed to be banned. For a new customer who is jumping on the WiFiRush
http://wifirush.com/forums/showthread.php?2233-Quick-Mikrotik-Howto-w-WiFiRush&p=3764 5/6

2/9/2014

Quick Mikrotik Howto w/WiFiRush

bandwagon, that was insulting and unprofessional! I'm not even going to bother to re compose the message that took me 1/2 hour to write.
Last edited by rwf; 11-27-2013 at 10:23 AM.

Reply With Quote

+ Reply to Thread
Quick Navigation
WiFiRUSH Users Support! Top

Previous Thread | Next Thread

Tags for this Thread mikrotik, routerboard , routeros View Tag Cloud Posting Permissions You may not threads You may not You may not attachments You may not posts post new BB code is On Smilies are On post replies [IMG] code is On post HTML code is Off edit your Forum Rules

-- vB4 Default Style

-- English (US)

Contact Us WiFiRUSH - A Superstring Group LLC. Project Archive Top

All times are GMT -5. The time now is 09:24 AM. Powered by vBulletin Copyright 2000 - 2014, Jelsoft Enterprises Ltd.

http://wifirush.com/forums/showthread.php?2233-Quick-Mikrotik-Howto-w-WiFiRush&p=3764

6/6