Create a Hotspot Gateway with RouterOS

In this tutorial, we will show you how to set up an integrated hotspot gateway, as well as how to customize and work with the captive portal.

In this tutorial, we will show you how to set up an integrated hotspot gateway, as well as how to customize and work with the captive portal.

In the previous articles about RouterOS, we showed you how to turn a computer into a LAN, enterprise or advanced router.

Create a Hotspot Gateway with RouterOS Picture 1 Create a Hotspot Gateway with RouterOS Picture 1 In the article Turn an old computer into a LAN Server with RouterOS - Part 1, you were introduced to how to install Linux software, perform some initial configuration.

In part two, I showed you how to set up a DHCP server to manage IP addresses, enable NAT to share the Internet, and configure the wireless interface to access Wi-Fi.

Now you can experience the hotspot features. If you want to provide wireless Internet to public users, this is a guide that will help you do that.

Configure Hotspot Server

First, make sure that you have configured the Internet connection on its interface and created an IP on another interface for the LAN / hotspot. (We introduced this in Part 1 of this series related to RouterOS).

Now you can configure a hotspot server on the LAN / hotspot interface with the WinBox utility. Follow the steps below:

Click IP > Hotspot .
Click the Hotspot Setup button to open the wizard.
Select the interface to which the switch or AP for the hotspot network will be connected, and then click Next .
Verify IP for the server, use the IP you created for the LAN / hotspot interface, click Next .
Verify the IP address automatically selected for the hotspot user and click Next .
Ignore the server interface setup, at least for now and click Next .

Best to secure the hotspot login pages you should use SSL encryption when users log in with unique accounts; otherwise account certificates will be easily detected on the network.

If you do not run your own SMTP email server or are using a service, skip the setup and click Next .

To prevent others from sending invalid emails from your Internet connection, you can block the port used for outgoing email.

However, users are not required to only use web mail applications, you can parse your SMTP server to get better performance, while still preventing being sent tons of junk email. .

Verify that the DNS server address from the Internet connection has been entered and click Next .
If you prefer users to see the DNS name (domain) replacing the gateway's IP address when logging in, you can create a domain here and click Next .

You can simply change the domain name, such as hotspot.yourcompanyname.com . If you don't enter anything, your IP address will automatically be used.

Finally, create a hotspot user so you can log in, then click Next .

After completing the Hotspot Setup Wizard, you will receive a disconnect prompt from WinBox. That means the hotspot captive portal is working. To receive network and Internet access, you must log in with the account you created through the web browser.

Enable SSL encryption

If you want to encrypt hotspot sites because you might require accounts on your hotspot, the best way in this case is to buy a certain appraisal (CA) certificate instead of Create and use free certificates. This is because users will see an error / warning in their web browser unless your hotspot server uses a certificate issued by a CA and is recognized by their browsers.

To get started, you must create a certificate request (CSR) with RouterOS via the command line, at the server or with a new terminal window in WinBox.
Run the following command:

 / certificate create-certificate-request

You will be prompted to enter a name for the file to which the CSR and private key will be written; The default file name is better in this case.

You also need to create a password for the private key. Next, use the bit value of the default RSA key. You will then be asked some questions of CSR.

Now you need to download the private key and CSR files with the FTP client, such as FileZilla, by connecting to RouterOS IP with your administrator account credentials.

It is possible to use CSR to place certificates from a CA, such as GoDaddy, RapidSSL orThawte.

When there is a certificate issued from a CA, upload it via FTP. Then run the following command:

 / certificate import file-name = thecertificatesfilename

Then type the password you set when creating the CSR.

On WinBox, you need to click IP > Services . Then double-click on the www-ssl item, select the certificate and click OK .

Go back to the IP Service List , click the www-ssl entry and click the check button to activate it.

Now enable SSL for the hotspot, edit the hotspot server profile to enable HTTPS login and choose your certificate.

Change Login and Hotspot pages

You should change the login and other hotspot pages, such as adding a company name or welcome message, or even embedding it in logos and images. Some knowledge about HTML will help you a lot.

To download and upload HTML files from RouterOS, you can use an FTP client, such as FileZilla and connect to RouterOS IP with your administrator account data.

Tip : When logging in or out to test the login page, you can automatically log in and not see the hotspot pages. To avoid this, you can open the Hotspot Server Profile in WinBox and disable the Login By Cookie option.

If you like users to be redirected to a site or a site after logging in, then you need to edit the login.html file to replace $ (link-orig) with a complete URL. This is the default value for the hidden dst (destination) attribute within the Form tags.

If you want to link locations on the Internet, including images, you must add their domain to the Walled Garden list in order for users to access them before logging in. You can do that by name of a tab of the Hotspot window in WinBox.