Configure hotspot servers
First, make sure that you have configured the Internet connection at the hotspot interface and created an IP address for LAN/hotspot at the other interface.
Now, use the WinBox tool to configure a hotspot server at the LAN/hotspot interface. The procedure is as follows:
1. Click IP> hotspot.
2. Click the hotspot Settings button to open the wizard.
3. Select the vswitch or access point in the hotspot network to connect to, and then click Next.
4. Verify the Server IP address, which is the address previously created for the LAN/hotspot interface, and then click Next.
5. Verify the automatically generated hotspot user IP Range and click Next.
6. Temporarily ignore server certificate settings. It is best to use SSL encryption technology to ensure the security of the hotspot login page, so that the account used for logon is unique. Otherwise, criminals can easily pass the certificate verification.
7. If you are running your own SMTP mail server or using a service, you can ignore the settings and click Next. To prevent users from sending spam and illegal emails from your Internet connection, you can intercept the port used to output emails. In this way, you can only use a Web-based email application to send emails, and you can list SMTP servers that can better control usage to prevent them from sending a large number of emails.
8. Verify the DNS server address and click Next.
9. If you want to see the DNS name rather than the gateway IP address during login, create a DNS name in this step and click Next. You can write a domain name, such as hotspot.companyname.com. If no information is entered, the IP address is displayed automatically.
10. Finally, create a hotspot user for login and click Next.
After the hotspot creation wizard is complete, the command prompt for disconnecting is displayed in WinBox. This means that the hotspot static portal is playing a role. To connect to the Internet, you must log on with the account you just created in the Web browser.
Enable SSL encryption
Because the hotspot requires the user to pay or use a specific account, you certainly want to encrypt the hotspot page. It is best to use a certificate approved by the Certification Center instead of creating a free certificate on your own. Because the hotspot server does not use the certificate from the authentication center, the user will see the warning information in the Web browser.
First, you must use RouterOS on the server computer through the command line to create a certificate (CSR) marked with a request, or you can use a new terminal window in WinBox.
Run the following command:
/certificate create-certificate-request |
The system will prompt you to enter the name of the file into which the CSR and key will be written. The default file name can also be used.
You can also create a secret for the key. Next, use the default RSA key bit value. Then the system will ask General CSR questions. Now, you need to connect the Administrator account creden。 to the Router IP and download the CSR and the key file with the FTP client. You can use CSR to order certificates from the Certification Center. After the certificate is signed, upload the certificate through FTP and run the following command:
/certificate import file-name=thecertificatesfilename |
Then, you must enter the password created when the CSR is created.
On WinBox, click IP> Services. Double-click the www-ssl entry, select the certificate, and click OK.
Return to the IP Services list, take your www-ssl entry, and click the hook icon to enable this function. Now enable SSL, edit the hotspot server configuration file, allow HTTPS login and select a certificate.
Change login and hotspot pages
You may want to change the login page or other hotspot pages, such as adding a company name or welcome page, or even adding a trademark or image that will pop up. Understanding the necessary HTML knowledge is helpful.
You can use an FTP client to download or upload HTML files from RouterOS, and then connect to the RouterOS IP address using the Administrator account creden. Note: When you log on to the logout test logon page, you may log on automatically and cannot see the hotspot page. To avoid this problem, you can open the hotspot server configuration file in WinBox and disable the Login By Cookie option.
If you want the user to be directed to a page or site after the login, You can edit the login.html file and replace $ (link-orig) with a complete URL Connection ). This is the default value of terminal hidden attributes in form labels. If you want to link a location on the Internet, including images, you must add its domains to the Walled Garden list to ensure that users can access the links before logon. You can find this function in the WinBox hotspot window tab.