Mikrotik Hotspot

HW INFO:
-Mikrotik SXTG-2HNd
WAN IP: 10.0.10.229/24
WIFI IP: 192.168.88.1/24
> ip address print
Flags: X – disabled, I – invalid, D – dynamic
 #   ADDRESS            NETWORK         INTERFACE
 0   10.0.10.229/24     10.0.10.0       ether1
 1   192.168.88.1/24    192.168.88.0    wlan1
/ip route
add distance=1 gateway=10.0.10.1
/system ntp client
set enabled=yes primary-ntp=203.160.128.59
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 \
    netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.
/ip firewall nat

add action=masquerade chain=srcnat out-interface=ether1

click IP/Hotspot/Servers
click Hotspot Setup
Image.png
Image.png
Image.png
Image.png
Image.png
Image.png
Image.png

Image.png

click IP/Hotspot/Servers/hotspot1

Image.png

click IP/Hotspot/Server Profiles/hsprof1/
Image.png

Image.png

click + on IP/Hotspot/User Profiles

Image.png

create hotspot user
click + on IP/Hotspot/Users

Image.png

To enable self-signed certificate
> ip service print
Flags: X – disabled, I – invalid
 #   NAME        PORT ADDRESS                                          CERTIFICATE
 0 XI telnet        23
 1   ftp           21
 2   www           80
 3   ssh           22
 4 XI www-ssl      443                                                  none
 5   api         8728
 6   winbox      8291
 7   api-ssl     8729                                                  none
> ip service disable 0
> ip service disable 1

> ip service enable 4

create self-signed
# openssl genrsa -des3 -out hotspot.key 1024
Enter pass phrase for hotspot.key: password

Verifying – Enter pass phrase for hotspot.key: password

# openssl req -new -key hotspot.key -out hotspot.csr
Enter pass phrase for hotspot.key: password
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:JKT
Locality Name (eg, city) []:Jakarta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:NGTrain
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:hs.ngtrain.com
Email Address []:support@ngtrain.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:password

An optional company name []:

# openssl x509 -req -days 10000 -in hotspot.csr -signkey hotspot.key -out hotspot.crt
Signature ok
subject=/C=ID/ST=JKT/L=Jakarta/O=NGTrain/OU=IT/CN=hs.ngtrain.com/emailAddress=support@ngtrain.com
Getting Private key

Enter pass phrase for hotspot.key: password

-scp hotspot.crt hotspot.key into mikrotik /hotspot
> /certificate import file-name=hotspot/hotspot.crt
passphrase: ********
     certificates-imported: 1
     private-keys-imported: 0
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0
> /certificate import file-name=hotspot/hotspot.key
passphrase: ********
     certificates-imported: 0
     private-keys-imported: 1
            files-imported: 1
       decryption-failures: 0

  keys-with-no-certificate: 0

/ip service set www-ssl certificate=hotspot.crt_0

-if you don’t have your own dns server, you can add static dns address for hs.ngtrain.com into your mikrotik
> ip dns static add name=hs.ngtrain.com address=192.168.88.1
verify using this command

> ip dns cache print

-modify IP/Hotspot/Server Profiles/hsprof1/
13-May 19.12.46.jpg
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s