Mikrotik Hotspot

HW INFO:

-Mikrotik SXTG-2HNd

WAN IP: 10.0.10.229/24

WIFI IP: 192.168.88.1/24

> ip address print

Flags: X – disabled, I – invalid, D – dynamic

 #   ADDRESS            NETWORK         INTERFACE

 0   10.0.10.229/24     10.0.10.0       ether1

 1   192.168.88.1/24    192.168.88.0    wlan1

/ip route

add distance=1 gateway=10.0.10.1

/system ntp client

set enabled=yes primary-ntp=203.160.128.59

/ip dhcp-server network

add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 \

    netmask=24

/ip dns

set allow-remote-requests=yes servers=8.8.8.8,8.8.4.

/ip firewall nat

add action=masquerade chain=srcnat out-interface=ether1

click IP/Hotspot/Servers

click Hotspot Setup

click IP/Hotspot/Servers/hotspot1

click IP/Hotspot/Server Profiles/hsprof1/

click + on IP/Hotspot/User Profiles

create hotspot user

click + on IP/Hotspot/Users

To enable self-signed certificate

> ip service print

Flags: X – disabled, I – invalid

 #   NAME        PORT ADDRESS                                          CERTIFICATE

 0 XI telnet        23

 1   ftp           21

 2   www           80

 3   ssh           22

 4 XI www-ssl      443                                                  none

 5   api         8728

 6   winbox      8291

 7   api-ssl     8729                                                  none

> ip service disable 0

> ip service disable 1

> ip service enable 4

create self-signed

# openssl genrsa -des3 -out hotspot.key 1024

Enter pass phrase for hotspot.key: password

Verifying – Enter pass phrase for hotspot.key: password

# openssl req -new -key hotspot.key -out hotspot.csr

Enter pass phrase for hotspot.key: password

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [AU]:ID

State or Province Name (full name) [Some-State]:JKT

Locality Name (eg, city) []:Jakarta

Organization Name (eg, company) [Internet Widgits Pty Ltd]:NGTrain

Organizational Unit Name (eg, section) []:IT

Common Name (e.g. server FQDN or YOUR name) []:hs.ngtrain.com

Email Address []:support@ngtrain.com

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:password

An optional company name []:

# openssl x509 -req -days 10000 -in hotspot.csr -signkey hotspot.key -out hotspot.crt

Signature ok

subject=/C=ID/ST=JKT/L=Jakarta/O=NGTrain/OU=IT/CN=hs.ngtrain.com/emailAddress=support@ngtrain.com

Getting Private key

Enter pass phrase for hotspot.key: password

-scp hotspot.crt hotspot.key into mikrotik /hotspot

> /certificate import file-name=hotspot/hotspot.crt

passphrase: ********

     certificates-imported: 1

     private-keys-imported: 0

            files-imported: 1

       decryption-failures: 0

  keys-with-no-certificate: 0

> /certificate import file-name=hotspot/hotspot.key

passphrase: ********

     certificates-imported: 0

     private-keys-imported: 1

            files-imported: 1

       decryption-failures: 0

  keys-with-no-certificate: 0

/ip service set www-ssl certificate=hotspot.crt_0

-if you don’t have your own dns server, you can add static dns address for hs.ngtrain.com into your mikrotik

> ip dns static add name=hs.ngtrain.com address=192.168.88.1

verify using this command

> ip dns cache print

-modify IP/Hotspot/Server Profiles/hsprof1/

Advertisements