Winbox

Compatibility

Social WiFi has been tested and is proven to work on the following configurations:

RouterOS versions:

6.x
7.5 and newer, tested up to 7.12.1 (hotspot doesn’t work on RouterOS 7.x below version 7.5)

The router should be accessed by using WinBox software (downloadable at the manufacturer’s website).

If you are configuring on Mac, you should download this alternative software designed for macOS.

Connecting the device to the Internet

The router with factory settings should be connected to the Internet on first ethernet port (PoE in). The procedure of restoring factory settings can be found here.

The router needs to be connected to Internet source and, depending on the model, turned on with a proper switch.

Accessing the device’s administration panel

The PC should be connected to the second ethernet port of the device you are configuring. It should be receiving from it an IP address from the 192.168.88.2-192.168.88.254 pool.

After launching the program you will need to find the router on the list and log in using the login admin and leaving the password field empty.

If after logging in a window containing default configuration appears, press ENTER and close the window of the terminal

Device configuration

Configuring network settings

Interfaces → + → Bridge

Name	sw
OK

Name

IP → Addresses → +

Address	10.8.0.1/16
Network	10.8.0.0
Interface	sw
OK

Address

10.8.0.1/16

Network

10.8.0.0

Interface

IP → Pool → +

Name	dhcp_pool_sw
Addresses	10.8.0.2-10.8.255.254
OK

Name

dhcp_pool_sw

Addresses

10.8.0.2-10.8.255.254

IP → DHCP Server → +

Name	dhcp_sw
Interface	sw
Lease Time	3d 00:00:00
Address Pool	dhcp_pool_sw
OK

Name

dhcp_sw

Interface

Lease Time

3d 00:00:00

Address Pool

dhcp_pool_sw

IP → DHCP Server → Networks → +

Address	10.8.0.0/16
Gateway	10.8.0.1
OK

Address

10.8.0.0/16

Gateway

10.8.0.1

Bridge → Ports

Remove Interface: wlan1

You can remove an Interface by clicking on it once and selecting the — (minus) icon in the bar above the list.

In case there is no wlan1 interface visible, it most likely means your MikroTik doesn’t provide WiFi by itself and you are going to need some access points connected to it. Please skip all the steps mentioning wlan1 and follow the guide on adding additional Access Points after finishing this guide.

Bridge → Ports → +

Interface	wlan1
Bridge	sw
OK

Interface

wlan1

Bridge

Configuring RADIUS

In order for Social WiFi to work you need to upload the files to your MikroTik device. To do that, please open the New Terminal window:

Copy and paste the following script to the terminal:

{ 
    :local downloadEndpoint "https://login.socialwifi.com/installation/mikrotik/download";
    :local fileNames {"login.html"; "rlogin.html"; "alogin.html"; "flogin.html"; "md5.js"}
    :local destinationDirectory "";
    :if ([:len [/file find name="flash" type="disk"]] > 0) do={
        :set destinationDirectory "/flash/";
    }
    :local ether1Mac ([/interface get [find name="ether1"]]->"mac-address");
    :foreach fileName in=$fileNames do={
        :put "Downloading file: $downloadEndpoint/$fileName\?mac=$ether1Mac"
        /tool fetch url="$downloadEndpoint/$fileName\?mac=$ether1Mac" dst-path="$destinationDirectory$fileName"
    }
}

After running the script files have downloaded automatically.

In the “Access Points” tab, press “Add” (upper right corner), paste the MAC address you copied into the form (adding a name is optional) and click “Create”.

In Radius Secret field, click SHOW and copy the content.

Open WinBox again, Radius → +.

Service	hotspot
Address	35.205.62.147
Secret	Paste the content copied from Radius Secret in Social WiFi dashboard as described in the previous step
Authentication Port	31812
Accounting Port	31813
Timeout	1000
OK

Service

hotspot

Address

35.205.62.147

Secret

Paste the content copied from Radius Secret in Social WiFi dashboard as described in the previous step

Authentication Port

31812

Accounting Port

31813

Timeout

1000

Configuring Walled Garden DNS

New Terminal → paste the below commands into the terminal (all commands can be copied and pasted at once)

Pasting will not work with CTRL+V; right click and select Paste instead.

Copy all of the below section

# Social WiFi

/ip hotspot walled-garden 
add comment="socialwifi: Allow captive portal main service." dst-host=*.socialwifi.com 
add comment="socialwifi: Allow captive portal main service." dst-host=sw-login.com

# YouTube widget

/ip hotspot walled-garden
add comment="socialwifi: Allow YouTube widget." dst-host=*.youtube.com
add comment="socialwifi: Allow YouTube widget. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.youtube.com." dst-host=youtube-ui.l.google.com
add comment="socialwifi: Allow YouTube widget. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow img.youtube.com." dst-host=ytimg.l.google.com
add comment="socialwifi: Allow YouTube widget." dst-host=*.ytimg.com
add comment="socialwifi: Allow YouTube widget." dst-host=*.googlevideo.com
add comment="socialwifi: Allow YouTube widget." dst-host=yt3.ggpht.com
add comment="socialwifi: Allow YouTube widget. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow yt3.ggpht.com." dst-host=*.l.googleusercontent.com

# Facebook remarketing pixel

/ip hotspot walled-garden
add comment="socialwifi: Allow Facebook remarketing pixel." dst-host=*.facebook.com
add comment="socialwifi: Allow Facebook remarketing pixel." dst-host=connect.facebook.net
add comment="socialwifi: Allow Facebook remarketing pixel. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow connect.facebook.net." dst-host=*.fbcdn.net

# Google remarketing tag

/ip hotspot walled-garden
add comment="socialwifi: Allow Google remarketing tag." dst-host=www.googletagmanager.com
add comment="socialwifi: Allow Google remarketing tag. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.googletagmanager.com." dst-host=www-googletagmanager.l.google.com
add comment="socialwifi: Allow Google remarketing tag." dst-host=www.googleadservices.com
add comment="socialwifi: Allow Google remarketing tag. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.googleadservices.com." dst-host=pagead*.l.doubleclick.net
add comment="socialwifi: Allow Google remarketing tag." dst-host=www.google.*

# Facebook

/ip hotspot walled-garden
add comment="socialwifi: Allow login with Facebook." dst-host=facebook.com
add comment="socialwifi: Allow login with Facebook." dst-host=*.facebook.com
add comment="socialwifi: Allow login with Facebook." dst-host=*.fbcdn.net

# Google

/ip hotspot walled-garden
add comment="socialwifi: Allow login with Google." dst-host=accounts.google.*
add comment="socialwifi: Allow login with Google. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow accounts.google.co.uk and other regional versions." dst-host=accounts-cctld.l.google.com
add comment="socialwifi: Allow login with Google." dst-host=ssl.gstatic.com
add comment="socialwifi: Allow login with Google." dst-host=fonts.gstatic.com
add comment="socialwifi: Allow login with Google. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow fonts.gstatic.com." dst-host=gstaticadssl.l.google.com
add comment="socialwifi: Allow login with Google." dst-host=fonts.google.com
add comment="socialwifi: Allow login with Google." dst-host=accounts.youtube.com
add comment="socialwifi: Allow login with Google. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow accounts.youtube.com." dst-host=www3.l.google.com
add comment="socialwifi: Allow login with Google." dst-host=content.googleapis.com
add comment="socialwifi: Allow login with Google." dst-host=apis.google.com
add comment="socialwifi: Allow login with Google. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow apis.google.com." dst-host=plus.l.google.com
add comment="socialwifi: Allow login with Google." dst-host=play.google.com
add comment="socialwifi: Allow login with Google." dst-host=www.google.com

# LinkedIn

/ip hotspot walled-garden
add comment="socialwifi: Allow login with LinkedIn." dst-host=linkedin.com
add comment="socialwifi: Allow login with LinkedIn." dst-host=*.linkedin.com
add comment="socialwifi: Allow login with LinkedIn. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.linkedin.com." dst-host=*.l-msedge.net
add comment="socialwifi: Allow login with LinkedIn. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.linkedin.com." dst-host=*.dc-msedge.net
add comment="socialwifi: Allow login with LinkedIn." dst-host=*.licdn.com
add comment="socialwifi: Allow login with LinkedIn. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow static-exp1.licdn.com." dst-host=*.epsiloncdn.net
add comment="socialwifi: Allow login with LinkedIn. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow static-exp1.licdn.com." dst-host=*.akamai.net

# Twitter

/ip hotspot walled-garden
add comment="socialwifi: Allow login with Twitter." dst-host=twitter.com
add comment="socialwifi: Allow login with Twitter." dst-host=api.twitter.com
add comment="socialwifi: Allow login with Twitter. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow api.twitter.com." dst-host=*.twitter.com
add comment="socialwifi: Allow login with Twitter." dst-host=*.twimg.com
add comment="socialwifi: Allow login with Twitter. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow abs.twimg.com, pbs.twimg.com." dst-host=*.edgecastcdn.net
add comment="socialwifi: Allow login with Twitter. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow abs.twimg.com, pbs.twimg.com." dst-host=*.akahost.net

/

Configuring Captive Portal / Hotspot

IP → Hotspot → Server Profiles → default (click twice to access settings)

(in General tab) DNS Name logging.sw.com

(in General tab) DNS Name	logging.sw.com
(in General tab) HTML Directory	change name to `.` (period) (If your Files section contains a “flash” folder, make sure this field says “flash/.” without question marks)

(in General tab) HTML Directory

change name to . (period) (If your Files section contains a “flash” folder, make sure this field says “flash/.” without question marks)

You can change the name of the directory by highlighting the previously set name and typing over it.

(in Login tab) Login By: HTTP PAP (uncheck everything else)

(in RADIUS tab) Use RADIUS: yes

Click OK

IP → Hotspot → Servers → +

Name	socialwifi
Interface	sw
Address Pool	none
Idle Timeout	00:05:00
Addresses Per MAC	(remove value and leave empty)
OK

Name

socialwifi

Interface

Address Pool

none

Idle Timeout

00:05:00

Addresses Per MAC

(remove value and leave empty)

IP → Hotspot → User Profiles → default (click twice on the position on the list to access its settings)

Keepalive Timeout

3d 00:00:00

Click OK

Configuring WiFi networks

Interfaces → wlan1 (click twice on the position on the list to access its settings) → Wireless → change SSID to Social WiFi, Guest Network or whatever works for you and your customers. Click OK