If you are configuring on Mac, you should download this alternative software designed for macOS.
Connecting the device to the Internet
The router with factory settings should be connected to the Internet on first ethernet port (PoE in). The procedure of restoring factory settings can be found here.
The router needs to be connected to Internet source and, depending on the model, turned on with a proper switch.
Accessing the device’s administration panel
The PC should be connected to the second ethernet port of the device you are configuring. It should be receiving from it an IP address from the 192.168.88.2-192.168.88.254 pool.
After launching the program you will need to find the router on the list and log in using the login admin and leaving the password field empty.
If after logging in a window containing default configuration appears, press ENTER and close the window of the terminal
Device configuration
Interfaces → + → Bridge
Name
sw
OK
IP → Addresses → +
Address
10.8.0.1/16
Network
10.8.0.0
Interface
sw
OK
IP → Pool → +
Name
dhcp_pool_sw
Addresses
10.8.0.2-10.8.255.254
OK
IP → DHCP Server → +
Name
dhcp_sw
Interface
sw
Lease Time
3d 00:00:00
Address Pool
dhcp_pool_sw
OK
IP → DHCP Server → Networks → +
Address
10.8.0.0/16
Gateway
10.8.0.1
OK
Bridge → Ports → +
Interface
wlan1
Bridge
sw
OK
In case there is no wlan1 interface visible, it most likely means your MikroTik doesn’t provide WiFi by itself and you are going to need some access points connected to it. Please skip all the steps mentioning wlan1 and follow the guide on adding additional Access Points after finishing this guide.
If you wish to broadcast WiFi from an external Access Point, not directly from MikroTik, change wlan1 interface to ether3 in the following instructions. Also, make sure to connect your External Access Point to the ether3 port in your MikroTik device.
Configuring RADIUS
In order for Social WiFi to work you need to upload the files to your MikroTik device. To do that, please open the New Terminal window:
Copy and paste the following script to the terminal:
After running the script files have downloaded automatically.
Now, from the menu on the left select RADIUS → +.
Service
hotspot
Address
35.205.62.147
Secret
Paste the content copied from Radius Secret in Social WiFi dashboard as described in the previous step
Authentication Port
31812
Accounting Port
31813
Timeout
1000
Accounting Backup
Unchecked
Require Message Auth
yes for request resp (This field is only in RouterOS versions above 7.13. If you're using a lower version, you won't see it.)
OK
Configuring Walled Garden DNS
New Terminal → paste the below commands into the terminal (all commands can be copied and pasted at once)
Pasting will not work with CTRL+V; right click and select Paste instead.
Copy all of the below section
# Social WiFi
/ip hotspot walled-garden
add comment="socialwifi: Allow captive portal main service." dst-host=*.socialwifi.com
add comment="socialwifi: Allow captive portal main service." dst-host=sw-login.com
# YouTube widget
/ip hotspot walled-garden
add comment="socialwifi: Allow YouTube widget." dst-host=*.youtube.com
add comment="socialwifi: Allow YouTube widget. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.youtube.com." dst-host=youtube-ui.l.google.com
add comment="socialwifi: Allow YouTube widget. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow img.youtube.com." dst-host=ytimg.l.google.com
add comment="socialwifi: Allow YouTube widget." dst-host=*.ytimg.com
add comment="socialwifi: Allow YouTube widget." dst-host=*.googlevideo.com
add comment="socialwifi: Allow YouTube widget." dst-host=yt3.ggpht.com
add comment="socialwifi: Allow YouTube widget. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow yt3.ggpht.com." dst-host=*.l.googleusercontent.com
# Facebook remarketing pixel
/ip hotspot walled-garden
add comment="socialwifi: Allow Facebook remarketing pixel." dst-host=*.facebook.com
add comment="socialwifi: Allow Facebook remarketing pixel." dst-host=connect.facebook.net
add comment="socialwifi: Allow Facebook remarketing pixel. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow connect.facebook.net." dst-host=*.fbcdn.net
# Google remarketing tag
/ip hotspot walled-garden
add comment="socialwifi: Allow Google remarketing tag." dst-host=www.googletagmanager.com
add comment="socialwifi: Allow Google remarketing tag. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.googletagmanager.com." dst-host=www-googletagmanager.l.google.com
add comment="socialwifi: Allow Google remarketing tag." dst-host=www.googleadservices.com
add comment="socialwifi: Allow Google remarketing tag. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.googleadservices.com." dst-host=pagead*.l.doubleclick.net
add comment="socialwifi: Allow Google remarketing tag." dst-host=www.google.*
# Facebook
/ip hotspot walled-garden
add comment="socialwifi: Allow login with Facebook." dst-host=facebook.com
add comment="socialwifi: Allow login with Facebook." dst-host=*.facebook.com
add comment="socialwifi: Allow login with Facebook." dst-host=*.fbcdn.net
# Google
/ip hotspot walled-garden
add comment="socialwifi: Allow login with Google." dst-host=accounts.google.*
add comment="socialwifi: Allow login with Google. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow accounts.google.co.uk and other regional versions." dst-host=accounts-cctld.l.google.com
add comment="socialwifi: Allow login with Google." dst-host=ssl.gstatic.com
add comment="socialwifi: Allow login with Google." dst-host=fonts.gstatic.com
add comment="socialwifi: Allow login with Google. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow fonts.gstatic.com." dst-host=gstaticadssl.l.google.com
add comment="socialwifi: Allow login with Google." dst-host=fonts.google.com
add comment="socialwifi: Allow login with Google." dst-host=accounts.youtube.com
add comment="socialwifi: Allow login with Google. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow accounts.youtube.com." dst-host=www3.l.google.com
add comment="socialwifi: Allow login with Google." dst-host=content.googleapis.com
add comment="socialwifi: Allow login with Google." dst-host=apis.google.com
add comment="socialwifi: Allow login with Google. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow apis.google.com." dst-host=plus.l.google.com
add comment="socialwifi: Allow login with Google." dst-host=play.google.com
add comment="socialwifi: Allow login with Google." dst-host=www.google.com
# LinkedIn
/ip hotspot walled-garden
add comment="socialwifi: Allow login with LinkedIn." dst-host=linkedin.com
add comment="socialwifi: Allow login with LinkedIn." dst-host=*.linkedin.com
add comment="socialwifi: Allow login with LinkedIn. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.linkedin.com." dst-host=*.l-msedge.net
add comment="socialwifi: Allow login with LinkedIn. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.linkedin.com." dst-host=*.dc-msedge.net
add comment="socialwifi: Allow login with LinkedIn." dst-host=*.licdn.com
add comment="socialwifi: Allow login with LinkedIn. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow static-exp1.licdn.com." dst-host=*.epsiloncdn.net
add comment="socialwifi: Allow login with LinkedIn. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow static-exp1.licdn.com." dst-host=*.akamai.net
# Twitter
/ip hotspot walled-garden
add comment="socialwifi: Allow login with Twitter." dst-host=twitter.com
add comment="socialwifi: Allow login with Twitter." dst-host=api.twitter.com
add comment="socialwifi: Allow login with Twitter. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow api.twitter.com." dst-host=*.twitter.com
add comment="socialwifi: Allow login with Twitter." dst-host=*.twimg.com
add comment="socialwifi: Allow login with Twitter. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow abs.twimg.com, pbs.twimg.com." dst-host=*.edgecastcdn.net
add comment="socialwifi: Allow login with Twitter. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow abs.twimg.com, pbs.twimg.com." dst-host=*.akahost.net
/
Configuring Captive Portal / Hotspot
IP → Hotspot → Server Profiles → default (click twice to access settings)
(in General tab) DNS Name
logging.sw.com
(in General tab) HTML Directory
change name to . (period) (If your Files section contains a “flash” folder, make sure this field says “flash/.” without question marks)
You can change the name of the directory by highlighting the previously set name and typing over it.
(in Login tab) Login By: HTTP PAP (uncheck everything else)
(in RADIUS tab) Use RADIUS: yes
Click OK
IP → Hotspot → Servers → +
Name
socialwifi
Interface
sw
Address Pool
none
Idle Timeout
00:05:00
Addresses Per MAC
(remove value and leave empty)
OK
Now, go to User Profiles tab and double click on default to edit. Set Keepalive Timeout to 3d 00:00:00.
Adding the MikroTik MAC address to the Social WiFi Dashboard.
The MAC address can be found in Interfaces -> ether1 (double click) -> MAC Address.
Copy the value from the "MAC Address" field and paste it in the Social WiFi panel. To do so, log in to your account in the Social WiFi Dashboard. In the “Access Points” tab, press “Add” (upper right corner), paste the MAC address you copied into the form (adding a name is optional) and click “Create”.