YouTube video

1. Connecting the device to the Internet

The router with factory settings should be connected to the Internet on first ethernet port (PoE in). The precedure of restoring factory settings can be found here.

The router needs to be connected to Internet source and, depending on the model, turned on with a proper switch.

2. Accessing the device’s administration panel

The PC should be connected to the second ethernet port of the configured device. It should be receiving from it an IP address from the 192.168.88.2-192.168.88.254 pool.

The router should be accessed by using WinBox software (downloadable at the manufacturer’s website).

After launching the program you will need to find the router on the list and log in using the login admin and leaving the password field empty.

If after logging in a window containing default configuration appears, close it by clicking OK.

3. Device configuration

3.1 Configuring network settings

Interfaces → + → Bridge

name: sw
OK

IP → Addresses → +

Enabled: yes
Address: 10.8.0.1/16
Network: 10.8.0.0
Interface: sw
OK

IP → Pool → +

Name: dhcp_pool_sw
Addresses: 10.8.0.2-10.8.255.254
OK

IP → DHCP Server → +

Name: dhcp_sw
Interface: sw
Lease Time: 3d 00:00:00
Address Pool: dhcp_pool_sw
OK

IP → DHCP Server → Networks → +

Address: 10.8.0.0/16
Gateway: 10.8.0.1
DNS Servers: 10.8.0.1
OK

Bridge → Ports

Remove Interface: wlan1

Bridge → Ports → +

Interface: wlan1
Bridge: sw
OK

3.2 Configuring RADIUS

Click Quick Set and copy the value of “MAC Address” from the “Internet” field.
Go to our file download page, paste the copied Mac Address and download the attachments.
Unpack mikrotik-html.zip file on your computer.
Go back to WinBox, Files → Upload.
Browse to the location where you unpacked mikrotik-html.zip and upload all files inside (login.html, alogin.html, rlogin.html, md5.js, flogin.html) to the router.
IMPORTANT: If your Files section contains a “flash” folder, please place all files inside that folder. Otherwise, the files will be removed on router restart.

Log in to your account in the Panel.
In the “Access Points” tab, press “Add” (upper right corner), paste the MAC address you copied into the form (adding a name is optional) and click “Create”.
In Radius Secret field, click SHOW and copy the content.
Open WinBox again, Radius → +.

Enabled: yes
Service: hotspot
Address: 35.205.62.147
Secret: paste the content copied from Radius Secret in Venue details as described in the previous step
Authentication Port: 31812
Accounting Port: 31813
Timeout: 1000
OK

3.3 Configuring Walled Garden DNS

New Terminal → paste the below commands into the terminal (all commands can be copied and pasted at once)

Pasting will not work with CTRL+V; right click and select Paste instead.

# Social WiFi
/ip hotspot walled-garden
add comment="socialwifi: Allow captive portal main service." dst-host=*.socialwifi.com
add comment="socialwifi: Allow captive portal main service." dst-host=sw-login.com
 
# YouTube widget
 
/ip hotspot walled-garden
add comment="socialwifi: Allow YouTube widget." dst-host=*.youtube.com
add comment="socialwifi: Allow YouTube widget. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.youtube.com." dst-host=youtube-ui.l.google.com
add comment="socialwifi: Allow YouTube widget. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow img.youtube.com." dst-host=ytimg.l.google.com
add comment="socialwifi: Allow YouTube widget." dst-host=*.ytimg.com
add comment="socialwifi: Allow YouTube widget." dst-host=*.googlevideo.com
add comment="socialwifi: Allow YouTube widget." dst-host=yt3.ggpht.com
add comment="socialwifi: Allow YouTube widget. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow yt3.ggpht.com." dst-host=*.l.googleusercontent.com
 
# Facebook remarketing pixel
 
/ip hotspot walled-garden
add comment="socialwifi: Allow Facebook remarketing pixel." dst-host=*.facebook.com
add comment="socialwifi: Allow Facebook remarketing pixel." dst-host=connect.facebook.net
add comment="socialwifi: Allow Facebook remarketing pixel. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow connect.facebook.net." dst-host=*.fbcdn.net
 
# Google remarketing tag
 
/ip hotspot walled-garden
add comment="socialwifi: Allow Google remarketing tag." dst-host=www.googletagmanager.com
add comment="socialwifi: Allow Google remarketing tag. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.googletagmanager.com." dst-host=www-googletagmanager.l.google.com
add comment="socialwifi: Allow Google remarketing tag." dst-host=www.googleadservices.com
add comment="socialwifi: Allow Google remarketing tag. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.googleadservices.com." dst-host=pagead*.l.doubleclick.net
add comment="socialwifi: Allow Google remarketing tag." dst-host=www.google.*
 
# Facebook
 
/ip hotspot walled-garden
add comment="socialwifi: Allow login with Facebook." dst-host=facebook.com
add comment="socialwifi: Allow login with Facebook." dst-host=*.facebook.com
add comment="socialwifi: Allow login with Facebook." dst-host=*.fbcdn.net
 
# Google
 
/ip hotspot walled-garden
add comment="socialwifi: Allow login with Google." dst-host=accounts.google.*
add comment="socialwifi: Allow login with Google. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow accounts.google.co.uk and other regional versions." dst-host=accounts-cctld.l.google.com
add comment="socialwifi: Allow login with Google." dst-host=ssl.gstatic.com
add comment="socialwifi: Allow login with Google." dst-host=fonts.gstatic.com
add comment="socialwifi: Allow login with Google. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow fonts.gstatic.com." dst-host=gstaticadssl.l.google.com
add comment="socialwifi: Allow login with Google." dst-host=fonts.google.com
add comment="socialwifi: Allow login with Google." dst-host=accounts.youtube.com
add comment="socialwifi: Allow login with Google. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow accounts.youtube.com." dst-host=www3.l.google.com
add comment="socialwifi: Allow login with Google." dst-host=content.googleapis.com
add comment="socialwifi: Allow login with Google." dst-host=apis.google.com
add comment="socialwifi: Allow login with Google. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow apis.google.com." dst-host=plus.l.google.com
add comment="socialwifi: Allow login with Google." dst-host=play.google.com
add comment="socialwifi: Allow login with Google." dst-host=www.google.com
 
# LinkedIn
 
/ip hotspot walled-garden
add comment="socialwifi: Allow login with LinkedIn." dst-host=linkedin.com
add comment="socialwifi: Allow login with LinkedIn." dst-host=*.linkedin.com
add comment="socialwifi: Allow login with LinkedIn. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.linkedin.com." dst-host=*.l-msedge.net
add comment="socialwifi: Allow login with LinkedIn. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.linkedin.com." dst-host=*.dc-msedge.net
add comment="socialwifi: Allow login with LinkedIn." dst-host=*.licdn.com
add comment="socialwifi: Allow login with LinkedIn. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow static-exp1.licdn.com." dst-host=*.epsiloncdn.net
add comment="socialwifi: Allow login with LinkedIn. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow static-exp1.licdn.com." dst-host=*.akamai.net
 
# Twitter
 
/ip hotspot walled-garden
add comment="socialwifi: Allow login with Twitter." dst-host=twitter.com
add comment="socialwifi: Allow login with Twitter." dst-host=api.twitter.com
add comment="socialwifi: Allow login with Twitter. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow api.twitter.com." dst-host=*.twitter.com
add comment="socialwifi: Allow login with Twitter." dst-host=*.twimg.com
add comment="socialwifi: Allow login with Twitter. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow abs.twimg.com, pbs.twimg.com." dst-host=*.edgecastcdn.net
add comment="socialwifi: Allow login with Twitter. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow abs.twimg.com, pbs.twimg.com." dst-host=*.akahost.net
 
/

3.4 Configuring Captive Portal / Hotspot

IP → Hotspot → Server Profiles → default (click twice to access settings)

(in General tab) DNS Name: logging.sw.com
(in General tab) HTML Directory: change name to . (period) (IMPORTANT: If your Files section contains a “flash” folder, make sure this field says “flash/.” without question marks)

(in Login tab) Login By: HTTP PAP (uncheck the rest)

(in RADIUS tab) Use RADIUS: yes

OK

IP → Hotspot → Servers → +

Name: socialwifi
Interface: sw
Address Pool: dhcp_pool_sw
Idle Timeout: 00:05:00
Addresses Per MAC: (empty) (remove value)
OK

IP → Hotspot → User Profile – Default

Keepalive Timeout: 03:00:00

OK

4. Configuring WiFi networks

Interfaces → Wlan1 → Wireless (click twice to access settings) → change SSID to Social WiFiGuest Network or whatever works for you and your customers.
OK

5. Reboot

After fulfilling all of the above steps, you will need to restart the device.

System → Reboot
After restarting the device, the visible WLAN network will use Social WiFi to log in users.

Tags

Comments are closed