Hi, everyone!
I'm experienced with LINUX, Cisco ASA, and small office networks but totally new to Mikrotik.
Following a very detailed tutorial posted by Steve Mitchell on the Seabits forum, I built this setup for a friend's boat:
Marina wifi (source) - - - mast-mounted Mikrotik Groove52ac quickset as CPE (specifically station mode) === interior wifi router (set up as typical wifi router) - - laptops + phones
The marina wifi issues an IP to the Groove52ac via DHCP, the Groove52ac issues an IP to the interior wifi router via DHCP, and the interior wifi router issues an IP to the laptop via DHCP. There is NAT at every step too, and the Groove52ac is doing MAC masquerading.
The overall behavior is basically like a pocket travel router but split into two devices to be mounted on a vehicle such as a boat or RV, with the Groove52ac mounted outside and the second wifi router mounted inside.
The current setup as described works great--until we run into a source with a captive portal. Usually the captive portal is very simple: check a box to indicate agreement with the terms of service, then click a button, and they let the device through. Sometimes they require a password and sometimes not, either to connect to the SSID first or to the captive portal second.
What would I have to do to get the above two-device setup working with captive portals? I have found a handful of forum threads asking about the two-device approach but with no solution; there is one post for a Mikrotik user with an RV that is solved but he has a single device, and a single device solution won't work for us. We are open to buying a second Mikrotik router, probably an hAP, to serve as the interior wifi router, if doing so helps solve the problem.
---
The intended behavior is for the user with laptop to use QuickSet to easily connect the Groove52ac to the marina/cafe/hotel wifi with or without a WPA2 password, then attempt to visit any website, and then the captive portal from the source gets passed through the two devices to the laptop or phone, where they can click the checkbox and the button, maybe type in a password, and start browsing the web.
We don't actually care if one or both of the network devices is set up in routing or bridging mode. Right now the Groove52ac is in station mode and the generic wifi router is in router mode.
We do want to hide four or five endpoint devices behind the two network devices such that the source can't limit the number of devices (such as hotels do), so at least one of the two devices probably has to be in routing mode with NAT and MAC masquerading going on.
It might not be practical to use the method of first connecting with a laptop or phone, then cloning the MAC address of the laptop/phone into the Groove52ac, since it might be too difficult for the non-techie boat owner to execute. I need to be able to teach him a straightforward flowchart: if this, then do that, if not, then do this.
Thanks in advance for any help!
I'm experienced with LINUX, Cisco ASA, and small office networks but totally new to Mikrotik.
Following a very detailed tutorial posted by Steve Mitchell on the Seabits forum, I built this setup for a friend's boat:
Marina wifi (source) - - - mast-mounted Mikrotik Groove52ac quickset as CPE (specifically station mode) === interior wifi router (set up as typical wifi router) - - laptops + phones
The marina wifi issues an IP to the Groove52ac via DHCP, the Groove52ac issues an IP to the interior wifi router via DHCP, and the interior wifi router issues an IP to the laptop via DHCP. There is NAT at every step too, and the Groove52ac is doing MAC masquerading.
The overall behavior is basically like a pocket travel router but split into two devices to be mounted on a vehicle such as a boat or RV, with the Groove52ac mounted outside and the second wifi router mounted inside.
The current setup as described works great--until we run into a source with a captive portal. Usually the captive portal is very simple: check a box to indicate agreement with the terms of service, then click a button, and they let the device through. Sometimes they require a password and sometimes not, either to connect to the SSID first or to the captive portal second.
What would I have to do to get the above two-device setup working with captive portals? I have found a handful of forum threads asking about the two-device approach but with no solution; there is one post for a Mikrotik user with an RV that is solved but he has a single device, and a single device solution won't work for us. We are open to buying a second Mikrotik router, probably an hAP, to serve as the interior wifi router, if doing so helps solve the problem.
---
The intended behavior is for the user with laptop to use QuickSet to easily connect the Groove52ac to the marina/cafe/hotel wifi with or without a WPA2 password, then attempt to visit any website, and then the captive portal from the source gets passed through the two devices to the laptop or phone, where they can click the checkbox and the button, maybe type in a password, and start browsing the web.
We don't actually care if one or both of the network devices is set up in routing or bridging mode. Right now the Groove52ac is in station mode and the generic wifi router is in router mode.
We do want to hide four or five endpoint devices behind the two network devices such that the source can't limit the number of devices (such as hotels do), so at least one of the two devices probably has to be in routing mode with NAT and MAC masquerading going on.
It might not be practical to use the method of first connecting with a laptop or phone, then cloning the MAC address of the laptop/phone into the Groove52ac, since it might be too difficult for the non-techie boat owner to execute. I need to be able to teach him a straightforward flowchart: if this, then do that, if not, then do this.
Thanks in advance for any help!
Statistics: Posted by dchang0 — Sun Jan 28, 2024 2:11 am