Community discussions

MikroTik App
  4. RouterOS
  5. General

Error Open Page: Hostpot login cannot open the page because it could not establish a secure connection the the server

Post Reply
 
mquan1984
just joined
Topic Author
Posts: 1
Joined: Fri Apr 19, 2024 3:53 am

Error Open Page: Hostpot login cannot open the page because it could not establish a secure connection the the server

Fri Apr 19, 2024 4:21 am

Hi guys,

I using mikrotik RB 2011, 1100. I config hotspot https and sometimes, client's device had issues dont open login page. Client's device (IOS) show pop up with error: Error Open Page: Hostpot login cannot open the page because it could not establish a secure connection the the server. Client forget SSID, so Client'device show again Login page and connected Wi-Fi.
Note: I dont use self certificate on Mikrotik, i using certificate global sign which i bought from supplier.
This is my config hotspot on mikrotik:
Code: Select all
/interface vlan
add interface=LanNB name="Vlan Wi-fi Marketing" vlan-id=99
add interface=BridgeLAN name=test vlan-id=98
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
add dns-name=authen.awingconnect.vn hotspot-address=192.168.99.1 login-by=\
    https,mac-cookie name=hsprof1 ssl-certificate=cert use-radius=yes
/ip hotspot user profile
set [ find default=yes ] idle-timeout=2h keepalive-timeout=2h \
    mac-cookie-timeout=4h session-timeout=4h shared-users=unlimited
/ip pool
add name=dhcp ranges=192.168.33.20-192.168.33.254
add name=pool99 ranges=192.168.98.1-192.168.99.254
add name=hs-pool-16 ranges=\
    192.168.98.1-192.168.99.0,192.168.99.2-192.168.99.254
add name=dhcp_pool5 ranges=\
    192.168.98.1-192.168.99.0,192.168.99.2-192.168.99.254
add name=VPN ranges=192.168.33.2-192.168.33.9
add name=dhcp_pool7 ranges=172.16.1.2-172.16.1.254
add name=dhcp_pool8 ranges=192.168.0.2-192.168.0.254
add name=dhcp_pool9 ranges=172.16.1.2-172.16.1.254
/ip dhcp-server
add address-pool=dhcp interface=BridgeLAN lease-time=1h10m name=dhcp1
add address-pool=dhcp_pool5 interface="Vlan Wi-fi Marketing" lease-time=2h \
    name=dhcp2
add address-pool=dhcp_pool8 interface=LanNB lease-time=10m name=dhcp3
add address-pool=dhcp_pool9 interface=test name=dhcp4
/ip hotspot
add address-pool=hs-pool-16 addresses-per-mac=unlimited disabled=no \
    idle-timeout=1h interface="Vlan Wi-fi Marketing" keepalive-timeout=1h name=\
    hotspot1 profile=hsprof1
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
/ppp profile
add local-address=192.168.33.1 name="VPN " remote-address=VPN
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/routing table
add fib name=DiraWAN1
add fib name=DiraWAN2
/interface bridge port
add bridge=LanNB ingress-filtering=no interface=ether4 internal-path-cost=10 \
    path-cost=10
add bridge=LanNB ingress-filtering=no interface=ether5 internal-path-cost=10 \
    path-cost=10
add bridge=LanNB ingress-filtering=no interface=ether6 internal-path-cost=10 \
    path-cost=10
add bridge=LanNB ingress-filtering=no interface=ether7 internal-path-cost=10 \
    path-cost=10
add bridge=LanNB ingress-filtering=no interface=ether8 internal-path-cost=10 \
    path-cost=10
add bridge=LanNB ingress-filtering=no interface=ether9 internal-path-cost=10 \
    path-cost=10
add bridge=LanNB ingress-filtering=no interface=ether10 internal-path-cost=10 \
    path-cost=10
add bridge=LanNB ingress-filtering=no interface=ether3 internal-path-cost=10 \
    path-cost=10
/ip firewall connection tracking
set tcp-established-timeout=2h udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface l2tp-server server
set enabled=yes
/interface list member
add interface=pppoe-out1 list=WAN
add interface=BridgeLAN list=LAN
add interface=LanNB list=LAN
/interface ovpn-server server
set auth=sha1,md5
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN
 protocol instead
set default-profile="VPN " enabled=yes
/ip address
add address=192.168.33.1/24 interface=BridgeLAN network=192.168.33.0
add address=192.168.99.1/23 interface="Vlan Wi-fi Marketing" network=\
    192.168.98.0
add address=192.168.0.1/24 interface=LanNB network=192.168.0.0
add address=172.16.1.1/24 interface=test network=172.16.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=172.16.1.0/24 gateway=172.16.1.1
add address=192.168.0.0/24 gateway=192.168.0.1
add address=192.168.33.0/24 gateway=192.168.33.1
add address=192.168.98.0/23 dns-server=192.168.99.1 gateway=192.168.99.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=c6900b9c063d.sn.mynetname.net list=WAN
add address=192.168.0.0/24 list=LAN
add address=8.8.8.8 list=DNS
add address=8.8.4.4 list=DNS
add address=1.1.1.1 list=DNS
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes
add action=fasttrack-connection chain=forward connection-nat-state=srcnat \
    connection-state=established,related,untracked hw-offload=yes
add action=fasttrack-connection chain=forward connection-state=\
    established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address-list=WAN \
    new-connection-mark=HairpinNAT passthrough=yes src-address-list=LAN
add action=accept chain=prerouting dst-address=192.168.33.0/24 in-interface=\
    BridgeLAN
add action=accept chain=prerouting dst-address=192.168.0.0/24 in-interface=\
    LanNB
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=pppoe-out1 new-connection-mark=DiVaoWAN1
# no interface
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=*F new-connection-mark=DiVaoWAN2
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=BridgeLAN new-connection-mark=DanhDau1 \
    per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=BridgeLAN new-connection-mark=DanhDau2 \
    per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=DanhDau1 in-interface=\
    BridgeLAN new-routing-mark=DiraWAN1
add action=mark-routing chain=prerouting connection-mark=DanhDau2 in-interface=\
    BridgeLAN new-routing-mark=DiraWAN2
add action=mark-routing chain=output connection-mark=DiVaoWAN1 \
    new-routing-mark=DiraWAN1
add action=mark-routing chain=output connection-mark=DiVaoWAN2 \
    new-routing-mark=DiraWAN2 passthrough=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes
add action=masquerade chain=srcnat connection-mark=HairpinNAT
add action=masquerade chain=srcnat out-interface=all-ppp
add action=dst-nat chain=dstnat dst-address-list=WAN dst-port=81 protocol=tcp \
    to-addresses=192.168.0.200 to-ports=81
add action=dst-nat chain=dstnat dst-address-list=WAN dst-port=82 protocol=tcp \
    to-addresses=192.168.0.202 to-ports=82
add action=dst-nat chain=dstnat dst-address-list=WAN dst-port=8000 protocol=tcp \
    to-addresses=192.168.0.202 to-ports=8000
add action=dst-nat chain=dstnat dst-address-list=WAN dst-port=8001 protocol=tcp \
    to-addresses=192.168.0.200 to-ports=8001
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.98.0/23
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.98.0/23
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.98.0/23
/ip hotspot user
add name=admin
/ip hotspot walled-garden
add dst-host=1.52.48.202
add dst-host=1.52.48.203
add dst-host=1.52.48.204
add dst-host=1.52.48.205
add dst-host=103.145.62.96
add dst-host=visitanalytics.userreport.com
add dst-host=ad.doubleclick.net
add dst-host=static.awing.vn
add dst-host=bs.serving-sys.com
add dst-host=connect.awing.vn
add dst-host=google-analytics.com
add dst-host=googletagmanager.com
add dst-host=g.jp.miaozhen.com
add dst-host=e.jp.miaozhen.com
add dst-host=track.adform.net
add dst-host=asia.adform.net
add dst-host=adform.net
add dst-host=svastx.moatads.com
add dst-host=pixel.adsafeprotected.com
add dst-host=static.adsafeprotected.com
add dst-host=imp.ambientdsp.com
add dst-host=z.moatads.com
add dst-host=*.moatads.com
add dst-host=unified.adsafeprotected.com
add dst-host=adserver-alb-v6-1146401068.ap-southeast-1.elb.amazonaws.com
add dst-host=d3bkyy6rh45q8q.cloudfront.net
add dst-host=dart.l.doubleclick.net
add dst-host=track-eu.adformnet.akadns.net
add dst-host=track-apac.adformnet.akadns.net
add dst-host=e13136.g.akamaiedge.net
add dst-host=firewall-external-894891845.ap-southeast-1.elb.amazonaws.com
add dst-host=d162h6x3rxav67.cloudfront.net
add dst-host=e13136.g.akamaiedge.net
add dst-host=eks-5-unified-1286823105.ap-southeast-1.elb.amazonaws.com
add dst-host=z.moatads.com
add dst-host=unified.adsafeprotected.com
add dst-host=cdn.doubleverify.com
add dst-host=tps.doubleverify.com
add dst-host=*.doubleverify.com
add dst-host=adserver-prod-alb-1558369296.ap-southeast-1.elb.amazonaws.com
add dst-host=d3bkyy6rh45q8q.cloudfront.net
add dst-host=ad.doubleclick.net
add dst-host=track-eu.adformnet.akadns.net
add dst-host=track-apac.adformnet.akadns.net
add dst-host=e13136.g.akamaiedge.net
add dst-host=firewall-external-894891845.ap-southeast-1.elb.amazonaws.com
add dst-host=d162h6x3rxav67.cloudfront.net
add dst-host=e13136.g.akamaiedge.net
add dst-host=eks-5-unified-1286823105.ap-southeast-1.elb.amazonaws.com
add dst-host=a1241.dsct.akamai.net
add dst-host=sgcp-tpsc-hlb.dvgtm.akadns.net
add dst-host=g.jp.miaozhen.com
add dst-host=e.jp.miaozhen.com
add dst-host=imp.ambientdsp.com
add dst-host=185.84.60.20
add dst-host=185.84.60.21
add dst-host=185.84.60.29
add dst-host=185.84.60.30
add dst-host=142.250.199.70
add dst-host=142.250.66.38
add dst-host=142.250.204.38
add dst-host=142.251.220.38
add dst-host=142.251.220.6
add dst-host=142.251.220.70
add dst-host=142.251.220.102
add dst-host=172.217.24.230
add dst-host=172.217.25.6
add dst-host=172.217.27.38
add dst-host=172.217.27.6
add dst-host=172.217.31.6
add dst-host=216.58.200.230
add dst-host=216.58.203.70
add dst-host=142.250.204.102
add dst-host=142.250.204.134
add dst-host=142.250.204.70
add dst-host=142.250.207.70
add dst-host=142.250.66.102
add dst-host=142.250.66.134
add dst-host=142.250.66.70
add dst-host=172.217.24.102
add dst-host=172.217.24.70
add dst-host=103.145.62.96
add dst-host=acm.awingconnect.vn
add dst-host=acm-auth.awingconnect.vn
add dst-host=crl.globalsign.com
add dst-host=secure.globalsign.com
add dst-host=ocsp2.globalsign.com
add dst-host=acm-ssl.awingconnect.vn
/ip route
add check-gateway=ping disabled=yes dst-address=0.0.0.0/0 gateway=pppoe-out1 \
    routing-table=DiraWAN1
add check-gateway=ping disabled=yes dst-address=0.0.0.0/0 gateway=*F \
    routing-table=DiraWAN2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/ppp aaa
set use-radius=yes
/ppp secret
add name=itsupport service=pptp
/radius
add address=1.52.48.204 service=hotspot
add address=103.145.62.96 service=hotspot
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/system clock
set time-zone-name=Asia/Bangkok
/system identity
set name="XXXXX"
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=216.239.35.12
/system scheduler
add interval=1d name=schedule1 on-event="/system reboot" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=2022-09-13 start-time=03:00:00
/system script
add dont-require-permissions=no name=script1 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/ip\
    \_hotspot walled-garden\r\
    \nadd dst-host=1.52.48.202\r\
    \nadd dst-host=1.52.48.203\r\
    \nadd dst-host=1.52.48.204\r\
    \nadd dst-host=1.52.48.205\r\
    \nadd dst-host=103.145.62.96\r\
    \nadd dst-host=visitanalytics.userreport.com\r\
    \nadd dst-host=ad.doubleclick.net\r\
    \nadd dst-host=static.awing.vn\r\
    \nadd dst-host=bs.serving-sys.com\r\
    \nadd dst-host=connect.awing.vn\r\
    \nadd dst-host=google-analytics.com\r\
    \nadd dst-host=googletagmanager.com\r\
    \nadd dst-host=g.jp.miaozhen.com\r\
    \nadd dst-host=e.jp.miaozhen.com\r\
    \nadd dst-host=track.adform.net\r\
    \nadd dst-host=asia.adform.net\r\
    \nadd dst-host=adform.net\r\
    \nadd dst-host=svastx.moatads.com\r\
    \nadd dst-host=pixel.adsafeprotected.com\r\
    \nadd dst-host=static.adsafeprotected.com\r\
    \nadd dst-host= imp.ambientdsp.com\r\
    \nadd dst-host= z.moatads.com\r\
    \nadd dst-host= *.moatads.com\r\
    \nadd dst-host= unified.adsafeprotected.com\r\
    \nadd dst-host= adserver-alb-v6-1146401068.ap-southeast-1.elb.amazonaws.com\
    \r\
    \nadd dst-host= d3bkyy6rh45q8q.cloudfront.net\r\
    \nadd dst-host= dart.l.doubleclick.net\r\
    \nadd dst-host= track-eu.adformnet.akadns.net\r\
    \nadd dst-host= track-apac.adformnet.akadns.net\r\
    \nadd dst-host= e13136.g.akamaiedge.net\r\
    \nadd dst-host= firewall-external-894891845.ap-southeast-1.elb.amazonaws.com\
    \r\
    \nadd dst-host= d162h6x3rxav67.cloudfront.net\r\
    \nadd dst-host= e13136.g.akamaiedge.net\r\
    \nadd dst-host= eks-5-unified-1286823105.ap-southeast-1.elb.amazonaws.com\r\
    \n\r\
    \n\r\
    \n\r\
    \n   \r\
    \n\r\
    \n"
add dont-require-permissions=no name=script2 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":lo\
    cal mac [system routerboard get serial-number];\r\
    \n:if (  [system routerboard get routerboard] = yes ) do {:set mac [system r\
    outerboard get serial-number]} else { :set mac [interface ethernet get ether\
    1 mac-address]};\r\
    \n/file set \"hotspot/login.html\" contents=\"<html>\r\
    \n<head>\r\
    \n<meta http-equiv=\\\"refresh\\\" content=\\\"0; url=https://acm-ssl.awingc\
    onnect.vn/login\?serial=\$mac&client_mac=\\\$(mac)&client_ip=\\\$(ip)&userur\
    l=\\\$(link-orig)&login_url=\\\$(link-login-only)\\\" />\r\
    \n<meta http-equiv=\\\"pragma\\\" content=\\\"no-cache\\\">\r\
    \n<meta http-equiv=\\\"expires\\\" content=\\\"-1\\\">\r\
    \n</head>\r\
    \n</html>\"\r\
    \n"

I dont know how to fix this issues. Need your help!
Many thanks!
Last edited by holvoetn on Fri Apr 19, 2024 9:18 am, edited 1 time in total.
Reason: added code quotes for readability
Top
Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot], mifi and 34 guests
  4. RouterOS
  5. General