This article describes the installation and configuration steps for Mikrotik routers.
The configuration applies to Mikrotik routers with RouterOS L4 and beyond.
Winbox is a small utility that allows the administration of Mikrotik RouterOS using a fast and simple GUI. It is a native Win32 binary but can be run on Linux and MacOS (OSX) using Wine. Winbox loader can be downloaded directly from the router or from the Mikrotik download page.
Login to your Mikrotik using a router MAC address.
Go to Quick Set and set Network Name to the desired one (Hotspot in this example) and press on the Apply Configuration button.
Other settings on the Quick Set page should be set as default.
Address Aquisition: Automatic
DHCP and NAT should be enabled.
Go to IP – Services, enable www-ssl.
Go to IP – Hotspot and from Walled Garden add the following as DST Host (add domains one by one):
and if you use social networks or payment gateway like Stripe add:
Download login.html file (which is doing the redirection to the splash page) and unzip it. Open the Files section in your Winbox and look for the same filename, it’s usually located in the hotspot folder. Replace this file (drag & drop over the existing one).
In some mobile devices like iPhone, CNA displays a blank page after a successful connection with a word success barely visible.
If you want to display a large message on the screen that the customer successfully connected, download alogin.html, and replace the same way as the previous one.
Click Radius and create new profiles:
Add new Radius profile:
Go to IP-Hotspot- Servers – Hotspot Setup.
Login again using Winbox and go to IP – Hotspot – Servers tab.
Double click on the created hotspot. Change the hotspot server Name to the MAC address of your Mikrotik WAN interface and press OK.
IMPORTANT: Usually there is written hotspot1, change it to WAN MAC in
Go to Server Profiles and click on it.
Under the Login tab select to use only HTTP PAP.
Note: add your computer IP into the Walled Garden to prevent disconnecting during Hotspot configuration.
If you get disconnected and get login screen in your browser, create a user in the Hotspot platform and login with this user. This should reenable access to the router.
Recent browser updates require full HTTPS compliance on the splash page. Therefore, you need to install the certificate in your MikroTik so it can accept form post of the login credentials using HTTPS.
If you want to enable HTTPS login, SSL Certificate is required. You can buy a certificate at any SSL reseller store (usually $10) and implement using the steps described below.
Our registered customers with a minimum 1 yearly license can contact us to get an SSL certificate for free, predefined for the hotspotclick.com domain. To get it with your own domain or subdomain, please order with an SSL reseller.
Self-signed certificates are not recommended as they will trigger errors.
To configure HTTPS Login, please follow these steps:
Go to Files and upload SSL certificate files on the router.
Open IP – Services option. Make sure that SSL is enabled, set port 443, and select your certificate in the Certificate dropdown menu.
Open IP – Hotspot – Server profiles tab and select hsprof1 profile. In the General tab set the certificate domain address in the DNS Name field.
Open the Login tab and enable the HTTPS checkbox.