Hello again! Emmanuel Corels here, from Emmanuel Corels Creatives. If you’ve already mastered the basics of MikroTik Hotspot, integrated RADIUS, and played with vouchers, you might be itching for even more advanced features. Let’s dive into payment gateway integration, adding branded elements, and employing some scripting to take your captive portal to the next level.
Payment Gateway Integration
A Hotspot can be more than just a courtesy service—it can generate revenue if that’s part of your business model. Whether you run a public Wi-Fi zone, an event, or a co-working space, letting users pay for extended internet access can be a nice value-add. The key is to connect your Hotspot with a payment gateway or an online payment service (PayPal, Stripe, etc.).
-
Concept Overview
- Users arrive at your captive portal (login.html).
- They click “Purchase Access” or “Upgrade Plan,” which redirects them to a secure payment page.
- After payment is processed, the Hotspot (often via RADIUS) grants them the appropriate service profile or usage time.
-
Walled Garden Configuration
- You need to ensure your payment provider’s domains or IPs are added to the Walled Garden. Otherwise, the payment page might be blocked by the captive portal.
- Example (CLI):
/ip hotspot walled-garden add dst-host=www.paypal.com action=allow
-
Redirection Magic
- In your login.html (or a custom page like pay.html), you can embed a button or link that takes the user to your payment gateway.
- If the user pays successfully, your payment gateway should send a callback or “success URL” to the Hotspot or RADIUS server, telling it to activate the purchased plan.
-
RADIUS/Billing Logic
- On the server side (like MikroTik User Manager or a custom RADIUS solution), you need a mechanism to create or update the user’s account once payment is confirmed. You might do this with a script or an API call that sets their time limit or bandwidth profile.
Branding the Captive Portal
A plain login box with “MikroTik Hotspot” text is functional, but adding your organization’s branding can significantly enhance the user experience.
-
HTML and CSS
- Locate the hotspot folder in Files on your MikroTik.
- Download files like login.html, login.css, favicon.ico, etc.
- Edit them in a text editor (adding logos, color schemes, disclaimers) and re-upload.
- Try to keep images small to reduce load times.
-
Responsive Design
- Many users will access via smartphones, so make sure your page scales well. Incorporate basic responsive design or use a lightweight CSS framework if you’re comfortable editing the HTML at that level.
-
Splash Pages vs. Login Pages
- Some businesses show a splash page before the actual login form. This might highlight promotions, announcements, or disclaimers.
- You can rename or rework
login.htmlto act as a splash and then embed the actual login form.
-
Redirecting After Login
- Under IP → Hotspot → Server Profiles, you can set a “Login by HTTP CHAP” or “HTTPS” approach and define a Redirect URL. Once users successfully authenticate, they’ll land on a custom “Thank You” or “Portal” page.
Advanced Scripting in the Hotspot Environment
MikroTik is script-friendly, allowing you to automate tasks, create custom triggers, or tweak user sessions on the fly.
-
Scheduler for Automatic User Cleanup
-
If you’re generating lots of temporary voucher accounts or short-term users, consider a script that runs daily or weekly to remove expired accounts. Example:
/system scheduler add name="clean_expired" interval=1d on-event="/ip hotspot user remove [find where limit-uptime!=0 and uptime>limit-uptime]" -
This snippet looks for any hotspot user whose
limit-uptimehas been exceeded and removes them.
-
-
On-Login Scripting
- In IP → Hotspot → Server Profiles, there’s an option for a login and logout script. You can embed commands that run whenever a user logs in or out.
- For instance, you might log user details to a syslog server or display a custom message.
-
SMS or Email Notification
- Combine MikroTik’s scripting with external APIs (like an SMS gateway) to send a text message or email when a user logs in, or to send usage alerts. This usually requires an external script or a tool on a separate server that the router calls via HTTP.
-
API Integration
- MikroTik’s API can tie into external platforms. For instance, a web-based management console could display real-time Hotspot stats or let staff create new user vouchers from a friendly interface.
Security and Best Practices
-
SSL/TLS Certificates
- If you’re handling payments or personal user info, ensure your captive portal uses HTTPS. Import a valid certificate under System → Certificates, then configure your Hotspot server profile to use it.
- This prevents scary browser warnings and secures user data in transit.
-
Segmenting Hotspot Traffic
- Keep your Hotspot VLAN or interface separate from your private LAN. This ensures guests or temporary users don’t get access to sensitive internal resources.
- Use Firewall rules or VLAN filtering to isolate traffic effectively.
-
RADIUS Security
- Use a strong secret in RADIUS configurations. If you’re using an external server, consider IPsec or a secure tunnel for RADIUS traffic if it’s crossing untrusted networks.
-
Performance Monitoring
- Heavy usage (especially with lots of concurrent captive portal sessions) can strain CPU or memory. Keep an eye on System → Resources and System → Profile. If usage spikes, you may need a more powerful router or a Cloud Hosted Router instance.
Putting It All Together
By integrating payment gateways, customizing the portal design, and leveraging scripting, you transform a basic Hotspot into a robust, revenue-generating, and user-friendly platform. Whether you’re running a small café Wi-Fi or a large-scale campus network, these advanced tricks help ensure seamless access and a professional brand image.
Remember, the MikroTik Hotspot is a versatile canvas. Experiment with new ideas—like social media logins, loyalty points integration, or automated user account creation. As always, I’m here if you need a nudge in the right direction or want to share your creative setups. Keep pushing those MikroTik boundaries, and have fun shaping the best captive portal your community has ever seen!
Authored with a smile by
Emmanuel Corels – Admin, Emmanuel Corels Creatives
