Showing posts with label Mikrotik. Show all posts
Showing posts with label Mikrotik. Show all posts

Tuesday, May 31, 2016

Modifications Display Hotspot Login


Modifications Display Hotspot Login


As we know that the proxy router has a hotspot feature. When we create a hotspot and tried to access the internet via hotspot point then we will be redirected to the login page for the user authentication process. Well, where the login page come from?
If we look into the 'Files' in the storage router will see a collection of html file extension. One of them was a file named 'login'. From this file displays ogin hotspot l was coming. We can also change the appearance of the hotspot login standard becomes more artistic in accordance with our wishes. But first we must know the function of each of the log file. Among the file is login.html, alogin.html, rlogin.html, flogin.html. For the explanation is as follows:

  • login html - Represents a login page that is displayed to the user authentication by entering a username and password.
  • alogin.html - A page that is displayed after the user successfully authenticated. This page displays a pop-up on the status of the board as to whether the 'Log In' or 'Log Off' and will also be redirected (auto / manual) to a web page that is accessed by the user.
  • rlogin.html - A page that redirect the user from mengakases page URL to a login page if the user requires to access autorisai.
  • flogin.html - A login page that is displayed when there is a fault (error) occurred. For example, when the user entered 'Username' and 'Password'.
Then to the workings of the request page "/ login" is:

- If the user has not been authenticated and perform a web access will be redirected to the page login.html.
- If the login procedure failed (either enter an incorrect username or password), it will display the page flogin.html; If flogin.html page can not be found it will be displayed login.html page.
- If the user has successfully terautentukasi (login), alogin.html will be displayed; alogin.html if not found it will langusung be redirected to a web page that is accessed by the user or to the status page.

Display Hotspot Login

In this example we will try to change the appearance of the hotspot login. Actually, from the hotspot system has been given a default. However, may of us would like to change to provide a better view.


Well, to change it, we will modify the script from the file login.html. The file can be downloaded in advance from the router, using either FTP (Linux and Mac OS) or simply 'Drag & Drop' for Windows OS.





Once we download, we can do the editing on the script using the Text Editor. Because the script using an HTML file, then at least we are familiar with HTML language.



Well, after we make modifications to the script, we upload it back to the router. The trick was also the same as we download, can use FTP or 'Drag & Drop' (Windows). And one example of how simple we make is like the following display.


Limitations Bandwidth Over Time


Limitations Bandwidth Over Time

Simple queue is a bandwidth management method is the simplest. How easy configuration and results are quite effective. But sometimes we as a network administrator wants custom flexible bandwidth management. For example do bandiwtdh limitations based on time. If imaginable seems to require the configuration is complex, but it turns out the configuration that must be made quite simple.
Examples of such cases we will do the limitation of bandwidth with the following conditions:
  • Working hours 08:00 to 17:00 with 512Mbps bandwidth allocation.
  • After hours raised to 1Mbps bandwidth allocation, for example employee bonus overtime.
  • Saturday - Sunday given bandwidth of 2 Mbps.
For those of us who rarely pay attention to small features may be thinking of the above requirements we would need a scheduler. But actually we do not need the features scheduler, there are parameters in simple queue time. This parameter is used to determine when the rule will be active. For the needs already mentioned above, then we can make the configuration as follows.
First, create a rule to bandwidth limitations on working hours, which is allocated bandiwdth of 512kbps, assume for example ip address client will dilimit is 192 168 230 254. In the bottom of the window there is a simple queue configuration parameter Time. Here we specify when the rule will run queue.
Next create a rule to limitations on weekdays, after work hours, meaning the queue will run from 17:00 pm to 08:00 am. It turned out that the time range on the parameters simple queue could not walk past the turn of the day, so it can be filled with a value of 17:00:01 to 07:59:59. To overcome this, we can create two queue. Queue running from 17:00 until midnight, and the queue from midnight until morning. Sample configuration
And finally, we create a queue for a weekend by opting Saturday and Sunday. The final result set.
Visually there are some rules that are red. Do not worry, it does not mean that any rule or error, but because the time parameter has not been reached.
If we try to connect to the internet at around 5 am, the queue is a queue run late at night, where the client will get bandiwdth up to 1 Mbps.
In the implementation examples above, we use the ip address of the client as a target. If the client is handled quite a lot, we could combine with a feature parameter time PCQ.

Management Bandwith VPN User

 Management Bandwith VPN User

Management bandwidth usage is an important thing. With this we can avoid the monopoly of the use of bandwidth. So that we can set the bandwidth usage evenly or can we use to give priorities to the specific user.

Then, what if the user is a VPN connection users of our network. There are several ways that can be applied, that is Dynamic and Static. For dynamic methods we have discussed in previous articles here .
With this dynamic method when there is a VPN user login will be given allotments of bandwidth as we specify. This may be quite easy if the VPN user is not too much and tend to be static.

If the VPN user the many and are mobile will be very hard for us to divide how much bandwidth is fitted to each of the user. Moreover, if the VPN user is divided into multiple accounts and each account has a different network.

As an example the case with the VPN user account A walk in the network 1.1.1.0/24, with the network 2.2.2.0/24 account B, and C account with the network 3.3.3.0/24. And each account will have different bandwidth allocation. To account A -> 128kbps, account B -> 256kbps, account C -> 512kbps. The bandwidth allocation will be divided evenly on each network. When there is addition or subtraction automatically User VPN router bandwidth will be split evenly and can also maximize the use of existing bandwidth.


VPN configuration

The first configuration we will make 'IP Pool' for allocation of IP addresses for each account from the VPN. Go to the menu I P -> Pool -> click the Add [+].


After we make our next IP Pool activate the VPN service. This time the VPN service to be used is PPTP. To enable entry to the PPP menu -> Interface -> click the command button 'PPTP Serve r'. Then uncheck 'Enabled'.


Then we create a new profile for the VPN account A, B, and C. In the same menu select Tab 'Profiles'. The profile settings will be used to define the parameter 'Remote Address' in secret. So that the allocation of IP addresses to the user can be automatically according to the network that we set.







Well, eventually we memeliki 3 new profile for each VPN account.
The next step we create a user account for VPN. Pembuatannya on Tab 'Secret'.







So that there will be 3 to konkesi PPTP VPN account, namely A, B, and C.


Queue Configuration for Bandwidth Management

After we configure the VPN server, then we will make use of simple queue bandwidth management.


Tested

We will do the testing if the configuration we can run well. For this test using the bandwidth test from the PC / Laptop connected to a VPN network that we created earlier.

When a user VPN using account A and in trying to do a bandwidth test, then if the configuration goes well, limitation queue will use VPN-A-limitation bandwidth allocation in accordance with the previous provisions.



A limitation Test Account

It also will be the same when the VPN user is connected primarily to account B and C. Each will get a bandwidth limitation in accordance with which we set earlier.



Limitations Test Account B



Test Account Limitations C

Monday, May 16, 2016

User Bandwidth Management Hotspot in Bypass (IP Binding)


User Bandwidth Management Hotspot in Bypass (IP Binding)

Technological developments require that all people have a smart phone digenggamannya, even the day the price of smart phones more affordable by all audiences in Indonesia. Automatically needs of the Internet is increasingly important for many people. No wonder if any crowded places such as offices, hotels, campuses, malls and so provide hotspot service. So many have concluded Wireless Hotspot must be through the media, if you are one of them please read the article below
If you already studied the article at the link we have agreed that in Mikrotik Hotspot is a system to provide authentication features to the user that will use the network. But we can also give privileges to some users that do not need authentication implementation examples there are more details in the article below
After Users in bypass, meaning the user is not able to do the bandwidth limitation using the User Profile. To overcome this we can do a number of ways depending IP bindings we do.
IP Binding by allocating a specific IP
In this method, we will allocate special ip address which will be given to the user bypasses. The ip router will allocate the bypass user based on mac-address, so the ip address user who bypassed unchanged - a fox. Just as making static-lease on a DHCP server settings. Do I go to the menu IP >> >> Hotspot IP Bindings.   Then add the Mac Address of the user who will be bypassed and decide to address it.
If using this bypass means, to perform management bandiwdth we just add Simple Queue leading to the IP we have set in to the IP Address Bindings.

IP Binding without allocation of IP Address
With this method, the user simply bypassed by mac-address user device. Ip address that will didapatakn random user depending on the DHCP server. How to bypass, select the menu Hotspot IP >> >> IP Bindings. Then add the Mac Address of the user who will be bypassed.
If using bypass this way, to be able to perform user management are bypassed we should mark the first packets through the router with mac address. We can use the features of Mangle. First we make a mark-conection first: Firewall IP >> >> >> Add Mangle
The next step makes Mark Packet based mac-connection that was made before, via menu Firewall IP >> >> >> Add Mangle
Lastly, we can make a new bandwidth management using the Simple Queue based mark-packet that has been made in the mangle. Do not forget, the parameter "Target" please fill in your hotspot network segment.

If the above steps are finished, then try to do bandwidth test user side are bypassed. Actually there are many ways you can do for the user management in bypass, like PCQ, static-leases, etc. Both the above steps are just as simple alternatives that can be used for bandwidth menagement user who bypassed the hotspot network.

User Database Migration Manager


User Database Migration Manager

When we wanted to create a hotspot service, it would be easier if we use a system to handle AAA (Authentication, Authorization and Accounting), fortunately in mikrotik already provided a tool that is usermanager. Usermanager contained in the database used to store information service includes the hotspot users, PPP users, DHCP Leases, Wireless AccessList, and RouterOS users.
Opening the business hotspot with daily user is not too difficult when we lose data, eg loss of user data that we have made. But a big problem if we already have a lot of users. Therefore perform a backup of data for maintenance purposes is an activity that can not be abandoned.
This time we will discuss how to do usermanager database backup and restore the database to a new router if the router is damaged.
Configuration
For example the present case there are two routers which first router has been installed user-manager and also have the data. Kemudain second router that the newly installed user-manager and there is no data. And for the second router the data will be drawn from the first router.
First, the router 1 we will "backup / save" database of user-manager. To process we will use the New Terminal. New Terminal we would type the command / tool user-manager database save name = [filename].
Automatically created a file with extension * .umb. For example we will name the 'dbase-R1.umb'. Well, this is the file we are going to "export" database to a second router.
Second, we will export this file to the user database-manager on Router 2. Previously, we will enter the first file into the localhost (menu Files) on Router 2. We can use FTP (for Linux, Mac OS) or "drag- drop '(for Windows).
After work we put into the file menu Router 2, then we are going to export into databse Router 2 using the New Terminal. For exports we use the command / tool user-manager database load name = [filename].
When it appears a confirmation, press "Y" and the process of export / restore will run. When successful there will be a notice "User-Manager Database Restored".
Final Check
To determine whether the data has been entered into the Router 2 we can check directly to the user-manager features. Keep in mind, when we are already logged in user-manager Router 2 to be able to see the results we need to first log out and log back in to update the current session.
Display Data Router 1
Display Data Router 2

Bandwidth Management VPN Users


Bandwidth Management VPN Users

Management bandwidth usage is an important thing. With this we can avoid the monopoly of the use of bandwidth. So that we can set the bandwidth usage evenly or can we use to give priorities to the specific user.

Then, what if the user is a VPN connection users of our network. There are several ways that can be applied, that is Dynamic and Static. For dynamic methods we have discussed in previous articles here .
With this dynamic method when there is a VPN user login will be given allotments of bandwidth as we specify. This may be quite easy if the VPN user is not too much and tend to be static.

If the VPN user the many and are mobile will be very hard for us to divide how much bandwidth is fitted to each of the user. Moreover, if the VPN user is divided into multiple accounts and each account has a different network.

As an example the case with the VPN user account A walk in the network 1.1.1.0/24, with the network 2.2.2.0/24 account B, and C account with the network 3.3.3.0/24. And each account will have different bandwidth allocation. To account A -> 128kbps, account B -> 256kbps, account C -> 512kbps. The bandwidth allocation will be divided evenly on each network. When there is addition or subtraction automatically User VPN router bandwidth will be split evenly and can also maximize the use of existing bandwidth.


VPN configuration

The first configuration we will make 'IP Pool' for allocation of IP addresses for each account from the VPN. Go to the menu I P -> Pool -> click the Add [+].


After we make our next IP Pool activate the VPN service. This time the VPN service to be used is PPTP. To enable entry to the PPP menu -> Interface -> click the command button 'PPTP Serve r'. Then uncheck 'Enabled'.


Then we create a new profile for the VPN account A, B, and C. In the same menu select Tab 'Profiles'. The profile settings will be used to define the parameter 'Remote Address' in secret. So that the allocation of IP addresses to the user can be automatically according to the network that we set.







Well, eventually we memeliki 3 new profile for each VPN account.
The next step we create a user account for VPN. Pembuatannya on Tab 'Secret'.







So that there will be 3 to konkesi PPTP VPN account, namely A, B, and C.


Queue Configuration for Bandwidth Management

After we configure the VPN server, then we will make use of simple queue bandwidth management.


Tested

We will do the testing if the configuration we can run well. For this test using the bandwidth test from the PC / Laptop connected to a VPN network that we created earlier.

When a user VPN using account A and in trying to do a bandwidth test, then if the configuration goes well, limitation queue will use VPN-A-limitation bandwidth allocation in accordance with the previous provisions.



A limitation Test Account

It also will be the same when the VPN user is connected primarily to account B and C. Each will get a bandwidth limitation in accordance with which we set earlier.



Limitations Test Account B



Test Account Limitations C