Setting up WiFi-based check-in using MikroTik

What do I need?

To allow your customers to check in using Wi-Fi, you must first enable this feature in your location's settings.

MikroTik Devices

If you want to use a MikroTik device with the network check-in system on your Nexudus Spaces account you need a MikroTik device running RouterOS 6.2 or newer. Usually, you need a level 6 license for the device. Most resellers provide the hardware and the license in a single package. The RouterOS is already installed, as with any other router in the market. Make sure you buy the right license level. License levels affect the number of logged-in users at the same time that the router can authenticate. A level 6 router does not have such limitation and can support any number of users.

Installing MikroTik

All RouterOS routers can be configured using a web portal. If you are on a Windows machine, MikroTik provides a Winbox configuration tool. Using the Winbox software is faster than accessing the web interface when configuring the device. We use Winbox in this guide. You can get this tool from here.‌

The configuration we describe in this guide does not affect any other MikroTik features.

We cannot provide networking and IT support with installing or troubleshooting your network. These instructions are meant for people with a basic level of experience when using MikroTik devices. The instructions are not a detailed tutorial or manual on how to install and use MikroTik. If you need more help, we can get you in touch with a MikroTik consultant who can configure your MikroTik device and provide support.‌

This guide does not cover the basics of how to install a router. Connect your internet provider cable to the port #1 on the MikroTik router. The rest of the ports are used for your internal network. When you install the router and have internet access, you can then follow this guide. You can see the basic configuration overview in the image below.MikroTik installation overview‌

MikroTik routers use the term hotspot to describe the authentication portals which control access to the internet. In guides for other virtual controllers, we use captive portal to describe such authentication portals.‌

You need a hotspot with modified HTML pages that allow relaying authentication to our servers. All check-in and member information is stored there. Set the hotspot authentication to MAC HTTP CHAP. In the Mac Auth Mode, make sure you select MAC in the Username field.MicroTik hotspot authenitcation mode‌

The MikroTik hotspot requires only one user. You need to enter these details on your Nexudus Spaces account by going to Settings > Integrations and clicking MikroTik in the Active integrations section. The user profile needs to allow shared users. We set admin as the shared user in the Name section.Selecting the user

You must use the default user profile. Do not create a new user profile.‌

We set the Shared Users limit to 1000.Configuring User Profiles‌

Download the HTML pages from your Nexudus account by going to Settings > Integrations and clicking MikroTik in the Active integrations section and then clicking Download Hotspot HTML files. Create a new hotspot folder for your router named nexudus. You can do this using the Files feature in Winbox.

When you create the hotspot folder, copy all the files from the default folder to the nexudus folder. Then, replace the 3 files in the nexudus folder with the files you downloaded from your Nexudus account. The best way to do this may be to drag the default folder to your local computer and then drag it back to the new folder.‌

The downloaded files already have the required configuration from your account settings, so you only need to move them to the right folder and copy the scripts. We explain how to do this in the following sections.Folder structure‌

‌

You need add several addresses to the Walled Garden IP List so members can browse your site. In case they need to buy access to the space, manage their account and login. Add the following addresses to the list:‌

• ajax.googleapis.com

• maps.googleapis.com

• fonts.googleapis.com

• pki.goog

• gstatic.com

• googleapis.com

• apis.google.com

• www.google.com

• www.paypalobject.com

• themes.googleusercontent.com

• maps.gstatic.com

• twimg.com

• platform.twitter.com

• multigateway.nexudus.com

• checkout.stripe.com

• q.stripe.com

• api.stripe.com

• netdna.bootstrapcdn.com

• cdnjs.cloudflare.com

• sandbox.forte.net

• api.mixpanel.com

• s3.amazonaws.com

• cdn.syndication.twimg.com

• XYZ.spaces.nexudus.com, where XYZ is the default domain name you can find in Settings > Website > General on your Nexudus account.

‌

When logging in to the hotspot, users are automatically redirected to Nexudus. They see the page below:MikroTik hotspot logging screen for unknown users‌

‌

When we know who they are based on their MAC address, the see a different page:MikroTik hotspot logging screen for known users‌

In any case, there is a link to register and to buy access time if you have those options enabled on your Nexudus account and have products added to sell passes.​‌

You need to use the scripts provided in the zip file. Paste the content of the scripts folder in the default user profile, making sure you use file OnLogin_Script.txt for the On Login script and the OnLogout_Script.txt file for the On Logout script.Setting up scripts‌

Edit the hotspot profile and enable MAC and HTTP CHAP login methods.Selecting hotspot login method‌

Create a third script called CheckActiveUsers and use the content of the CheckActiveUsers_Script.txt file as the source for that script. Make sure to enable the write, read and test policies.Creating the CheckActiveUsers script and setting up script policies‌

Create a new schedule in System>Scheduler to invoke this script every 15 minutes.Creating a new script schedule