0

Non Payment Reminder for PPPoE/HOTSPOT Customers in Mikrotik

Another series for user manager base setup

https://aacable.wordpress.com/2013/12/03/automating-non-payment-reminder-for-user-manager-expired-accounts/

Following may be a tiny however to (written for the asking of a friend) on how you’ll send nonpayment / expired pppoe users to a page wherever he may be hip that his/her account are suspended thanks to nonpayment. During this guide I used PPPoE server solely, however you’ll apply this theory to HOTSPOT or alternative services additionally. Remember, ways will vary, however the logic remains same in most cases.

For example once you wish to dam user thanks to nonpayment, simply amendment the user profile to expired users, Then the User can still be able to connect exploitation his ID (pppoe dialer), however once he can attempt to surf the web, he are going to be redirected to you native net server page wherever he are going to be hip that his/her account are suspended thanks to nonpayment within the image above} . this can be generally useful for a few alternative functions too, as an example you’ll additionally assemble / schedule Payment Reminder, {that will which will that may} show payment reminder to users at specific dates/time for few seconds / minutes so user can resume surfboarding when few seconds/minutes. However that’s another story.

To shorten this guide, I assume you have got an operating pppoe server in situ with following config.
[Change the IP theme as per your native requirement/network]

For example you’ll have pppoe server organized for following theme,

Mikrotik PPPoE Serve rIP = ten.0.0.1
Mikrotik User DHCP Pool = ten.0.0.0/8
Mikrotik PPPoE Pool = 172.16.0.0/16

Now you have got to make expired IP pool thus we are able to distinguish nonpayment users and expired users profile thus if we would like to dam any user , we are going to merely amendment this user profile to expired profile.

Adding IP pool for expired / Non Payment Users:

/ip pool
add name=Expired-Pool
ranges=172.16.1.1-172.16.1.255

Adding Profile for expired / Non Payment Users:

/ppp
profile
add change-tcp-mss=default dns-server=10.0.0.1
local-address=10.0.0.1 name=pppoe-expired only-one=default rate-limit=128k/128k
remote-address=\
Expired-Pool use-compression=default
use-encryption=default use-ipv6=yes use-mpls=default use-vj-compression=default

Enabling Mikrotik net.Proxy for expired / Non Payment Users:

Now modify net proxy, in order that expired pool users may be redirected to native proxy wherever they’re going to be denied and redirected to non payment page on any native net server.

/ip proxy
set always-from-cache=no
cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=yes
max-cache-size=none max-client-connections=600 \
max-fresh-time=3d max-server-connections=600
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no
src-address=0.0.0.0

Redirecting expired User Requests from net.proxy to any native net server page:

Now making decree net. Proxy to dam nonpayment / expired IP pool access and send to native net server page.

/ip proxy
access
add action=deny disabled=no
dst-port="" redirect-to=10.0.0.2/nonpayment/nonpayment.htm
src-address=172.16.1.0/24

10.0.0.2 May be a native net server wherever nonpayment page is uploaded.

You must produce any traditional markup language page (which have the nonpayment message) and transfer it to any net server of your selection, Either It may be native (Preferred) or remote. If its native you won’t got to produce any longer rules, otherwise if it’s on remote server like net, you have got to permit user to access that specific explicit website folder and place them on prime

Adding NAT Rule to send expired / Non Payment Users to native net proxy:

Now add NAT rule in order that solely users with expired IP pool ought to be redirected to native net proxy wherever he are going to be redirected to any native net server page.

/ip firewall nat
add action=redirect chain=dstnat disabled=no
dst-port=80 protocol=tcp src-address=172.16.1.0/24 to-ports=8080

Restrict Access for expired Users so that they cannot use the other net service:

Now add filter rule to limit expired IP pool users so that they cannot access alternative net services.

/ip
firewall filter
add action=reject chain=forward disabled=no
dst-port=!80,8080 protocol=tcp reject-with=icmp-network-unreachable
src-address=172.16.1.1-172.16.1.255

Now once you wish to dam any users for nonpayment, simply amendment his profile to pppoe-expired profile.

As showed within the image below . .

Now the user can still be able to hook up with pppoe server, however he can get expired IP pool, and so are going to be treated consequently to the foundations we have a tendency to created for these users :~) As showed within the image below .

Note: you need to produce any traditional page and transfer it to any net server of your selection, Either It may be native (Preferred) or remote. If its native you won’t got to produce any longer rules, otherwise if it’s on remote server like net, you have got to permit user to access that specific explicit website folder and place them on prime.

Tips for HOTSPOT:

Using higher than methodology you’ll additionally implement non payment reminder for HOTSPOT users additionally. I assume you have already got operating HOTSPOT already running in situ.

Mikrotik HOTSPOT Serve rIP = a hundred and one.11.11.241
Mikrotik HOTSPOT DHCP Pool = a hundred and one.11.11.0/8
Mikrotik HOTSPOT Expired/NON_Payment Users Pool = a hundred and one.11.21.0/24

First add expired IP pool for expired/nonpayment users

/ip pool
add name=expired-pool
ranges=101.11.21.1-101.11.21.255

Now add profile for expired/non payment users.

/ip
hotspot user profile
add address-pool=expired-pool idle-timeout=none
keepalive-timeout=2m name=expired-profile shared-users=1 status-autorefresh=1m
transparent-proxy=no

Now modify net proxy service in order that we are able to send expired users to net proxy wherever they’re going to be redirected to native net server showing non payment page.

/ip proxy
set always-from-cache=no
cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=yes
max-cache-size=none max-client-connections=600 \
max-fresh-time=3d max-server-connections=600
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no
src-address=0.0.0.0

In proxy, add rule to dam and send solely expired/non payment IP pool.

/ip proxy
access
add action=deny disabled=no
dst-port="" redirect-to=101.11.11.240/nonpayment/nonpayment.htm
src-address=101.11.21.0/24

101.11.11.240 is that the native net server IP.

Create NAT rule to send expired/non payment users to native net proxy. Move this rule at the tip within the NAT List.

/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=”place hotspot rules here” disabled=yes
add action=masquerade chain=srcnat comment=”masquerade hotspot network-DEFAULT RULE, ADD solely ALLOWED USER IPS vary HERE e.g” disabled=no src-address=101.11.11.1-101.11.11.255
add action=redirect chain=dstnat comment=”Redirect expired Users to Proxy” disabled=no dst-address=!101.11.11.241 dst-port=80 protocol=tcp to-ports=8080

Remember, in HOTSPOT default masquerading rule, you need to add solely allowed users IP vary. thus add second decree the last which can truly send solely expired IP pool to native net proxy. (the red one)

Create Firewall Filter to limit Access for expired/non payment users solely. Move this rule at the tip in Filter list.

/ip
firewall filter
add action=reject chain=input disabled=no
dst-port=!80,8080,53 protocol=tcp reject-with=icmp-network-unreachable
src-address=101.11.21.0/24

Finally produce user and tag him with expired-profile.

/ip
hotspot user
add disabled=no name=admin password=admin
profile=default
add disabled=no name=test password=test
profile=expired-profile server=hotspot1

Now from user finish, attempt to browse any website, hotspot login page can seem, login with the check id, and take a look at to browse, you’ll be redirected to your native net server page showing nonpayment reminder.

Remember: Rules placement is extremely vital during this methodology. If you misplace rules, you’ll not get desired results.

Asad Mukhtar

Leave a Reply

Your email address will not be published. Required fields are marked *