0

Non Payment Reminder for PPPoE/HOTSPOT Customers in Mikrotik


Following may be a tiny however to (written for the asking of a friend) on how can send nonpayment and expired PPPoE user’s to a web page wherever he may hip that his or her account is suspended for thanks to nonpayment. During the article, We will use the PPPoE server solely, however, you will apply this theory to HOTSPOT or alternative services additionally. Remember that ways will vary. however, the logic will remain the same in most scanario.

For example, once you wish to dam user thanks to nonpayment, simply amend the user profile to expired users, Then the User can still be able to connect exploitation his ID (PPPoE dialer), however, once he can attempt to surf the web, We are going to be redirected to you native net server page wherever he is going to be hip that his/her account is suspended thanks to nonpayment within the image above}. this can be generally useful for a few alternative functions too, as an example you’ll additionally assemble/schedule Payment Reminder, {that will which will that may} show payment reminder to users at specific dates/time for a few seconds/minutes so the user can resume surfboarding when few seconds/minutes. However, that’s another story.

To shorten this guide, I assume you have got an operating PPPoE server in situ with the following config.
[Change the IP theme as per your native requirement/network]

For example, you’ll have a PPPoE server organized for the following theme,

Mikrotik PPPoE Serve rIP = ten.0.0.1
Mikrotik User DHCP Pool = ten.0.0.0/8
Mikrotik PPPoE Pool = 172.16.0.0/16

Now you have got to make an expired IP pool thus we are able to distinguish nonpayment users and expired users’ profiles thus if we would like to dam any user, we are going to merely amendment this user profile to an expired profile.

Adding IP pool for expired / Non Payment Users:

/ip pool
add name=Expired-Pool
ranges=172.16.1.1-172.16.1.255

Adding Profile for expired / Non Payment Users:

/ppp
profile
add change-tcp-mss=default dns-server=10.0.0.1
local-address=10.0.0.1 name=pppoe-expired only-one=default rate-limit=128k/128k
remote-address=\
Expired-Pool use-compression=default
use-encryption=default use-ipv6=yes use-mpls=default use-vj-compression=default

Enabling Mikrotik net.Proxy for expired / Non Payment Users:

Now modify net proxy, in order that expired pool users may be redirected to native proxy wherever they’re going to be denied and redirected to non payment page on any native net server.

/ip proxy
set always-from-cache=no
cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=yes
max-cache-size=none max-client-connections=600 \
max-fresh-time=3d max-server-connections=600
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no
src-address=0.0.0.0

Redirecting expired User Requests from net.proxy to any native net server page:

Now making decree net. Proxy to dam nonpayment / expired IP pool access and send to native net server page.

/ip proxy
access
add action=deny disabled=no
dst-port="" redirect-to=10.0.0.2/nonpayment/nonpayment.htm
src-address=172.16.1.0/24

10.0.0.2 May be a native net server wherever nonpayment page is uploaded.

You must produce any traditional markup language page (which have the nonpayment message) and transfer it to any net server of your selection, Either It may be native (Preferred) or remote. If its native you won’t got to produce any longer rules, otherwise if it’s on remote server like net, you have got to permit user to access that specific explicit website folder and place them on prime

Adding NAT Rule to send expired / Non Payment Users to native net proxy:

Now add NAT rule in order that solely users with expired IP pool ought to be redirected to native net proxy wherever he are going to be redirected to any native net server page.

/ip firewall nat
add action=redirect chain=dstnat disabled=no
dst-port=80 protocol=tcp src-address=172.16.1.0/24 to-ports=8080

Restrict Access for expired Users so that they cannot use the other net service:

Now add filter rule to limit expired IP pool users so that they cannot access alternative net services.

/ip
firewall filter
add action=reject chain=forward disabled=no
dst-port=!80,8080 protocol=tcp reject-with=icmp-network-unreachable
src-address=172.16.1.1-172.16.1.255

Now once you wish to dam any users for nonpayment, simply amendment his profile to pppoe-expired profile.

As showed within the image below . .

Now the user can still be able to hook up with pppoe server, however he can get expired IP pool, and so are going to be treated consequently to the foundations we have a tendency to created for these users :~) As showed within the image below .

Note: you need to produce any traditional page and transfer it to any net server of your selection, Either It may be native (Preferred) or remote. If its native you won’t got to produce any longer rules, otherwise if it’s on remote server like net, you have got to permit user to access that specific explicit website folder and place them on prime.

Tips for HOTSPOT:

Using higher than methodology you’ll additionally implement non payment reminder for HOTSPOT users additionally. I assume you have already got operating HOTSPOT already running in situ.

Mikrotik HOTSPOT Serve rIP = a hundred and one.11.11.241
Mikrotik HOTSPOT DHCP Pool = a hundred and one.11.11.0/8
Mikrotik HOTSPOT Expired/NON_Payment Users Pool = a hundred and one.11.21.0/24

First add expired IP pool for expired/nonpayment users

/ip pool
add name=expired-pool
ranges=101.11.21.1-101.11.21.255

Now add profile for expired/non payment users.

/ip
hotspot user profile
add address-pool=expired-pool idle-timeout=none
keepalive-timeout=2m name=expired-profile shared-users=1 status-autorefresh=1m
transparent-proxy=no

Now modify net proxy service in order that we are able to send expired users to net proxy wherever they’re going to be redirected to native net server showing non payment page.

/ip proxy
set always-from-cache=no
cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=yes
max-cache-size=none max-client-connections=600 \
max-fresh-time=3d max-server-connections=600
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no
src-address=0.0.0.0

In proxy, add rule to dam and send solely expired/non payment IP pool.

/ip proxy
access
add action=deny disabled=no
dst-port="" redirect-to=101.11.11.240/nonpayment/nonpayment.htm
src-address=101.11.21.0/24

101.11.11.240 is that the native net server IP.

Create NAT rule to send expired/non payment users to native net proxy. Move this rule at the tip within the NAT List.

/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=”place hotspot rules here” disabled=yes
add action=masquerade chain=srcnat comment=”masquerade hotspot network-DEFAULT RULE, ADD solely ALLOWED USER IPS vary HERE e.g” disabled=no src-address=101.11.11.1-101.11.11.255
add action=redirect chain=dstnat comment=”Redirect expired Users to Proxy” disabled=no dst-address=!101.11.11.241 dst-port=80 protocol=tcp to-ports=8080

Remember, in HOTSPOT default masquerading rule, you need to add solely allowed users IP vary. thus add second decree the last which can truly send solely expired IP pool to native net proxy. (the red one)

Create Firewall Filter to limit Access for expired/non payment users solely. Move this rule at the tip in Filter list.

/ip
firewall filter
add action=reject chain=input disabled=no
dst-port=!80,8080,53 protocol=tcp reject-with=icmp-network-unreachable
src-address=101.11.21.0/24

Finally produce user and tag him with expired-profile.

/ip
hotspot user
add disabled=no name=admin password=admin
profile=default
add disabled=no name=test password=test
profile=expired-profile server=hotspot1

Now from user finish, attempt to browse any website, hotspot login page can seem, login with the check id, and take a look at to browse, you’ll be redirected to your native net server page showing nonpayment reminder.

Remember: Rules placement is extremely vital during this methodology. If you misplace rules, you’ll not get desired results.

Asad Mukhtar

Leave a Reply

Your email address will not be published. Required fields are marked *