RFC 8910 specifies the use of DHCP Option 114 for captive portal identification. Using this DHCP option, endpoints can learn the address of the captive portal API server and contact it to find out the URL of the captive portal server.

To implement DHCP Option 114 on Mikrotik it needs to have a TLS certificate and a DNS hostname. We can get a TLS certificate for free using Let’s Encrypt. To set it up refer to this guide.

After importing your certificate successfully you will need to enter a DNS name for your router (the corresponding DNS record should also exist and point to any of the interface IPs on Mikrotik). HTTPS should be selected in the Login By section. Additionally, in SSL certificate you will need to select your added certificate.

To trigger Change of Authorization (CoA) from FreeRADIUS to a Mikrotik router to update the session parameters of a hotspot user you can follow these steps:

Access the Mikrotik router via Winbox. Go to RADIUS to add a RADIUS server like this:

You can use the following steps for integrating Google Workspace login into your web application.

In this post we’ll be looking at using FreeRADIUS integrated with Google Workspace Secure LDAP to perform VLAN assignment for WPA enterprise users. This setup has been tested with Ubiquiti Unifi and Cisco Meraki successfully. FreeRADIUS setup and Google Workspace integration has been covered in a previous post so please check it out to understand the prerequisites of this setup.

Aruba’s Instant On product line consists of plug and play access points and switches that are managed from the cloud. The cloud management portal – located at https://portal.arubainstanton.com – is free and does not require purchasing any license.

This post is about implementing web filtering as a service using a cloud hosted pfSense appliance. Using the setup documented below it is possible to offer web and URL filtering as a service for a safe web experience for schools, businesses and homes. It will also allow visibility into users’ traffic for compliance and logging purposes. This setup was tested on a pfSense appliance v2.4.5-RELEASE-p1 that was installed on an AWS EC2 instance (that setup is outside the scope of this post).

This post documents the process of integrating FreeRADIUS with Google G Suite (now Workspace) using Secure LDAP. FreeRADIUS will be used to authenticate Ubiquiti Unifi WPA2 Enterprise WiFi users. The configurations presented here are taken from this wonderful repository. While the repo uses Docker, we will be implementing these settings in FreeRADIUS directly. These settings were tested on Debian 10.

A convenient way to remotely access and manage a Mikrotik router that is behind NAT is to set it up as an OpenVPN client. It will then be accessible from the VPN server or by other VPN clients. In this guide we’ll document a procedure for setting up an OpenVPN server in Docker and configure it to work with Mikrotik.

If you want to setup VPN on a remote Windows server mainly to change your IP address and security is not the main concern then PPTP VPN is probably the simplest option. In this guide we’ll see how to setup PPTP VPN with NAT on Windows Server 2019 with only a single network interface (as is the case with most VPS deployments).