EUR31,99
MikroTik Rbmapl-2nd
Question about MikroTik Rbmapl-2nd
Hello all, In a hotel, where I have to authenticate myself via browser on the WLAN, the part will not work as a WLAN client, right?
Helpful answer
Rather no, with a yes at best : )
- firstly, it's not quite as nice (because you could act or appear as a man in the middle),
- secondly: the authentication at these Wifis (better captive portals) are usually DNAT and firewall based, i.e. the traffic is first redirected to ports 53/80/443 (everything else is dropped) of the operator's solution, where the authentication takes place - when you then log in, a corresponding dynamic rule is created (MAC => IP => firewall rule), which lets your device through (usually the MAC as the only unique feature and then possibly via DHCP IP reservation). No OS (neither Mac, nor Win, nor Lin, nor anything else, incl. the router) has a per se mechanism (or a kind of standard) with which it accommodates this state (open WLAN => LoginAuth browser), the OS must therefore carry out some "probing" so that this works - extenders (or routers with extender functionality do not belong to the probing-capable devices).
But what could work as a workaround at best: You log on with a device (example: a notebook or a mobile), and - if the MikroTik can do that - you then fake the Mac of the device (Iphone, Noti etc.) onto the Mikrotik... I would never have tried this, but it would be exciting...
but, as mentioned at the beginning: You are then a man in the middle, because you make an extension of a public SSID, not so nice, if others then connect via you... ;). (since this can never be excluded in hotels, I use at least one VPN tunnel per se (better: a tunnel in the tunnel) ...item).
- firstly, it's not quite as nice (because you could act or appear as a man in the middle),
- secondly: the authentication at these Wifis (better captive portals) are usually DNAT and firewall based, i.e. the traffic is first redirected to ports 53/80/443 (everything else is dropped) of the operator's solution, where the authentication takes place - when you then log in, a corresponding dynamic rule is created (MAC => IP => firewall rule), which lets your device through (usually the MAC as the only unique feature and then possibly via DHCP IP reservation). No OS (neither Mac, nor Win, nor Lin, nor anything else, incl. the router) has a per se mechanism (or a kind of standard) with which it accommodates this state (open WLAN => LoginAuth browser), the OS must therefore carry out some "probing" so that this works - extenders (or routers with extender functionality do not belong to the probing-capable devices).
But what could work as a workaround at best: You log on with a device (example: a notebook or a mobile), and - if the MikroTik can do that - you then fake the Mac of the device (Iphone, Noti etc.) onto the Mikrotik... I would never have tried this, but it would be exciting...
but, as mentioned at the beginning: You are then a man in the middle, because you make an extension of a public SSID, not so nice, if others then connect via you... ;). (since this can never be excluded in hotels, I use at least one VPN tunnel per se (better: a tunnel in the tunnel) ...item).
The question has been solved. I have found a product that also supports MAC address cloning. Thanks again.
I agree with Anonymus.
There is a lot of work behind it.
Therefore I would say. No, it is not possible without a lot of effort.
Greetings Master870
There is a lot of work behind it.
Therefore I would say. No, it is not possible without a lot of effort.
Greetings Master870