Technical configurations

Once your MikroTik has been configured to have the basic settings for internet connection and can PING out to the internet, you can follow these step to apply the VulaCoin specific configurations:

1. Create a bridge and assign an interface to the bridge
2. Configure SSID
3. Create a Hotspot service on the bridge interface
4. Update the General, Login & RADIUS settings of the Hotspot server profile
5. Update walled garden
6. Configure RADIUS
7. Replace login.html file

Step 1

Click on bridge in your left hand menu, so that the bridge bridge window opens:

Now create a new bridge by clicking on the "+" button, giving the bridge an unique name and click OK:

Here we can see the newly created bridge:

Now we can assign specific interfaces to this bridge. For this guide, the built in wireless interface will be used to broadcast the SSID, so we are assigning wlan1 to the Hotspot Bridge. If you are planning to use a remote AP, assign the LAN port where the AP connects to, to the bridge.

Click on Ports, double click the desired interface and in the general settings, drop down the bridge section, change it to "Hotspot bridge" and click OK:

Step 2

Now that the wireless LAN interface has been assigned to the Hotspot bridge, the SSID can be configure. This will be the WiFi where users connect to.

Click on Wireless in the left hand menu so that the wireless window opens:

Double click on wlan1 to update the SSID. If a remote AP has been used via a LAN connection, the SSID will need to be configured on the APs management portal. Once the wlan1 interface window has been opened, go to the wireless tab, change the SSID name and click on OK:

Step 3

From the left hand menu, go to IP > Hotspot. This will open up the Hotspot window:

With the Hotspot window open, click on the Setup Hotspot button to run the hotspot setup wizard:

In the wizard, you'll only need to change the HotSpot interface, all other fields can be left as default (unless you require a specific IP scheme, change the Local address of network and the address pool in the 2nd & 3rd wizard screen):

Step 4

Now that the Hotspot Server has been configured, the likes of the Server Profiles and Walled Garden can be configured. Browse to the "Server Profiles" tab from your Hotspot window. Here you'll see the server profile that was created when running the Hotspot Setup wizard. The default name will be hsprof1. To edit, double click on hsprof1:

When double clicking on hsporf1, a new window will open where the General, Login and RADIUS settings can be changed.

On the General tab, the name of the server profile and the HTML directory can be change. This is not needed as the default is correct, but when running more than one hotspot server, proper naming convention will make for easy identification and troubleshooting.

On the Login tab, ensure that MAC, HTTP CHAP & HTTP PAP is selected for the login by method:

On the RADIUS tab, tick the "use RADIUS" checkbox and enter VulaCoin's RADIUS server's public IP address of 15.197.145.104 and click OK:

Step 5

After the server profile has been configured, the Walled Garden can be updated. The walled garden feature serves the purpose of allowing users to access certain websites or services without having to authenticate through the hotspot login page. This can be done by clicking on the Walled Garden tab then on the + button. This will open a window where the  new Walled Garden entry can be added. Click on the Dst. Host box and enter the website that needs to be whitelisted.

VulaCoin makes use of a set of websites that needs to be added to the Walled Garden. These websites included vulacoin.com and all other related banks and payment urls. This will allow users to gain internet access to these sites to complete payments while purchasing a bundle via the captive portal journey.

To update the Walled Garden without manually adding each site, the script can be added via a new terminal session:

/ip hotspot walled-garden; add dst-host=vulacoin.com; add dst-host=*.vulacoin.com; add dst-host=api.ravepay.co; add dst-host=*.bankserv.co.za; add dst-host=*.cardinalcommerce.com; add dst-host=*.capitecbank.co.za; add dst-host=oppwa.com; add dst-host=eu-prod.oppwa.com; add dst-host=*.absa.co.za; add dst-host=*.africanbank.co.za; add dst-host=*.bidvestbank.co.za; add dst-host=*.fnb.co.za; add dst-host=*.investec.com; add dst-host=*.nedbank.co.za; add dst-host=*.sasfin.co.za; add dst-host=*.standardbank.co.za; add dst-host=*.ubank.co.za; add dst-host=*.3dsecureprd.fnb.co.za; add dst-host=acs.nedsecure.co.za; add dst-host=*.ctpe.net; add dst-host=ctpe.net; add dst-host=ppipe.net; add dst-host=*.ppipe.net; add dst-host=secure.stitch.money; add dst-host=ol.css; add dst-host=ipapi.co; add dst-host=random; add dst-host= maxcdn.bootstrapcdn.com
; add dst-host=eftsecure.callpay.com; add dst-host=payat.io; add dst-host=portal.nedsecure.co.za

*Note that the above script should be copied and pasted as is to avoid syntax errors. The scripts contains two steps:

1. /ip hotspot walled-garden; this command enters the walled garden directory in CLI
2. add dst-host=website.com; this command adds the website url as a destination host in the Walled Garden.

To perform this via a new terminal session, clink on New Terminal from the left hand menu, past the script provided above, hit enter and verify in the Walled Garden tab that the websites has been added:

Step 6

To perform AAA, specifically Authentication, the RADIUS server will need to be configured to point to VulaCoin's hoster RADIUS server. Click on RADIUS in the left hand menu to open the RADIUS window:

Now the new RADIUS server can be added by clicking on the + button. In the new RADIUS server window, update the following:

1. Select the ppp, hotspot & wireless services
2. Update the address fields with VulaCoin's RADIUS IP: 15.197.145.104
3. Enter the RADIUS secret: testing123
4. Click OK

The RADIUS server is now added:

To allow VulaCoin to send incoming RADIUS packets to the MikroTik RADIUS client, click on the Incoming button and check the Accept box. This is needed for VulaCoin to send Change of Authorisation (CoA) packets to disconnect users.

Step 7

Lastly the login.html file needs to be replaced. The login.html file in the Files directory serves as the login page that users are redirected to when they attempt to access the internet through the hotspot network. Its purpose is to authenticate users before granting them access to the internet. Based on the configuration added in step 3, this file is create automatically. VulaCoin used a custom script in the login.html file, so will need to be updated.

VulaCoin Support will send the login.html to each merchant when they sign up and their admin portal is created. The script used to replace the default login.html will look like this:

Source code to copy below:

*Note, if this file needs to be viewed or edited do so using Notepad++ on Windows and Virtual Studio Code on Mac. Other notepad editor may change syntax causing the file to be incorrect.

All merchants will use the same file, but when the admin portal is created for a new merchant, an unique merchant has is generated by the system. This will replace the UniqueMerchantHash portion in line 4.

A merchant can also view this unique has by loggin onto their admin portal > settings > profile:

To replace the file sent by VulaCoin Support, on the MikroTik, click on Files. This will open the file list where you can identif the default login.html:

Open up finder or explorer to locate the saved login.html file on your laptop/PC. This file can now be dragged to the MikroTik file list. While doing so, a black line will appear beneath your mouse cursor to indicate your location where the file needs to be saved. Make sure that this black line is beneath your current login.html file and drop to replace with the VulaCoin login file.

*Note that the timestamp will change after the new file has been added. This will serve as a good indicator that the new file has been loaded.

MikroTik for VulaCoin has now been configured. For a simple example video of this configuration (with multiple hotspot servers), watch this guide - https://www.youtube.com/watch?v=PUphZaGoakA