Thursday, 27 March 2014

Mikrotik Hotspot Data Limit Trial

16:26 Posted by Jurgens Krause 34 comments
Mikrotik's hotspot service is quite amazing considering what it costs. It does have some limitations though. One of these is the fact that you cannot set a data limit to the trial account, only a time limit.

Luckily there are a few workarounds for this, the original concept for this comes from www.mikrotik-routeros.com but I have corrected a couple of bugs and added some functionality.


Start by creating your FreeUser profile:
IP>HOTSPOT>USER PROFILES>ADD

Name: FreeUser

You can customize this as you like, my preference is to only allocate 512k of bandwidth to the free users



Create the following two scripts on your routerboard by going to SYSTEM>SCRIPTS>ADD

Script 1:
The first script is the one that checks if a user has reached your specified limit, you can change the limit in the second line of the script.

Name: limitdata

#Set your dowload limit in MegaBYTES!
:local downloadlimitmb "50"

### You will not need to edit anything below this line ###
:local downloadlimit  [($downloadlimitmb  * 1048576)]
:local counter
:local datadown
:local username
:local macaddress
:foreach counter in=[/ip hotspot active find where user~"^[T][-].{17}"] do={
:set datadown [/ip hotspot active get $counter bytes-out]
:if ($datadown>$downloadlimit) do={
:set username [/ip hotspot active get $counter user]
:set macaddress [/ip hotspot active get $counter mac-address]
/ip hotspot user remove [/ip hotspot user find where name=$username profile=FreeUser]
/ip hotspot user add name=$username limit-bytes-out=$downloadlimit mac-address=$macaddress profile=FreeUser
/ip hotspot active remove $counter
:log info "Force logout on user: $username - Reached download quota"
}}

Script 2:
The second script resets the counters of all free users so that they can receive a new allocation.

Name: clearusers
:log info "Checking Users"
:local counter

:foreach counter in=[/ip hotspot user find profile="FreeUser" ] do={
/ip hotspot user remove $counter
}

You then need to add two scheduled tasks under SYSTEM>SCHEDULER:

The first task will determine how often a specific mac address' usage is reset. I run it at midnight every day, which means that in my example people can use 50MB per day for free.
add disabled=no interval=1d name=ClearUsers on-event=clearusers policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    start-date=jan/01/2002 start-time=00:00:01

The second task will determine how often the system will check if a user has reached the quota. I run it every ten seconds, but on a busy routerboard you may have to set this to a higher value:
add disabled=no interval=10s name=DataLimit on-event=limitdata policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    start-date=oct/07/2013 start-time=00:00:00

You should now be able to have users use the predefined trial without needing a login. Just remeber to enable to trial option for your hotspot.

34 comments:

  1. Hi, i have tried setting this up exactly as above, but it doesn't work. can you assist?

    ReplyDelete
    Replies
    1. I am happy to try to help. I need some more info though, what is the problem you are having?

      Delete
    2. i created freeuser profile, as above.
      then i added both scripts and scheduled clearusers to run in intervals of 24h and datalimit to run every 10 seconds. Both scripts work and have run according to schedule.

      I assigned the freeuser profile as the hotspot trial user profile.

      Users are able to use the trial, and the data speed limit (rate limit) is working perfectly, but the users arent getting disconnected when they have used more than 50mb.

      To test this i cleared cookies and all active users, i then logged onto the trial (with data limit script set to 20mb) and started downloading a 50mb file, while doing some browsing, it didnt log me out at any point. What could i have done wrong?

      Really appreciate the assistance!

      Delete
    3. Hi James,

      There was a wrong variable name in the "limitdata" script. I have fixed it, and it should now work. just replace your existing "limitdata" script with this one.

      Thanks for pointing it out.

      Delete
  2. thanks so much, will give it a try and report back

    ReplyDelete
  3. Hi Jurgens

    I did try your script every thing works 100%. Just some thing to note the specified limit you put in is not a total limit.
    Say you put in 50 it will allow the user to download 50MB and upload 50MB.

    Thanks for the post

    ReplyDelete
  4. Hi there.
    I'm having trouble making this script work
    The limitdata only works when i change [($downloadlimitmb * 1048576)] to [($downloadlimitmb * 1000)]
    But if i try to add one more zero then it does not work
    The clearuser script works perfectly.
    Any ideas?
    Thank you

    ReplyDelete
    Replies
    1. Hi Emile,
      Which version of ROS are you using?

      Delete
    2. Hi Jurgens.
      First i tried it with 4.11, then with 6.11.
      Now im running 6.20.

      Delete
  5. This comment has been removed by the author.

    ReplyDelete
  6. Hi Jurgens,
    Sorry i did not understand how the script should work. I thought that is will create user with limit at logon but i see that it works as soon as the trail user hits the limit..

    It took me awhile to figure it out.
    Thank you for this great script.

    ReplyDelete
  7. It is exactly what I've been looking for. Thank you very much!

    ReplyDelete
  8. Hi
    I tried these scrips several times. But trial users don't kick out after allowed traffic limit and can continue using..
    Would you please help me? :(
    I need this
    Thnaks

    ReplyDelete
    Replies
    1. Can you confirm that the Scheduled tasks are running, check if the run count goes up.

      Delete
    2. Hi, Can somebody help me with this?
      I did everythig just like you said. but users exceed the limit :(

      Delete
    3. This comment has been removed by the author.

      Delete
    4. The sheduler should run scripts. But when I check sheduler, it's counting run count but "limitdata" script does not count running. I think thats my problem. Can you help me through this?

      Delete
  9. Hi,

    Does this set up work well with smartphones & tablets? Also, can the hotspot be applied to specific interfaces such as ether 3 or a Virtual AP?

    Thanks.

    ReplyDelete
    Replies
    1. Hi Amos,
      It works perfectly fine with Apple and Android devices, and you can run a hotspot on any interface you like.

      Delete
  10. hi.
    i try to use this script on RB750 with ROS 5.26 but it don't work. i set
    :local downloadlimitmb "5"
    but when a user downloading and i run this script, download don't stop.
    pls help me

    ReplyDelete
    Replies
    1. i have a mistake that i don't create the hotspot trial profile.
      It is exactly what I've been looking for. Thank you very much!

      Delete
  11. hi

    this scrpits works fine but from time to time i see that my manually created users are gone.
    i think this script deletes them
    any suggestion ?

    ReplyDelete
  12. any idea about this script ?

    it seems that i just affect the trial users, but i doesn't work.

    ##Download limit in MB - Editable
    :local downquotamb "10"
    ##Set "Constants"
    :local downquota [($downloadlimitmb * 1048576)]
    :local tuser
    :local datadown
    :local mac
    :local user
    ##loop through each active user

    :foreach tuser in=[/ip hotspot active find] do={
    :set user [/ip hotspot active get $tuser user]
    :set mac [/ip hotspot active get $tuser mac-address]
    :set datadown [ /ip hotspot active get $tuser bytes-out]
    ##if user is trial
    :if ( $user=T-$mac) do={
    :if ($datadown>$downquota) do={
    ##Remove Dynamic Trial User Acct and replace with tmp acct to disable trial access
    /ip hotspot user remove [user find where name=$user]
    /ip hotspot user add name=$user limit-bytes-out=$downquota mac-address=$mac
    /ip hotspot active remove $tuser
    :log info "Logged out $user - Reached download quota"
    }}

    ReplyDelete
    Replies
    1. If you have static users with the "FreeUser" profile, the second script will delete them. Could that explain your problem?

      Delete
    2. use another profile for your manually created users.

      Delete
    3. Hello Jurgens Krause,
      I need basic Mikrotik firewall scripts to protect my Rb from viruses and outside attacks
      Your help will be much appreciated

      Delete
    4. It may be a bit late,but I found the problem, I updated the tutorial, but what you need to change is the line that says:
      :foreach counter in=[/ip hotspot active find] do={
      to:
      :foreach counter in=[/ip hotspot active find where user~"^[T][-].{17}"] do={

      It will now look for usernames that match trial usernames!

      Delete
  13. yeah

    i found a way to work around the bug in the script and wrote my own that works fine.
    its a little bit different from yours especially in how it detects that a user is trial or not,a different profile named "Maxedout_prof" and a little :log info command to monitor every step that script goes through .

    by the way i dont understand how your code works in this part (user~"^[T][-].{17}") dont you mind explaining a little bit ?

    but thank you to put me in the straight line in the first place ...

    .

    ReplyDelete
    Replies
    1. Hi Mohsen,

      Please share your solution with me, I always like to see alternative options to do the same task.

      My solution uses a Regex expression to look for an active user where the username starts with a "T" followed by a "-" follow by 17 alphanumeric characters. I don't envision any non trial user accidentally matching that description.

      Delete
  14. Jurgen Krause

    Please I need your assistance on how to configure my Mikrotik router to assign a specific Bandwidth speed and data size to our hotspot users per day. I have 10 users.

    I am subscribed to a satellite, with:
    - Download Speed of 5120Kbps
    - Upload speed of 768Kbps
    - Monthly download allowance of 20Gb
    Please I want a situation where each day, the Mikrotik router will assign 512Kbps download speed to each hotspot users.
    Also, it will give each hotspot user a daily maximum data download allowance of 90Mb each.

    Thanks
    Colonel A

    ReplyDelete
  15. Hi Jurgens
    Pleaseon your third comment line , you mentioned that There was a wrong variable name in the "limitdata" script. I have fixed it, and it should now work. just replace your existing "limitdata" script with this one.

    but i cant find the new update

    Colonel

    ReplyDelete
  16. Hi

    I tried to use your scripts on ROS5.20 exactly as mentioned , the "limitdata" script doesn't work at all

    ReplyDelete
  17. Hi Jurgens

    Any advice on limiting trial users by time for instance let say a coffee shop at a church. For example the trial users would only have access between 8am and 10am?

    Thanks
    Coenraad

    ReplyDelete