If you look at the reality today, every visitor has a mobile gadget that connects to the public WiFi network in a place where people stay for a few time, such as a hotel, airport, store etc. The use of HotSpot on the router, in addition to providing the Internet, can bring more benefits to the development of your business.
In the HotSpot network, the user can authenticate using any web browser, so there is no need to install any additional software to the customer end. As the HotSpot login prompt is a web page, the HotSpot service can effectively be used as an advertising technique of your company.
In this guide, we are going to learn how to install the HotSpot add-on in Splynx, configure MikroTik router and how to perform the payments feature integration.
In Splynx v4.1, the HotSpot add-on supports the following payment systems: VulaCoin, Netcash, M-PESA, PayPal, Stripe.
Please make sure that the payment system you are going to use with the HotSpot add-on is installed and configured.
¶ Installation
To install the HotSpot add-on, navigate to Config → Integrations → Add-ons:
Search the splynx-hotspot add-on item and click on the Install icon located in the Actions column. Click on the OK, confirm button to begin the installation process.
Alternatively, the add-on can be installed using the following commands via the terminal on your Splynx server:
apt update
apt install splynx-hotspot
¶ HotSpot add-on settings
After the installation process has completed, you have to configure the HotSpot add-on, navigate to Config → Integrations → Modules list. Search for the splynx-hotspot add-on and click on the 
(Edit) icon in the Actions column to open its config page:
Main information and API settings:
-
API domain - api domain should be the same as the Splynx URL. The forward slash
/sign is required at the end; -
API key, API secret - auto generated default values. Don't change it unless it is absolutely necessary.
Common settings
-
Splynx url - your Splynx URL address without the forward slash
/sign at the end; -
Default partner - select the default partner for the created customer;
-
Default location - select the default location for the created customer.
HotSpot Partners settings
Choose a partner at the top right corner of the section:
-
Payment method - select a payment method for the HotSpot (VulaCoin, Netcash, M-PESA, PayPal or Stripe);
-
Disable inactive customers after - select the period after that the customer will be disabled;
-
Plan sorting - select an order in which plans will be displayed to the customer;
-
Name - enable/disable the use of the name field when registering a customer;
-
Email - enable/disable the use of the email field when registering a customer. If enabled, you should change the "Login format" under
Config → Main → Customersto "{email}":
-
Country calling codes - select a country phone code;
-
Code length - specify the code length;
-
New code template - specify format of the code message. Do not remove {code} variable from this field. You can use "{code} is your internet access code" as a possible option for this field;
-
Reset code template - specify format of the reset code message. Do not remove {code} variable from this field;
-
Hotspot SSID list - enter one SSID per line;
-
Terms and conditions on login - enable/disable showing terms and conditions when signing in to HotSpot;
-
Terms and conditions text - enter the text of terms and conditions in this field.
Changes are not saved until you click Save.
The configuration of add-on Entry points can be found in Config → Integrations → Modules list, near the splynx_addon_hotspot module item in Actions column, click on the 
(Edit entry points) icon.
More information about Modules list can be found here.
¶ One-time Tariff Plans and Vouchers Configuration
IMPORTANT: For HotSpot add-on to work correctly, it's required to create One-time plans and enable the Vouchers module in Splynx.
To do so:
- Navigate to
Tariffs plans → One-Timeat the top right, click the Add plan button:
- Add some plans which will be available for customers, for example:
If the Hotspot toggle is disabled, such tariff cannot be selected from the list. It is necessary to keep this toggle enabled.
- After that, navigate to
Config → Integrations → Main modulesand enable the Vouchers toggle and press Save:
¶ HotSpot Configuration in MikroTik Router
Start by logging into your MikroTik router. Please make sure there is no previous configuration on the router before you start, as this configuration may conflict with the HotSpot setup.
Specifications:
We will use Splynx server (public domain and SSL are set) and Mikrotik hAP AC lite. Router (OpenVPN client - 10.250.32.2) will be connected with Splynx (OpenVPN server - 10.250.32.1) via OpenVPN.
In HotSpot will be used 10.5.50.0/24 network.
The Android-based cell phone will be a HotSpot client.
Suggested read: OpenVPN configuration.
Step 1 (optional, depends on your initial setup)
Define the port for WAN connection to connect to the Internet via DHCP. Navigate toIP → DHCP Client and add the DHCP Client, for example, to the ether1 interface:
Step 2 (optional but recommended)
After the OpenVPN certificates are generated in Splynx and imported to MikroTik, add your router to Splynx and check the connection:
Step 3 (optional, depends on your initial setup)
Create two Bridges and combine the WLAN (wlan1, wlan2) and LAN (ether2-ether5) ports with the related bridges:
Step 4
In IP → DNS specify the address of your DNS server. Put the check mark near the Allow Remote Requests option:
Step 5
Assign new IP addresses to the HotSpot and LAN-Ethernet interfaces in IP → Addresses. The IP address can be anything you choose, but it must be in a range of IP addresses other than the IP address of the DHCP server on the Internet. Remember to add /24 after the IP address - this is the sub-net range in which the interface will operate.
Step 6
Enable Wi-Fi interfaces which will be used for HotSpot and configure them to accept wireless connections: use the AP Bridge mode, input the SSID (Wireless Name) name of your HotSpot, etc.
Step 7
Now start making the HotSpot configuration, for this purpose use the HotSpot Setup wizard. Navigate to the menu IP → Hotspot → Hotspot Setup and perform the next steps:
- Choose which interface the HotSpot will run on, in our example it's the HotSpot bridge.
- The next window allows you to choose the local address range of your HotSpot. This will be filled in for you based on the IP address that you assigned to your bridge earlier. Make sure the Masquerade Network option is ticked.
- Choose the IP address Pool for your HotSpot network. The value will be filled in automatically, it's based on the wireless interface IP address assigned earlier.
- In our example we are not going to use SSL/HTTPS certificates for HotSpot, so just leave the option set to
noneand press Next.
- In our example we don't need SMTP server, so just leave the address as
0.0.0.0.
- The DNS address will be filled in automatically based on our previous configuration.
- In the field type, e.g.
local.hotspot, this is the address that HotSpot clients will be redirected to when they want to login. Make sure that this site is not accessible on the Internet (do not use, for example,yahoo.com), and the address must include a dot sign in the name.
In this window you can create your first HotSpot username and password, but we'll leave it as it is (don't set any password).
After that, the HotSpot server will be created:
Step 8
The next step is to replace the default login.html file on the router storage to our customized one:
But first of all, you need to download the configured html file and change the URL address of Splynx to your own:
Step 9
The clients authorization uses the RADIUS protocol. Let's configure the interaction between the router and the service by adding a new server to the RADIUS menu, after that make its configuration:
- Service:
hotspot; - Address:
your Splynx IP address; - Protocol:
udp; - Secret:
automatically generated value from your router page in Splynx; - Authentication Port:
1812; - Accounting Port
1813; - Timeout:
3000
Then, navigate to IP → Hotspot → Server Profiles, double click on your HotSpot profile and click on the RADIUS tab, make the next changes:
- Use RADIUS - put the check-mark to enable this setting;
- MAC Format - use the default value (
XX:XX:XX:XX:XX:XX); - Accounting - put the check-mark to enable this setting;
- NAS Port Type - select the
15 (ethernet)value.
Step 10
Set the correct parameters on the Login tab for the HotSpot Server Profile:
- Login By:
HTTP CHAP; - MAC Auth. Mode:
MAC as username and password.
Step 11
In IP → Hotspot → User Profiles, the default profile should be with the next settings:
Step 12
In IP → Hotspot → Walled Garden, configure the following addresses to Dst. Address one by one for access by unauthorized clients, where:
-
192.168.100.182- IP address of your Splynx server behind NAT; -
<splynx_domain>URL of your Splynx, the field should contain only the main domain address (withouthttps//:|www., etc.), for example if we have the addresshttps://www.portal.mysplynx.com/, onlyportal.mysplynx.comshould be used; -
*vulacoin.com- URL of VulaCoin service; -
netcash.co.za- URL of Netcash service.
Full list of walled garden entries to add
HotSpot + Vulacoin
/ip hotspot walled-garden
add dst-host=*.fnb.co.za
add dst-host=vulacoin.com
add dst-host=*.vulacoin.com
add dst-host=.api.ravepay.co
add dst-host=*.bankserv.co.za
add dst-host=*.cardinalcommerce.com
add dst-host=*.capitecbank.co.za
add dst-host=oppwa.com
add dst-host=eu-prod.oppwa.com
add dst-host=*.absa.co.za
add dst-host=*.africanbank.co.za
add dst-host=*.bidvestbank.co.za
add dst-host=*.fnb.co.za
add dst-host=*.investec.com
add dst-host=*.nedbank.co.za
add dst-host=*.sasfin.co.za
add dst-host=*.standardbank.co.za
add dst-host=*.ubank.co.za
add dst-host=dsecureprd.fnb.co.za
add dst-host=acs.nedsecure.co.za
add dst-host=*.bankserv.co.za
add dst-host=*.ctpe.net
add dst-host=ctpe.net
add dst-host=ppipe.net
add dst-host=*.ppipe.net
add dst-host=*.capitecbank.co.za
add dst-host=secure.stitch.money
add dst-host=ol.css
add dst-host=ipapi.co
add dst-host= random
HotSpot + Netcash
/ip hotspot walled-garden
add comment=Netcash dst-host=cde.netcash.co.za dst-port=443 path=\
/Site/CardPayment.aspx
add comment=Netcash dst-host=js-agent.newrelic.com dst-port=443 path=\
/nr-spa-1216.min.js
add comment=Netcash dst-host=seal.digicert.com
add comment=Netcash dst-host=*.netcash.co.za
add comment=Netcash dst-host=*.digicert.com
add comment=Netcash dst-host=*.newrelic.com
add comment=Netcash dst-host=js-agent.newrelic.com
add comment=Netcash dst-host=netdna.bootstrapcdn.com
add comment=Netcash dst-host=netcashcde.azurewebsites.net
add comment=Netcash dst-host=*.ozow.com
add comment=Netcash dst-host=*.azurefd.net
add comment=Netcash dst-host=*.trafficmanager.net
add comment=Netcash dst-host=*.msedge.net
add comment=Netcash dst-host=*.hostserv.co.za
add comment=Netcash dst-host=*.paynow.co.za
add dst-host=*.microsoft.com
add dst-host=*.awsglobalaccelerator.com
add dst-host=*.cloudflare.net
add dst-host=*.cardinalcommerce.com
add dst-host=*.paygate.co.za
add dst-host=*.cloudfront.net
add dst-host=*.dpopayments.io
add dst-host=*.dpopayments.io
add dst-host=*.fnb*
add dst-host=*.standardbank.*
add dst-host=*.capitec.*
add dst-host=*.absa.*
add dst-host=*.nedbank.*
add dst-host=authentication.cardinalcommerce.com/ThreeDSecure/
add dst-host=3ds.capitecbank.co.za/acs/
add dst-host=acsabsa.bankserv.co.za
add dst-host=acsnedcor.bankserv.co.za
add dst-host=acssb.bankserv.co.za
/ip hotspot walled-garden ip
add action=accept disabled=no dst-address=151.101.2.137 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=151.101.66.137 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=151.101.130.137 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=151.101.194.137 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=185.221.86.0/23 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=99.81.96.137 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=52.0.0.0/8 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=102.133.154.32 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=40.127.3.0/24 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=40.127.0.0/24 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=41.21.175.145 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=13.107.246.0/24 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=75.2.62.89 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=99.83.232.8 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=13.73.248.8/29 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=13.107.192.0/18 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=104.18.40.135 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=172.64.147.121 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=198.217.251.0/24 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=18.0.0.0/8 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=99.80.231.39 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept comment=api.dpopayments.io disabled=no dst-address=\
46.137.27.229 !dst-address-list !dst-port !protocol !src-address \
!src-address-list
add action=accept disabled=no dst-address=3.248.100.28 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=63.34.141.3 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=34.0.0.0/8 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
add action=accept disabled=no dst-address=54.0.0.0/8 !dst-address-list \
!dst-port !protocol !src-address !src-address-list
This text can be copied and pasted into the terminal on your Mikrotik device.
Pay special attention to the following lines and also copy and paste them into the Mikrotik terminal once edited.
You should replace YOURSPLYNXPUBLICIP with your server’s public IP and YOURSPLYNXURL with your server’s URL. You should also replace YOURSPLYNXINTERNALIP with your internal IP if your server is behind NAT.
/ip hotspot walled-garden ip
add action=accept comment=Splynx disabled=no dst-address=YOURSPLYNXPUBLICIP \
!dst-address-list !dst-port !protocol !src-address !src-address-list
add action=accept comment=Splynx disabled=no dst-address=YOURSPLYNXINTERNALIP \
!dst-address-list !dst-port !protocol !src-address !src-address-list
/ip hotspot walled-garden
add dst-host=*.YOURSPLYNXURL
HotSpot + Stripe
Splynx IP is YOUR_SERVER_IP
Splynx URL is YOUR_SERVER_URL
/ip hotspot walled-garden
add dst-host=YOUR_SERVER_IP
add dst-host=YOUR_SERVER_URL
add dst-host=*.stripe.com*
add dst-host=*.fontawesome.com*
add dst-host=stripecdn.map.fastly.net
add dst-host=151.101.244.176
add dst-host=*arcot.com*
HotSpot + PayPal
Splynx IP is YOUR_SERVER_IP
Splynx URL is YOUR_SERVER_URL
/ip hotspot walled-garden
add dst-host=YOUR_SERVER_IP
dst-host=*paypal*
HotSpot + M-PESA
Splynx IP is YOUR_SERVER_IP
Splynx URL is YOUR_SERVER_URL
Step 13
Under HotSpot Partners settings, set Hotspot server name or SSID (depends on the device vendor) to which customers of this partner will connect.
When editing a partner, in Hotspot SSID list field, enter the following:
-
for Mikrotik devices: enter Hotspot server name;
-
for Cambium devices: enter SSID name.
It is crucial when each partner has its own branding (logo under Company information). In case when real SSID does not match hotspot name in this field, the system will load a logo of default partner.
You can check a real SSID name of connected customers under Customers → Vouchers → List on a tab Online vouchers under the field "Port":
¶ Connection to HotSpot and Payments via VulaCoin
Double check if the VulaCoin add-on is installed and configured in Splynx.
Imitating the client's steps, try to connect to the newly created Wi-Fi HotSpot:
To sign in to your HotSpot, enter your phone number and press Next.
If there are terms and conditions on login, accept them to proceed. You can click on terms and conditions phrase under the phone number field and see the text like this:
NOTE: To receive an SMS with a code, you need to set up an SMS gateway in Splynx.
Then, select your plan. In case the plan is paid, you will be redirected to the VulaCoin page to make a payment:
NOTE: The client will be connected to the Internet through an automatically created prepaid voucher, an invoice will be created for the paid plan only in Splynx.
¶ Logs
You can check HotSpot logs under Administration → Logs → Hotspot Logs:
Also, there is an option to check Netcash and/or Vulacoin logs here.