I’m an RV’er with a Max Transit Duo and Max Transit, how do I connected to a local WiFi network that requires a username/password? Does the Pepwave support this authentication for a WiFi WAN or to I have to use an external USB connected WiFi AP?
can you please clarify what protocol auth?
wifi and password auth on a web page (captive portal) or username and password auth like RADIUS?
give us step-by-step of what you are talking about
1 Like
@mystery is right, we may need to know the detail info in-order advice here 
.
I think you can also check the demo device using the following URL to check whether this is what you are looking.
Turn off health check on the wifi wan connection,
Connect the Peplink to the public wifi then try and access the internet using a device connected to the Peplink.
The captive portal will pop up you’ll login and from that point onwards, any device connected to the Peplink will connect without needing to login to the captive portal.
3 Likes
Thank you that worked. I didn’t get it working on a Mac laptop, but it worked on a PC.
1 Like
What about a Mikrotik Metal 52 (CPE, Router) plugged to the Peplink WAN port. Will I have visibility to the available networks through the Peplink UI? Will I be able to log in via the Peplink UI? Or, do I have to connect to the web interface of the Mikrotik to scan and log in?
Similar to what @Erik_B said for this situation.
-Make sure WAN is active (can be failed health check)
-Create out bound rule enforcing all traffic with a destination of the IP address of the Mikrotik e.g. 192.168.1.20 to the WAN the Mikrotik is connected to
-Now when you try to access the GUI of the Mikrotik at 192.168.1.20, you will access it via that wan even if the health check has failed
2 Likes
Can I connect to a WiFi WAN network that uses a user name and password via RADIUS or the alike? What about with a certificate? If not, is either on the roadmap? Thanks.
Thanks Sam. Should I change the Mikrotik IP address to static within the domain of my Max Transit, or let Mikrotik DHCP assign an address to the Peplink WAN port (does this make sense)? Also, do you know if the Mikrotik should be setup as CPE/Router mode? I may be overcomplicating this but Google has not been my friend to get this setup so that the Mikrotik WAN in my Peplink is transparent, like any other WAN source (like a broadband modem, etc.) that I might plug in.
If you set up the Mikrotik in router mode you want it to have a static IP address in a different subnet to your Pepwave LAN and other WAN’s. e.g. if the Pepwave is 192.168.50.1/25, you can set the Mikrotik at 192.168.51.1/24 or 192.168.1.1/24 but try to avoid the same subnets which might be been used by another WAN
Erik, I have an installation with a SOHO that uses Wifi as WAN through an Xfinity wifi that requires authentication. I have no problem with authentication the same as you describe but the connection is intermittent. I never thought to turn off health check. Curious why that would make a difference. Please tell us why it would matter?
you can’t save your MAC address with xfinity?
Hi Don,
When you are logging on to public Wifi with a Captive portal, you need the WAN connection on the Peplink to stay online until you can log on to that Captive Portal with a client device connected to the LAN of your Peplink router.
If the health check on that WiFi-as-WAN connection was enabled before the client was logged on, it would fail the health check and show offline. The LAN client would not be able to authenticate on the Captive Portal.
The health check can be re-enabled on the WiFi-as-WAN connection as soon as a Client has successfully authenticated and a working internet connection.
I am not familiar with Xfinity, does that have a portal to log on to (like the ones you see in hotels and airports)? I don’t think the health check would have any affect on the connection staying up. Unless there is a limit on the Captive Portal and you need to re-authenticate every x hours or after x amount of bandwidth usage.
Thanks Sam. I have found that leaving the Mikrotik on it’s default settings, 192.168.88.1, and just setting it to CPE/Router mode, works fine to show a WAN connection in Peplink UI. The only down-side of this configuration is that you have to establish and login to a wifi hotspot using the Mikrotik interface, an extra couple of steps compared to using Wifi as WAN on the Peplink. It works quite well once connected. I’m looking to compare this setup with an HD Dome/sim injector solution if I can afford it down the road.
I’m confused about your mention of setting up an outbound policy…
-Create out bound rule enforcing all traffic with a destination of the IP address of the Mikrotik e.g. 192.168.1.20 to the WAN the Mikrotik is connected to
-Now when you try to access the GUI of the Mikrotik at 192.168.1.20, you will access it via that wan even if the health check has failed.
…and am hoping you clarify why this is important and more specifics about the policy.
Much appreciated.
Joel
Hi @joelbean
The outbound policy I have mentioned allows you to access the router on the wan e.g. Mikrotik at 192.168.88.1 even when multiple WANs are used in failover and the WAN is not connected to the internet.
This allows you to login to the Mikrotiks GUI without having to change any settings on the Pepwave.
e.g. Mikrotik WAN is in priority one with cellular in Priority two. All traffic will go over WAN 1 but if internet is not available on WAN 1, all traffic will be failed over to cellular including trying to access the GUI of the Mikrotik at 192.168.88.1.
However, if you create an outbound rule enforcing all traffic with a destination of 192.168.88.1 (or 192.168.88.1/24) then when WAN 1 is disconnected from the internet, you will still be able to access the GUI of the Mikrotik at 192.168.88.1 without having to change any settings.
Thanks Sam. I understand your explanation but I don’t know how to create the Outbound Policy.
How do I fill in the various fields? What Algorithm and selections should I make? Thanks much. Joel
Use the enforced rule and select the WAN that your Mikrotik is connected to.
Logic is if you are trying to access any IP address from 192.168.88.1 to 192.168.88.254, then that traffic is forced to the WAN you know where that subnet is regardless of its up/down status. All other traffic e.g. goggle.com will use the healthy WAN.
1 Like
Perfect. Now I understand. Thank you Sam.