AMIT VHG760 & VHG87B

The router/AP devices  AMIT VHG760 and AMITVHG87B allow internet connetion via Ethernet or 3G/4G networks. Devices were tested starting with default settings and using the Ethrernet1 port as WAN. The default SSID (on both bands 2,5 GHz and 5GHz for VHG87B) was set for SOCIFI services, the SSID was already set including the DHCP service.

The tested VHG760 firmware version was 00000W0.I21_e21.0000_02211700, tested VHG87B firmware version was 0000Y90.I21_e22.0000_03211200. Both devices are configured equally.

1.. RADIUS and External Captive Portal

1.1 RADIUS server

Tested firmware supports only one RADIUS server

We recommend to use this set of RADIUS servers:
 


 List of RADIUS according to your location:
 For North America

RADIUS Server 1

rad-1-use-1.socifi.com or IP address: 52.7.148.174, Radius shared secret: socifi

RADIUS Server 2

rad-2-use-1.socifi.com or IP address: 52.55.217.23, Radius shared secret: socifi

 For Europe and Africa

RADIUS Server 1

rad-1-euw-1.socifi.com or IP address: 52.209.184.212, Radius shared secret: socifi

RADIUS Server 2

rad-2-euw-1.socifi.com or IP address: 52.50.155.202, Radius shared secret: socifi

 For Asia-Pacific

RADIUS Server 1

rad-1-euw-1.socifi.com or IP address: 52.209.184.212, Radius shared secret: socifi

RADIUS Server 2

rad-2-euw-1.socifi.com or IP address: 52.50.155.202, Radius shared secret: socifi

In order to have the Radius communication working fine, the IP addresses (above) and the ports 1812 Auth and 1813 Acc must be accessible.

Go to "Object Definition / External Server" and add new item with following settings. In "Server Type" section set only "Primary" parameters. Do not set "Secondary"

Server name<According to the RADIUS selection tool above> eg. rad-1-euw-1.socifi.com
Server TypeRADIUS server
  • Shared Key
socifi
  • Authentication Protokol
CHAP
  • Session Timeout
1
  • Idle Timeout
1
Server IP/FQDN<According to the RADIUS selection tool> eg. rad-1-euw-1.socifi.com
Server Port1812
Accounting Port1813
Serverenable

1.2 External Captive Portal

Go to "Object Definition / External Server" and set folowing item's parameters

Server NameSOCIFI CaptivePortal
Server TypeUAM Server
  • Login URL
http://connect.socifi.com
  • Shared Secret
<empty>
  • NAS/Gateway ID
AMIT_<mac_addres_of_WAN_port_see_below>
  • Location ID
<empty>
  • Location Name
<empty>
Server IP/FQDNconnect.socifi.com
Server Port80
Serverenable

2.. Authentication and External SOCIFI Captive Portal

Set Walled Garden with following domain list

If you are customer with White Label solution, please add your custom domain (for example mycustomdomain.com) to the Walled Garden list.

socifi.com facebook.com akamaihd.net akamai.net edgecastcdn.net twitter.com twimg.com fastly.net li-cdn.net cloudfront.net fbcdn.net instagram.com cdninstagram.com linkedin.com licdn.com
 Want to Allow Google+ login ?

The new Allow login through social networks does not include the Google login. The reason is that some Android based devices are not redirected to the Captive Portal when the user gets connected to WiFi network. In case you'd like to add it you need to do following:

  1. Check if your hotspot allows DNS names in the Walled garden. Some hotspots can use IP addresses only. See: Why DNS-based Walled Garden (and not IP-based)
  2. Allow Google+ login: Settings > Brand > Authentication > Allow login through social networks > Set on Allow Google login
  3. Add these walled garden domain into existing list:

Google+ Login DNS's

Please adopt same format your Walled garden is already using e.g. with or without the asterisk, separated by comma or space etc.

 For Cisco Meraki, Ruckus, Xirrus
*.googleapis.com
*.googleusercontent.com
*.gstatic.com
*.accounts.youtube.com
*.apis.google.com
*.accounts.google.com
*.l.google.com

The local accounts.google.XX domain must be added into the Walled Garden list. For example accounts.google.co.uk for United Kingdom, accounts.google.com.sg for Singapore, accounts.google.de for Germany etc. Google domains list you can find at https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/List_of_Google_domains.html

 For Open Mesh
googleapis.com,googleusercontent.com,gstatic.com,accounts.youtube.com,apis.google.com,accounts.google.com,l.google.com

The local accounts.google.XX domain must be added into the Walled Garden list. For example accounts.google.co.uk for United Kingdom, accounts.google.com.sg for Singapore, accounts.google.de for Germany etc. Google domains list you can find at https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/List_of_Google_domains.html

 For Mikrotik
/ip hotspot walled-garden
add dst-host=*.googleapis.com
add dst-host=*.googleusercontent.com
add dst-host=*.gstatic.com
add dst-host=*.accounts.youtube.com
add dst-host=*.apis.google.com
add dst-host=*.accounts.google.com
add dst-host=*.l.google.com
add dst-host=accounts.google.com

The local accounts.google.XX domain must be added into the Walled Garden list. For example accounts.google.co.uk for United Kingdom, accounts.google.com.sg for Singapore, accounts.google.de for Germany etc. Google domains list you can find at https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/List_of_Google_domains.html

 For DD-WRT
googleapis.com googleusercontent.com gstatic.com accounts.youtube.com apis.google.com accounts.google.com l.google.com

The local accounts.google.XX domain must be added into the Walled Garden list. For example accounts.google.co.uk for United Kingdom, accounts.google.com.sg for Singapore, accounts.google.de for Germany etc. Google domains list you can find at https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/List_of_Google_domains.html

Related pages:

The Splash Page is not triggered when Android devices connect to WiFi



Set External Captive redirection in "Security / Authentication" with following values.

Captive Portalenable
WAN Interface<relevant WAn interface>  WAN-1 by default
LAN Subnet<LAN subnet according to the DHCP server> 
Web PortalExternal
MAC Whitelist
Walled-Garden Hosts
Walled-Garden domain<see above>
Authentication Server<select RADIUS Server Name> eg.. rad-1-euw-1.socifi.com
UAM Serverenable
  • Select from external Server List
SOCIFI CaptivePortal

3. ID for SOCIFI Dashboard and NAS/Gateway ID

Find the MAC address of WAN Interface, that provides the internet connection. Go to "Status / Basic Network / WAN&Uplink". Find the field "MAC Address" in the table "WAN Interface and IPV4..." and row WAN-1. You can also find this MAC on the label on the bottom of the VHG device

Use this MAc address also for setting the "NAS/Gateway ID" in External Captive Portal setup.

Step 1: Login to SOCIFI Dashboard

Step 2: Click on the "Hotspots" tab on the left sidebar

Step 3: Click on the “Add a new hotspot” button located on the top right corner on the screen (pictured below)

Note: A pop-up window will appear (below)

Step 4: Select the Wi-Fi hardware manufacturer from the drop down menu

Step 5: Enter the serial number or MAC address (depending on the specific equipment manual) of your equipment. You can add multiple hotspots at once.

Step 6: Set your Network location (this step is essential for correct ad targeting)

Step 7: In the pop-up window type your location or just move the marker on the map and click on the save button to confirm the selection. This address is used for ad GEO targeting.

Step 7: Click Save

Note: Newly added hotspot are marked as  (Hotspot pending). After the first user connects to the hotspot via SOCIFI, the status will automatically change and appear as  (Active) within an hour. Get your first connections to test if it works properly.