Router - MikroTik hEX S: Difference between revisions
| m Hardillb moved page Category:Routers:MikroTik hEX S to MikroTik hEX S | m Add note about adjusting MTU/MRU | ||
| (4 intermediate revisions by the same user not shown) | |||
| Line 66: | Line 66: | ||
| When plugged in it will show up as a new interface called lte1 and should be allocated an IP address via DHCP. | When plugged in it will show up as a new interface called lte1 and should be allocated an IP address via DHCP. | ||
| On the '''PPP''' page and '''Interfaces''' tab again click on the '''Add New''' button. This time select the '''L2TP Client''' option. Change the name to "l2tp-aa", in the '''Connect To''' field enter "90.155.53.19" which is A&A's L2TP endpoint, again for the username and password you should use the same credentials as for the PPPoE interface used earlier. | On the '''PPP''' page and '''Interfaces''' tab again click on the '''Add New''' button. This time select the '''L2TP Client''' option. Change the name to "l2tp-aa", in the '''Connect To''' field enter "90.155.53.19" which is A&A's L2TP endpoint, again for the username and password you should use the same credentials as for the PPPoE interface used earlier. Be sure to reduce the Max MTU and Max MRU to at least 1460 (And possibly as far as 1340 if on the 3 network)  | ||
| For the '''L2TP Protocol Version''' ensure "l2tpv2" is selected. | For the '''L2TP Protocol Version''' ensure "l2tpv2" is selected. | ||
| Line 99: | Line 99: | ||
| * '''Name''' ''start-l2tp'' | * '''Name''' ''start-l2tp'' | ||
| * '''Source'''  | * '''Source''' '' | ||
|                  /interface/l2tp-client/enable [find name="l2tp-aa"] | |||
| '' | |||
| And then | And then | ||
| * '''Name''' ''stop-l2tp''   | * '''Name''' ''stop-l2tp''   | ||
| * '''Source'''  | * '''Source''' '' | ||
|                  /interface/l2tp-client/disable [find name="l2tp-aa"] | |||
|                  :delay 2s; | |||
|                  /ipv6/dhcp-client renew pppoe-out1 | |||
| '' | |||
| Finally we setup a Netwatch event to trigger the scripts. | Finally we setup a Netwatch event to trigger the scripts. | ||
| Line 111: | Line 117: | ||
| Set  | Set  | ||
| * '''Host''' | * '''Host''' ''8.8.4.4'' | ||
| * '''Type''' ''simple'' | * '''Type''' ''simple'' | ||
| * '''On Up''' ''stop-l2tp'' | * '''On Up''' ''stop-l2tp'' | ||
| Line 118: | Line 124: | ||
| This will ping ''8.8.4.4'' every 10 seconds and if it fails to get a response will run ''start-l2tp'' and when pings succeed again it will run ''stop-l2tp''. | This will ping ''8.8.4.4'' every 10 seconds and if it fails to get a response will run ''start-l2tp'' and when pings succeed again it will run ''stop-l2tp''. | ||
| [[Category:3rd Party Routers| | [[Category:3rd Party Routers|MikroTik]] | ||
Latest revision as of 23:08, 19 January 2025
Prerequisites
An A&A supplied Router in Bridge mode (I'm using a ZyXEL VMG3925-B10D).
Hardware

We'll be using MikroTik hEX S, this has 5 Gigabit Ethernet ports and one SFP port. In addition it has a USB A port, which we will make use of later.
It can be powered either by a standard wall wart or via PoE.
The following instructions should work with other MikroTik devices (LTE/L2TP failover will require a device with a USB socket or built in LTE support).
Assumptions
The MikroTik device is connected to the A&A supplied router in using an Ethernet cable connected to port 5.
Your LAN is connected to port 1 on the MikroTik (which is part of the default bridge interface)
Setup

The MikroTik routers can be configured in 3 different ways, via
- The terminal (SSH or Serial)
- The WebFig interface (HTTP)
- The WinBox Windows application
For this I'll be mainly using the WebConfig interface.
First we will remove ether5 from the default bridge interface, Click on Bridge in the left hand menu and then the Ports tab. Click on the D on the line that says ether5 in the Interfaces column.
Next we will configure the PPPoE connection to A&A, from the menu on the left hand side select PPP, on the Interfaces tab select the Add New button and select PPPoE Client from the list.
On this page you should enter your A&A username xxx@a.1 and password as well as selecting ether5 as the Interfaces to say to use the connection to the A&A supplied Router in bridge mode.
You will also want to tick the Use Peer DNS box unless you are running your own DNS server.
Once this is saved the connection should become active.
IPv6

To ensure that IPv6 works correctly we need to set up a DHCPv6 client to make a DHCPv6-PD request
Under the IPv6 select DHCP Client and click the Add New button.
Select pppoe-out1 as the Interface, tick the checkboxes for address and prefix for the Request and also check the Add Default Route. For the Pool Name enter isp.
Once saved we need to attach this prefix to the LAN, to do this we select IPv6 and Addresses, click the Add New button and set the Pool to isp, Interface to bridge and tick the Advertise checkbox.
Adding L2TP failover
NOTE: the following instructions are not intended for use with A&A data SIM.
Here we are going to setup automatic fail over to a L2TP connection if the VDSL line goes down and have it recover when it comes back up.
As mentioned earlier the MikroTik hEX S has a USB A port on the side, this can be used with a USB LTE stick to add a second back haul. I'm using Huawei E3372-200.
When plugged in it will show up as a new interface called lte1 and should be allocated an IP address via DHCP.
On the PPP page and Interfaces tab again click on the Add New button. This time select the L2TP Client option. Change the name to "l2tp-aa", in the Connect To field enter "90.155.53.19" which is A&A's L2TP endpoint, again for the username and password you should use the same credentials as for the PPPoE interface used earlier. Be sure to reduce the Max MTU and Max MRU to at least 1460 (And possibly as far as 1340 if on the 3 network)
For the L2TP Protocol Version ensure "l2tpv2" is selected.
To enable IPv6 on the L2TP interface we are going to repeat some of the earlier steps. First we want to add a DHCPv6-PD client request.
Under the IPv6 select DHCP Client and click the Add New button.
Select "l2tp-aa" as the Interface, tick the checkboxes for address and prefix for the Request and also check the Add Default Route. For the Pool Name enter isp-l2tp

To ensure that the L2TP connection uses LTE we need to add a static route to 90.155.53.19 via the LTE interface. To do this select IP and then Routes and finally the Add New button. Set the Dst. Address to 90.155.53.19/32 and the Gateway to 192.168.8.1%lte
(Huawei devices present as an Ethernet adaptor and by default use the 192.168.8.0/24 subnet with the gateway being 192.168.8.1)
While we are here we also need to setup 2 routes to use as a canary to detect when there is a problem with the VDSL connection and trigger the fail over to the L2TP connection via LTE.
We will use Google's secondary DNS server 8.8.4.4, I picked this because I don't use Google's DNS services but it is an address that should generally be available and a good indication that the connection is "good".
First create a new route with the Dst. Address of 8.8.4.4/32 and the Gateway of 81.187.81.187%pppoe-out1
(81.187.81.187 is the A&A end of the PPPoE connection, and the %pppoe-out1 is the interface to use. This is important because 81.187.81.187 will also be the remote end of L2TP connection)
Second create a new route with the Dst. Address of 8.8.4.4/32 this time leave the Gateway empty and set the Distance to 2 and tick the Blackhole checkbox.
This works because when the PPPoE connection for the VDSL comes back up then the ping packets to 8.8.4.4 will go out via the pppoe-out1 interface but come back in via the L2TP interface.

Next under System and Scripts we need to create a 2 scripts to start/stop the L2TP client.
Click on the "Add New" button then
- Name start-l2tp
- Source
/interface/l2tp-client/enable [find name="l2tp-aa"]
And then
- Name stop-l2tp
- Source
                /interface/l2tp-client/disable [find name="l2tp-aa"]
                :delay 2s;
                /ipv6/dhcp-client renew pppoe-out1
Finally we setup a Netwatch event to trigger the scripts.

From Tools, pick Netwatch, Add New
Set
- Host 8.8.4.4
- Type simple
- On Up stop-l2tp
- On Down start-l2tp
This will ping 8.8.4.4 every 10 seconds and if it fails to get a response will run start-l2tp and when pings succeed again it will run stop-l2tp.