Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Router - MikroTik hEX S: Difference between revisions

From AAISP Support Site
Hardillb (talk | contribs)
Hardillb (talk | contribs)
(No difference)

Revision as of 08:48, 3 September 2023

Prerequisites

An A&A supplied Router in Bridge mode (I'm using a ZyXEL VMG3925-B10D).

Hardware

MikroTik hEX s Router

We'll be using MikroTik hEX S, this has 5 Gigabit Ethernet ports and one SFP port. In addition it has a USB A port, which we will make use of later.

It can be powered either by a standard wall wart or via PoE.

The following instructions should work with other MikroTik devices (LTE/L2TP failover will require a device with a USB socket or built in LTE support).


Assumptions

The MikroTik device is connected to the A&A supplied router in using an Ethernet cable connected to port 5.

Your LAN is connected to port 1 on the MikroTik (which is part of the default bridge interface)

Setup

A Screenshot of the MiktoTik PPPoE Client configuration
Example PPPoE configuration

The MikroTik routers can be configured in 3 different ways, via

  • The terminal (SSH or Serial)
  • The WebFig interface (HTTP)
  • The WinBox Windows application

For this I'll be mainly using the WebConfig interface.

First we will remove ether5 from the default bridge interface, Click on Bridge in the left hand menu and then the Ports tab. Click on the D on the line that says ether5 in the Interfaces column.

Next we will configure the PPPoE connection to A&A, from the menu on the left hand side select PPP, on the Interfaces tab select the Add New button and select PPPoE Client from the list.

On this page you should enter your A&A username xxx@a.1 and password as well as selecting ether5 as the Interfaces to say to use the connection to the A&A supplied Router in bridge mode.

You will also want to tick the Use Peer DNS box unless you are running your own DNS server.


Once this is saved the connection should become active.

IPv6

Screenshot of MikroTik WebFig DHCPv6-PD client configuration

To ensure that IPv6 works correctly we need to set up a DHCPv6 client to make a DHCPv6-PD request

Under the IPv6 select DHCP Client and click the Add New button.

Select pppoe-out1 as the Interface, tick the checkboxes for address and prefix for the Request and also check the Add Default Route. For the Pool Name enter isp.

Once saved we need to attach this prefix to the LAN, to do this we select IPv6 and Addresses, click the Add New button and set the Pool to isp, Interface to bridge and tick the Advertise checkbox.


Adding L2TP failover

NOTE: the following instructions are not intended for use with A&A data SIM.

Here we are going to setup automatic fail over to a L2TP connection if the VDSL line goes down and have it recover when it comes back up.

As mentioned earlier the MikroTik hEX S has a USB A port on the side, this can be used with a USB LTE stick to add a second back haul. I'm using Huawei E3372-200.

When plugged in it will show up as a new interface called lte1 and should be allocated an IP address via DHCP.

On the PPP page and Interfaces tab again click on the Add New button. This time select the L2TP Client option. Change the name to "l2tp-aa", in the Connect To field enter "90.155.53.19" which is A&A's L2TP endpoint, again for the username and password you should use the same credentials as for the PPPoE interface used earlier.

For the L2TP Protocol Version ensure "l2tpv2" is selected.

To enable IPv6 on the L2TP interface we are going to repeat some of the earlier steps. First we want to add a DHCPv6-PD client request.

Under the IPv6 select DHCP Client and click the Add New button.

Select "l2tp-aa" as the Interface, tick the checkboxes for address and prefix for the Request and also check the Add Default Route. For the Pool Name enter isp-l2tp

Screenshot of MikroTik WebFig Static Route configuration

To ensure that the L2TP connection uses LTE we need to add a static route to 90.155.53.19 via the LTE interface. To do this select IP and then Routes and finally the Add New button. Set the Dst. Address to 90.155.53.19/32 and the Gateway to 192.168.8.1%lte

(Huawei devices present as an Ethernet adaptor and by default use the 192.168.8.0/24 subnet with the gateway being 192.168.8.1)

While we are here we also need to setup 2 routes to use as a canary to detect when there is a problem with the VDSL connection and trigger the fail over to the L2TP connection via LTE.

We will use Google's secondary DNS server 8.8.4.4, I picked this because I don't use Google's DNS services but it is an address that should generally be available and a good indication that the connection is "good".

First create a new route with the Dst. Address of 8.8.4.4/32 and the Gateway of 81.187.81.187%pppoe-out1

(81.187.81.187 is the A&A end of the PPPoE connection, and the %pppoe-out1 is the interface to use. This is important because 81.187.81.187 will also be the remote end of L2TP connection)

Second create a new route with the Dst. Address of 8.8.4.4/32 this time leave the Gateway empty and set the Distance to 2 and tick the Blackhole checkbox.

This works because when the PPPoE connection for the VDSL comes back up then the ping packets to 8.8.4.4 will go out via the pppoe-out1 interface but come back in via the L2TP interface.

MikroTik WebFig Script Configuration

Next under System and Scripts we need to create a 2 scripts to start/stop the L2TP client.

Click on the "Add New" button then

  • Name start-l2tp
  • Source /interface/l2tp-client/enable [find name="l2tp-aa"]

And then

  • Name stop-l2tp
  • Source /interface/l2tp-client/disable [find name="l2tp-aa"]

Finally we setup a Netwatch event to trigger the scripts.

Screenshot of MikroTik WebFig Netwatch configuration

From Tools, pick Netwatch, Add New

Set

  • Host to 8.8.4.4
  • Type simple
  • On Up stop-l2tp
  • On Down start-l2tp

This will ping 8.8.4.4 every 10 seconds and if it fails to get a response will run start-l2tp and when pings succeed again it will run stop-l2tp.