I do not understand NOTHING of Mikrotik and I am looking for help about a specific situation where I did not find help on the internet. I apologize for the lack of technical terms.
The situation is as follows: I live in a condominium and hired a company to do the following installation: we signed 4 internet links 100/30 MB, which “enter” the Mikrotik (model RouterBOARD 750G r3) at the concierge, and a cable “exits” Mikrotik, going to a switch right there at the gate. This switch, sends 4 or 5 network cables to the condominium posts, and we have another 4 or 5 switches on the poles, from which network cables go straight to the houses. Inside the house, I use a router (TP-LINK TL-WR849N) where it is necessary to put a user and password to authenticate.
Regarding usage, everything works very well: navigation, downloads, streaming, apps and etc, all in a satisfactory way.
The only drawback would be in relation to video games, more specifically online games:
PS4: downloads are ok, rare connection errors with other users and allows online game in a satisfactory way;
Xbox One: downloads ok, some connection errors, and shows the NAT as “strict”, in addition to “double NAT detected”
Nintendo Switch: here is the main problem … downloads are ok, but it is practically impossible to play online … I mention Mario Kart 8 Deluxe as an example. The game establishes a connection, but in match search it returns an error: “Could not connect to other consoles. There was a transverse NAT error.”
I am absolutely sure that the errors occur due to our internet “scheme”, since before, when each resident had his own ADSL internet, none of this happened.
Anyway, I strongly encourage you all to help me solve this problem, and I will asap provide any clarification. Thank you.
Concur, the company should provide the design solution assuming you have detailed the user requirements properly.
This also assumes they purchased the mikrotik equipment. If not then CZFans idea is the correct one.
Well, from my experience the only sure way to get videogames to work without any NAT problems is using IPv6 or giving the client a valid and public IP address. My guess is that whoever designed this network used NAT to distribute the connections but forgot that the connections also arrive there on a CGNAT. Call the company that did the service and tell them to check for double NAT on your network. Maybe a call to your ISP`s can solve the issue too, but they will need to work together with the people that did the internal network.
The tplink router might be the second nat. If they didn’t configure the rb750gr3 in a way that would prevent it, you could just use that as your router and use the tplink as a switch+ap.
Unplug the wire going into the WAN port of the tplink and plug into into any LAN port.Then you must be sure that the dhcp server is disabled in the router’s settings for there to not be conflicts with the mikrotik.
All users must use an router (configured as router, not AP) and insert an user name and password (PPPoE, configured on Mikrotik) to acess the internet.
For example, here at home to acess my TPLINK the adress is 192.168.0.1
to acess Mikrotik, the adress is 10.5.0.1
the user, internet speed and their passwords are all over Mikrotik
Here is more info:
LAN
IP ADRESS: 192.168.0.1
Máscara de Sub-Rede:255.255.255.0
Operation Mode: Router
Name (SSID):RODRIGO (Every home has it own SSID, using its own router)
WAN
IP ADRESS: 10.5.0.231(PPPoE)
Máscara Sub-rede:255.255.255.255
Default Gateway:10.5.0.1
DNS server:10.5.0.1 192.168.3.1
So to sum it up, everything works well, except few devices and who knows what crazy things they are doing. We know close to nothing about your config. There’s one RB with four connections to internet. Then there are several switches and you do something with PPPoE in LAN. No exact config. We even have no idea how many NATs are there. Most likely one on RB, probably another on TP-Links, and it may not be all, because we don’t know if RB itself has public addresses or not, so there might be another one at ISP.
Since we don’t know any better what to change, getting rid of NATs is good start. It won’t be possible to get rid of all, but only one should remain on RB. So first make sure that all internet connections on RB have public addresses, i.e. they are directly on RB itself. Then you’ll need to get rid of NAT on TP-Links. Problem is, I’m not sure if they can do it while keeping PPPoE uplink.
You know close to nothing about my config because I don’t know what you need to know. I’ll be glad to give you every detail, you just need to show me what you want and how I can obtain it.
I’m not sure if all internet connections on RB have public adresses. How can I confirm it?
User @HzMeister said that " If they didn’t configure the rb750gr3 in a way that would prevent it, you could just use that as your router and use the tplink as a switch+ap". How can I confirm that configuration?
I won’t lie to you, “how do I recognize public IP address?” is not good start. And following steps are more difficult.
Anyway, look in IP->Addresses and check what’s on uplink intefaces (internet connections). If it’s 10.x.x.x, 192.168.x.x, 172.16-31.x.x or 100.64-127.x.x, it’s not public.
Next, it can’t hurt to share your config. I think I have an idea what should be there, but who knows, life is full of surprises. You can do:
/export hide-sensitive file=myconfig
And then paste the content of resulting myconfig.rsc here in code tags. The hide-sensitive option will automatically skip stuff like passwords. In case you do have public addresses, you may want to not share them with whole world, so you would have to hide them manually. They will be in exported config only if they are static. Don’t just replace everything with x.x.x.x or something, it needs to remain clear what’s where, so if you’d have e.g. 159.148.147.205, change it to x.x.147.205 consistently in all places. And same for the rest, we need to be able to tell one address from another. Don’t touch non-public addresses (see above), they are not unique, so not sensitive.
