Router blocks communication

Favazza · Fri Jan 26, 2024 5:10 pm

I just bought a router based on recommendation from the ones that installed my system in the house (two AP).

After the switch of router there is one thing that doesn't work and it seems to be a common problem.
In Sweden we have a brand called "Plejd" which is a smart-home-lightning-producer.
They have a gateway so that I can control my lights when away.
Now with the new router, the gateway can't get contact with their cloud and they don't know exactly how to fix this.
I know it might be hard, but trying to find some answers where the experts are

Fri Jan 26, 2024 5:17 pm

Typically outgoing, there should not be a lot which gets blocked. Unless you changed it (or someone else).

What type of router are you using and how does the config look like ?
How is that Plejd device connected to your network ?

Favazza · Fri Jan 26, 2024 5:52 pm

It's hEx RB750Gr if that says something? I haven't changed anything. So not exactly sure if it's configured correctly, but as everything else works it can't be that bad.

The Plejd-gateway is connected directly to the router with a cable.

Fiber network into the house directly to the router and then wifi out via 2 AP.

mszru · Sat Jan 27, 2024 2:07 am

The Plejd-gateway is connected directly to the router with a cable.

Have you tried connecting the Plejd-gateway into different Ethernet port?

Favazza · Sat Jan 27, 2024 3:30 pm

The Plejd-gateway is connected directly to the router with a cable.
Have you tried connecting the Plejd-gateway into different Ethernet port?

No, but I also have a switch and moved it from the switch to the router without any difference.
It's something that these routers do that this gateway doesn't like. I can see it's connected and that there is activity, but something makes it not connect to their cloud.

Sat Jan 27, 2024 3:38 pm

Most likely some incoming connection being blocked. But then you need to know what.
If you set the gateway to fixed ip, you can foresee a firewall rule to that ip and log all activity. Gradually open ports as you see them being logged.
Should allow you to determine what is needed.

Another option
Disconnect the port from bridge where gateway is connected to and put it in DMZ. Straight connected to WAN.
But personally I am not a fan of doing that.

mszru · Sat Jan 27, 2024 4:11 pm

(deleted)

jaclaz · Sat Jan 27, 2024 4:19 pm

The only way to (maybe) find a solution or a workaround is having a look at your configuration.

Follow this:
viewtopic.php?t=203686#p1051720

to retrieve and post the configuration.

Do you know which IP address(es), ports, protocols does this Plejd device use?
Is it this thingy here?
GWY-01 Gateway
https://plejd.com/products/GWY-01
the manual seems particularly void of technical info, there is on installer page:
https://plejd.com/installer
a rather interesting statement:

Outstanding support

With our knowledgeable support of experienced and trained electricians, you will always get the help you need, when you need it. We develop all our products in-house and have the necessary expertise close at hand to assist with optimal support in all different cases, from simple questions to technical support and advice.

though it has to be seen if it applies only to installers and you as "final" user will be excluded.

From other sources, it seems like it wants to talk with https://cloud.plejd.com/ but without knowing if it uses a particular service or port it will be difficult to find which (if any) firewall rule blocks it.

The thingy has a solid yellow light (meaning it cannot connect) right?

Favazza · Sun Jan 28, 2024 12:28 pm

The only way to (maybe) find a solution or a workaround is having a look at your configuration.

Follow this:
viewtopic.php?t=203686#p1051720

to retrieve and post the configuration.

Do you know which IP address(es), ports, protocols does this Plejd device use?
Is it this thingy here?
GWY-01 Gateway
https://plejd.com/products/GWY-01
the manual seems particularly void of technical info, there is on installer page:
https://plejd.com/installer
a rather interesting statement:
Outstanding support

With our knowledgeable support of experienced and trained electricians, you will always get the help you need, when you need it. We develop all our products in-house and have the necessary expertise close at hand to assist with optimal support in all different cases, from simple questions to technical support and advice.
though it has to be seen if it applies only to installers and you as "final" user will be excluded.

From other sources, it seems like it wants to talk with https://cloud.plejd.com/ but without knowing if it uses a particular service or port it will be difficult to find which (if any) firewall rule blocks it.

The thingy has a solid yellow light (meaning it cannot connect) right?

Thank you for the info.
I will try to get this file and post here.

You're correct with the yellow light.
The electricians and support at Plejd don't know what makes this problem. I've read somewhere about certain ports that has to be open, but some others says this is not the case.

Favazza · Mon Jan 29, 2024 11:37 am

Looking around for answers on the internet.
Some suggestions that IPv6 might be enabled. Could this be it? How do I enable that (for testing)?

infabo · Mon Jan 29, 2024 11:47 am

Here it says: https://plejd.com/contact

When GWY-01 has a solid yellow light, it means that it is installed, but that it currently has no connection to Plejd's cloud. See the app for troubleshooting to identify which link in the chain is failing

Have you already used the app for troubleshooting as advised there?

Favazza · Mon Jan 29, 2024 12:06 pm

Here it says: https://plejd.com/contact

When GWY-01 has a solid yellow light, it means that it is installed, but that it currently has no connection to Plejd's cloud. See the app for troubleshooting to identify which link in the chain is failing
Have you already used the app for troubleshooting as advised there?

Yes. Doesn't find anything unfortunately (more than the info that the Gateway can't reach the servers of Plejd).

Favazza · Mon Jan 29, 2024 12:41 pm

My config:

# jan/29/2024 11:11:49 by RouterOS 6.49.12
# software id = BHVS-Z3WR
#
# model = RB750Gr3
# serial number = HE108HAFC5B
/interface bridge
add admin-mac=** auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=**
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=** comment=defconf interface=bridge network=\
**
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=** comment=defconf gateway=**
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=** comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Stockholm
/system identity
set name=RouterOS
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

jaclaz · Mon Jan 29, 2024 1:39 pm

I would try first thing to add a dns server, google one 8.8.8.8 and/or 8.8.4.4 would do:

/ip dns set servers=8.8.8.8,8.8.4.4

It is possible that the thingy needs to resolve its https://cloud.plejd.com/ via a DNS server on the gateway.

To check if the DNS is working (on the hex) run from terminal:

put [:resolve google.com]
put [:resolve plejd.com]

Favazza · Mon Jan 29, 2024 1:45 pm

I've tried the DNS-checking (without adding DNS). But what should the result be?

Is it possible to remove the DNS if it doesn't help?

jaclaz · Mon Jan 29, 2024 2:00 pm

I have no idea how that thingy works.

Normally, a device needs a DNS server explicited to be able to resolve names, if there isn't any set it looks for one on the gateway.

On the mikrotik, the:

put [:resolve google.com]

should return an IP address like when you do on windows nslookup, something *like* 216.58.204.238.

But it is well possible that your plej device has a DNS hardcoded, so that whatever you set on the hex is ignored.

Sure, you can remove them:

/ip dns set servers=""

mkx · Mon Jan 29, 2024 2:02 pm

You should see IP address on the terminal:

[user@router] > put [:resolve cloud.plejd.com ]
52.209.92.67

If you get nothing, then DNS resolver on your mikrotik doesn't work.

Even more ... if you didn't redact too much, then you have

/ip dhcp-server network
add address=** comment=defconf gateway=**

which misses dns-server setting ... I'm not sure if ROS uses some fall back (I suspect it doesn't) by adding own address if none of DNS servers are included. But you really should add at least two DNS server here, in most cases you can use some well known public DNS servers (such as 8.8.8.8 or 8.8.4.4 - google - or 1.1.1.1 - cloudflare).

In addition to that, you should check if your ISP sends DNS servers with DHCP leases. Execute /ip/dns/print, DNS servers included in DHCP lease will be listed under dynamic-servers. You don't seem to have servers set statically and if DHCP lease doesn't come with its own servers, then router can't resolve anything either. If this is the case, then set at least one DNS server here as well, e.g.

/ip/dns
set servers=8.8.8.8

or something similar.

Note that settings in /ip/dns only matter for client devices if router is set as DNS resolver in DHCP leases (or static config on clients, e.g. if /ip/dhcp-server/network settings include dns-server=<router's LAN IP>).

Favazza · Mon Jan 29, 2024 3:04 pm

You should see IP address on the terminal:
Code: Select all
[user@router] > put [:resolve cloud.plejd.com ]
52.209.92.67

I do see an IP here. So this shouldn't be the problem?

mkx · Mon Jan 29, 2024 3:17 pm

I do see an IP here. So this shouldn't be the problem?

It only proves that router itself can resolve FQDN to IP address. IMO it's still doubtful if wireless stations can do it as it's highly possible that they don't receive DNS server addresses with DHCP lease.

Favazza · Mon Jan 29, 2024 4:28 pm

Activating IPv6 didn't help either...

jaclaz · Mon Jan 29, 2024 5:21 pm

Do you have a laptop?

You should try setting it to have a DHCP lease (no static address, no dns set) from the ethernet port, then connect it to the same port of the Mikrotik that you are now using for the plejd gateway via cable (disable wifi).

Check that the PC gets a proper IP address and network mask from the Mikrotik DHCP, and that it can ping google.com (plejd.com seems not pingable, still it should resolve to an IP).

If the PC gets an IP and can ping a server by name, the DHCP and DNS should be OK (in the Mikrotik).

At first sight (but I am not at all an expert on this) you have pretty "normal" firewall rules, and you said that "everything else" works nicely, so it must be something "peculiar" of this plejd thing, it could be a service or a port, but their (allegedly omniscient) support should know what is needed.

Mon Jan 29, 2024 7:51 pm

My guess is that instead of coming back in via an outgoing initiated connection, the pledj server wants to come in directly and that part is obviously blocked by firewall.
Otherwise it would never be needed to have some ports ( which ones ?) opened.
Bad communication approach.

Put a stupid switch between router and isp and directly connect that gateway to it. If it works, my point is proven. If not, it might still be the case but then also on ISP part some things might be required to be opened.
But until someone really knows which ports ( and why) nobody can tell.

mszru · Mon Jan 29, 2024 9:47 pm

Since we are guessing here let me add my guess. Plejd gateway may want to open some ports in the firewall but fails because UPnP service is disabled by default.

@Favazza, can you try to enable UPnP in IP / UPnP and then hit Interfaces button and add 2 entries:

ether1 -> external

bridge -> internal

Then run in the terminal the following command to check for dynamic entries in the NAT table:

/ip firewall nat print dynamic

Please also make sure the gateway obtained an IP address from the router by looking at IP / DHCP Server / Leases.

Favazza · Tue Jan 30, 2024 4:03 pm

Since we are guessing here let me add my guess. Plejd gateway may want to open some ports in the firewall but fails because UPnP service is disabled by default.

@Favazza, can you try to enable UPnP in IP / UPnP and then hit Interfaces button and add 2 entries:
ether1 -> external

bridge -> internal
Then run in the terminal the following command to check for dynamic entries in the NAT table:
Code: Select all
/ip firewall nat print dynamic
Please also make sure the gateway obtained an IP address from the router by looking at IP / DHCP Server / Leases.

I've made the first steps however chose ether2 as that's where it's located.
The code in the terminal didn't do much. Just got a line that said

Flags: X - disabled , I - invalid, D - dynamic

Please also make sure the gateway obtained an IP address from the router by looking at IP / DHCP Server / Leases.

I'm a noob when it comes to these kind of sentences

Sorry

mszru · Tue Jan 30, 2024 5:24 pm

I've made the first steps however chose ether2 as that's where it's located.

That's wrong. There has to be bridge, not ether2. Even though your device is connected to ether2, it is not an independent port, but a part of the bridge (bridge port) and your device gets IP configuration from the bridge. In other words interfaces ether2-ether5 are logically grouped together and share the same config.

eth1 -> WAN

eth2 \
eth3 -> bridge -> LAN
eth4 /
eth5

I'm a noob when it comes to these kind of sentences Sorry
Please also make sure the gateway obtained an IP address from the router by looking at IP / DHCP Server / Leases.

Since you are already familiar with the Terminal, please run the command below. It will print IP addresses, host names, MAC addresses of all devices in your home network. There your should also see the IP of your Plejd-gateway. Before posting the output remove MAC addresses.

/ip dhcp-server lease print

Favazza · Wed Jan 31, 2024 12:11 pm

Yes, I see the IP of the gateway.
What's next?

Edit: Read somewhere that DHCP needs to be activated. Might that be something?

In order for the DHCP server to work, IP pools must also be configured (do not include the DHCP server's own IP address into the pool range) and the DHCP networks.

Taken from the MikroTik-wiki

mszru · Wed Jan 31, 2024 11:30 pm

Yes, I see the IP of the gateway.
What's next?

Execute the following command in the terminal, which will add the rule to forward all incoming connections from the Internet to your Plejd device. Note that the last parameter's value should be the IP of the gateway, so fix it accordingly.

/ip firewall nat add chain=dstnat action=dst-nat comment=Plejd in-interface-list=WAN to-addresses=192.168.88.xxx

If that fixes the connectivity with the cloud, we will then need to check all forwarded connections and make the rule above more specific. If not... I've run out of ideas

To remove that rule use:

/ip firewall nat remove [find comment=Plejd]

Edit: Read somewhere that DHCP needs to be activated. Might that be something?

DHCP server is already enabled for your LAN network.

Favazza · Thu Feb 01, 2024 2:02 pm

When entering the info and hitting Enter, nothing happens. No confirmation from the Terminal - that is correct?

Edit: Got some info from Plejd support regarding ports

ws-ie.api.plejd.cloud (443)
auth.api.plejd.cloud (443)
logs.api.plejd.cloud (514)
gwyos.plejd.io (443)
api.fy.plejd.cloud (443)
gwy-01.fw.plejd.cloud (80, 443, 8080)
remote.api.plejd.cloud (80)
ntp.plejd.cloud (123)

mszru · Thu Feb 01, 2024 5:08 pm

When entering the info and hitting Enter, nothing happens. No confirmation from the Terminal - that is correct?

Yes, there should be no any confirmation. You may ensure the rule was added by executing the command below or checking in WinBox in IP / Firewall / NAT:

/ip firewall nat print where comment=Plejd

In the very first post you mentioned that you switched to the MiktoTik router. Did the Plejd-gateway work fine with the previous router?

Favazza · Thu Feb 01, 2024 6:28 pm

Got some responses then.

Yes, it worked fine. Stopped after the change.
Even got a new gateway which I'm installing at the moment but something is definitely making it hard

Plejd support is mentioning that the gateway doesn't get access to the clock. Can the router block the clock somehow?
After installation of the gateway it still says that it's not installed (even though I can see it in the app on the phone).
But the lights on it says it's not installed...

Apparently common with Mikrotik routers.

Thu Feb 01, 2024 8:34 pm

Already tried attaching that gateway directly to isp modem ? If needed with a switch so you can leave it like that ?

Does it have to be connected after your router ?
Just wondering....

Favazza · Thu Feb 01, 2024 8:46 pm

Can't put it directly to the ISP modem. Only one port there.
I've tried putting in both on the switch and the router, but it doesn't matter because the router is before the switch...(I think. Lot's of cables hidden back there

)

Thu Feb 01, 2024 8:48 pm

ISP -> switch
Switch -> gateway
Switch -> router

That's what a switch is supposed to be used for ...
Or doesn't your ISP modem provide DHCP to it's clients ?

Favazza · Thu Feb 01, 2024 8:49 pm

Might be connected that way, but I actually don't think so.

Or doesn't your ISP modem provide DHCP to it's clients ?

Have to check that!! Thanx for the tip!

Favazza · Fri Feb 02, 2024 1:40 pm

My ISP says router first so I guess it's right (connected it exactly like it was connected with the old router).

Does the clock setting say anything?

mszru · Fri Feb 02, 2024 10:43 pm

Does the clock setting say anything?

Plejd-gateway may have the NTP server hard-coded as "ntp.plejd.cloud" in its settings. To test whether your devices are able to synchronize time via Plejd's NTP server try the following on your Mikrotik: open menu System -> NTP Client, enter the server name, set Enabled and hit Apply. If all went well, you should see status "synchronized".

2024-02-02 NTP Client.png

If the status remains "waiting", communication over port 123/udp may be blocked by your ISP. Although this is unlikely since you claimed the gateway was working with the previous router. Once you finish testing this, please disable the NTP Client.

My ISP says router first so I guess it's right (connected it exactly like it was connected with the old router).

I guess it's the typical setup for home users where you get just 1 IP from the ISP and thus you may connect only one network device to the ISP modem. That could be your new router, old router, Plejd-gateway or laptop. Please try to connect Plejd-gateway directly to the ISP modem and disconnect the router. Disconnect your cell phone from Wi-Fi, launch the Plejd app and check if the Plejd-gateway has got online.

Disconnect the Plejd-gateway and plug the router back in and see what type of IP address your router gets from the ISP: public or private. Open the menu IP / DHCP Client and look for the IP address.

2024-02-02 DHCP Client.png

Then identify your public IP by visiting https://ipinfo.io/what-is-my-ip for example. Compare both IP addresses. If they are the same, your router got public IP from the ISP and that is good. If they are different, the router got private IP (most likely in a range between 100.64.0.0 and 100.127.255.255) and that is not bad, but it limits your possibilities in certain sense. Do not share your public IP here.

Favazza · Sat Feb 03, 2024 7:01 pm

Thank for all your time!

I enabled the SNTP client and even if it doesn't look like yours, it seems to work. I get a number after "Poll intervall" and a IP-number after "Active server". Should I keep it active?

The second part - I got the same IP on there as on the link, so that's fine too.

A few posts back I wrote something about the ports (that I got from Plejd support). Is there something to do there?
Something have to stop the communication to their cloud

mszru · Sat Feb 03, 2024 10:05 pm

Ah, sorry, I took the screenshot in RouterOS version 7 and your device has version 6 installed. Here is the screenshot in version 6.

2024-02-03 SNTP Client.png

Note that Last Update and Last Adjustment fields are populated. You should have seen similar screen. That means the router has successfully synchronized time with the ntp.plejd.cloud and proves the connection wasn't blocked by the ISP. So I don't know what Plejd support referred to by mentioning that "the gateway doesn't get access to the clock". I do not see any problems here: their NTP server is reachable and the router itself has successfully updated the time. All you LAN devices, including the Plejd gateway, should also be able to update time via NTP.

You may deactivate the NTP client now, as we used that for testing only. The router by default updates the time from the MikroTik cloud (see menu IP / Cloud).

The next time you contact Plejd support, ask them if any ports need to be opened at your router's firewall. In the default configuration all incoming connections from the Internet (except ping) are blocked, and all outgoing connections are allowed. And your router seems to have a configuration, if not default, but very close to it. So the router and all LAN devices should not have any issues connecting to the Plejd hosts, that you got from the support, as those are outgoing connections.

Have you tried connecting Plejd gateway to the ISP modem directly?

Favazza · Sat Feb 03, 2024 10:35 pm

Mine doesn't look like this either, but one thing that is missing is "Last updated from" and "Last update + adjustment". They are empty on mine.
Active server is the last one with some digits in it.

Plejd said this about the ports:

ws-ie.api.plejd.cloud (443)
auth.api.plejd.cloud (443)
logs.api.plejd.cloud (514)
gwyos.plejd.io (443)
api.fy.plejd.cloud (443)
gwy-01.fw.plejd.cloud (80, 443, 8080)
remote.api.plejd.cloud (80)
ntp.plejd.cloud (123)

Does this say anything at all?

PS. I haven't tried connecting the gateway directly yet. This means I have to pull the internet from the house. Kids won't be happy while gaming

But can try that when time is right, for sure.

mszru · Sat Feb 03, 2024 11:41 pm

Mine doesn't look like this either, but one thing that is missing is "Last updated from" and "Last update + adjustment". They are empty on mine.
Active server is the last one with some digits in it.

Aha, this means that NTP is most likely blocked by your ISP!

Plejd said this about the ports:
ws-ie.api.plejd.cloud (443)
auth.api.plejd.cloud (443)
logs.api.plejd.cloud (514)
gwyos.plejd.io (443)
api.fy.plejd.cloud (443)
gwy-01.fw.plejd.cloud (80, 443, 8080)
remote.api.plejd.cloud (80)
ntp.plejd.cloud (123)
Does this say anything at all?

This is the list of hosts that your Plejd gateway communicate with, and the last one seems to be causing problems.

Please try the following in the terminal. This command will change the NTP port from standard 123 to 10123. It won't print anything back. Run it once.

/ip firewall nat add chain=srcnat action=masquerade comment=NTP protocol=udp src-port=123 out-interface-list=WAN to-ports=10123 place-before=[find comment="defconf: masquerade"]

Favazza · Sun Feb 04, 2024 2:09 pm

Did it.
Still no "Last updated"-info on the SNTP Client..

patrikg · Sun Feb 04, 2024 5:15 pm

With a little dns investigation.
I find that it is not Plejd that you are contacting, but our Swedish ntp service that you are connecting to.

ntp.plejd.cloud points to alias ntp.se and this points backwards to ntp.netnod.se

But why not check if your client can contact this server.

Favazza · Sun Feb 04, 2024 7:57 pm

With a little dns investigation.
I find that it is not Plejd that you are contacting, but our Swedish ntp service that you are connecting to.

ntp.plejd.cloud points to alias ntp.se and this points backwards to ntp.netnod.se

But why not check if your client can contact this server.

What do you mean here? Is there something I can do?

mszru · Sun Feb 04, 2024 8:15 pm

The router was able to resolve ntp.plejd.cloud and @Favazza was able to see it's IP address in the Active Server field of the SNTP Client.
I would rather advise to contact the ISP and ask them whether they block NTP protocol.

hsdesouza · Sun Feb 04, 2024 9:23 pm

I'm having the same problem.
7.13.3 (stable)
NTP client on "waiting" status forever. It does not matter if you restart the router, enable/disable NTP Client checkbox or change for any NTP Server internal/external.
The ISP is not blocking port 123 either.
It looks like there´s a bug for those who installed NTP Package while on version 6.x.x and upgraded to 7.x.x.
Does any one came up with a temporary solution?

system/ntp/client/print 
     enabled: yes
        mode: unicast
     servers: pool.ntp.br
         vrf: main
  freq-drift: 0 PPM
      status: waiting

Favazza · Sun Feb 04, 2024 10:27 pm

The router was able to resolve ntp.plejd.cloud and @Favazza was able to see it's IP address in the Active Server field of the SNTP Client.
I would rather advise to contact the ISP and ask them whether they block NTP protocol.

But is it blocked? Same ISP as with the old router?!

mszru · Mon Feb 05, 2024 12:07 am

But is it blocked? Same ISP as with the old router?!

If the gateway still works with the old router or via direct connection to the ISP modem, then the problem is most likely with your MikroTik router.

Can you please ensure the router has the latest firmware installed? In the menu System / RouterBOARD compare current firmware with the upgrade firmware version. If they are different, hit the Upgrade button and then select menu System / Reboot.

And then I would recommend to reset the configuration to defaults, since your config does not seem to have any special settings and it should be safe to do so.
If you are willing to try, navigate to menu System / Reset Configuration and set the checkboxes as shown on the screenshot. This will keep current user and password and set to defaults everything else.

2024-02-04 Reset Configuration.png

Favazza · Mon Feb 05, 2024 12:20 pm

But is it blocked? Same ISP as with the old router?!
If the gateway still works with the old router or via direct connection to the ISP modem, then the problem is most likely with your MikroTik router.

Can you please ensure the router has the latest firmware installed? In the menu System / RouterBOARD compare current firmware with the upgrade firmware version. If they are different, hit the Upgrade button and then select menu System / Reboot.

And then I would recommend to reset the configuration to defaults, since your config does not seem to have any special settings and it should be safe to do so.
If you are willing to try, navigate to menu System / Reset Configuration and set the checkboxes as shown on the screenshot. This will keep current user and password and set to defaults everything else.
2024-02-04 Reset Configuration.png

Yes, exactly. Something is blocking/disturbing with the MikroTik router.
Updated to latest now (6.49.12).

Will something else get lost in the configuration reset? Just afraid I have to fix alot again to make things work around the house

mszru · Mon Feb 05, 2024 1:39 pm

Will something else get lost in the configuration reset? Just afraid I have to fix alot again to make things work around the house

You will lose the changes:

made to the router by AP installers if there were any. APs will continue working and serving your wireless devices.

made by you while following advice on this forum (that didn't help anyway ).

Before proceeding with reset make a backup (both binary and text):

menu Files / Backup button

in the terminal run
Code: Select all
```
/export file=hex.rsc
```

Drag both files from Files and drop them to your Desktop.

Favazza · Tue Feb 06, 2024 3:46 pm

Reset done.
Seems to be in order.
Are we stranded now?!
SNTP didn't work properly, might be something there, but what? Never got any "Last updated"-info. Just Dynamic servers and Poll intervall...

I'm having the same problem.
7.13.3 (stable)
NTP client on "waiting" status forever. It does not matter if you restart the router, enable/disable NTP Client checkbox or change for any NTP Server internal/external.
The ISP is not blocking port 123 either.
It looks like there´s a bug for those who installed NTP Package while on version 6.x.x and upgraded to 7.x.x.
Does any one came up with a temporary solution?
Code: Select all
system/ntp/client/print 
     enabled: yes
        mode: unicast
     servers: pool.ntp.br
         vrf: main
  freq-drift: 0 PPM
      status: waiting

Same issue with Plejd and MikroTik?

mszru · Tue Feb 06, 2024 6:03 pm

Let's recap:

Your hEX was reset to factory defaults. The router is running RouterOS 6.49.12 (firmware is up-to-date as well).

The router obtains public IP from the ISP via DHCP. This allows us to forward ports if necessary, but there is no evidence of such a need at this time.

The device that does not function properly behind the hEX is Plejd Gateway (GWY-01). All other network devices connected to hEX work well!

Plejd support mentioned that the gateway didn't get access to the clock. Servers used by the gateway include ntp.plejd.cloud (123) for time synchronization.

Plejd-gateway worked fine with your old router.

The actions that were taken to address the issue:

Public DNS servers set for the router. The router was able to resolve Plejd servers' names. Other home devices were working fine even before that change (with ISP dynamic servers?)

Enabled UPnP just in case the gateway uses it to open ports in the firewall.

Ensured that the gateway received an IP address from hEX (IP / DHCP Server / Leases).

Put the gateway into DMZ.

Enabled SNTP client that failed to synchronize time with ntp.plejd.cloud...

After the router was reset to factory defaults, we still see no connection of the gateway to the Plejd services.
Well, it may happen that there are some incompatibility issues (assuming ISP is not blocking NTP) or hEX public IP was blacklisted at the NTP server...

Could you please re-check if possible how the gateway works with the old router? Also try connecting the gateway directly to your ISP's modem and see if that works.

Can you set another server in the SNTP client, e.g. se.pool.ntp.org? Does this work?

You may also enable logging of NTP client actions by adding a new entry to System / Logging: topics = ntp, action = memory. And then check the log...

Tue Feb 06, 2024 6:11 pm

Could you please re-check if possible how the gateway works with the old router? Also try connecting the gateway directly to your ISP's modem and see if that works.

Already suggested:
- connect it to a port and put that in DMZ (direct connection to WAN)
- use a switch between ISP modem and Hex and connect gateway to switch
- direct connect gateway to ISP modem.

3 times zero response.

mszru · Tue Feb 06, 2024 6:29 pm

Already suggested:
- connect it to a port and put that in DMZ (direct connection to WAN)
- use a switch between ISP modem and Hex and connect gateway to switch
- direct connect gateway to ISP modem.

3 times zero response.

True, I just reiterated everything that was suggested as there are quite a lot of posts already.

Regarding point #2: from my perspective it's common for business users to get a subnet of public IPs, I doubt home users can get more than 1 public IP, so either the hEX or the Plejd gateway will get an IP, but not both.

Favazza · Tue Feb 06, 2024 7:33 pm

Could you please re-check if possible how the gateway works with the old router? Also try connecting the gateway directly to your ISP's modem and see if that works.
Already suggested:
- connect it to a port and put that in DMZ (direct connection to WAN)
- use a switch between ISP modem and Hex and connect gateway to switch
- direct connect gateway to ISP modem.

3 times zero response.

I wasn't supposed to disrespect your suggestions.

Don't exactly understand what you mean by the first point.
Don't know what a stupid switch is. If it's an extra hardware it's a bit more tricky than trying out different changes in the current router.
3rd - absolutely. Can try that, but may I ask why? The GW was fine before the change of router (and also tried another GW with the same result).

Can you set another server in the SNTP client, e.g. se.pool.ntp.org? Does this work?

This gives the same a different result than ntp.plejd.cloud. Now I got "Last updated from..." etc.
But I got back to trying ntp.plejd.cloud and now I get response to that as well.

By the way, updated to 6.49.13 today.

mszru · Tue Feb 06, 2024 8:28 pm

Can you set another server in the SNTP client, e.g. se.pool.ntp.org? Does this work?
This gives the same a different result than ntp.plejd.cloud. Now I got "Last updated from..." etc.
But I got back to trying ntp.plejd.cloud and now I get response to that as well.

What about the "Last Update" and "Last Adjustment" fields? Were those populated too for se.pool.ntp.org?
Note that after enabling the NTP client or changing a server name it may take a few seconds for the time to update, so do not close this window immediately.

Does the Plejd gateway still have solid yellow light?

By the way, updated to 6.49.13 today.

Good, do not forget to update the firmware as well (System / RouterBOARD / Upgrade and then System / Restart).

Favazza · Tue Feb 06, 2024 10:15 pm

Yes they were, and also on ntp.plejd.cloud.
GW still solid yellow.

Who is online