A problem that becomes noticeable after setting longer DHCP lease for LTE passthrough

Recently, in LTE/5G - RouterOS - MikroTik Documentation, I noticed this section, that describes how to set up a longer DHCP lease time for LTE passthrough:

Additionally, you can override the default dynamic dhcp server parameters/options by creating a DHCP server manually on the same passthrough-interface. For example, the default lease-time is 1 minute:

[admin@MikroTik] > ip dhcp-server/print detail 
Flags: D - dynamic; X - disabled, I - invalid 
0 D  name="apn2" interface=ether2 lease-time=1m address-pool=static-only use-radius=no lease-script="" address-lists="" 

Now if you want to change the lease-time to for example 30 minutes, then you can create a new dhcp-server on the passthrough-interface, in this case, ether2:

[admin@MikroTik] > /ip dhcp-server add interface=ether2 name=dhcp1 lease-time=30m
[admin@MikroTik] > ip dhcp-server/print detail                                   
Flags: D - dynamic; X - disabled, I - invalid 
0    name="dhcp1" interface=ether2 lease-time=30m address-pool=static-only use-radius=no lease-script="" address-lists=""

So I decided to do this and increase the LTE passthrough lease time on my ATL 5G R16 to 12 hours. At first, when trying to do this I was getting an error that there is already a DHCP server on this interface. Turns out I had to disable the LTE interface first, then create the custom DHCP server, and then re-enable LTE interface.

However, some time after successfully setting this up, I noticed a problem:
Sometimes, the LTE session can end, or there can be a connection problem that causes LTE interface reconfiguration, etc.
This results in a situation where the APN is stuck without a peer, while the DHCP server is waiting for a request that won't come until the lease on the client expires and the client requests a renewal, which can take quite a long time with a 12-hour lease, during which the client won't be accessible from the Internet on the public IP address obtained from LTE passthrough.

I suspect that this also happens with the default 1-minute lease time, but then the downtime can be at most 1 minute.

I tried to enable use-reconfigure on the DHCP server and allow-reconfigure on the client to see if it would solve the issue, but the server doesn't send the reconfigure request on its own when deassigning.
I can only send it manually from the leases list (and it works properly), but that's only when everything is working fine.
When the problem situation happens, the lease disappears from the list, so I wouldn't be able to make a script that sends a reconfigure request to it (unless perhaps I can save the reconfigure key, MAC, IP etc. into variables and use them to send the reconfigure message in some other way (is it even possible?).

What could be the potential solutions for this, besides setting a shorter lease time again or making periodic checks from the client?

Here is my current configuration of the ATL 5G R16 (I decreased the lease time to 1h for now):

# 2025-09-24 10:18:13 by RouterOS 7.19.6
# software id = 
#
# model = ATLGM
# serial number = 
/interface ethernet
set [ find default-name=ether1 ] arp=disabled
/interface vlan
add interface=ether1 name=vlan10-MGMT vlan-id=10
add interface=ether1 name=vlan30-LTE-PASS vlan-id=30
/interface list
add comment="Management VLAN" name=MGMT
/interface lte apn
add add-default-route=no apn=vpn.static.pl authentication=chap ip-type=ipv4 name=vpn.static.pl passthrough-interface=vlan30-LTE-PASS passthrough-mac=auto passthrough-subnet-size=32 use-peer-dns=no user=vpn.static.pl
/interface lte
set [ find default-name=lte1 ] allow-roaming=no apn-profiles=vpn.static.pl band="" network-mode=lte,5g nr-band=""
/ip dhcp-server
add interface=vlan30-LTE-PASS lease-time=1h name=dhcp-LTE-PASS use-reconfigure=yes
/port
set 0 name=serial0
/queue type
add fq-codel-ecn=no kind=fq-codel name=fq-codel-ethernet-default
/queue interface
set ether1 queue=fq-codel-ethernet-default
/system logging action
add memory-lines=10000 name=ltedebug target=memory
add name=dhcp target=memory
/ip smb
set enabled=no
/ip neighbor discovery-settings
set discover-interface-list=MGMT
/ip settings
set ip-forward=no
/ipv6 settings
set accept-redirects=no accept-router-advertisements=no disable-ipv6=yes forward=no
/interface list member
add interface=vlan10-MGMT list=MGMT
/ip address
add address=192.168.188.1/24 comment=defconf disabled=yes interface=ether1 network=192.168.188.0
/ip cloud
set update-time=no
/ip dhcp-client
add interface=vlan10-MGMT
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="accept DHCP discovery" dst-port=67 in-interface=vlan30-LTE-PASS protocol=udp src-port=68
add action=drop chain=input comment="drop all not coming from Management VLAN" in-interface-list=!MGMT log=yes
add action=drop chain=forward comment="drop all forward traffic (this is only a modem)"
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip service
set ftp disabled=yes
set ssh disabled=yes
set telnet disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="drop everything else not coming from Management VLAN" in-interface-list=!MGMT
add action=drop chain=forward comment="drop all forward traffic (this is only a modem)"
/ipv6 nd
set [ find default=yes ] advertise-dns=no advertise-mac-address=no disabled=yes
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Warsaw
/system identity
set name=Modem-5G
/system logging
set 0 topics=info,!lte,!dhcp
set 1 topics=error,!lte,!dhcp
set 2 topics=warning,!lte,!dhcp
add action=ltedebug regex="^[^#]*\$" topics=lte,!raw,!packet
add action=dhcp topics=dhcp,!debug
/system ntp client
set enabled=yes
/system routerboard mode-button
set enabled=yes on-event="/system shutdown"
/system routerboard settings
set auto-upgrade=yes
/system scheduler
add comment="# Sprawdzanie stanu interfejsu LTE co 10 minut" interval=10m name=lte-watchdog on-event="/system script run lte-watchdog-script;" policy=read,write,policy,test start-date=2025-01-30 start-time=00:00:00
add comment="# Wstrzymanie sprawdzania LTE na 5 minut po uruchomieniu" name=lte-watchdog-startup on-event="/system scheduler disable lte-watchdog;\r\n:delay 300s;\r\n/system scheduler enable lte-watchdog;" policy=reboot,read,write,policy,test start-time=startup
/system script
add dont-require-permissions=no name=lte-watchdog-script owner=admin policy=read,write,policy,test source="# Skrypt sprawdzajacy prawidlowe dzialanie polaczenia LTE dla modemu FG621-EA\n:global ltePreviousCheck\n:global lteEnbID\n# Sprawdzanie obecnosci interfejsu LTE, jesli nieobecny to reset modemu poprzez wylaczenie i wlaczenie zasilania USB\n:if ([/interface lte print count-only where name=\"lte1\"]=0) do={\n\t:if (\$ltePreviousCheck!=1) do={\n\t\t:log error (\"Brak interfejsu LTE - Resetowanie modemu (proby beda wykonywane co 10 minut do rozwiazania problemu)\")\n\t\t:set ltePreviousCheck 1\n\t}\n\t/system routerboard usb power-reset duration=1\n} else={\n\t# Jesli interfejs obecny, pobranie statusu polaczenia LTE\n\t:local lteStatus [/interface lte monitor lte1 once as-value without-paging]\n\t# Sprawdzanie czy nie wykryto karty SIM, jesli tak to skrypt dalej nie\_pomoze i daje tylko informacje w dzienniku\n\t:if ((\$lteStatus->\"status\")=\"sim not present\") do={\n\t\t:if (\$ltePreviousCheck!=2) do={\n\t\t\t:log error (\"UWAGA: Blad polaczenia z karta SIM. Nalezy wylaczyc router, poprawic karte SIM i wlaczyc router ponownie. Jesli problem sie powtarza, nalezy poprawic mocowanie routera aby bylo mniej podatne na wibracje.\")\n\t\t\t:log error (\$lteStatus)\n\t\t\t:set ltePreviousCheck 2\n\t\t}\n\t} else={\n\t\t# Sprawdzanie czy modem jest w trakcie nawiazywania polaczenia, jesli tak to odczekanie 10s i ponowne pobranie statusu\n\t\t:if [:len [:find [:toarray \"init,searching,connecting\"] (\$lteStatus->\"status\")]] do={\n\t\t\t:delay 10s\n\t\t\t:set lteStatus [/interface lte monitor lte1 once as-value without-paging]\n\t\t}\n\t\t# Sprawdzanie czy jest polaczenie LTE\n\t\t:if ((\$lteStatus->\"status\")!=\"connected\") do={\n\t\t\t# Jesli status to inactive, reset modemu poprzez wylaczenie i wlaczenie zasilania USB\n\t\t\t:if ((\$lteStatus->\"status\")=\"inactive\") do={\n\t\t\t\t:if (\$ltePreviousCheck!=3) do={\n\t\t\t\t\t:log error (\"Nieaktywny modem LTE - Resetowanie modemu (proby\_beda wykonywane co 10 minut do rozwiazania problemu)\")\n\t\t\t\t\t:log error (\$lteStatus)\n\t\t\t\t\t:set ltePreviousCheck 3\n\t\t\t\t}\n\t\t\t\t/system routerboard usb power-reset duration=1\n\t\t\t} else={\n\t\t\t\t# W innym przypadku braku polaczenia, reset interfejsu poprzez wylaczenie i wlaczenie\n\t\t\t\t:if (\$ltePreviousCheck!=4) do={\n\t\t\t\t\t:log error (\"Brak polaczenia LTE - Resetowanie interfejsu LTE\_(proby beda wykonywane co 10 minut do rozwiazania problemu)\")\n\t\t\t\t\t:log error (\$lteStatus)\n\t\t\t\t\t:set ltePreviousCheck 4\n\t\t\t\t}\n\t\t\t\t/interface lte disable lte1\n\t\t\t\t:delay 1s\n\t\t\t\t/interface lte enable lte1\n\t\t\t}\n\t\t} else={\n\t\t\t:if (\$ltePreviousCheck!=0) do={\n\t\t\t\t:if (\$ltePreviousCheck) do={\n\t\t\t\t\t:log warning (\"Ponownie nawiazano polaczenie LTE.\")\n\t\t\t\t} else={\n\t\t\t\t\t:log warning (\"Nawiazano polaczenie LTE.\")\n\t\t\t\t}\n\t\t\t\t:set ltePreviousCheck 0\n\t\t\t}\n\t\t\t:if ((\$lteStatus->\"enb-id\")!=\$lteEnbID) do={\n\t\t\t\t:if (\$lteEnbID) do={\n\t\t\t\t\t:log warning (\"Polaczono z nowa wieza LTE. Poprzedni eNBID: \" . \$lteEnbID . \", Obecny eNBID: \". \$lteStatus->\"enb-id\")\n\t\t\t\t} else={\n\t\t\t\t\t:log warning (\"Obecny eNBID: \" . \$lteStatus->\"enb-id\")\n\t\t\t\t}\n\t\t\t\t:set lteEnbID (\$lteStatus->\"enb-id\")\n\t\t\t}\n\t\t}\n\t}\n}"
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=MGMT
/tool mac-server mac-winbox
set allowed-interface-list=MGMT
/tool sms
set port=lte1

Maybe that's the reason why the default is so short (1 minute).
What (unwanted/undesirable) effects does the default setting cause?
Or maybe there is something more suitable between 1 and 720?

I think you can set a netwatch script to monitor the situation and reset if necessary, usually netwatch probes running do not take CPU or resources in a noticeable way.

I just like to reduce traffic as much as possible when not necessary. I'm not doing this because of any other problems I have, it's just a preference.

I'd rather have the server inform the client the moment there is a problem (or not need any contact from the client and use previously obtained information about client to reestablish LTE passthrough internally) instead of the client constantly checking the server.
Having a short lease time or periodic checks just seems like a bad solution to me.

Also, what exactly is netwatch supposed to check in this case? How would it be any different in this situation than setting a short lease time?

In my opinion it would be better to either:

• not deassign the dynamic lease in case of LTE problems like it currently does, and later once LTE is up again and in "peer: wait" stage, use the information from the existing lease instead of requiring a DHCP request to be received so it can pass onto the "found peer" stage;
• add a "Send reconfigure on deassign" option to the DHCP server.

I'm not sure which one of these options would be more preferable in order to comply with the requirements on the LTE side of things, but I suspect it's the second one.

Perhaps I'm confused, I'm not sure what the DHCP server is doing for you. LTE passthrough will provide the IP to the first MAC address connected, and it does not use DHCP server internally. While I get reconfigure would be handy, you cannot hijack DHCP server to use it and there is still only one IP from LTE available. You may want to configure the MAC address of the remote router VLAN interface in APN profile on LTE router, so that LTE passthrough directly assigns the remote router's WAN address from LTE.

Are you sure? LTE passthrough automatically creates a DHCP server on the passthrough interface with 1 minute lease time. According to LTE/5G - RouterOS - MikroTik Documentation, you can override this by creating a custom DHCP server on this interface, which is what I did.

Looks like this was the solution I was looking for, thanks.

Now the lease is created immediately once LTE is up, just with a "waiting" status instead of "bound" if the client's previous lease hasn't expired yet. And because in my case it's a static address, it also works immediately and doesn't need the reconfigure too. Though the manually added DHCP server is still needed if I don't want DHCP requests every minute.

Also, while now it's not needed in in my case, reconfigure (with the ability to preserve reconfigure key when LTE drops) might still be needed if LTE provided dynamic IP and not a static one.

Apparently not. I ain't arguing with docs. Since they suggest creating a manual DHCP server, you have a point that re-configure should be supported too.