Chateau 5G R17 ax loses cellular internet every few days

Hello,

My first time posting here so please let me know if I need to make changes or additions to this post or ask it elsewhere.

My devices are loosing internet connection every few days through my Mikrotik router at home. Always when I wake up IIRC. I'm using a post-paid SIM card from Digi Mobil (Spain) with unlimited data. I tried disabling and enabling the LTE interface to restore the connection but this doesn't work. Unplugging the router works; internet is restored after it boots.

Here is the export:

\[admin@MikroTik\] > export compact 

\# 2025-12-22 09:57:07 by RouterOS 7.20.4

\# software id = HT8G-SXVF

\#

\# model = S53UG+5HaxD2HaxD&RG650E-EU

\# serial number = removed

/interface bridge

add admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no comment=defconf name=bridge

/interface wifi

set \[ find default-name=wifi1 \] channel.band=5ghz-ax .skip-dfs-channels=10min-cac .width=20/40/80mhz configuration.country=Spain .mode=ap .ssid=MikroTik-6B4AF5-5G disabled=no \\ security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes

set \[ find default-name=wifi2 \] channel.band=2ghz-ax .skip-dfs-channels=10min-cac .width=20/40mhz configuration.country=Spain .mode=ap .ssid=MikroTik-6B4AF5-2G disabled=no \\ security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes

/interface ethernet switch

set 0 cpu-flow-control=yes

/interface list

add comment=defconf name=WAN

add comment=defconf name=LAN

/interface lte apn

add apn=internet authentication=pap name=Orange user=orange

add apn=internet.digimobil.es authentication=pap ip-type=ipv4 name=DIGI

/interface lte

set \[ find default-name=lte1 \] allow-roaming=yes apn-profiles=DIGI band="" nr-band=""

/ip pool

add name=default-dhcp ranges=192.168.88.10-192.168.88.254

/ip dhcp-server

add address-pool=default-dhcp interface=bridge name=defconf

/queue type

add fq-codel-ecn=no kind=fq-codel name=fq-codel-ethernet-default

/queue interface

set ether1 queue=fq-codel-ethernet-default

set ether2 queue=fq-codel-ethernet-default

set ether3 queue=fq-codel-ethernet-default

set ether4 queue=fq-codel-ethernet-default

set ether5 queue=fq-codel-ethernet-default

/disk settings

set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes

/interface bridge port

add bridge=bridge comment=defconf interface=ether1

add bridge=bridge comment=defconf interface=ether2

add bridge=bridge comment=defconf interface=ether3

add bridge=bridge comment=defconf interface=ether4

add bridge=bridge comment=defconf interface=ether5

add bridge=bridge comment=defconf interface=wifi1

add bridge=bridge comment=defconf interface=wifi2

/ip neighbor discovery-settings

set discover-interface-list=LAN

/interface list member

add comment=defconf interface=bridge list=LAN

add comment=defconf interface=lte1 list=WAN

/ip address

add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0

/ip dhcp-server network

add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1

/ip dns

set allow-remote-requests=yes

/ip dns static

add address=192.168.88.1 comment=defconf name=router.lan type=A

/ip firewall filter

add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked

add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid

add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp

add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1

add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN

add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec

add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes

add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked

add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid

add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

/ip firewall nat

add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN

/ipv6 firewall address-list

add address=::/128 comment="defconf: unspecified address" list=bad_ipv6

add address=::1/128 comment="defconf: lo" list=bad_ipv6

add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6

add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6

add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6

add address=100::/64 comment="defconf: discard only " list=bad_ipv6

add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6

add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6 add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6

/ipv6 firewall filter

add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked

add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid

add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6

add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp

add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10

add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp

add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah

add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp

add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec

add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN

add action=fasttrack-connection chain=forward comment="defconf: fasttrack6" connection-state=established,related

add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked

add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid

add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6

add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6

add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6

add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6

add action=accept chain=forward comment="defconf: accept HIP" protocol=139

add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp

add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah

add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp

add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec

add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN

/system clock

set time-zone-name=Europe/Madrid

/system logging

set 1 action=disk

set 3 action=disk

add topics=lte

add topics=lte

/system routerboard mode-button

set enabled=yes on-event=dark-mode /system routerboard wps-button

set enabled=yes on-event=wps-accept /system script

add comment=defconf dont-require-permissions=no name=dark-mode owner=\*sys policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\\r\\

\\n :if (\[system leds settings get all-leds-off\] = \\"never\\") do={\\r\\

\\n /system leds settings set all-leds-off=immediate \\r\\

\\n } else={\\r\\

\\n /system leds settings set all-leds-off=never \\r\\

\\n }\\r\\

\\n "

add comment=defconf dont-require-permissions=no name=wps-accept owner=\*sys policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\ "\\r\\

\\n :foreach iface in=\[/interface/wifi find where (configuration.mode=\\"ap\\" && disabled=no)\] do={\\r\\

\\n /interface/wifi wps-push-button \\$iface;}\\r\\

\\n "

/tool mac-server

set allowed-interface-list=LAN

/tool mac-server mac-winbox

set allowed-interface-list=LAN

If anyone is able to help I would be most grateful. Thank you very much, and I hope you all have a good holiday season.

Best regards,

Polka

It is unusual that resetting LTE it doesn't resume connection, there is the need of a delay after disabling LTE interface before re-enabling it, maybe if you have one it is too short?

The typical script would be something like :

:if ([/ping 8.8.8.8 count=10 size=64 interval=2s]=0) do={
	:log error "LTE DOWN";
	/interface disable lte1
	/delay 5s
	/interface enable lte1
} else={
	:log info "LTE FINE";
}

Thanks for the quick response.

When I tried to disable and enable lte earlier today it was through the web GUI. However, it did not enable when clicking the toggle button. I’ve had this issue a couple times where the GUI, in particular the GUI for the LTE interface, does not respond. When it doesn't respond, the terminal window doesn't respond either. Closing the page in the web browser, waiting a while, and then reopening it seems to restore control sometimes.

I was able to get the script saved and it runs.

Is there a way to have this script run in the background? Perhaps with something like while 1? Or is it possible to have something events based?

Thanks again,

Polka

There are basically two ways:

1. scheduler (setting it to run every n minutes, hours or days)
2. netwatch (setting the disable/delay/enable in the DOWN script)

The first is better if the disconnection happens less than daily or so, you set it up to run at (say 4:00 AM) every morning, and it is unlikely to be even noticed by users and - in most cases - it will be enough.

The second is better if the disconnections happen more often and "casually", you set the netwatch to run (say) every 10 minutes and you are all set, BUT there is the risk of unneded interface resets if the connection towards the canary address (8.8.8.8 in this example) is broken/intermittent for some other reasons.

Same goes for logging, if you want to log the up and downs to observe the behaviour it is fine, otherwise it doesn't make much sense to have - before or later - the log full of these messages, there will be - I believe automatic ones for LTE disable/enable.

JFYI, there is a (supoposed) fix for a very similar problem, specific to your device in 7.21rc3:
V7.21rc [testing] is released! - #141 by EdPa

Maybe you can wait for a stable release of 7.21 and then try it.

Many thanks for the tips and help, jaclaz! I’ll try the new version when it's in stable.

Best regards,

Polka

hello,

i hope it will be a fix for my enviroment too, based on hap ax3 and a m.2/usb3 modem with similar quectel hardware (rm520ngl) of chateau, in my tests i see many lost of connection while doing a speed test on ookla or google website.

with netwatch i can disable/enable interface, but i think the problem is on modem firmware.

thanks for the information