I have multiple identical routers, equipped with Quectel EC25-V, to be connected to Verizon.
Using PPPD, about 60% of all the routers connect (receive IP) immediately, the other connect after many retries, after a few hours sometimes.
Even, if the devices are located just side by side.
A suspicion of mine is bad antenna, or antenna cabling, as on a “bad” device I see
AT+CSQ
14,99
Any comment on this ?
Certainly could be some RF, or modem configuration/firmware issue. But I’d bet it’s Verizon (or the associated SIM/account) that causes this. If you had another carrier SIM to try, that be helpful to isolate if its Verizion or something else.
What I do know is Verizon is VERY picky on the traffic it receives. In fact Verizion will jump drop the PPP/LTE link when the far end gets anything that doesn’t “look right”. For example, if NAT fails and private address “leak out” of ROS seen as either src/dest on the Verizon side, it will just drop. There are other cases too. The pattern is generally it will reconnect, then disconnect next time they see what they think is a “bad packet”. In some version of ROS/modem firmware/etc, the retry can get “stuck” - kinda close to your issue.
So you’ll want to make sure you have a firewall rule that drops “invalid” connections on both FWD and OUT to the PPP interface, newer ROS version include this in the default config:
/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
Specifically, you might try adding this which will do same for OUT to PPP interfaces:
/ip firewall filter add action=drop chain=output out-interface=all-ppp comment="drop invalid connection to PPP modems" connection-state=invalid
This has always done the trick for “Verizion issues” for us.
Unfortunately, no change.
Thank you, anyway, will keep the rules, of course.
I cannot speak to the cables/antenna, but let’s assume those are good. If not, swapping the modem modules, or just SIM cards more easily, let you confirm the RF/account stuff.
Since you mention, “pppd” mode. These modems do support ECM mode - that be better since it allows >25Mb/s speeds. See another thread about how to do this: http://forum.mikrotik.com/t/how-to-send-at-commands-to-ec25-lte-modem-in-ltap-mini/131542/1
Along the same lines, you should make sure the modem firmware is identical. If you try do try ECM mode, the firmware version will show up in Winbox etc., along with add’l signal levels. Otherwise, you can use “AT+CGMR” to get the version.
There are various AT commands that you can issue to confirm if the modem modules are in fact configured the same between your working and non-working units. See, an older, AT command reference: https://sixfab.com/wp-content/uploads/2018/09/Quectel_EC25EC21_AT_Commands_Manual_V1.2.pdf
The overriding worry with Verizon is they require both the module AND device be certified. While the EC25-V Quctel modules is Verizon certified, no Mikrotik device is certified to use them. Verizon actually checks this when trying to activate a device - the device maker submit IMEI of modules they use, so just buying a “certified module” is not enough. It’s very well possible that it’s Verizon side that not allowing a connection because of this (typically it manifest as “E911 not supported” error to their agents when attempting to activate a uncertified device). So maybe worth having Verizon check the ICCID is active for your non-working units, and see what Verizon sees the device and/or can “refresh the SIM” as they call it.
Good luck. Hope that helps.