The configuration suggestion for Mikrotik on the extraip site seems incomplete to me, but the most important point is that GRE is an L3 interface, so you cannot bridge it with anything. You can, however, route the packets for those additional public addresses that you receive via GRE further to the Vigor, and you can route the traffic from the Vigor towards internet via the GRE. The simplest way is to create a /29 on an Ethernet interface of the hAP ax lite LTE6 and connect the Vigor’s WAN to it, but that way you waste 5 of the 8 addresses, so it makes more sense to use an out-of-subnet gateway if the Vigor supports it, or a PPPoE server, or even another GRE tunnel between the two.
So the key question is: what types of WAN does the Vigor support?
The DrayTek supports PPPoE, DHCP, Static on the WAN ports but not GRE.
It is possible to setup a GRE tunnel between ExtraIP and a DrayTek WAN port. The downside is it can only Rx and not Tx.
Not sure how to understand this. Does ExtraIP only allow one-way traffc in the GRE tunnel (from the internet towards the extra IPs) and expects the traffic from the public IPs they provide towards internet to take another path? That may not be possible with ISPs who check the source addresses (but many don’t).
Anyway, if you can set up a GRE tunnel betweeen Draytek and Teltonika, there is no reason why you should not be able to set it up from Draytek all the way to ExtraIP, using the Mikrotik just as “yet another ISP router” which, however, supports NAT also for GRE so you could connect Draytek’s WAN to Mikrotik LAN port with just a few additions to the default configuration of the Mikrotik.
Moreover, if the sole purpose of the Mikrotik is to act as an LTE router for the Draytek, you can use the passthrough mode of the LTE interface and let the DHCP client on the Draytek WAN lease the public IP associated to the SIM.
So there are multiple solutions allowing to deliver packets for the “extra IPs” to the Draytek.
On the LAN of the Draytek, you can use the /29 the traditional way, i.e. set Draytek’s own LAN IP address to x.x.x.1/29 and use x.x.x.2-x.x.x6 for connected equipment, wasting three of the eight addresses for the overhead. Or, as suggested earlier, it may be possible to set the Draytek’s LAN IP address to something like 10.11.12.13/32 and add a route to x.x.x.0/29 with the LAN interface as a gateway, and use all 8 addresses from the /29 for LAN devices, provided that you can set each of them to use one of the addresses as a /32 one and make them use 10.11.12.13 as the default gateway. The particular settings depend on the operating system on each device. If this is not possible, you can make the Draytek a PPPoE server for the LAN hosts in otherwise similar way. PPPoE will not be a MTU bottleneck here as the MTU of the GRE is far lower than the one of PPPoE.
Not sure how to understand this. Does ExtraIP only allow one-way traffic in the GRE tunnel
The problem is DrayTek officially does NOT support GRE on WAN port. But strange enough it is possible to create a GRE tunnel on the DrayTek between ExtraIP and the public WAN IP I received from my ISP.
ExtraIP (185.216.YYY.188) <—GRE—> DrayTek (37.153.XXX.57)
Via this tunnel the subnet is routed (185.216.ZZZ.56/29). I can use the IP’s on my LAN! But it is only one way traffic. ExtraIP subnet ----> DrayTek WAN1 IN is OK but DrayTek WAN1 ----> ExtraIP subnet OUT NO WAY.
DrayTek does however support LAN to LAN GRE connections.
My ideal solution would be:
ExtraIP subnet <---- via GRE ----> Mikrotik’s ISP/SIM IP and then route this subnet Mikrotik <--------> Draytek.
Anyway, enough information to test during this Christmas holiday
The way you describe it, either the “WAN” and “LAN” labels have a far more strict meaning in Draytek in terms of what can and cannot be done using each of them, or maybe the Draytek is not flexible enough when it comes to a multi-WAN setup, i.e. to use of multiple routing tables and choosing between them based on e.g. source address.
So even if you terminate the GRE on the Mikrotik, connect Draytek’s second WAN to Mikrotik’s LAN and make the IP address of the second WAN of the Draytek a gateway for your Extra IP addresses at the Mikrotik side, there is still no guarantee that Draytek will send traffic from the Extra IP addreses via Mikrotik.
If I was to set this up on another Mikrotik that already has a primary WAN, it would require one dedicated /32 route within the main routing table that would send the GRE transport packets traffic towards the ExtraIP’s GRE “peer” address via the gateway of WAN 2 (whilst the default route in the main routing table would use the gateway of WAN 1), and another routing table with just a default route with the GRE interface as its gateway that would be chosen using a routing rule matching on src-address=x.x.x.0/29 (since the GRE tunnel must effectively act as a third WAN).
But knowing nothing about Draytek’s way of doing things and presenting them to the administrator, I can’t say whether it is doable there at all and if yes, how exactly.
Stupid question, why do you need the Draytek at all if the tunnel to ExtraIP only uses the public IP of the SIM and your hAP ax lite has 4 Ethernet ports so you could connect the hosts running on the addresses provided by ExtraIP directly to the Tik?
