I’m running RouterOS v6.42.11 on a CCR1009-7G-1C-1S+ that is runnning as PPPoE server and CGNAT.
I want to monitor some of my clients, so I have set static IP address on remote address on their PPP secrets.
Because of big CGNAT and firewall rules configured and specific IP address block that I’m using (pool=100.64.0.0/24), I have to choose some address from this pool (e.g. 100.64.0.2) and set it to some PPPoE clients.
So I have some clients with static IP address on their remote address and all others will get automatically an IP from the pool.
My big trouble was: The PPPoE server gave a IP (from pool) to a client that is in use for another client (that have remote address with static IP).
On PPP Active Connections have showed 2 clients with same IP.
Is that a BUG on RouterOS or does it do this as a feature?
How to do that for all PPPoE clients get always their same IP address without need to set it manually in their remote address?
I would suspect that RouterOS only tracks IP addresses assigned from the pool. Whilst it might be possible to check if an address is actively in use, scanning PPP secrets for any overlapping addresses which are not would be complex, and if the addresses are assigned externally there would be no way to check.
Pool assignments are sticky - once assigned to a particular connection they will be reused unless the pool becomes exhausted or the Mikrotik rebooted.
We assign pools to be slightly smaller than the range used by NAT & firewall rules, leaving a small number which do not overlap - these can be manually assigned, in our case in the client RADIUS data, but could be specific PPP secrets too.
My guess is that the remote-address in /ppp secrets takes priority over the address/pool specified in the /ppp profile. You can call it bug or feature
How to do that for all PPPoE clients get always their same IP address without need to set it manually in their remote address?
I think you need to use the remote-address in the secret. Addresses from the pool are not sticky like the DHCP ones are.
This is true of all the PPP interfaces, I have seen the same behaviour with a L2TP/IPsec VPN, where some of the /ppp secrets use fixed IP addresses due to quality requirements (traceability), while I want some other accounts to allow several connections. So, some are set up with /ppp secrets … remote-address=nn.nn.nn.nn and use a profile with only-one=yes, while the others have no remote-address in secrets and use a /ppp profile … only-one=no remote-address=PoolName.
The behaviour I have seen is that RouterOS will happily create two connections with the same remote-address (if a user logs twice) unless controled with only-one. Routing will be kind of random. On the other hand, the addresses specified using remote-address in secrets needs to be out of the pool specified in the profile or it will happily allow collisions and have tunnels with the same address.
My guess is that the remote-address in /ppp secrets takes priority over the address/pool specified in the /ppp profile. You can call it bug or feature >
I think this would be true, but a client with remote-address IP setted up was already online when a new client got same IP from pool.
After I face this trouble with IP conflict I have used IP in remote-address outside of pool used on PPPoE server. Whole system is running flawless.
At same time, as I need to use static addressing on remote-address, I wrote a Java code using Mikrotik API that gets current IP address gave from pool on PPP Active Connection and set it on remote-address. But I fall on same problem of IP conflict.
If there is no solution using only RouterOS, I think I will need to write a program using Mikrotik API to manage static addressing on remote-address to each new client. It is better to reconfigure my CGNAT firewall rules script that has 500 lines.
Please, If anyone has a solution using only RouterOS I will be very glad to hear (or read).
