Session-id two times in PADI frame

RouterOS General
1

Hi,

I currently have RouterOS v6.27 installed on my Mikrotik RB951G-2HnD and am using it, among other things, to connect to a PPPoE server. On this verison, the PADI frame (from the logs) looks like this:

Mar 10 22:49:14 MikroTik bridge-local: sent PADI to FF:FF:FF:FF:FF:FF
Mar 10 22:49:14 MikroTik     session-id=0x0000
Mar 10 22:49:14 MikroTik     host-uniq=0xd90003
Mar 10 22:49:14 MikroTik     service-name=
Mar 10 22:49:14 MikroTik     ppp-max-payload=1492

and this connectes to the server fine. However, when I upgraded to the newer version of RouterOS, my PPPoE connection stopped working so I checked the logs and found out that the PADI frame has changed to this:

Mar 10 22:45:46 MikroTik bridge-local: sent PADI to FF:FF:FF:FF:FF:FF
Mar 10 22:45:46 MikroTik     session-id=0x0000
Mar 10 22:45:46 MikroTik     host-uniq=0xd3002e
Mar 10 22:45:46 MikroTik     service-name=
Mar 10 22:45:46 MikroTik     session-id=0x0000

I’ve flashed back v6.27 and am now using that with a mental note not to upgrade and a v6.27 package stored safely on my disk should I accidently upgrade, but I wanted to see what’s causing the problem so I noticed two things that are different:

  1. The old version sends the MTU (ppp-max-payload) parameter, while the newer version doesn’t
  2. The new version sends the session-id parameter twice

It seemed to me that one (or both) of these things were the problem so I contacted my ISP to see whether MTU is optional and whether the two times session-id is making a problem. My ISP replied that MTU is optional, but receiving the session-id parameter twice is leading to problems.

So I’m guessing this is a bug in the newer RouterOS versions. If so, where would I report it? Is it maybe already fixed (I stopped updating since it’s not ideal to do an upgrade, have no internet, then a downgrade to get it back just to see that the problem hasn’t been fixed yet. I’m sure lots of PPPoE servers take one of the session-id parameters and ignore the other, but my ISP apparently doesn’t do that and that’s actually correct behaviour I would think so, can I expect a bugfix? Is this a bug or is it maybe a configuration issue? Is it just a bug that the log shows the session-id twice, but the frame itself contains a single session-id and my ISP lied to me to get me off their back?

2

I’m using RB2011UAS-2HnD 6.34.2 (6.34.4 is the latest) and mine seems to be OK.

18:00:01 pppoe,debug,packet vlan500internet: sent PADI to FF:FF:FF:FF:FF:FF 
18:00:01 pppoe,debug,packet     session-id=0x0000 
18:00:01 pppoe,debug,packet     host-uniq=0xb00001 
18:00:01 pppoe,debug,packet     service-name= 
18:00:01 pppoe,debug,packet     ppp-max-payload=1492

Later I’ll try with 6.34.4.

3

Thank you for your info!
That’s interesting… When I have time I’ll try upgrading and then reseting everything and just try setting up the PPPoE connection to see if that’ll help… If it does, I’d welcome ideas as to what setting could be the culprit. I’ll post back when I try it.

4

And yes, I’ve upgraded - can’t connect. Reset configuration and set up only the PPPoE client connection and voila - connects no problem. Restored my backup to the new version - can’t connect again. Downgraded back to 6.27 and it again connects.

So it appears it’s a configuration issue… I’m gonna try and snoop around to see what might be causing it, but I fear I won’t be able to find the culprit… If anyone has any ideas where to look I’d welcome your input.

If I find the culprit, I’ll report back here.

EDIT: Here’s the result of running export command on my configuration with passwords replaced with [WITHELD], MAC addresses last 2 sets of HEX numbers replaced with XX:XX and the static IP addresses and MAC whitelist whittled down to a single entry to show what the entries look like, there’s more of them, but I’ve ommited them to reduce clutter and added a comment about that.
Maybe someone will see something that causes this error… (I know, the configuration is generally not that good, I should really spend time on it to make it better, but it works… more or less :slight_smile:)

# apr/15/2016 15:51:10 by RouterOS 6.27
# software id = VNGU-R4FK
#
/interface bridge
add admin-mac=D4:CA:6D:E3:XX:XX arp=proxy-arp auto-mac=no mtu=1500 name=\
    bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
    ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
    ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
    ether5-slave-local
/interface pppoe-client
add ac-name=bng03 add-default-route=yes disabled=no interface=bridge-local \
    max-mtu=1492 name=pppoe-out1 password=[WITHELD] use-peer-dns=yes user=\
    [WITHELD]
/ip neighbor discovery
set pppoe-out1 discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys wpa-pre-shared-key=[WITHELD] wpa2-pre-shared-key=\
    [WITHELD]
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-key-update=15m \
    mode=dynamic-keys name=oldPointKey wpa-pre-shared-key=[WITHELD] \
    wpa2-pre-shared-key=[WITHELD]
add authentication-types=wpa-eap,wpa2-eap group-key-update=15m \
    management-protection-key=[WITHELD] mode=dynamic-keys name=EAP \
    wpa-pre-shared-key=[WITHELD] wpa2-pre-shared-key=[WITHELD]
add authentication-types=wpa-eap,wpa2-eap management-protection=allowed mode=\
    dynamic-keys name=Radius radius-eap-accounting=yes radius-mac-mode=\
    as-username-and-password supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    disabled=no distance=indoors frequency=2437 l2mtu=1600 mode=ap-bridge \
    security-profile=Radius ssid="Bikonja's WLAN point"
add default-authentication=no disabled=no l2mtu=1600 mac-address=\
    D6:CA:6D:E3:XX:XX master-interface=wlan1 name=wlan2 security-profile=\
    oldPointKey ssid="Bikonja's old WLAN point" wds-cost-range=0 \
    wds-default-cost=0
/ip neighbor discovery
set wlan1 discover=no
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=default-dhcp ranges=192.168.88.30-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local lease-time=\
    3d name=default
/ppp profile
add local-address=default-dhcp name=VPN remote-address=default-dhcp
/queue tree
add max-limit=450k name=WLAN parent=wlan1 queue=wireless-default
add name=Ethernet parent=ether2-master-local priority=2 queue=default
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
set 3 bsd-syslog=yes remote=192.168.88.14 syslog-facility=syslog
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=wlan2
/interface l2tp-server server
set authentication=mschap2 ipsec-secret=[WITHELD]
/interface pptp-server server
set authentication=mschap2 enabled=yes
/interface wireless access-list
add comment="Allow everyone with password" interface=wlan1
add comment="Bikonja - HTC One" interface=wlan2 mac-address=\
    50:2E:5C:D7:XX:XX
# other entries ommited
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
    bridge-local network=192.168.88.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
    no interface=ether1-gateway
/ip dhcp-server lease
add address=192.168.88.2 always-broadcast=yes client-id=1:54:a0:50:50:XX:XX \
    comment=Bikonja-PC mac-address=54:A0:50:50:XX:XX server=default
# other entries ommited
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
    192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 disabled=yes name=router
add address=192.168.88.14 name=igorloborec.no-ip.org
/ip firewall filter
add chain=input comment="Allow Winbox from everywhere" dst-port=8291 \
    protocol=tcp
add chain=input comment=PPTP dst-port=1723 protocol=tcp
add chain=input protocol=gre
add chain=input comment=SysLog dst-address=192.168.88.14 port=514 protocol=\
    udp
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add chain=forward comment="default configuration" connection-state=\
    established disabled=yes
add chain=forward comment="default configuration" connection-state=related \
    disabled=yes
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
add action=drop chain=input comment="ban by ip" src-address=222.184.230.118
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp
add action=drop chain=input comment="Disable OpenDNS Resolving per ISP request" dst-port=53 \
    in-interface=pppoe-out1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input comment="default configuration" disabled=yes \
    in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
    yes out-interface=ether1-gateway
add action=masquerade chain=srcnat disabled=yes out-interface=bridge-local
add action=masquerade chain=srcnat out-interface=pppoe-out1 src-address=\
    192.168.88.0/24
add action=dst-nat chain=dstnat comment=Winbox dst-port=8291 in-interface=\
    pppoe-out1 protocol=tcp to-addresses=192.168.88.1 to-ports=8291
add action=dst-nat chain=dstnat comment=Torrent dst-port=13666 in-interface=\
    pppoe-out1 protocol=tcp to-addresses=192.168.88.2 to-ports=0-65535
add action=dst-nat chain=dstnat dst-port=13666 in-interface=pppoe-out1 \
    protocol=udp to-addresses=192.168.88.2 to-ports=0-65535
add action=dst-nat chain=dstnat comment=Teamviewer dst-port=5938 \
    in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.2 to-ports=\
    0-65535
add action=dst-nat chain=dstnat dst-port=5938 in-interface=pppoe-out1 \
    protocol=udp to-addresses=192.168.88.2 to-ports=0-65535
add action=dst-nat chain=dstnat comment=Webserver:80 dst-port=80 \
    in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.14 to-ports=\
    80
add action=dst-nat chain=dstnat dst-port=80 in-interface=pppoe-out1 protocol=\
    udp to-addresses=192.168.88.14 to-ports=0-65535
add action=dst-nat chain=dstnat comment=Webserver:443 dst-port=443 \
    in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.14 to-ports=\
    0-65535
add action=dst-nat chain=dstnat dst-port=443 in-interface=pppoe-out1 \
    protocol=udp to-addresses=192.168.88.14 to-ports=0-65535
add action=dst-nat chain=dstnat comment=Webserver:4433 dst-port=4433 \
    in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.2 to-ports=\
    0-65535
add action=dst-nat chain=dstnat dst-port=4433 in-interface=pppoe-out1 \
    protocol=udp to-addresses=192.168.88.2 to-ports=0-65535
add action=dst-nat chain=dstnat comment=Webserver:8080 dst-port=8080 \
    in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.2 to-ports=\
    0-65535
add action=dst-nat chain=dstnat dst-port=8080 in-interface=pppoe-out1 \
    protocol=udp to-addresses=192.168.88.2 to-ports=0-65535
add action=dst-nat chain=dstnat comment="Webserver:8090 (Wildfly)" dst-port=\
    8090 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.2 \
    to-ports=0-65535
add action=dst-nat chain=dstnat dst-port=8090 in-interface=pppoe-out1 \
    protocol=udp to-addresses=192.168.88.2 to-ports=0-65535
add action=dst-nat chain=dstnat comment=Daylight dst-port=1312 in-interface=\
    pppoe-out1 protocol=tcp to-addresses=192.168.88.2 to-ports=0-65535
add action=dst-nat chain=dstnat dst-port=1312 in-interface=pppoe-out1 \
    protocol=udp to-addresses=192.168.88.2 to-ports=0-65535
add action=dst-nat chain=dstnat dst-port=13667 in-interface=pppoe-out1 \
    protocol=tcp to-addresses=192.168.88.4 to-ports=0-65535
add action=dst-nat chain=dstnat comment=steam dst-port=27000-27030 \
    in-interface=pppoe-out1 protocol=udp to-addresses=192.168.88.2 to-ports=\
    0-65535
add action=dst-nat chain=dstnat dst-port=4380 in-interface=pppoe-out1 \
    protocol=udp to-addresses=192.168.88.2 to-ports=0-65535
add action=dst-nat chain=dstnat dst-port=27015 in-interface=pppoe-out1 \
    protocol=tcp to-addresses=192.168.88.2 to-ports=0-65535
add action=dst-nat chain=dstnat comment="SSH - Bikonja - main" dst-port=22 \
    protocol=tcp to-addresses=192.168.88.13
add action=dst-nat chain=dstnat comment=Postgresql in-interface=pppoe-out1 \
    port=5432 protocol=tcp to-addresses=192.168.88.14 to-ports=5432
add action=dst-nat chain=dstnat in-interface=pppoe-out1 port=5432 protocol=\
    udp to-addresses=192.168.88.14 to-ports=5432
/ip firewall service-port
set tftp disabled=yes
set irc disabled=yes
/ip hotspot user
add comment="counters and limits for trial users" name=default-trial
/ip proxy
set cache-path=web-proxy1 parent-proxy=0.0.0.0
/ip service
set telnet disabled=yes
set ssh disabled=yes
set api disabled=yes
/ppp secret
add name=pptp password=[WITHELD] profile=VPN service=pptp
/radius
add address=192.168.88.14 secret=[WITHELD] service=wireless
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Zagreb
/system leds
set 0 interface=wlan1
/system logging
add action=remote disabled=yes topics=pppoe
/system ntp client
set enabled=yes primary-ntp=62.237.86.234 secondary-ntp=95.129.55.109
/system scheduler
add interval=1w3d name="Email backup" on-event="send backup" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    may/26/2012 start-time=05:06:02
add interval=1d name=Reconnect on-event=Reconnect policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    may/26/2012 start-time=03:33:33
/system script
add name="send backup" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":log in\
    fo \"backup beginning now\"\r\
    \nexecute \"Update SMTP\"\r\
    \n:delay 1s\r\
    \n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name]\
    \_\"MikroTik-\"]]!=\"nil\") do={/file remove \$i}}\r\
    \n:global backupfile ([/system identity get name] . \"-\" . [/system clock\
    \_get time])\r\
    \n:global backupfileTXT \"txtbackup\"\r\
    \n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name]\
    \_\$backupfileTXT]]!=\"nil\") do={/file remove \$i}}\r\
    \n/system backup save name=\$backupfile\r\
    \n:while ([:len [/file find name=(\$backupfile . \".backup\")]] = 0) do={}\
    \r\
    \n/export file=\$backupfileTXT\r\
    \n:while ([:len [/file find name=(\$backupfileTXT . \".rsc\")]] = 0) do={}\
    \r\
    \n#:log info \"backup pausing for 10s\"\r\
    \n#:delay 10s\r\
    \n/tool e-mail send to=[WITHELD] subject=\"Mikrotik backup (binary\
    )\" body=\"mikrotik router backup binary\" file=\$backupfile start-tls=yes\
    ;\r\
    \n/tool e-mail send to=[WITHELD] subject=\"Mikrotik backup (txt)\"\
    \_body=\"mikrotik router backup cleartext\" file=\$backupfileTXT start-tls\
    =yes;\r\
    \n:log info \"Backup e-mail sent.\"; }"
add name=Reconnect policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":log in\
    fo \"Reconnecting to PPPOE\"\r\
    \n/interface disable pppoe-out1\r\
    \n:delay 1s\r\
    \n/interface enable pppoe-out1\r\
    \n:log info \"PPPOE reconnected\""
add name="Update SMTP" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source=\
    "/tool e-mail set address=[:resolve smtp.gmail.com]"
/tool e-mail
set address=74.125.206.108 from=[WITHELD] password=[WITHELD] port=\
    587 user=bikonja
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
5 
/interface pppoe-client
add ac-name=bng03 add-default-route=yes disabled=no interface=bridge-local \
    max-mtu=1492 name=pppoe-out1 password=[WITHELD] use-peer-dns=yes user=\
    [WITHELD]

Shouldn’t your pppoe-out1 be on ether1-gateway?

6

I don’t think so. If I understand correctly, the PPPoE interface should be on the interface that should use the PPPoE connection. If that is correct, I want PPPoE (or “Internet”) on all my ethernet ports and on both my WLAN interfaces so the bridge seems to be the correct setup to me. But I am FAR from home in this territory so I could very easily be wrong…

I did however play around now and I saw that even on successfull connection, the session-id is sent twice. However, if I disable the interface, try to connect on etherX instead of bridge, a connection is not established and if then I set it back to bridge the connection is still not established until I reboot the router OR change the DSL-AC (since I’ve specified one, but my ISP offers several).

I think at this point I should also write up the physical setup.
I have an xDSL modem from my ISP set up in bridge mode that is connected to the phone line and ether3 port of my Mikrotik.
I have two PC-s connected at ether ports 2 and 4 of my Mikrotik and I have various devices connected on wlan1 and wlan2 interfaces.

EDIT: I’m stumped… I’ve followed the PPPoE debug log for both the older and newer version (upon successfull and unsuccessfull connections) and the only thing different is that on the new version after a successfull connection there’s immediately an LCP powerdown so it does connect, but immediately disconnects… Other than that, the logs are exactly the same, including receiving PADO frames from different DSL-AC’s resulting in the message that the PADO frame has a different AC-Name than the PADI, but both the older and newer versions seem to ignore that and connect to the correct AC when the PADO from it comes, but the new version for some reason immediately disconnects, whereas the older version doesn’t…

7

What is connected to your ether1-gateway?

A typical setup here is:
VDSL modem → ether1-gateway
pppoe-out1 on ether1-gateway
ether2-ether5 switched (ether2 as master port)
bridge-local (ports ether2, wlan1, wlan2)
LAN IP address on bridge-local (eg: 192.168.88.1)
DHCP Server on bridge-local
nat masq rule on pppoe-out1 (which you already have)

If you use Quickset → Home AP, does it work for you? Because that gives more or less the same config as my example above.

Nope, PPPoE should be on the etherX that’s connected to your modem and that etherX should not be bridged with your LAN. PPPoE will create a default route and together with the nat masquarade rule, it will will route between LAN and the internet.

8

Nothing is connect to my ether1-gateway.
My modem is connected to ether3, pppoe is on bridge and everything else is more or less the way you described it.
Does the modem have to be on ether1-gateway?

Quickset → Home AP does not work, I’m guessing because my modem is on ether3 instead of ether1?

9

It doesn’t have to be. If your modem is connected to ether3 then the config will be like this:

VDSL modem → ether3 (can be any etherX)
pppoe-out1 on ether3 (pppoe-out1 must be on the port that your modem is connected to)
ether1, ether2, ether4, ether5 switched (ether1 as master port)
bridge-local (ports ether1, wlan1, wlan2)
LAN IP address on bridge-local (eg: 192.168.88.1)
DHCP Server on bridge-local
nat masq rule on pppoe-out1 (which you already have)

In this case, ether3 is your gateway. And you need to remove ether3 from bridge-local.

If you use Quickset → Home AP, your modem must be connected to ether1. Give it a try?

10

Thanks! I fixed the configuration so now ether3 is not switched with other ports and on old verison it works beautifully :slight_smile:
Unfortunately, new version gives me the same problem :confused:

11

The problem with duplicated session-id, this one I have no idea. All I can see is that it’s not happening here with 6.34.4 on my router. Maybe try the latest version 6.35 that just came out.

Sometimes I find restoring from backup gives problems. Maybe you can try /export to save your config as a txt file and setup from there with the new version.

12

I’m not so sure it’s the duplicated session-id that’s causing the problem, though… I wouldn’t trust my ISP with anything, took them weeks to respond to my question which contained the acronym PADI in it, I think they were trying to google it :slight_smile:
And to support that I’ve now seen that when a connection on the older version is established, it’s sometimes with the same PADI frame as on the newer so I’m not sure what’s going on here, but thank you so much for the correction of my configuration and I’ll try 6.35 to see what happens, but I’m not really hopeful about that…

I will report back with the results once I try the upgrade and play around some more.

Thank you once again very much!

13

:laughing:

No problem. One more suggestion, on 6.34.4 or 6.35, reset to defaults then try Quickset → Home AP with your modem connected to ether1 and see what happens.

You can also turn on debug for pppoe in logging to see more info.

Maybe restoring from backup is the culprit.

14

Right… You reminded me now, there is something wrong with the settings… When I reset my configuration and tried ONLY connecting PPPoE on the new version, it connected fine on 6.34.4…

I so wanted to avoid reconfiguring everything… The firewall rules, the PPTP, the scheduled scripts, the static IP’s, the Radius authentication, … There’s too much to configure :slight_smile:
Oh, well… I’ll see, maybe I find the actual culprit :slight_smile: If I do first thing I’m doing is posting it here because man, setting everything up from the beggining - not exactly fun :slight_smile:

15

You can do a /export compact and save your config as a txt file. /import this file will probably give you errors so just copy and paste the relevant sections in one at a time into terminal. Much faster than doing everything again.

Good luck, bet you haven’t had so much fun with a router.

16

You know what, that’s actually a great idea - it shortens the reconfiguration greatly and is easily modified to see where things go wrong for instance… You sir are a godsend :slight_smile: I am extremely thankful to you!

Will post back with results when I’ve got them.

17

First of all, WOOHOOO :slight_smile:

I first tried importing the whole export and it didn’t work on 6.35…
Then I tried playing around and eventually saw that once I imported the settings, whatever I did, nothing helped to establish a connection, but if I reset the configuration and set up PPPoE, it worked.
On a hunch, lazy as I am, I tried the following steps then:

  1. Reset configuration
  2. Set up PPPoE manually so it works
  3. Remove the PPPoE setup from the export command result
  4. Import the tweaked export result

and voila, everything works now :slight_smile:
I have no idea what was wrong in the original configuration, I’ve been looking at differences both through Winbox and through the output of export command and I found these two differences:

The following line was a part of the original export compact result, but is not a part of it now

/ip neighbor discovery
set pppoe-out1 discover=no

And I don’t know why I don’t see it in the output of export command, but in Winbox I see under the pppoe interface that Default route distance is now 0 and I believe it was originally set to 1.

I’m not sure if one of those was the culprit or something else, but clearing the configuration, setting up PPPoE manually and importing everything from export command without the PPPoE related commands worked like a charm!

Thank you soonwai so much for your help!!