Hi,
Starlink DHCP is sending:
IP Address :
100.64.33.40
Subnet Mask :
255.192.0.0
Default Gateway :
100.127.255.0
DNS :
8.8.8.8
8.8.4.4
It seems to bug down RouterOS since the gateway become unreachable and internet goes down. I find it very strange to receive 100.127.255.0 as a gateway… Any idea to fix this?
Why do you think it’s strange? Mask 255.192.0.0 is /10, so it makes a network with possible addresses from 10.64.0.1 to 10.127.255.254 (not counting network address and broadcast). The 100.127.255.0 fits in there as valid address just fine.
Just to confirm its a valid public IP address?? My dish is sitting in the garage, waiting for warmer weather to go playing on roofs…
( I need it to beam down the spy cam uplink from Sobs house and all rooms)
In the context of the router seeing it as “unreachable” and placing a dumb D-Link between Starling and ROS works. In the Cisco world, there is a config for “ip subnet-zero”, i was wondering if there is something similar inside ROS that i missed and prevent it to work properly.
Other than that, it’s a dual WAN setup and the other provider’s link is working OK. I’ll post the config as soon as i get access again. Both links are DHCP and i’m doing load balancing until Starlink’s shows stability.
Yeah, it’s reserved IP block for CGNAT (Carrier Grade NAT).
Address ending with 0 has special meaning only when it’s subnet address, and that depends on mask. For example, 192.168.1.0 can be both unusable (*) subnet address and perfectly valid address:
(*) Some systems can be configured to use it, but current RouterOS AFAIK can’t. But in your case it doesn’t matter, because 100.127.255.0 is not subnet address.
> ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
...
7 A S 0.0.0.0/0 100.127.255.0 1
...
19 ADC 100.64.0.0/10 100.64.33.40 internal 0
What means that “placing a dumb D-Link between Starling and ROS works”? Is the D-link a switch or a router with the Starlink CGNAT subnet at WAN and doing NAT to some private LAN subnet to which the Mikrotik is connected?
If it is a router, I’d suppose that when you connect Mikrotik directly to the Starlink network, the Starlink network gets scared of MNDP/LLDP/CDP coming from the Mikrotik. If so, disabling neighbor discovery on the Starlink-facing interface should be enough.
Yes its a pita but you can always use wireguard and zerotier for optoins to access from external…
If you connect directly to the PoE power brick, you’d get a CGCAT. But you’d still need a NAT src-nat masquerade rule to use that – it’s not a real public IP address. If you add a static 192.168.100.0/24, say .101, address on the same interface DHCP is given you the CGNAT, you can use 192.168.100.1 to access the web UI of the dish to confirm it’s actually connected too.
If those didn’t work, but good to confirm that using the Starlink Wi-Fi unit’s 2nd ethernet port worked from the Mikrotik. You’d end up with double-NAT, but at least know that works from ROS. But AFAIK you can’t get a public IPv4 address from starlink, but the CGNAT address from the PoE power brick.
Another consideration is you should have IPv6, so be curious to see if that work from the Mikrotik to ping over IPv6 in the configuration.
The tunneling suggestion aren’t necessity bad if you needed real public IPs, but I’d recommend using IPv6 (if the starlink provided one) to establish the tunnel for IPv4.