SXT LTE6 KIT Beginner problems

Hello,

I just got a SXT LTE6 (SXTR&FG621-EA) to connect a remote site to the Internet. I inserted a Telekom SIM, contected it with ethernet to my PC and switched it on.
Instant success. I opened the Website 192.168.188.1 and changed the password. LTE had a good connection. Then I started a firmware update. The SXT rebooted and I could connect to the Website again.
Unfortunately I had no internet connection more. Check for firmware updates failed.
Signal looks good on LTE, Pin is not necessary.

Adding a DNS Server did not help either. I used the APN internet and internet.telekom. The PC still connects on ethernet 1 to 192.168.188.1 but not further.

Where do I look next?

Best Regards Oli

Hello,
I’am still trying to find my problem. I included the config below.

There is an IPv6 adress on the lte interface, not on the IPv4

The log shows that there is a DNS provided via lte:

It seems to me, lte is IPv6 only ? Any ideas?

Best regards Oli
mt.txt.rsc (5.8 KB)

Try disabling IPv6

/ipv6/settings/set disable-ipv6=yes
/system/reboot

Hello jaclaz,

thank you for your answer. I tryed it an it did not help. Still no Internet connection, even the internal-update does not work.
After I reactivated IPv6 I tryed to set the DNS to a IPv6, did not help either.


Best regards Oli

Post your complete configuration, follow these insteructions:
http://forum.mikrotik.com/t/forum-rules/173010/1

Hello,
here is the config. The unit was new from the box.

Best regards oli

# 1970-01-02 00:42:25 by RouterOS 7.15.3
# software id = 4xxxxxxxx
#
# model = SXTR
# serial number = xxxxxxx
/interface bridge
add admin-mac=Fxxxxxxxxx auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
add apn=internet.telekom use-network-apn=yes
/interface lte
set [ find default-name=lte1 ] allow-roaming=yes apn-profiles=\
    internet.telekom band="" sms-read=no
/ip pool
add name=default-dhcp ranges=192.168.188.10-192.168.188.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/queue type
add fq-codel-ecn=no kind=fq-codel name=fq-codel-ethernet-default
/queue interface
set ether1 queue=fq-codel-ethernet-default
set ether2 queue=fq-codel-ethernet-default
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=WAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN
/ip address
add address=192.168.188.1/24 comment=defconf interface=bridge network=\
    192.168.188.0
/ip dhcp-server network
add address=192.168.188.0/24 comment=defconf dns-server=192.168.188.1 \
    gateway=192.168.188.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.188.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
    dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

This:

/interface lte apn
add apn=internet.telekom use-network-apn=yes

May be the issue, you should edit the entry setting use-network-apn=no
See:
http://forum.mikrotik.com/t/lte-apn-with-fix-ip/139907/1

See also, it should be possible to disable it via GUI too:
https://blog.linitx.com/mikrotik-lte-how-to-configure-apn-settings-part-2-use-network-apn-issues/

Hello again,

thank you very much. “use-network-apn=no” did the trick. Now I have good connection and Internet is working.

I use the APN internet.telekom for my prepaid Telekom SIM

Best regards
Oli

Good.

I wonder why in the late what? 4 years or so , no Mikrotik developer thought to add a check-box for “use-network-apn” on the main Quick Set page (the one you posted screenshots of), given that the default is “yes” and this makes the manually entered apn not used (without any sign that it is not used, at the very least the textbox font colour should be gray and NOT black, like it was enabled).

Yet another sign of what I would call poor attention towards customer common problems, particularly for new users.

Maybe it is item #3147 in their low-priority to-do list.

Even better and less confusing will be that use-network-apn config doesn’t even exists, if apn is set then it will be used, if not, network provided one will be used.

Yep, even better if there was a drop down list with an item “Automatic ISP APN” (or similar) fixed/not removable to which you can add your APN and then you are free to select either.
In CLI, an “auto” option could be added to

/interface lte apn
add apn=auto

That would allow the complete removal of use-network-apn.

It is more or less the same (IMHO illogical) logic behind the way you have to configure the auto-mac on bridge:

admin-mac (MAC address; Default: none) Static MAC address of the bridge. This property only has effect when auto-mac is set to no.
…
auto-mac (yes | no; Default: yes) Automatically select one MAC address of bridge ports as a bridge MAC address.

they could get rid of auto-mac adding a admin-mac=auto option.

Or they could at least rename the setting to use-network-apn-and-disable-the-one-you-typed-in

I was thinking in a way how DNS Server has, there are config properties servers and dynamic-servers (read only), when servers is not set, dynamic-servers is used. But this with auto value is not bad idea (unless some MNO wants to name his apn to auto ). There are ways how to make it simple because this current way of setup is confusing at least.