I have a customer who has a RB/751U-2HnD running the latest OS and the only setting we have changed in the device is the SSID and the WPA2 key. They have two Verizon network extenders that refuse to connect from behind the mikrotik but they had been running fine behind a Ubiquiti Bullet running DD-WRT. On the DD-WRT router I never did anything to get the devices to connect, they just worked. Nobody else ever worked on the the gear. I am hoping that someone can help me out as I am just learning the Mikrotik gear.
Taken from Verizon
Do specific ports need to be enabled on my router or firewall for a Network Extender to work?
A Network Extender uses standard IPSec ESP VPN ports to make its connection through the Internet. It shouldn’t require any special port configuration. In those rare instances in which the Network Extender is unable to connect to the Verizon Wireless network, you may need to open ports 500, 4500, 53,and 52428. Contact your ISP, Network Administrator or switch/router/firewall manufacturer for detailed instructions on how to open ports on your equipment.
I use this same Verizon device with Mikrotik v6 and it works fine.
HINTS:
Make sure that you aren’t blocking any outgoing ports in the forwarding chain.
Make sure that you are allowing related connections in the forwarding chain.
Make sure that you are allowing established connections in the forwarding chain.
Also, these Verizon devices sometimes take several minutes (or longer) to connect up, as they do GPS checks and other various things before the lights finally turn solid blue.
Wow that appears to be a CRAZY old version of the routerOS. What is the safest way for me to upgrade the OS remotely utilizing my teamviewer connection to the customer’s location? Can I jump directly to mipsbe 6.1 or do I need to load an intermediate version?
No, 3.02 / 3.07 is the FIRMWARE, not the SOFTWARE, and that is the newest available. You already said that you are using the newest software OS.
3.07 is very new, still being pushed out to new devices, and 3.02 should be just fine for now. This version is not your problem with the Verizon extender.
FYI, I’ve found a solution for my Verizon network extender refusing to work behind my MikroTik router.
Samsung’s engineers that designed this unit are brain-dead. It seems that this network extender will not work on a 10.x.x.x NAT network. However, it does work on a 192.168.0.x network.
After two full days working on it (even sniffing the packets that were on ports 500 and 4500) and then several hours with Verizon technical support, it was down to a bad unit or something about the network. The tech asked me to try it on another network to rule out a bad unit.
I went over to a neighbor’s that had Comcast and it worked. However, I was struck that the installation instructions requested you to change the default 10.x.x.x network to 192.168.0.x. They couldn’t be that anal, right? So I went through the installation again but left the network at 10.x.x.x. BINGO! The network extender refused to initialize.
So the solution was to change my network from 10.x.x.x to 192.168.0.x but that was a royal pain. Besides changing the Firewall, NAT, DNS server, and DHCP services on the MikroTik router, I had to change dozens of configuration files on several servers and request new license files for some products. But it fixed the extender issues.
I had a suspicion that Verizon is clueless about protocols when their documentation requested you open INCOMING port 53 for udp and tcp protocols. Huh? Does that mean that the extender provided DNS services to the outside world or they usurped and used the IANA reserved port with a non-standard service?