Community discussions

MikroTik App
 
bourneagainsh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 65
Joined: Thu May 21, 2020 7:41 pm

Sky UK - PPPoE-out with (MER) MAC Encapsulation Routing AUTHENTICATION

Sun Jun 14, 2020 11:30 am

I am trying to set up PPPoE on RBmAP2nD from ether1 that is connected to Huawei EchoLife HG612 VDSL OpenReach Modem.

I have extracted from my Sky Hub 3.0 (Model ER115) aka Sky Q Hub username/password and managed to connected and get working my spare
ASUS DSL-N16 in standalone setup using the Sky(MER)_ISP list ....

But no luck with MikroTik :(

I have VDSL Broadband Max from Sky.

Searching around I have found this on a Cisco Community forum:
As far as I read it MER is the same as RFC1483 Bridging. RFC1483 Bridging Baseline Architecture.

I am only beginner, so that does not make any sense to me :(


Searching more I have found another post on RedDit (year old) stating:
Sky use something they call MER (IPoE) to authenticate the hardware as well as CHAP credentials.
In order to pass authentication you need to clone your SKY router's WAN MAC address to your interface,
and then pass DHCP option 61 and 60 - client-id and class-id. Client-ID is the hex value of your sky username/password combination.


But I had working connection with ASUS DSL-N16 and no need to clone MAC address of the Modem ....



I am running 6.47 on the RBmAP2nD
And configuring via WinBox64bit v3.24
QuickSet - Home AP - PPPoE and I am getting msg.: link established | terminating... - failed to authenticate ourselves to peer
Tried to set Max MTU on pppoe-out1 to 1480, but still the same ...
Last edited by bourneagainsh on Mon Jun 22, 2020 6:51 pm, edited 2 times in total.
 
bourneagainsh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 65
Joined: Thu May 21, 2020 7:41 pm

Re: Sky UK - PPPoE-out with (MER) MAC Encapsulation Routing AUTHENTICATION  [SOLVED]

Mon Jun 22, 2020 5:26 pm

Found the answer:
https://helpforum.sky.com/t5/Broadband/Is-it-possible-to-get-Google-Wifi-mesh-system-to-work-with-Sky-Superfast-2/m-p/3337918#M181066

and then over here:
http://www.skyuser.co.uk/forum/technical-discussion/49773-router-os-sky-3.html#post476368
 
nikc
Member Candidate
Member Candidate
Posts: 208
Joined: Wed Jul 13, 2016 6:05 pm

Re: Sky UK - PPPoE-out with (MER) MAC Encapsulation Routing AUTHENTICATION

Wed Nov 18, 2020 11:27 am

Don't suppose you'd be prepared to share your RouterOS config on this ?
 
bourneagainsh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 65
Joined: Thu May 21, 2020 7:41 pm

Re: Sky UK - PPPoE-out with (MER) MAC Encapsulation Routing AUTHENTICATION

Sun Feb 07, 2021 9:56 am

Don't suppose you'd be prepared to share your RouterOS config on this ?
Sure, here it is:
client_duid79 = "0x00030001 + skyER115lanMACaddress" so 12c1ab12aa12 -> 12c1ab12aa13 = 0x0003000112c1ab12aa13
clientid_duid61 = "0x + 2.04.1919.R|003|ER115|B12341AB001234" = 0x322e30342e313931392e527c3030337c45523131357c4231323334314142303031323334
clientid = "0x + 12c1ab12aa12@skydsl|123a1a12" = 0x31326331616231326161313240736b7964736c7c3132336131613132

/ipv6 dhcp-client option
add code=79 name=client_duid79 value="0x0003000112c1ab12aa13"
add code=61 name=clientid_duid61 value="0x322e30342e313931392e527c3030337c45523131357c4231323334314142303031323334"
add code=61 name=clientid value="0x31326331616231326161313240736b7964736c7c3132336131613132"

/ipv6 dhcp-client add add-default-route=yes dhcp-options=client_duid79,clientid_duid61,clientid interface=ether1 pool-name=IPv6 pool-prefix-length=56 request=prefix

/ip dhcp-client option
add code=79 name=client_duid79 value="0x0003000112c1ab12aa13"
set clientid_duid61 code=61 name=clientid_duid61 value="0x322e30342e313931392e527c3030337c45523131357c4231323334314142303031323334"
set clientid code=61 name=clientid value="0x31326331616231326161313240736b7964736c7c3132336131613132"

/ip dhcp-client
add add-default-route=yes comment=defconf default-route-distance=1 dhcp-options=client_duid79,clientid_duid61,clientid disabled=no interface=ether1 use-peer-dns=no use-peer-ntp=yes
 
stevenma
just joined
Posts: 24
Joined: Mon Aug 07, 2017 5:44 pm

Re: Sky UK - PPPoE-out with (MER) MAC Encapsulation Routing AUTHENTICATION

Thu Jan 06, 2022 10:49 pm

Don't suppose you'd be prepared to share your RouterOS config on this ?
Hello, Can I ask please, were you successful in setting up your MikroTik router with Sky UK Broadband using @bourneagainsh's info?

I'm a relatively new Sky Broadband user and keen to use my MikroTik home network. There's a lot of info on the web but I'm struggling to implement it.

I look forward to hearing from you.

Many thanks,
Steve
 
bourneagainsh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 65
Joined: Thu May 21, 2020 7:41 pm

Re: Sky UK - PPPoE-out with (MER) MAC Encapsulation Routing AUTHENTICATION

Fri Jan 07, 2022 1:48 pm

Hi Steve,

What exactly do you have problem with implementing?

I have come to MikroTik solution because $ky UK have prevented me from changing DNS settings,
and they are running some shadow scheme:

Sky UK residential DNS interception
https://padlock.argh.in/2019/04/28/sky- ... ption.html

#Deleted ....
https://community.sky.com/t5/Broadband/ ... -p/2989332
#Copy from WebArchive
https://web.archive.org/web/20191108174 ... 2?nobounce


I have Huawei EchoLife HG612 3B (Unlocked) LAN1 ->
#HG612 Unlock
https://kitz.co.uk/routers/hg612hacking.htm
https://kitz.co.uk/routers/images/HG612 ... s_v1-3.pdf
And hEX S | RB760iGS -> PoE -> cAP ac | RBcAPGi-5acD2nD

(Huawei HG612 Modem) LAN1 -- ether1 PoE In [Passive/af/at] (hEX S|RB760iGS) -- ip|ipv6 dhcp-client -- bridge -- ether1,2,3,4,5 -- ETH1 PoE In (cAP|RBcAPGi-5acD2nD)

I prefer to use command line rather than WinBox to set it up.

There is some interesting reading here with regards to extracting your username/password that I have followed as well
https://www.skyuser.co.uk/forum/extract ... -post.html
 
stevenma
just joined
Posts: 24
Joined: Mon Aug 07, 2017 5:44 pm

Re: Sky UK - PPPoE-out with (MER) MAC Encapsulation Routing AUTHENTICATION

Sat Jan 08, 2022 3:03 pm

Hi Steve,

What exactly do you have problem with implementing?
Morning bourneagainsh,

Many thanks for replying, it’s very much appreciated.

My modem hardware is a Zyxel VMG1312-T20B Router with Bridge Mode and the latest firmware. This in router mode does support the IPoE, IPv4 & 6 dualStack, VLAN 802.1p & q (I set to 101) and Options 60 (Vendor ID) & 61 (IAID & DUID) features and did initially try & fail setting these up to hopefully prove the third party router concept. My actual requirement is to achieve Bridge Mode as I'm keen to achieve failover with the Three UK LTE 4G circuit I have as my main. Then I found your MT thread - and success was in sight!

In Bridge Mode the Zyxel offers these options: VLAN which I set 802.1q to 101 (802.1p left at 0) and MTU which is currently set to a default of 1500 and VDSL over PTM.

My main MT router is an RB4011 with hAP ac WiFi APs and CRS112 switches of which I'm attempting to use an hAP ac to prove Sky connectivity with the Zyxel router in Bridge Mode.

FYI My Sky router is the SR203.

My first hurdle is understanding and getting the hAP into IPv6 mode to use your commands with my Sky credentials. I'm relatively new to MT and using the platform to self-educate myself in networking beyond the basics and have already learnt a lot but still a long way to go.

Very cheeky, I know, but wonder if you'd be willing to share (of course exc. any sensitive info) your MT router config text with me. I'll then know that it's just down to me providing my Sky credentials in the correct format. After that I can reverse engineer the Sky setup in to my RB4011.

In anticipation, many thanks,
Steve
 
stevenma
just joined
Posts: 24
Joined: Mon Aug 07, 2017 5:44 pm

Re: Sky UK - PPPoE-out with (MER) MAC Encapsulation Routing AUTHENTICATION

Mon Jan 10, 2022 1:11 am

Hi Steve,

What exactly do you have problem with implementing?
I believe I'm making some progress but no actual connectivity yet. Here is my router setup, which is essentially the router defaults plus your IPv6 commands with my values. I'd be grateful please if you could scan over it for me to compare with yours.

# jan/09/2022 22:57:15 by RouterOS 6.48.6
# software id = JUGI-V68B
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = My Serial Number Here
/interface bridge
add admin-mac=E4:8D:8C:6B:BD:BD auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\
MikroTik-6BBDBD wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX distance=indoors frequency=auto installation=indoor \
mode=ap-bridge ssid=MikroTik-6BBDBD wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client option
add code=79 name=client_duid79 value=0x00030001C0A36E68F490
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/ipv6 dhcp-client option
add code=79 name=client_duid79 value=0x00030001c0a36e68f490
add code=61 name=clientid_duid61 value="0x352E31342E323430352E527C3030317C5352\
3230337C4432313032313544303033363436"
add code=61 name=clientid value=\
0x63306133366536386634393040736B7964736C3132336131613132
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ipv6 dhcp-client
add add-default-route=yes dhcp-options=client_duid79,clientid_duid61,clientid \
interface=ether1 pool-name=IPv6 pool-prefix-length=56 request=prefix
/system clock
set time-zone-name=Europe/London
/system package update
set channel=long-term
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
bourneagainsh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 65
Joined: Thu May 21, 2020 7:41 pm

Re: Sky UK - PPPoE-out with (MER) MAC Encapsulation Routing AUTHENTICATION

Sun Jan 23, 2022 6:47 pm

Sorry about the delays here you go, I have taken the not important stuff out:
# jan/23/2022 15:47:10 by RouterOS 7.1.1
# software id = W5SS-26WT
#
# model = RB760iGS
# serial number = AA123AA123A

#(MY NOTES FOR YOU)

/interface bridge add admin-mac=AB:CD:EF:12:34:56 auto-mac=no comment="bridge - LAN" fast-forward=no name=bridge

/interface ethernet
set [ find default-name=ether1 ] comment="Huawei EchoLife HG612 - Openreach LAN1" mac-address=AB:CD:EF:12:34:55 #(Cloned one from Sky Router to get same IP's if swapping etc.)
set [ find default-name=ether2 ] comment="Netgear GSxxxx"
set [ find default-name=ether3 ] comment="Netgear GSxxxx"
set [ find default-name=ether4 ] comment="Huawei EchoLife HG612 - Openreach LAN2 "
set [ find default-name=ether5 ] comment="cAP ac | RBcAPGi-5acD2nD | Sky"
set [ find default-name=sfp1 ] disabled=yes

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN


/ip dhcp-client option
add code=79 name=client_duid79 value=0x00030001abcdef123455 #(Last 12 charceters are MAC address)


/ip pool add name=dhcp ranges=192.168.1.2-192.168.1.254
add name=vpn ranges=192.168.89.2-192.168.89.255

/ip dhcp-server
add add-arp=yes address-pool=dhcp always-broadcast=yes interface=bridge name=defconf


#Sunday, 23 January 2022
#Sky username+password = 12c1ab12aa12@skydsl + 123a1a12 #On my ER115 Firmware 2.04.1919.R
#https://string-functions.com/string-hex.aspx
#-----------------------------------------------------------------------
#clientid = "0x + 12c1ab12aa12@skydsl|123a1a12" toHEX = "0x31326331616231326161313240736b7964736c7c3132336131613132"
#clientid_duid61 = "0x + 2.04.1919.R|003|ER115|B12341AB001234" toHEX = 0x322e30342e313931392e527c3030337c45523131357c4231323334314142303031323334
#client_duid79 = "0x + 00030001 + skyER114lanMACaddress(12c1ab12aa12) -> 12c1ab12aa13 = 0x0003000112c1ab12aa13
#-----------------------------------------------------------------------
#12c1ab12aa12@skydsl|123a1a12 toHEX = 31326331616231326161313240736b7964736c7c3132336131613132
#2.04.1919.R|003|ER115|B12341AB001234 toHEX = 322e30342e313931392e527c3030337c45523131357c4231323334314142303031323334
#00030001 + 12c1ab12aa12 = 0003000112c1ab12aa13


/ipv6 dhcp-client option
add code=61 name=clientid value="0x31326331616231326161313240736b7964736c7c3132336131613132"
add code=61 name=clientid_duid61 value="0x322e30342e313931392e527c3030337c45523131357c4231323334314142303031323334"
add code=79 name=client_duid79 value=0x0003000112c1ab12aa13 #(Last 12 charceters are MAC address)


/port
set 0 name=serial0
set 1 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none stop-bits=1
set 2 baud-rate=115200 data-bits=8 flow-control=none name=usb3 parity=none stop-bits=1



/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp1

/ip neighbor discovery-settings set discover-interface-list=LAN

/ip settings set rp-filter=strict

/ipv6 settings set max-neighbor-entries=8192


/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN


/interface pptp-server server set enabled=yes


/ip address add address=192.168.1.1/24 comment="default=ether2" interface=bridge network=192.168.1.0


/ip dhcp-client add comment=defconf dhcp-options=client_duid79,clientid_duid61,clientid interface=ether1 use-peer-dns=no



/ip dhcp-server network
add address=192.168.1.0/24 comment="defconf: added DNS Server 192.168.1.1" \
    dns-server=1.1.1.1,1.0.0.1 gateway=192.168.1.1 ntp-server=\
    90.207.238.106,90.207.238.105


/ip dns set allow-remote-requests=yes max-udp-packet-size=512 servers=1.0.0.1,1.1.1.1,2606:4700:4700::1111,2606:4700:4700::1001





/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes


/ip proxy access
add action=deny dst-host=www.facebook.com src-address=192.168.1.0/24
add action=deny dst-host=*.facebook.*
add action=deny dst-host=:facebook
add action=deny dst-host=:fbcdn
add action=deny dst-host=:fbsbx
add action=deny dst-host=www.facebook.com






/ipv6 address
add address=::c6ad:34ff:feda:1234 comment="Router IPv6 WAN" eui-64=yes from-pool=IPv6 interface=bridge no-dad=yes
add address=fd0f:d1e1:46c9:c4b2:: comment="Router IPv6 LAN" interface=bridge


/ipv6 dhcp-client add add-default-route=yes dhcp-options=client_duid79,clientid_duid61,clientid dhcp-options=client_duid79,clientid_duid61,clientid interface=ether1 pool-name=IPv6 pool-prefix-length=56 request=prefix


/ipv6 firewall filter
add action=passthrough chain=forward disabled=yes log=yes
add action=accept chain=forward comment="Established traffic" connection-state=established
add action=accept chain=forward comment="LAN traffic can go anywhere"  in-interface=bridge
add action=accept chain=forward comment="Related traffic" connection-state=related
add action=accept chain=forward comment=ICMP protocol=icmpv6 #(IMPORTANT)
add action=drop chain=forward comment="Drop the rest" 
add action=accept chain=output
add action=accept chain=input comment="Established traffic" connection-state=established
add action=accept chain=input comment="LAN traffic can go anywhere" in-interface=bridge
add action=accept chain=input comment="Related traffic" connection-state=related
add action=accept chain=input comment="accept DHCPv6-Client prefix delegation" dst-port=546 log=yes log-prefix=!546 protocol=udp src-address=fe80::/10 #(IMPORTANT)
add action=accept chain=input comment=ICMP log=yes protocol=icmpv6 #(IMPORTANT)
add action=drop chain=input comment="Drop the rest"


#(IMPORTANT)
/ipv6 firewall mangle
add action=change-mss chain=postrouting new-mss=clamp-to-pmtu out-interface=\
    ether1 passthrough=yes protocol=tcp tcp-flags=syn
add action=change-mss chain=output new-mss=clamp-to-pmtu out-interface=ether1 \
    passthrough=yes protocol=tcp tcp-flags=syn


/ipv6 nd set [ find default=yes ] mtu=1500


/tool mac-server set allowed-interface-list=LAN
/tool mac-server mac-winbox set allowed-interface-list=LAN
/tool sniffer set file-name=PacketSniffer-TEST
Hope it helps.
 
stevenma
just joined
Posts: 24
Joined: Mon Aug 07, 2017 5:44 pm

Re: Sky UK - PPPoE-out with (MER) MAC Encapsulation Routing AUTHENTICATION

Sun Jan 23, 2022 11:01 pm

Sorry about the delays here you go, I have taken the not important stuff out:
Cheers, thank you & much appreciated. I’ve a busy week ahead but will have another go and feedback here.

Rgds, Steve
 
en1gm4
Member Candidate
Member Candidate
Posts: 121
Joined: Sun Oct 02, 2016 6:27 pm
Location: UK

Re: Sky UK - PPPoE-out with (MER) MAC Encapsulation Routing AUTHENTICATION

Wed Jan 26, 2022 1:22 pm

@bourneagainsh I just wanted to say thank you to for the config! superb comments/notes

I am looking at getting a cheap VDSL solution from NOWTV (which is essentially SKY as i understand it) and hoping this works (as an interim solution while waiting for FTTP solution... which has been "imminent" for 2 years!).
I'm using an unlocked HG612 on an RB750GR2 recently upgraded to 7.1.1 for the ipv6 improvements and FQ_codel

I'm also hoping to get IPv6 working for the first time (which has been "imminent" since 1995 i think ;)
 
eldude
just joined
Posts: 1
Joined: Fri Mar 18, 2022 9:00 pm

Re: Sky UK - PPPoE-out with (MER) MAC Encapsulation Routing AUTHENTICATION

Fri Mar 18, 2022 9:07 pm

Don't suppose you'd be prepared to share your RouterOS config on this ?
Sure, here it is:
client_duid79 = "0x00030001 + skyER115lanMACaddress" so 12c1ab12aa12 -> 12c1ab12aa13 = 0x0003000112c1ab12aa13
clientid_duid61 = "0x + 2.04.1919.R|003|ER115|B12341AB001234" = 0x322e30342e313931392e527c3030337c45523131357c4231323334314142303031323334
clientid = "0x + 12c1ab12aa12@skydsl|123a1a12" = 0x31326331616231326161313240736b7964736c7c3132336131613132

/ipv6 dhcp-client option
add code=79 name=client_duid79 value="0x0003000112c1ab12aa13"
add code=61 name=clientid_duid61 value="0x322e30342e313931392e527c3030337c45523131357c4231323334314142303031323334"
add code=61 name=clientid value="0x31326331616231326161313240736b7964736c7c3132336131613132"

/ipv6 dhcp-client add add-default-route=yes dhcp-options=client_duid79,clientid_duid61,clientid interface=ether1 pool-name=IPv6 pool-prefix-length=56 request=prefix

/ip dhcp-client option
add code=79 name=client_duid79 value="0x0003000112c1ab12aa13"
set clientid_duid61 code=61 name=clientid_duid61 value="0x322e30342e313931392e527c3030337c45523131357c4231323334314142303031323334"
set clientid code=61 name=clientid value="0x31326331616231326161313240736b7964736c7c3132336131613132"

/ip dhcp-client
add add-default-route=yes comment=defconf default-route-distance=1 dhcp-options=client_duid79,clientid_duid61,clientid disabled=no interface=ether1 use-peer-dns=no use-peer-ntp=yes
I can confirm that the above worked for me with Sky VDSL in March 2022. Apart from the interface names, I used the above verbatim. This in turn suggests that previous posters are right - there's no need to get the username/password from the Sky equipment; supplying any old junk in the right format for the relevant DHCP options does the trick. IPv6 works too.

Who is online

Users browsing this forum: cmmike, mtctech2024, yakovz and 42 guests