Community discussions

MikroTik App
 
OuttaControl
just joined
Topic Author
Posts: 8
Joined: Fri Jan 29, 2021 6:41 pm

One more Basic ISP Failover pppoe+wan

Sun May 16, 2021 1:22 am

Hi,
I have one more very similar question but failed to find exact answer for my case, and there are million of options.

So I have PPPoE main line with flatrate that failes few times a day for few minutes due to dsl uplink death.
So i got 4G router from different provider limited to 50GB of traffic to be failover and connected it to. mikrotik via 192.168.0.1 on ether3

I want to use PPPoE when it is working, and those few minutes when it is not working to switch to Ether3, and then go back as soon as possible back to PPPoE, due to limited data.

I would like for my RDP connections to stay connected if possible.
I have managed to connect ether3, and mikrotik is aware that there is internet via ether3, and it knows when there is no connection on pppoe but does not switch to ether 3 when PPPoE dies.

https://ibb.co/VMRTVMG

There are too many options recomended for begginer to understand what is best option in this case and what route to go: distance, masquerade, netwatch, load balancing with PCC...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: One more Basic ISP Failover pppoe+wan

Tue May 18, 2021 3:22 pm

/export hide sensitive file=anynameyouwish
 
OuttaControl
just joined
Topic Author
Posts: 8
Joined: Fri Jan 29, 2021 6:41 pm

Re: One more Basic ISP Failover pppoe+wan

Tue May 18, 2021 3:39 pm

Hi,
Here it is:
# may/18/2021 14:35:18 by RouterOS 6.45.9
# software id = H8IP-FT07
#
# model = RBD52G-5HacD2HnD
# serial number = D7160D9D7422
/interface bridge
add admin-mac=08:55:31:5E:37:13 auto-mac=no comment=defconf mtu=1480 name=\
    bridge
add name=bridge2
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country="united states" disabled=no distance=indoors frequency=auto \
    installation=indoor mode=ap-bridge ssid=Vulisha wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country="united states" disabled=no distance=indoors \
    frequency=auto installation=indoor mode=ap-bridge ssid="Vulisha 5GHz" \
    wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name="Amazon Update" regexp="^.+d1s31zyz7dcc2d.cloudfront.net.*\$|^.+amzdi\
    gital-a.akamaihd.net.*\$|^.+amzdigitaldownloads.edgesuite.net.*\$|^.+updat\
    es.amazon.com.*\$|^.+softwareupdates.amazon.com.*\$"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.1.150-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=8h name=defconf
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none \
    stop-bits=1
/interface ppp-client
add apn=internet name=ppp-out1 port=usb1
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 max-mtu=1480 name=\
    pppoe-out1 profile=default-encryption user=frankvul
/queue simple
add burst-limit=768k/0 burst-threshold=768k/0 burst-time=1s/0s limit-at=\
    768k/0 max-limit=768k/0 name="Main Queue" target=192.168.1.0/24
add name="1PM bojler Filip " parent="Main Queue" target=192.168.1.30/32
add name="1PM bojler mater " parent="Main Queue" target=192.168.1.31/32
add name=1EM parent="Main Queue" target=192.168.1.40/32
add name="Plug S" parent="Main Queue" target=192.168.1.50/32
add max-limit=128k/2M name="Galaxy J7" parent="Main Queue" target=\
    192.168.1.248/32
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge2 comment=defconf disabled=yes interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/interface wireless access-list
add interface=wlan1 mac-address=C0:E4:34:60:97:EB
add interface=wlan1 mac-address=D0:37:45:71:EF:71
add interface=wlan1 mac-address=20:F4:78:27:02:34
add interface=wlan1 mac-address=F4:CF:A2:E3:AC:72
add interface=wlan1 mac-address=E0:98:06:B5:75:1A
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2 network=\
    192.168.1.0
add address=192.168.5.2/24 interface=ether1 network=192.168.5.0
add address=192.168.0.2/24 interface=ether3 network=192.168.0.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1 \
    use-peer-dns=no
/ip dhcp-server lease
add address=192.168.1.151 comment="Klima Daikin" mac-address=\
    C0:E4:34:60:97:EB server=defconf
add address=192.168.1.248 client-id=1:88:83:22:f0:30:f9 mac-address=\
    88:83:22:F0:30:F9 server=defconf
add address=192.168.1.120 client-id=1:64:90:c1:12:77:1 comment=\
    "Roborock S5max" mac-address=64:90:C1:12:77:01 server=defconf
add address=192.168.1.158 client-id=1:b8:27:eb:4b:36:a0 mac-address=\
    B8:27:EB:4B:36:A0 server=defconf
add address=192.168.1.152 client-id=1:28:24:ff:71:6d:85 mac-address=\
    28:24:FF:71:6D:85 server=defconf
add address=192.168.1.20 client-id=1:8:0:27:2d:7b:fe mac-address=\
    08:00:27:2D:7B:FE server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add chain=forward
add chain=forward
add action=drop chain=forward layer7-protocol="Amazon Update" protocol=tcp \
    src-port=80,443
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="towards to modem2" out-interface=\
    ether3
/ip service
set telnet disabled=yes
set ssh disabled=yes
/system clock
set time-zone-name=Europe/Zagreb
/system logging
add topics=wireless,debug
/tool graphing interface
add interface=pppoe-out1
/tool graphing queue
add simple-queue=1EM
add simple-queue="1PM bojler Filip "
add simple-queue="1PM bojler mater "
add simple-queue="Galaxy J7"
add simple-queue="Main Queue"
add simple-queue="Plug S"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool traffic-monitor
add interface=bridge name=tmon1 
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: One more Basic ISP Failover pppoe+wan

Tue May 18, 2021 4:16 pm

Interface should be bridge not ether2
add address=192.168.1.1/24 comment=defconf interface=ether2 network=\
192.168.1.0

Get rid of these as they are not useful.
add chain=forward
add chain=forward

IF ether3 is another DHCP client (WANIP) it doesnt need a separate bridge??
ether3 should be a WAN list member

For the source nat rules,
the first one change to out-interface=ppoe-out1

Now the most important settings you left out??
The IP routes??
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: One more Basic ISP Failover pppoe+wan

Tue May 18, 2021 9:04 pm

The configuration do not need any route because are create accordingly to login on pppoe and getting settings from dhcp client
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: One more Basic ISP Failover pppoe+wan

Tue May 18, 2021 9:14 pm

Concur on ISP1, but what about ISP2?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: One more Basic ISP Failover pppoe+wan

Tue May 18, 2021 9:17 pm

dhcp create route. on this moment i'm writing a copy-paste solution
from 3/4 min are ready and I post here.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: One more Basic ISP Failover pppoe+wan

Tue May 18, 2021 9:21 pm

The ether3/bridge2 modem2 etc. are all useless.


Simply copy and paste, but RDP always disconnect, every solution you try.
{
/interface bridge
set bridge mtu=auto
/ip dhcp-client set [find] default-route-distance=20
/interface pppoe-client set [find] max-mru=1480 default-route-distance=10
/ip address
set [find where address=192.168.1.1/24] interface=bridge
/ip service
set ftp disabled=yes
set www-ssl disabled=yes
set api disabled=yes
set api-ssl disabled=yes
}

remove this two rules manually, with script is hard:
/ip firewall filter
add chain=forward
add chain=forward

And the IP on interface ether1? Useless if the IP come from DHCP
/ip address
remove [find where address=192.168.5.2/24 and interface=ether1]
 
OuttaControl
just joined
Topic Author
Posts: 8
Joined: Fri Jan 29, 2021 6:41 pm

Re: One more Basic ISP Failover pppoe+wan

Wed May 19, 2021 10:14 pm

Hi, thanks on the script, I will try it over the weekend,

Just to explain situation:
on pppoe is connected to ether1,
ether2 is basically useless, well maybe not even connected :) - > confirmed not even connected, just cable planned for future needs.
in ether3 is WAN/failover modem.

I prefer not using DHCP, i like fixed IP.
My main network is 192.168.1.0/24
192.168.5.1 is ISP modem that I use for pppoe connection.
192.168.0.1 is IP address od wan 4g modem

I added 192.168.5.2 so I can access 192.168.5.1 so I can restart ISP modem when needed, couldn't access automatically for some reason.

I will delete bridge 2 modem2 and firewall rules

Also fixed MTU was recommended by one person because ISP modem chooses wrong one. EDIT I just saw pppoe still. has max MRU. I will keep auto in script then.

Regarding RDP it is fine, it will reconnect two times no help there and not a big problem :)

ip dhcp-client set [find] default-route-distance=20
is this line that connects to wan router in case of failure? Does it need to be dhcp-client?

Well who ever waited for weekend :) I did this script (without security part I will do that when I finish config) but it does not switch :(
# may/19/2021 22:01:55 by RouterOS 6.45.9
# software id = H8IP-FT07
#
# model = RBD52G-5HacD2HnD
# serial number = D7160D9D7422
/interface bridge
add admin-mac=08:55:31:5E:37:13 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country="united states" disabled=no distance=indoors frequency=auto \
    installation=indoor mode=ap-bridge ssid=Vulisha wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country="united states" disabled=no distance=indoors \
    frequency=auto installation=indoor mode=ap-bridge ssid="Vulisha 5GHz" \
    wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name="Amazon Update" regexp="^.+d1s31zyz7dcc2d.cloudfront.net.*\$|^.+amzdi\
    gital-a.akamaihd.net.*\$|^.+amzdigitaldownloads.edgesuite.net.*\$|^.+updat\
    es.amazon.com.*\$|^.+softwareupdates.amazon.com.*\$"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.1.150-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=8h name=defconf
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none \
    stop-bits=1
/interface ppp-client
add apn=internet name=ppp-out1 port=usb1
/interface pppoe-client
add add-default-route=yes default-route-distance=10 disabled=no interface=\
    ether1 max-mru=1480 max-mtu=1480 name=pppoe-out1 profile=\
    default-encryption user=frankvul
/queue simple
add burst-limit=768k/0 burst-threshold=768k/0 burst-time=1s/0s limit-at=\
    768k/0 max-limit=768k/0 name="Main Queue" target=192.168.1.0/24
add name="1PM bojler Filip " parent="Main Queue" target=192.168.1.30/32
add name="1PM bojler mater " parent="Main Queue" target=192.168.1.31/32
add name=1EM parent="Main Queue" target=192.168.1.40/32
add name="Plug S" parent="Main Queue" target=192.168.1.50/32
add max-limit=128k/2M name="Galaxy J7" parent="Main Queue" target=\
    192.168.1.248/32
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add comment=defconf disabled=yes interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/interface wireless access-list
add interface=wlan1 mac-address=C0:E4:34:60:97:EB
add interface=wlan1 mac-address=D0:37:45:71:EF:71
add interface=wlan1 mac-address=20:F4:78:27:02:34
add interface=wlan1 mac-address=F4:CF:A2:E3:AC:72
add interface=wlan1 mac-address=E0:98:06:B5:75:1A
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2 network=\
    192.168.1.0
add address=192.168.5.2/24 interface=ether1 network=192.168.5.0
add address=192.168.0.2/24 interface=ether3 network=192.168.0.0
/ip dhcp-client
add comment=defconf default-route-distance=20 dhcp-options=hostname,clientid \
    interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=192.168.1.151 comment="Klima Daikin" mac-address=\
    C0:E4:34:60:97:EB server=defconf
add address=192.168.1.248 client-id=1:88:83:22:f0:30:f9 mac-address=\
    88:83:22:F0:30:F9 server=defconf
add address=192.168.1.120 client-id=1:64:90:c1:12:77:1 comment=\
    "Roborock S5max" mac-address=64:90:C1:12:77:01 server=defconf
add address=192.168.1.158 client-id=1:b8:27:eb:4b:36:a0 mac-address=\
    B8:27:EB:4B:36:A0 server=defconf
add address=192.168.1.152 client-id=1:28:24:ff:71:6d:85 mac-address=\
    28:24:FF:71:6D:85 server=defconf
add address=192.168.1.20 client-id=1:8:0:27:2d:7b:fe mac-address=\
    08:00:27:2D:7B:FE server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=drop chain=forward layer7-protocol="Amazon Update" protocol=tcp \
    src-port=80,443
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip service
set telnet disabled=yes
set ssh disabled=yes
/system clock
set time-zone-name=Europe/Zagreb
/system logging
add topics=wireless,debug
/tool graphing interface
add interface=pppoe-out1
/tool graphing queue
add simple-queue=1EM
add simple-queue="1PM bojler Filip "
add simple-queue="1PM bojler mater "
add simple-queue="Galaxy J7"
add simple-queue="Main Queue"
add simple-queue="Plug S"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool traffic-monitor
add interface=bridge name=tmon1 
 
User avatar
AdminAdmin123
just joined
Posts: 15
Joined: Thu May 20, 2021 12:51 pm
Location: Milano, Italy

Re: One more Basic ISP Failover pppoe+wan

Thu May 20, 2021 5:10 pm

Is it me or I don't see on your export
/ip route
?
or maybe can you print your routing table to see how you make the failover
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: One more Basic ISP Failover pppoe+wan

Fri May 21, 2021 10:27 am

Read all posts...

The configuration do not need any route because are create accordingly to login on pppoe and getting settings from dhcp client
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: One more Basic ISP Failover pppoe+wan

Fri May 21, 2021 10:29 am

...how you make the failover...

/ip dhcp-client set [find] default-route-distance=20
/interface pppoe-client set [find] default-route-distance=10
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: One more Basic ISP Failover pppoe+wan

Fri May 21, 2021 1:44 pm

check-gateway=ping on the primary wan, will allow the router to detect when it is not available and then the router will go to the next available route in Table main.
It will keep checking and when it comes back on line will switch back to the primary ISP.
 
OuttaControl
just joined
Topic Author
Posts: 8
Joined: Fri Jan 29, 2021 6:41 pm

Re: One more Basic ISP Failover pppoe+wan

Sun May 23, 2021 12:12 am

Still not working, I added:
/ip route
add check-gateway=ping comment="Primary Default Route - Midco" distance=1 \
    gateway=pppoe-out1
But ot defaults to 0.0.0.0, I googled but I am not allowed to add custom ip for check ping, I see that is feature request from 10 years ago :)

Any more ideas, or should I try with netwatch as that option is mentioned.
# may/22/2021 23:07:35 by RouterOS 6.45.9
# software id = H8IP-FT07
#
# model = RBD52G-5HacD2HnD
# serial number = D7160D9D7422
/interface bridge
add admin-mac=08:55:31:5E:37:13 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country="united states" disabled=no distance=indoors frequency=auto \
    installation=indoor mode=ap-bridge ssid=Vulisha wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country="united states" disabled=no distance=indoors \
    frequency=auto installation=indoor mode=ap-bridge ssid="Vulisha 5GHz" \
    wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name="Amazon Update" regexp="^.+d1s31zyz7dcc2d.cloudfront.net.*\$|^.+amzdi\
    gital-a.akamaihd.net.*\$|^.+amzdigitaldownloads.edgesuite.net.*\$|^.+updat\
    es.amazon.com.*\$|^.+softwareupdates.amazon.com.*\$"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.1.150-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=8h name=defconf
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none \
    stop-bits=1
/interface ppp-client
add apn=internet name=ppp-out1 port=usb1
/interface pppoe-client
add add-default-route=yes default-route-distance=10 disabled=no interface=\
    ether1 max-mru=1480 max-mtu=1480 name=pppoe-out1 profile=\
    default-encryption user=frankvul
/queue simple
add burst-limit=768k/0 burst-threshold=768k/0 burst-time=1s/0s limit-at=\
    768k/0 max-limit=768k/0 name="Main Queue" target=192.168.1.0/24
add name="1PM bojler Filip " parent="Main Queue" target=192.168.1.30/32
add name="1PM bojler mater " parent="Main Queue" target=192.168.1.31/32
add name=1EM parent="Main Queue" target=192.168.1.40/32
add name="Plug S" parent="Main Queue" target=192.168.1.50/32
add max-limit=128k/2M name="Galaxy J7" parent="Main Queue" target=\
    192.168.1.248/32
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add comment=defconf disabled=yes interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
add interface=ether3 list=WAN
/interface wireless access-list
add interface=wlan1 mac-address=C0:E4:34:60:97:EB
add interface=wlan1 mac-address=D0:37:45:71:EF:71
add interface=wlan1 mac-address=20:F4:78:27:02:34
add interface=wlan1 mac-address=F4:CF:A2:E3:AC:72
add interface=wlan1 mac-address=E0:98:06:B5:75:1A
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2 network=\
    192.168.1.0
add address=192.168.5.2/24 interface=ether1 network=192.168.5.0
add address=192.168.0.2/24 interface=ether3 network=192.168.0.0
/ip dhcp-client
add comment=defconf default-route-distance=20 dhcp-options=hostname,clientid \
    interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=192.168.1.151 comment="Klima Daikin" mac-address=\
    C0:E4:34:60:97:EB server=defconf
add address=192.168.1.248 client-id=1:88:83:22:f0:30:f9 mac-address=\
    88:83:22:F0:30:F9 server=defconf
add address=192.168.1.120 client-id=1:64:90:c1:12:77:1 comment=\
    "Roborock S5max" mac-address=64:90:C1:12:77:01 server=defconf
add address=192.168.1.158 client-id=1:b8:27:eb:4b:36:a0 mac-address=\
    B8:27:EB:4B:36:A0 server=defconf
add address=192.168.1.152 client-id=1:28:24:ff:71:6d:85 mac-address=\
    28:24:FF:71:6D:85 server=defconf
add address=192.168.1.20 client-id=1:8:0:27:2d:7b:fe mac-address=\
    08:00:27:2D:7B:FE server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=drop chain=forward layer7-protocol="Amazon Update" protocol=tcp \
    src-port=80,443
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip route
add check-gateway=ping comment="Primary Default Route - Midco" distance=1 \
    gateway=pppoe-out1
/ip service
set telnet disabled=yes
set ssh disabled=yes
/system clock
set time-zone-name=Europe/Zagreb
/system logging
add topics=wireless,debug
/tool graphing interface
add interface=pppoe-out1
/tool graphing queue
add simple-queue=1EM
add simple-queue="1PM bojler Filip "
add simple-queue="1PM bojler mater "
add simple-queue="Galaxy J7"
add simple-queue="Main Queue"
add simple-queue="Plug S"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool traffic-monitor
add interface=bridge name=tmon1
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: One more Basic ISP Failover pppoe+wan

Sun May 23, 2021 12:46 am

do you deliberatly do not provide DNS to your devices?
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
missing: dns-server=192.168.1.1 ???


the IP must go on bridge, not on ether2, if etehr2 is on bridge:
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2 network=192.168.1.0

this IP can cause conflict, remove (or disable) it
/ip address
add address=192.168.0.2/24 interface=ether3 network=192.168.0.0

if WAN / failover is on ether3, why dhcp client is on ether1 ???
/ip dhcp-client
add comment=defconf default-route-distance=20 dhcp-options=hostname,clientid interface=ether1 use-peer-dns=no

set this to "none" (on pppoe-client do not work as expected)
/interface detect-internet
set detect-interface-list=all


remove this, is useless until all other settings are changed
/ip route
add check-gateway=ping comment="Primary Default Route - Midco" distance=1 gateway=pppoe-out1
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: One more Basic ISP Failover pppoe+wan

Sun May 23, 2021 2:14 am

Same observations.................. here.
I am not familiar with pppoe

Modify the current ppoe client (get rid of all the junk added) so it looks like the standard setup
{generic example}
/interface pppoe-client
add name=pppoe-out1 user=user password=passwd interface=ether1\
service-name=internet disabled=no

Delete any routes you made so its clean.
Anything with AS !!! as the first entry for example

In the DHCP client settings
DELETE the current entry,
Then create a new one,
for interface enter /select pppoe-out1
Do not check peer dns or peer ntp
Do set default route to YES!


Since your WAN2 seems to be a fixed wanip coming in on ether3 using the IP Address there is OK.
But here you will need to manually add an IP route.

destination will be 0.0.0.0 gateway will be 192.168.0.1

Now post your config (after you also fix the items pointed out............ DNS and bridge vice ether2)
/export hide-sensitive file=anynameyouwish
 
OuttaControl
just joined
Topic Author
Posts: 8
Joined: Fri Jan 29, 2021 6:41 pm

Re: One more Basic ISP Failover pppoe+wan

Mon May 24, 2021 1:03 am

Answers in red:
do you deliberatly do not provide DNS to your devices?
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
missing: dns-server=192.168.1.1 ???

added

the IP must go on bridge, not on ether2, if etehr2 is on bridge:
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2 network=192.168.1.0

fixed

this IP can cause conflict, remove (or disable) it
/ip address
add address=192.168.0.2/24 interface=ether3 network=192.168.0.0

I prefer that to be fixed, it is fine router on ether3 only leases from 0.150 to 254 so no conflict possible

if WAN / failover is on ether3, why dhcp client is on ether1 ???
/ip dhcp-client
add comment=defconf default-route-distance=20 dhcp-options=hostname,clientid interface=ether1 use-peer-dns=no

dhcp client on ether 1 was disabled, I deleted it in new export

set this to "none" (on pppoe-client do not work as expected)
/interface detect-internet
set detect-interface-list=all

Is thst necessary? I like that feature it actually works well it pings cloud.mikrotik.com, and it detects properly. I would guess it is only informational not functional and does not cause problems?

remove this, is useless until all other settings are changed
/ip route
add check-gateway=ping comment="Primary Default Route - Midco" distance=1 gateway=pppoe-out1
Removed
Answers in red as well:
Same observations.................. here.
I am not familiar with pppoe

Modify the current ppoe client (get rid of all the junk added) so it looks like the standard setup
{generic example}
/interface pppoe-client
add name=pppoe-out1 user=user password=passwd interface=ether1\
service-name=internet disabled=no

I need MTU stuff, ISP selects wrong value by default for some reason

Delete any routes you made so its clean.
Anything with AS !!! as the first entry for example
Done.

In the DHCP client settings
DELETE the current entry,
Then create a new one,
for interface enter /select pppoe-out1
Do not check peer dns or peer ntp
Do set default route to YES!

I use Mikrotk as default DHCP server, device on PPPoE is very dumb ISP router and prefer not to use it as DHCP, or anything else matter a fact, i use it only to connect to internet and for phone. If I could I would get rid of it completely, but it is not possible unfortunately.

Since your WAN2 seems to be a fixed wanip coming in on ether3 using the IP Address there is OK.
But here you will need to manually add an IP route.

destination will be 0.0.0.0 gateway will be 192.168.0.1

Added with distsnce 20 as pppoe is distance 10, hope that is intended added check ping as well

Now post your config (after you also fix the items pointed out............ DNS and bridge vice ether2)
/export hide-sensitive file=anynameyouwish
So I have this now
# may/23/2021 23:53:36 by RouterOS 6.45.9
# software id = H8IP-FT07
#
# model = RBD52G-5HacD2HnD
# serial number = D7160D9D7422
/interface bridge
add admin-mac=08:55:31:5E:37:13 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country="united states" disabled=no distance=indoors frequency=auto \
    installation=indoor mode=ap-bridge ssid=Vulisha wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country="united states" disabled=no distance=indoors \
    frequency=auto installation=indoor mode=ap-bridge ssid="Vulisha 5GHz" \
    wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name="Amazon Update" regexp="^.+d1s31zyz7dcc2d.cloudfront.net.*\$|^.+amzdi\
    gital-a.akamaihd.net.*\$|^.+amzdigitaldownloads.edgesuite.net.*\$|^.+updat\
    es.amazon.com.*\$|^.+softwareupdates.amazon.com.*\$"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.1.150-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=8h name=defconf
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none \
    stop-bits=1
/interface ppp-client
add apn=internet name=ppp-out1 port=usb1
/interface pppoe-client
add add-default-route=yes default-route-distance=10 disabled=no interface=\
    ether1 max-mru=1480 max-mtu=1480 name=pppoe-out1 profile=\
    default-encryption user=frankvul
/queue simple
add burst-limit=768k/0 burst-threshold=768k/0 burst-time=1s/0s limit-at=\
    768k/0 max-limit=768k/0 name="Main Queue" target=192.168.1.0/24
add name="1PM bojler Filip " parent="Main Queue" target=192.168.1.30/32
add name="1PM bojler mater " parent="Main Queue" target=192.168.1.31/32
add name=1EM parent="Main Queue" target=192.168.1.40/32
add name="Plug S" parent="Main Queue" target=192.168.1.50/32
add max-limit=128k/2M name="Galaxy J7" parent="Main Queue" target=\
    192.168.1.248/32
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add comment=defconf disabled=yes interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
add interface=ether3 list=WAN
/interface wireless access-list
add interface=wlan1 mac-address=C0:E4:34:60:97:EB
add interface=wlan1 mac-address=D0:37:45:71:EF:71
add interface=wlan1 mac-address=20:F4:78:27:02:34
add interface=wlan1 mac-address=F4:CF:A2:E3:AC:72
add interface=wlan1 mac-address=E0:98:06:B5:75:1A
/ip address
add address=192.168.5.2/24 interface=ether1 network=192.168.5.0
add address=192.168.0.2/24 interface=ether3 network=192.168.0.0
add address=192.168.1.1/24 interface=bridge network=192.168.1.0
/ip dhcp-server lease
add address=192.168.1.151 comment="Klima Daikin" mac-address=\
    C0:E4:34:60:97:EB server=defconf
add address=192.168.1.248 client-id=1:88:83:22:f0:30:f9 mac-address=\
    88:83:22:F0:30:F9 server=defconf
add address=192.168.1.120 client-id=1:64:90:c1:12:77:1 comment=\
    "Roborock S5max" mac-address=64:90:C1:12:77:01 server=defconf
add address=192.168.1.158 client-id=1:b8:27:eb:4b:36:a0 mac-address=\
    B8:27:EB:4B:36:A0 server=defconf
add address=192.168.1.152 client-id=1:28:24:ff:71:6d:85 mac-address=\
    28:24:FF:71:6D:85 server=defconf
add address=192.168.1.20 client-id=1:8:0:27:2d:7b:fe mac-address=\
    08:00:27:2D:7B:FE server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8,192.168.1.1
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=drop chain=forward layer7-protocol="Amazon Update" protocol=tcp \
    src-port=80,443
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip route
add check-gateway=ping distance=20 gateway=192.168.0.1
/ip service
set telnet disabled=yes
set ssh disabled=yes
/system clock
set time-zone-name=Europe/Zagreb
/system logging
add topics=wireless,debug
/tool graphing interface
add interface=pppoe-out1
/tool graphing queue
add simple-queue=1EM
add simple-queue="1PM bojler Filip "
add simple-queue="1PM bojler mater "
add simple-queue="Galaxy J7"
add simple-queue="Main Queue"
add simple-queue="Plug S"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool traffic-monitor
add interface=bridge name=tmon1

Heey it seems to be working now, thanks guys! I will monitor it for few more days but it seems good!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: One more Basic ISP Failover pppoe+wan

Mon May 24, 2021 3:36 am

My apologies for earlier comments I have since read up on how hte pppoe client is setup so have a better appreciation of what you are attempting to do!

Upon review items.

(1) why is ether 3 disabled?
/interface bridge port
add comment=defconf disabled=yes interface=ether3

(2) Recommend setting to NONE
/interface detect-internet
set detect-interface-list=all

(3) The address for your ppoe interface makes no sense, did you add it?
All the magic is one in the pppoe client.
Remove this address attached to ether 1
/ip address
add address=192.168.5.2/24 interface=ether1 network=192.168.5.0

(4) where I want to focus is your IP routes.
All that is showing in your config is the following
/ip route
add check-gateway=ping distance=20 gateway=192.168.0.1

So one cannot get a sense what is really occurring,
What I need for you to do is take a jpeg of your routes
Just be careful to hide numbers, I am providing an example so you know what I mean.
See how the actual IP address info is covered up!!!
You do not have the required permissions to view the files attached to this post.
 
OuttaControl
just joined
Topic Author
Posts: 8
Joined: Fri Jan 29, 2021 6:41 pm

Re: One more Basic ISP Failover pppoe+wan

Mon May 24, 2021 11:27 pm

My apologies for earlier comments I have since read up on how hte pppoe client is setup so have a better appreciation of what you are attempting to do!

Upon review items.

(1) why is ether 3 disabled?
/interface bridge port
add comment=defconf disabled=yes interface=ether3

Ether 2 is disabled, as per previous comments, I do not use it at this moment.

(2) Recommend setting to NONE
/interface detect-internet
set detect-interface-list=all
I prefer that feature on as I use it for fast and quick check is internet down from mobile app https://ibb.co/xDpP07n
It works good.


(3) The address for your ppoe interface makes no sense, did you add it?
All the magic is one in the pppoe client.
Remove this address attached to ether 1
/ip address
add address=192.168.5.2/24 interface=ether1 network=192.168.5.0
Is that necessary to remove? I want to have access to that ISP router, and default network of that router is 192.168.5.0 I did not find easier way to be able to access that device/network

(4) where I want to focus is your IP routes.
All that is showing in your config is the following
/ip route
add check-gateway=ping distance=20 gateway=192.168.0.1

So one cannot get a sense what is really occurring,
What I need for you to do is take a jpeg of your routes
Just be careful to hide numbers, I am providing an example so you know what I mean.
See how the actual IP address info is covered up!!!
https://ibb.co/ZMRv4x9
I didn't even need to cover IP as it is changed on every DSL. downlink, and that is more than often :D

So to sum up todays situation:
Failover now WORKS, and thanks a lot guys on that, but it is quite slow, it takes sometimes over 30 seconds to switch from pppoe to WAN. I found this script as alternative :
/tool netwatch
add disabled=no down-script="/interface ethernet disable ether1 \n\r\n /interface ethernet enable ether1" host=172.16.0.1 interval=00:00:05 timeout=1s up-script=""
I wonder would that be better option than check-gateway? It seems as bit dirty solution :)

Who is online

Users browsing this forum: h1ghrise and 38 guests