Community discussions

MikroTik App
  4. RouterOS
  5. General

LHG LTE Kit - Passthrough getting address but no internet with more WAN's

Post Reply
 
User avatar
gglanzer
just joined
Topic Author
Posts: 11
Joined: Sat Jan 28, 2017 6:27 pm
Location: Austria

LHG LTE Kit - Passthrough getting address but no internet with more WAN's

Sun Mar 17, 2019 12:53 pm

As soon as I want to use the original Mikrotik LTE antenna, a connection - tested by means of ping - does not work on ether3.
When I plug in a Huawei modem in bridge mode, the connection works as expected.
However, if I deactivate the ether5 interface, the connection works via ether3! ???

I have now posted the two scenarios as graphics here. Maybe someone can help me that ALL connections work?

Here works all connections without "ether3"
Image

when i deactivate "ether5" then "ether3" will work - i dont understand this.
Image

My LHG LTE Kit ist in passthrough-mode
Top
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: LHG LTE Kit - Passthrough getting address but no internet with more WAN's

Sun Mar 17, 2019 10:50 pm

I might be in similar boat as you are. Your LTE is on ROS 6.43+ right?
in case 1 (not working) when you ping the gateway (10.177.0.1) what do you see in your ARP table for that ip?

In case 2 (working), I see 2 routes over ether3, what are their full details (/ip route print detail)?
0/0 -> 10.177.0.1 dist=10
0/0 -> ether3 dist=15
Top
 
User avatar
gglanzer
just joined
Topic Author
Posts: 11
Joined: Sat Jan 28, 2017 6:27 pm
Location: Austria

Re: LHG LTE Kit - Passthrough getting address but no internet with more WAN's

Mon Mar 18, 2019 9:05 am

Thanks for help,

my LHG LTE Kit will run under ROS 6.44 (at the moment).
When i ping (in case1) the gateway the arp table look fine:

Image
Last edited by gglanzer on Mon Mar 18, 2019 11:29 am, edited 1 time in total.
Top
 
User avatar
gglanzer
just joined
Topic Author
Posts: 11
Joined: Sat Jan 28, 2017 6:27 pm
Location: Austria

Re: LHG LTE Kit - Passthrough getting address but no internet with more WAN's

Mon Mar 18, 2019 11:27 am

At the moment i have changed the ether5 to FIX IP with Static route instead of DHCP-Client
Only 1 DHCP Client from ether3 will now activated

This is the routing table from case1:
Code: Select all
> /ip route print detail without-paging 
 0 A S  dst-address=0.0.0.0/0 gateway=ether2 gateway-status=ether2 reachable distance=15 scope=30 target-scope=10 routing-mark=A1.net
 1 A S  dst-address=0.0.0.0/0 gateway=ether4 gateway-status=ether4 reachable distance=15 scope=30 target-scope=10 routing-mark=LTE
 2 A S  dst-address=0.0.0.0/0 gateway=80.120.135.65 gateway-status=80.120.135.65 reachable via  ether5 distance=1 scope=30 target-scope=10
 3  DS  dst-address=0.0.0.0/0 gateway=10.177.0.1 gateway-status=10.177.0.1 reachable via  ether3 distance=15 scope=30 target-scope=10 vrf-interface=ether3
 4  DS  dst-address=0.0.0.0/0 gateway=A1-NET gateway-status=A1-NET reachable distance=20 scope=30 target-scope=10
 5 A S  dst-address=10.0.0.0/23 gateway=80.120.135.65 gateway-status=80.120.135.65 reachable via  ether5 distance=1 scope=30 target-scope=10
 6 ADC  dst-address=10.177.0.1/32 pref-src=90.152.152.198 gateway=ether3 gateway-status=ether3 reachable distance=0 scope=10
 7 ADC  dst-address=46.75.106.152/31 pref-src=46.75.106.153 gateway=ether4 gateway-status=ether4 reachable distance=0 scope=10
 8 ADC  dst-address=80.120.135.64/26 pref-src=80.120.135.100 gateway=ether5 gateway-status=ether5 reachable distance=0 scope=10
 9 ADC  dst-address=91.114.143.254/32 pref-src=91.114.140.113 gateway=A1-NET gateway-status=A1-NET reachable distance=0 scope=10
10 ADC  dst-address=178.113.192.24/31 pref-src=178.113.192.24 gateway=ether2 gateway-status=ether2 reachable distance=0 scope=10

This is the routing table from case2:
Code: Select all
> /ip route print detail without-paging 
 0 A S  dst-address=0.0.0.0/0 gateway=ether2 gateway-status=ether2 reachable distance=15 scope=30 target-scope=10 routing-mark=A1.net
 1 A S  dst-address=0.0.0.0/0 gateway=ether4 gateway-status=ether4 reachable distance=15 scope=30 target-scope=10 routing-mark=LTE
 2   S  dst-address=0.0.0.0/0 gateway=80.120.135.65 gateway-status=80.120.135.65 unreachable distance=1 scope=30 target-scope=10
 3 ADS  dst-address=0.0.0.0/0 gateway=10.177.0.1 gateway-status=10.177.0.1 reachable via  ether3 distance=15 scope=30 target-scope=10 vrf-interface=ether3
 4  DS  dst-address=0.0.0.0/0 gateway=A1-NET gateway-status=A1-NET reachable distance=20 scope=30 target-scope=10
 5   S  dst-address=10.0.0.0/23 gateway=80.120.135.65 gateway-status=80.120.135.65 unreachable distance=1 scope=30 target-scope=10
 6 ADC  dst-address=10.177.0.1/32 pref-src=90.152.152.198 gateway=ether3 gateway-status=ether3 reachable distance=0 scope=10
 7 ADC  dst-address=46.75.106.152/31 pref-src=46.75.106.153 gateway=ether4 gateway-status=ether4 reachable distance=0 scope=10
 8 ADC  dst-address=91.114.143.254/32 pref-src=91.114.140.113 gateway=A1-NET gateway-status=A1-NET reachable distance=0 scope=10
 9 ADC  dst-address=178.113.192.24/31 pref-src=178.113.192.24 gateway=ether2 gateway-status=ether2 reachable distance=0 scope=10

Under "detail" is see at ether3 [vrf-interface=ether3] option ?? Whats this? i have no set this.
This may be the problem why it does not work ...
Top
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: LHG LTE Kit - Passthrough getting address but no internet with more WAN's

Tue Mar 19, 2019 9:58 am

Hey

Thanks for the info. I'm in similar boat as:
* lte client is on 6.42.12
* when I upgrade to 6.43+ on SXT LTE kit, after a while I'm no longer able to communicate over passthrough interface.

Note:
in 6.43 Mikrotik upgraded the pass-through interface to a point-to-point config, with /32 addresses, the lte one is fixed to 10.177.0.1/32.
Upto 6.42 it was still a /30 (or wider) network with "normal" routing

In my case system is unable to resolve gateway ip (10.177.0.1/32) to arp address: it's sending arp request on proper interface but sxt lte kit is not responding, as observed by packet capture.

Wrt to VRF (=Virtual Routing and Forwarding) it is a feacture to isolate routing entries / support multiple routing configurations.
I'm still reading up on VRF, whether it is a problem here / might be a solution for my issue.
Top
 
User avatar
gglanzer
just joined
Topic Author
Posts: 11
Joined: Sat Jan 28, 2017 6:27 pm
Location: Austria

Re: LHG LTE Kit - Passthrough getting address but no internet with more WAN's

Tue Mar 19, 2019 1:01 pm

How did you integrate your antenna without Passthrough then with you?
Could you please send me your config from the antenna?
Top
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: LHG LTE Kit - Passthrough getting address but no internet with more WAN's

Tue Mar 19, 2019 10:01 pm

I am using passthrough but with 6.42.12: there the dhcp is still handing out a /30 (or wider) and the problem doesn't occur.

My config is almost default, with minimal mods:
Code: Select all
# mar/19/2019 20:27:48 by RouterOS 6.42.12
# model = RBSXTR
/interface lte
set [ find ] mac-address=AC:FF:FF:00:00:00 mtu=1500 name=lte1
/interface vlan
add interface=ether1 name=vlan89 vlan-id=89
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] apn=internet.proximus.be passthrough-interface=ether1 passthrough-mac=auto
/ip ipsec proposal
set [ find default=yes ] disabled=yes
/queue tree
add max-limit=40M name=down-link packet-mark=no-mark parent=ether1 queue=hotspot-default
/system logging action
set 3 remote=192.168.90.99 src-address=192.168.89.254
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set ip-forward=no rp-filter=strict tcp-syncookies=yes
/interface list member
add comment=defconf interface=vlan89 list=LAN
add comment=defconf interface=lte1 list=WAN
add interface=ether2 list=LAN
/ip address
add address=192.168.89.254/24 interface=vlan89 network=192.168.89.0
add address=192.168.88.254/24 interface=ether2 network=192.168.88.0
/ip cloud
set update-time=no
/ip dns
set max-concurrent-queries=200 max-udp-packet-size=512 servers=192.168.89.1
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes ipsec-policy=out,none out-interface-list=\
    WAN
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip ipsec policy
set 0 disabled=yes
/ip route
add distance=1 gateway=192.168.89.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/snmp
set trap-generators=*ABC0002,*ABC0002
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Brussels
/system identity
set name=ltegw
/system leds
# using RSRP, modem-signal-treshold ignored
set 0 interface=lte1
/system logging
add action=remote topics=critical
add action=remote topics=error
add action=remote topics=info
add action=remote topics=warning
/system ntp client
set enabled=yes primary-ntp=192.168.90.1
/system package update
set channel=long-term
/system watchdog
set auto-send-supout=yes send-email-from=root@firewall.home send-email-to=root@vault.home send-smtp-server=192.168.90.99
/tool bandwidth-server
set enabled=no
/tool e-mail
set address=192.168.90.99 from=root@firewall.home
/tool graphing
set store-every=24hours
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
/tool netwatch
add down-script=":log error message=\"Netwatch: loss of lte1, recycling\"\r\
    \n/interface lte disable lte1\r\
    \n:delay 5\r\
    \n/interface lte enable lte1" host=208.67.222.222
Top
 
User avatar
gglanzer
just joined
Topic Author
Posts: 11
Joined: Sat Jan 28, 2017 6:27 pm
Location: Austria

Re: LHG LTE Kit - Passthrough getting address but no internet with more WAN's

Wed Mar 20, 2019 7:54 pm

on my LHG there is only ether1 and lte1
Top
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: LHG LTE Kit - Passthrough getting address but no internet with more WAN's

Fri Mar 22, 2019 4:52 pm

With regards to your original issue, post config of the router / 1036: /export hide-sensitive compact.

For info: I was able to resolve my issue. It was / is (as from 6.43) a bug in pass-through implementation using routing info for pass-though traffic decision. Because of that rp-filter was erroneously filtering traffic from pass-through client host.
Code: Select all
/ip settings
rp-filter=loose
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], llamajaja, TikYAN and 106 guests
  4. RouterOS
  5. General