Hi All
I've got a hEX as my main router and firewall which links to an ISPs router, via ether1. I then have a secondary LTE router, which I link via passthrough, as a failover and to route 3CX via, via ether2.
The little dilemma I'm sitting with is, I want to route all 3CX traffic out over the LTE "port" but have to specify a gateway IP as it does not like "ether2". Problem is the LTE IP obviously changes from time to time.
Is there a dynamic way to set up this routing?
Thanks,
R
Re: Static route to dynamic IP?
Add DHCP client onto the interface to the LTE router, and select the option to add default route.
You do not have the required permissions to view the files attached to this post.
Re: Static route to dynamic IP?
Thanks aesmith, I've already got that enabled and it does create a dynamic route, but that gateway IP changes with the LTE connection every time it relinks.
The only "constant" is "ether2" but it does not like sending traffic to a port instead of an IP.
The only "constant" is "ether2" but it does not like sending traffic to a port instead of an IP.
Re: Static route to dynamic IP?
From what I read I am confused - in Mikrotik configuration, an interface name is perfectly fine as a gateway of a route, except that it depends on additional factors whether such a route actually works or not, but that's apparently not the issue you deal with as you say "it does not like it".
Could it be that it is the 3CX itself where you want to configure the gateway at and, and then of course "ether2" has no local meaning? Or "doesn't like it" is indeed related to the Mikrotik but in terms that you can configure ether2 as a gateway but no traffic actually passes through in such case?
There is a solution to any of these cases, but a different one for each
Could it be that it is the 3CX itself where you want to configure the gateway at and, and then of course "ether2" has no local meaning? Or "doesn't like it" is indeed related to the Mikrotik but in terms that you can configure ether2 as a gateway but no traffic actually passes through in such case?
There is a solution to any of these cases, but a different one for each
Re: Static route to dynamic IP?
Thanks Sindy and apologies, could have explained that a tad better. The hEX accepts me inserting "ether2" (and I distinctly recall it working in the past on other projects), but when I try and do it now it simply stops routing any traffic to the server (traceroute shows traffic routing via Fibre link and not LTE).
Why would it do that?
Why would it do that?
Re: Static route to dynamic IP?
If you point a route out of a multipoint interface like Ethernet, the router is no way of knowing which device on that Ethernet should be the next hop. Not a problem with point-to-point interfaces like PPPoE or L2TP where there's only one device reachable.
I don't have my LTE in passthrough, it's handled by a separate router, and looking there it seems to see the LTE as point-to-point and just route via the interface. I don't see a next hop.
If you shutdown your ether2, and bring it back up, does the LTE router dish out an actual gateway address?
I don't have my LTE in passthrough, it's handled by a separate router, and looking there it seems to see the LTE as point-to-point and just route via the interface. I don't see a next hop.
If you shutdown your ether2, and bring it back up, does the LTE router dish out an actual gateway address?
Re: Static route to dynamic IP?
Is 3CX traffic using specific dest port ?
Maybe you can mark the traffic and do the LTE route.
Maybe you can mark the traffic and do the LTE route.
Re: Static route to dynamic IP?
The thing is that if you make an L2 port a gateway of a route, the router sends an ARP request down that port, asking for the MAC address of the actual destination IP address. Some routers (like Cisco by default) respond to such an ARP request with their own MAC address if they have a route to the destination IP address. Mikrotik can do that too if you set the arp property of the corresponding interface to proxy-arp, so if your LTE router in passthrough mode is a Mikrotik one, this could be a way (but I have actually never tried to configure arp=proxy-arp on an interface used for LTE passthrough, so it may be just wishful thinking). If it is another brand, this is not the way.Why would it do that?
An approach that will always work is to use the script item of the DHCP server to update the gateway item of all the routes you need to use the LTE path, something like (not tested!)
Code: Select all
:if ($bound=1) do={
:local lteFlagRoute [/ip route find where comment~"LTE flag route"]
:if ([/ip route get $lteFlagRoute gateway] != $"gateway-address") do={
:foreach lteRoute in=[/ip route find where comment~"LTE"] do={
/ip route set $lteRooute gateway=$"gateway-address"
}
}
}
Re: Static route to dynamic IP?
aesmith, yes it does. So when I enable the port, I get an address entry with presumably the WAN IP from the ISP and a "network" IP which is 3 numbers lower than the WAN IP (WAN=41.145.2.219, Network=41.145.2.216). I also get a Dynamic route with the same "network" IP, 41.145.2.216/29 to ether2.
Come to think of it, the last time I used proxy-arp and static routing to an interface, it was when I was still using L2TP a lot.
Theoretically the same should apply for the passthrough then, as it is just a point to point connection between the LTE router (wAP) and the main router (hEX). That being said, the proxy arp trick is not seeming like it wants to work. I've set it on ether2 and then changed my route to point to "ether2" but I then get host unreachable from my WAN IP (currently 41.145.2.219)
patrikg, it uses UDP 5060, but how would marking this traffic help me route it to a dynamic IP?
Come to think of it, the last time I used proxy-arp and static routing to an interface, it was when I was still using L2TP a lot.
Theoretically the same should apply for the passthrough then, as it is just a point to point connection between the LTE router (wAP) and the main router (hEX). That being said, the proxy arp trick is not seeming like it wants to work. I've set it on ether2 and then changed my route to point to "ether2" but I then get host unreachable from my WAN IP (currently 41.145.2.219)
patrikg, it uses UDP 5060, but how would marking this traffic help me route it to a dynamic IP?
Re: Static route to dynamic IP?
You would have to activate proxy-arp on the LTE router connected to ether2, not on ether2 of the hEX itself.the proxy arp trick is not seeming like it wants to work. I've set it on ether2 and then changed my route to point to "ether2" but I then get host unreachable from my WAN IP (currently 41.145.2.219)
Re: Static route to dynamic IP?
There can be a performance hit as well, since the router would have to ARP for every single IP address it needs to send to on the Internet. Even though the answer will always be the same. Whereas normally it would ARP just once for the next hop gateway address and use that for everything.
Thinking about ARP, since the MAC address of the LTE router won't change, could something be done with a manual static ARP entry? Or some script using RARP to resolve the current IP address and re-write the route?
Going back to the actual behaviour, when the LTE reconnects does it leave the actual address assigned to ether2 unchanged, and therefore incorrect? Incorrect address on the interface is going to screw up NAT. Or does it update the interface but not the route?
In your example your interface ether2 is assigned 41.145.2.219/29, and as a direct effect a connected route to 41.145.2.216/29 is created. What is the next hop gateway address assigned by DHCP client, and used for the Internet route 0.0.0.0/0.
.
Thinking about ARP, since the MAC address of the LTE router won't change, could something be done with a manual static ARP entry? Or some script using RARP to resolve the current IP address and re-write the route?
Going back to the actual behaviour, when the LTE reconnects does it leave the actual address assigned to ether2 unchanged, and therefore incorrect? Incorrect address on the interface is going to screw up NAT. Or does it update the interface but not the route?
In your example your interface ether2 is assigned 41.145.2.219/29, and as a direct effect a connected route to 41.145.2.216/29 is created. What is the next hop gateway address assigned by DHCP client, and used for the Internet route 0.0.0.0/0.
.
Re: Static route to dynamic IP?
It's not so much of a performance issue as a memory issue as the router has to store thousands of 12-byte values indexed by 4-byte ones, probably in some b-tree to facilitate a fast search-through.
As for a static ARP record, I've thought about it too and I did test it in some weird scenarios, but the key is that in order that a static ARP record was found, the IP address of that record must be within the subnet attached to the corresponding interface. So for that, you need to attach some static address to the interface, and the DHCP client adds another one, which is fine until you want to use masquerade because you don't know which of the two address it will choose. Use of src-nat rather than masquerade requires configuration modifications as the DHCP assignment changes, so one way or another you need a script.
When passing through the IP address received from the mobile operator, RouterOS either builds the smallest possible regular CIDR subnet around it (which may be quite huge, think about the smallest possible CIDR subnet holding e.g. 1.2.3.255) and sends an adjacent address from that subnet as a gateway, or, if you set the passthrough-subnet-size to 32, it leases the address from the mobile operator out as a /32 one and provides some random address in 10.0.0.0/8 as the gateway if I remember right. The DHCP client in RouterOS has no problem with such a lease, but the OP has not stated whether the LTE device is a Mikrotik one or some other brand, so this option may not be available.
As for a static ARP record, I've thought about it too and I did test it in some weird scenarios, but the key is that in order that a static ARP record was found, the IP address of that record must be within the subnet attached to the corresponding interface. So for that, you need to attach some static address to the interface, and the DHCP client adds another one, which is fine until you want to use masquerade because you don't know which of the two address it will choose. Use of src-nat rather than masquerade requires configuration modifications as the DHCP assignment changes, so one way or another you need a script.
When passing through the IP address received from the mobile operator, RouterOS either builds the smallest possible regular CIDR subnet around it (which may be quite huge, think about the smallest possible CIDR subnet holding e.g. 1.2.3.255) and sends an adjacent address from that subnet as a gateway, or, if you set the passthrough-subnet-size to 32, it leases the address from the mobile operator out as a /32 one and provides some random address in 10.0.0.0/8 as the gateway if I remember right. The DHCP client in RouterOS has no problem with such a lease, but the OP has not stated whether the LTE device is a Mikrotik one or some other brand, so this option may not be available.
Re: Static route to dynamic IP?
If the LTE router is Mikrotik the easy answer is to use it as a router and not pass through. Use a conventional layer 3 link between main and LTE router without NAT and not necessarily needing firewall either. On the LTE router configure NT and firewall and add a route back to your internal address space via the main router. This is the configuration that I have.
Re: Static route to dynamic IP?
Hi All, sorry for the late response. The LTE router is a Mikrotik (wAP) and originally, I had it set as a normal router and just routed the 3CX traffic to it and it worked fine. I don't however like the fact that I then have to manage 2 firewalls.
I set the proxy-arp on both sides, just to see if it helped (LTE and core router) and it still would not work with me specifying the port name instead of an IP for the gateway.
Fo the time being I'll stick to the "normal" setup, but it would be nice to have this solution for future use.
I set the proxy-arp on both sides, just to see if it helped (LTE and core router) and it still would not work with me specifying the port name instead of an IP for the gateway.
Fo the time being I'll stick to the "normal" setup, but it would be nice to have this solution for future use.
Re: Static route to dynamic IP?
If you set passthrough-subnet-size in the interface lte apn profile on the wAP to 32, the DHCP server that gets created on the wAP in LTE passthrough mode will assign the address provided by the mobile network as a /32 one to the client, and will choose an address from 10.177.0.0/something as the gateway IP. This 10.177. gateway address survives a removal and recreation of the passthrough setting, change of the address provided by the mobile network, and reboot of the wAP. Since Mikrotik as a DHCP client has no problem accepting such a lease, I'd say it this resolves your case.