I know there are a few posts already about this topic but they are all pretty old with no real solution so started a new one...
Start off with this is what I'm using:
Mikrotik SXT Cat6 International (not US version) with Router OS v7.4
Modem R11e-LTE6 running firmware R11e-LTE6_V033
pfSense SG1100 router as the host
I've followed the documentation https://wiki.mikrotik.com/wiki/Manual:Interface/LTE. I have the management interface on the LAN side and a VLAN for the IP passthrough interface. It all works fine i.e. I get internet on the VLAN and can access the router Web GUI LAN side. However, the IP I'm getting on the VLAN is not the public IP address. The Mikrotik is setting up a DHCP server by default on that interface. I have tried removing the DHPC server but it comes up with a message saying "Couldn't remove DHCP Server <apn1> - not permitted (9)". My understanding is that in passthrough mode the DHCP server is handled by the ISP but could be wrong.
I pasted by setup and removed some private details below. What I find odd is that the DHCP server on the APN is not listed in the export but is certainly there as per the attached screenshots.
Any help would be much appreciated.
Code: Select all
#
jul/21/2022 13:41:10 by RouterOS 7.4
# software id = 1827-3KL9
#
# model = RBSXTR
# serial number = XXXXXXXXXXXX
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf disabled=yes name=bridge
/interface lte
set [ find ] allow-roaming=no band="" name=lte1 network-mode=3g,lte
/interface vlan
add interface=ether1 name=LTE-WAN2 vlan-id=2
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] apn=yesinternet ip-type=ipv4 name=apn1 passthrough-interface=LTE-WAN2 passthrough-mac=XX:XX:XX:XX:XX:XX use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=yes interface=bridge name=defconf
/interface ppp-client
add apn=internet name=ppp-out1 port=usb1
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether1
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=10.10.1.8/24 comment=userconf interface=ether1 network=10.10.1.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=10.10.1.0/24 comment=defconf dns-server=192.168.88.1 gateway=10.10.1.8 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=10.10.1.8 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Australia/Melbourne
