Community discussions

MikroTik App
 
kekraiser
just joined
Topic Author
Posts: 23
Joined: Sun Mar 14, 2021 12:04 am

Starlink router with Ethernet connection LAN IP conflict

Fri Nov 04, 2022 1:32 am

Hello.

I have a Starlink terminal gen. 2 and want to configure it as second WAN\Internet connection. No automatic fail-over for now, just manual switching port on interface "combo1" with "Combo Mode" selector in WinBox. Starlink Ethernet adapter is used for connecting Starlink router to one of combo ports in Mikrotik router.

It is a two ways to setup ethernet connection for Starlink router:

1. Enable "Bypass Mode" in Starlink router, enable DHCP Client in Mikrotik router. CGNAT IP address from "100.64.0.0/10" subnet (or other) will be received. Starlink router Wi-Fi network and some other usefull stuff and settings are completely disabled and cannot be used from mobile app.

2. Do not enable "Bypass Mode", enable DHCP Client in Mikrotik router. LAN address from "192.168.1.0/24" subnet will be received. Starlink router Wi-Fi and other stuff are available.

For some reasons, I need Starlink router Wi-Fi available, so usage of "Bypass Mode" is not possible. Main issue here is that "192.168.1.0/24" subnet is already used in my router in DHCP Server config. So when I enable DHCP Client on "combo1" interface, and switch the port in "Combo Mode" selector to the one in which the Starlink router is connected, WinBox connection failed and network is going to unusable state. I guess this is due to a subnet or IP address conflict, when a second DHCP server appears on the same subnet and everything goes to hell.

Starlink router does not provide any option to change own DHCP Server IP range, "192.168.1.0/24" is hardcoded.

Obviously, I can move from "192.168.1.0/24" to some other subnet in Mikrotik router, leave this subnet for Starlink router. But I have a lot of other subnets and other configs based on subnets in my router, especially for "192.168.1.0/24", so this migration is going to be very hard.

Is there is some (magic) way to "isolate" Starlink router "192.168.1.0/24" subnet from same Mikrotik router subnet?

Thanks.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Starlink router with Ethernet connection LAN IP conflict

Fri Nov 04, 2022 8:13 pm

There might be, an ugly one. It depends on whether the Starlink accepts packets from devices that have their 192.168.1.x addresses assigned statically rather than obtained from the DHCP server in the Starlink terminal. Can you check that, please? I.e. configure an address from that subnet statically on your PC, connect it to the Starlink, and try to download or ping something in the internet.

If it works, the following would be the next steps:
  • assign some unrelated address&subnet to the WAN interface of the router (the one that will be connected to Starlink) - let's say 192.168.33.2/24, and set a default route with a gateway address within that subnet - 192.168.33.1
  • create a static ARP record, stating that the MAC address of 192.168.33.1 is the one of the Starlink interface (you have to find it it in advance if it is not on the label on the Starlink terminal)
  • set the arp parameter of the WAN interface of the router to proxy-arp, so that when the Starlink interface sends an ARP request for an address from 192.168.1.0/24, your router responds with the MAC address of its WAN interface because it has 192.168.1.0/24 on another interface
  • add an action=src-nat rule with to-addresses=192.168.1.N that differs from any address assigned by the Starlink's DHCP server (no idea whether there is a range within 192.168.1.2-192.168.1.254 from which it doesn't assign addresses to DHCP clients).
It will not be compatible with another IP configuration on the combo port (because whenever the combo port is up, the default route will become active), but it should allow you to use the 192.168.1.0/24 internally and still use the Starlink as an uplink.
 
kekraiser
just joined
Topic Author
Posts: 23
Joined: Sun Mar 14, 2021 12:04 am

Re: Starlink router with Ethernet connection LAN IP conflict

Sun Nov 06, 2022 1:27 am

@sindy thank you for advise, but it looks like too ugly, and seems not working (maybe I fail something during its setup).

Anyway, solved by temporaty enabled bypass mode, have no time for experiments now.

Main goal - usage without bypass mode and active Starlink router - will be reachable soon with "MikroTik hAP ac" as wi-fi bridge and custom DHCP server range.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Starlink router with Ethernet connection LAN IP conflict

Sun Nov 06, 2022 11:37 am

If you can add an additional device with a WiFi interface into the scheme, all possibilities are open - you can use bypass mode to get the 100.64.x.y on the main router's WAN and use the hAP ac as a wireless access point instead of the one on the Starlink router, or you can let the hAP ac get its WAN address from the Starlink router, and give a 192.168.88.x address to the main router, so the two 192.168.1.0/24 networks will not meet on the same router.
 
jrote1
just joined
Posts: 1
Joined: Wed May 31, 2023 4:49 pm

Re: Starlink router with Ethernet connection LAN IP conflict

Wed May 31, 2023 4:53 pm

Hi,
I'm trying to get your suggestion to work but I cannot get it to work, but i'm not able to get a connection. Here's a snippet of the tcp dump for that interface. If you're able to help that would be great

Thanks

Jake
13:51:36.241605 ARP, Request who-has 192.168.33.1 tell 192.168.33.2, length 28
13:51:37.250255 ARP, Request who-has 192.168.33.1 tell 192.168.33.2, length 28
13:51:37.874583 STP 802.1d, Config, Flags [none], bridge-id 8000.30:5a:3a:6f:69:78.8001, length 43
13:51:38.274187 ARP, Request who-has 192.168.33.1 tell 192.168.33.2, length 28
13:51:39.874592 STP 802.1d, Config, Flags [none], bridge-id 8000.30:5a:3a:6f:69:78.8001, length 43
13:51:41.874584 STP 802.1d, Config, Flags [none], bridge-id 8000.30:5a:3a:6f:69:78.8001, length 43
13:51:43.874593 STP 802.1d, Config, Flags [none], bridge-id 8000.30:5a:3a:6f:69:78.8001, length 43
13:51:45.874600 STP 802.1d, Config, Flags [none], bridge-id 8000.30:5a:3a:6f:69:78.8001, length 43
13:51:47.275282 ARP, Request who-has 192.168.33.1 tell 192.168.33.2, length 28
13:51:47.874587 STP 802.1d, Config, Flags [none], bridge-id 8000.30:5a:3a:6f:69:78.8001, length 43
13:51:48.290212 ARP, Request who-has 192.168.33.1 tell 192.168.33.2, length 28
13:51:49.314202 ARP, Request who-has 192.168.33.1 tell 192.168.33.2, length 28
13:51:49.874594 STP 802.1d, Config, Flags [none], bridge-id 8000.30:5a:3a:6f:69:78.8001, length 43
13:51:51.334447 IP 192.168.1.45.48275 > 255.255.255.255.10001: UDP, length 4
13:51:51.874661 STP 802.1d, Config, Flags [none], bridge-id 8000.30:5a:3a:6f:69:78.8001, length 43
13:51:53.874629 STP 802.1d, Config, Flags [none], bridge-id 8000.30:5a:3a:6f:69:78.8001, length 43
13:51:55.874614 STP 802.1d, Config, Flags [none], bridge-id 8000.30:5a:3a:6f:69:78.8001, length 43
13:51:57.874606 STP 802.1d, Config, Flags [none], bridge-id 8000.30:5a:3a:6f:69:78.8001, length 43
13:51:58.303869 ARP, Request who-has 192.168.33.1 tell 192.168.33.2, length 28
13:51:59.330214 ARP, Request who-has 192.168.33.1 tell 192.168.33.2, length 28
13:51:59.874628 STP 802.1d, Config, Flags [none], bridge-id 8000.30:5a:3a:6f:69:78.8001, length 43
13:52:00.354182 ARP, Request who-has 192.168.33.1 tell 192.168.33.2, length 28
There might be, an ugly one. It depends on whether the Starlink accepts packets from devices that have their 192.168.1.x addresses assigned statically rather than obtained from the DHCP server in the Starlink terminal. Can you check that, please? I.e. configure an address from that subnet statically on your PC, connect it to the Starlink, and try to download or ping something in the internet.

If it works, the following would be the next steps:
  • assign some unrelated address&subnet to the WAN interface of the router (the one that will be connected to Starlink) - let's say 192.168.33.2/24, and set a default route with a gateway address within that subnet - 192.168.33.1
  • create a static ARP record, stating that the MAC address of 192.168.33.1 is the one of the Starlink interface (you have to find it it in advance if it is not on the label on the Starlink terminal)
  • set the arp parameter of the WAN interface of the router to proxy-arp, so that when the Starlink interface sends an ARP request for an address from 192.168.1.0/24, your router responds with the MAC address of its WAN interface because it has 192.168.1.0/24 on another interface
  • add an action=src-nat rule with to-addresses=192.168.1.N that differs from any address assigned by the Starlink's DHCP server (no idea whether there is a range within 192.168.1.2-192.168.1.254 from which it doesn't assign addresses to DHCP clients).
It will not be compatible with another IP configuration on the combo port (because whenever the combo port is up, the default route will become active), but it should allow you to use the 192.168.1.0/24 internally and still use the Starlink as an uplink.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Starlink router with Ethernet connection LAN IP conflict

Fri Jun 02, 2023 8:12 pm

The tcpdump shows that you have missed the step of setting up the static ARP ecord for 192.168.33.1 - if it was set, there would be no ARP requests for that address.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Starlink router with Ethernet connection LAN IP conflict

Fri Jun 02, 2023 11:52 pm

Is possible to make the backup of the config (of starkink) and reload it (on starlink)?

If yes, I would try opening the backup file in binary to see if it could be changed somewhere (something similar to) 00FFFFFF0001A8C0 to 00FFFFFF0003A8C0,
(or 180001A8C0 to 180003A8C0)
but in general I don't recommend Triple NAT 100.64.x.x->192.168.3.0/24->192.168.1.0/24....
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Starlink router with Ethernet connection LAN IP conflict

Sat Jun 03, 2023 8:12 am

in general I don't recommend Triple NAT 100.64.x.x->192.168.3.0/24->192.168.1.0/24....
There will be no triple NAT - in fact, there will be no NAT on the 'Tik at all. The whole trick is to make the 'Tik respond with the MAC address of its WAN interface to the ARP requests sent by the Starlink router regarding any address in 192.168.1.0/24 (arp=proxy-arp), and to make it forward packets received from LAN to the Starlink router without having to configure 192.168.1.x/24 on the WAN interface (by configuring the static translation of the bogus gateway address 192.168.33.1 to the MAC address of the LAN interface of the Starlink router).

Of course it is much better to bypass the Starlink router, as on top of getting the 100.64.x.y address on the Mikrotik WAN, you also get a static global /56 IPv6 pool for the Mikrotik, so you can connect to it remotely without need for another router on a public/global address. But that requires an Ethernet port on the Starlink, which is only available as an extra option for the newer kits, unless you want to break the warranty and DIY in an invasive and irreversible manner.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Starlink router with Ethernet connection LAN IP conflict

Sat Jun 03, 2023 6:00 pm

Since starlink is generally CGNAT already, that's kinda the bigger problem than a double-NAT.
Is possible to make the backup of the config (of starkink) and reload it (on starlink)?
LOL. It's more like QuickSet, with even less options. I can add some details here since I'm forced to use these things sometimes.
- There isn't even a reset button – you plug/unplug ~3 times quickly.
- If there is business service, you can add a public IPv4 address. Otherwise isn't CGNAT with a ~5000 port limit (last I checked).
- I don't recall getting an IPv6 address but haven't check in a while. But folks have reported getting a /56 prefix.
- There is a "bypass mode" on the router, that will provide the CGNAT (or public IP if business account) directly to a Mikrotik WAN port. Otherwise, the router's LAN is fixed at 192.168.1.0/24 and unchangeable via app/API/etc. And the DHCP "pool" used for assignment is also unchangeable. The rectangular dish needs a $29 ethernet dongle, the cirlcle and square ones have port/cable include.
- Starlink router LAN's DHCP server does do a liveness check before assignment, so static IP within 192.168.1.0/24 are okay. And will show up in app (e.g. via some ARP table ;)).
- If you enable bypass mode, you lose Wi-Fi from starlink (e.g. since the CGNAT/publicIP getting passthrough to the router).

SO...@sindy's approach should work if followed exactly. BUT I think its usefulness is limited to if you really want to keep 192.168.1.0/24 as your LAN & NOT use bypass mode. Renumbering the Mikrotik LAN to not use 192.168.1.0/24 seem like a better approach in that case...

What I've done in a couple case when using the starlink router's LAN/Wi-Fi, is bridge that to the Mikrotik ethernet's, then use VPN to netmap the 192.168.1.0/24 into the unique private /24 subnet within anlarger network (routed via ZeroTier). This let the starlink deal with LAN/Wi-Fi for small site, but still be connected to other sites within network to see stuff like IoT/cameras/equipment/etc. The netmap is need my case there are multiple starlinks in same multisite network, so can't just use starlink's unchangeable 192.168.1.0/24 in route tables.

Who is online

Users browsing this forum: SMARTNETTT, Turbovix and 38 guests