Community discussions

MikroTik App
 
mauricek
just joined
Topic Author
Posts: 1
Joined: Wed May 24, 2023 1:52 pm

Wired problem via LTE

Wed May 24, 2023 2:02 pm

Hello there,

I have a very wired problem with a hex connecting via a ZTE LTE/5G gateway from a provider.
The hex is connected via DHCP client to the LTE router.
I have to wireguard connections from the hex to other sites and those seem to work like expected.
The firewall rules aren't the problem, becase trogh the wireguard interface everything is accepted.

I can ping the hex itself and also devices connected to it from both remote site with a latancy between 60-100ms and no loss.
A SSH connection from both sites to the hex works without any issues and has no breakups or anything.

I can't connect via winbox or http from both remote sites to the hex and i also can't open http connections to any devices in the network of the hex.
Winbox just get's stuck at downloading descriptors and websites just won't load and are stuck at loading forever.
Localy everything works es expected.

I ruled out the firewall and routing configuration since i can ping and ssh just fine, I think it's something wired with the lte gateway but i can't really figure out what.

Maybe someone has an idea what I could still check.
# may/24/2023 13:00:54 by RouterOS 7.9
# software id = AIDV-6KSW
#
# model = RB750r2
# serial number = HCW08B2NHVZ
/interface bridge
add name=br0 protocol-mode=none
/interface wireguard
add listen-port=13231 mtu=1420 name=wg0
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.212.1-192.168.212.253
/ip dhcp-server
add address-pool=dhcp_pool0 interface=br0 name=dhcp1
/interface bridge port
add bridge=br0 interface=ether2
add bridge=br0 interface=ether3
add bridge=br0 interface=ether4
add bridge=br0 interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
add allowed-address=192.168.211.0/24 endpoint-address=[hidden] endpoint-port=13231 interface=wg0 \
    persistent-keepalive=15s public-key="v1lJ43h5JTSm7MPVNFt7jph2mGAxRAeDgefu7LJuFHY="
add allowed-address=10.97.0.0/16 comment=Aetherus-RZ endpoint-address=[hidden] endpoint-port=13231 interface=wg0 \
    persistent-keepalive=30s public-key="Ryz3LB9GW4JmojUdr0UcgisRxAp52C9fxYUZU3meUCw="
/ip address
add address=192.168.212.254/24 interface=br0 network=192.168.212.0
/ip dhcp-client
add interface=ether1 use-peer-dns=no
/ip dhcp-server network
add address=192.168.212.0/24 dns-server=192.168.212.254 gateway=192.168.212.254
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip firewall filter
add action=accept chain=forward connection-state=established
add action=accept chain=forward in-interface=br0
add action=accept chain=forward in-interface=wg0
add action=drop chain=forward
add action=accept chain=input connection-state=established
add action=accept chain=input dst-port=13231 protocol=udp
add action=accept chain=input in-interface=br0
add action=accept chain=input in-interface=wg0
add action=drop chain=input
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add disabled=no dst-address=192.168.211.0/24 gateway=wg0 routing-table=main suppress-hw-offload=no
add disabled=no dst-address=10.97.0.0/16 gateway=wg0 routing-table=main suppress-hw-offload=no
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=RouterOS
/system note
set show-at-login=no

Who is online

Users browsing this forum: aoravent, loloski, Lumpy and 89 guests