WereDoku

User Tools

Site Tools

Trace: mikrotik
mikrotik

This is an old revision of the document!

Table of Contents

MikroTik

LTE

T-Mobile CZ

  1. Interfaces > Add > PPP Client
    1. Name: somepppout
    2. L2 MTU / Max MTU / Max MRU: 1500
    3. Port: usbX
    4. Data channel: 0
    5. Info channel: 1
    6. APN: internet.t-mobile.cz
  2. PPP
    1. Phone: *99#
    2. Dial command: ATDT
    3. User: gprs
    4. Password: gprs
    5. User peer DNS: Yes
    6. Add default route: Yes
    7. Allow: PAP only (CHAP, MSCHAP1, MSCHAP2 unticked)

PPP VPN

  1. PPP > Profile > Add
    1. Name: someprofile
    2. Local address: local IP of the router
    3. Remote address: pool from which the remote clients will get IP addresses
    4. DNS server: optional?
    5. Protocols > Use Encryption: Yes
  2. PPP > PPTP Server (button)
    1. Enabled
    2. Default profile: someprofile
  3. PPP > Secrets
    1. Name: someusername
    2. Password: somepassword
    3. Service: PPTP
    4. Profile: someprofile
  4. In Firewall, allow:
    1. 1752/TCP
    2. 47/IP (GRE)
  5. On LAN interface, allow:
    1. ARP: proxy-arp
    2. Note: if bridged, then do this on the bridge instead of LAN interface.

Two separate connections for two separate LANs with one RouterBoard

  1. Disconnect the bridge between etherX-*-local (Interface properties - remove the Master port).
  2. Mark the packets from LAN subnets (e.g. 192.168.10.0/24 a 192.168.20.0/24): 
    /ip firewall mangle add action=mark-routing chain=prerouting \
    new-routing-mark=routing_mark_office src-address=192.168.10.0/24
/ip firewall mangle add action=mark-routing chain=prerouting \
    new-routing-mark=routing_mark_guests src-address=192.168.20.0/24
  3. Set up routing for packets marked with mangle: 
    /ip route add gateway=ether1-wan1 routing-mark=routing_mark_office
/ip route add gateway=ether2-wan2 routing-mark=routing_mark_guests

    Note: Gateway can also be a PPPoE connection (in case of DSL).

  4. Set up masquerade for the second wan interface (assuming that masquerade was set up only for the ether1-wan1).

IPv6 firewall stub

/ipv6 firewall filter
add action=accept comment="Allow ESTABLISHED (FORWARD)" chain=forward connection-state=established disabled=no 
add action=accept comment="Allow RELATED (FORWARD)" chain=forward connection-state=related disabled=no
add action=accept comment="Allow ICMPv6 (FORWARD)" chain=forward disabled=no in-interface=pppoe-out1 protocol=icmpv6 
add action=drop comment="Drop everything else (FORWARD)" chain=forward disabled=no in-interface=pppoe-out1 
add action=accept comment="Allow ESTABLISHED (INPUT)" chain=input connection-state=established disabled=no 
add action=accept comment="Allow RELATED (INPUT)" chain=input connection-state=related disabled=no 
add action=accept comment="Allow ICMPv6 (INPUT)" chain=input disabled=no in-interface=pppoe-out1 protocol=icmpv6 
add action=accept comment="Allow DHCPv6 (INPUT)" chain=input disabled=no in-interface=pppoe-out1 protocol=udp port=546
add action=drop comment="Drop everything else (INPUT)" chain=input disabled=no in-interface=pppoe-out1
mikrotik.1530113186.txt.gz · Last modified: (external edit)