Public
Threads by month
- ----- 2025 -----
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- 662 discussions
Hi guys,
Hoping any of you can help. We're seeing weird issues with our Mikrotik client routers in deployment, specifically with the 2.4GHz wireless on the hAP and hAP ac lites.
This issue we're seeing seems to affect the 2.4GHz wireless card (Atheros AR9300 in both models) but does not affect the 5GHz card in the ac lite.
Customers are reporting to us the inability to connect to wireless at times, such as invalid security key or failure to connect messages (depending on the customer device).
The wireless interface itself will show as running, but with no clients connected. No error messages are indicated in the log about exchange key timeouts or anything similar, like you'd expect.
Doing anything that performs a soft-reset like operation on the wireless interface will allow the customer to connect again for a period of time. This can include:
- Doing a wireless scan.
- Doing a frequency usage scan.
- Changing channel.
- Changing SSID.
Basically any option you can change will fix it, even rebooting the router.
We've tried all different types of software from 6.39 through 6.41, even the latest rc (6.42rc35). We've seen this issue for at least three months now, if not longer. It's not isolated to a particular site either, as we receive reports daily from other customer locations with the same issue.
Initially we thought it was interference, but even then we have customers with very low utilisation and still seeing this issue.
We have reported a case with Mikrotik, but their most recent suggestion was to post in the forums to see if anyone else was experiencing this issue (which surprised me, generally they direct you to support if you write this sort of stuff in the forums).
Below I've included a brief output from the router showing the way this interface is currently set up.
Have any of you seen this type of issue on either this wireless card or others?
/interface wireless security-profiles
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=wlan1 supplicant-identity=room-403
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode band=2ghz-b/g/n country=australia disabled=no distance=indoors frequency=2462 mode=ap-bridge security-profile=wlan1 ssid="Room 403" wireless-protocol=802.11
Regards,
Ben
3
5
As someone with a large pile of hAP devices that need to be netinstalled (both to run a config script, and to get them onto the right version of ROS), my options appear to be a) spend all day laboriously processing one device at a time, b) try and find someone else to push the job onto, or c) figure out a way that I can run the process in bulk.
Before I spend more time reverse engineering the netinstall process to try and replicate it en-masse, how do others typically approach this?
My other thought is to use flashfig with a line in the script to pull down the right ROS version as part of the process, the downside there is that (if my understanding is right) our config is not "burned into" the device so if they are reset in the field they'll go back to the factory-default Mikrotik configuration which isn't ideal in this environment.
5
6
I bought an HAP ac lite, intending to use it as a throttle between a
bunch of evil leeching wifi users and a client's tender defenseless
Internet router. I have had a test unit (an older 951 unit) in there
and used the bandwidth command on the relevant ethernet port. That
worked a treat.
Turns out none of the interfaces on the HPA ac line support the set
bandwidth command :-(
So I have turned to queues. I cannot figure them out. This command
should IMHO limit the total bandwidth coming IN to ether1 to 1 megabit,
and the total bandwidth for traffic LEAVING ether1 to 500 kilobits:
/queue simple
add target=ether1 queue=ethernet-default/ethernet-default max-limit=500K/1M
But when I do that, nothing moves over ether1 (which is the link
between the HAP and the Internet router).
So I deleted that queue and tried this (192.168.100.0/24 is the network
containing the leeches - wlan1, wlan2, ether2/3/4 bridged):
/queue simple
add target=192.168.100.0/24 queue=ethernet-default/ethernet-default max-limit=500K/1M
Traffic flows over ether1, but this in no way limits the bandwidth to
anything like those values. If I use 10K/10K instead and then download
a file in Firefox, I see the transfer rate start at 12KB/s (kilobytes
per second) and creep steadily up to around 100KB/s by the time the
whole 50MB file has been downloaded.
That's in stark contrast to the 1 or 2 megabytes per second I get
without the queue, so *something* is happening, it just doesn't seem
very predictable.
Ideas would be very welcome...
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer(a)nullarbor.com.au) work +61 2 64957435
http://www.nullarbor.com.au mobile +61 428 957160
GPG fingerprint: 8454 EE43 6215 B6DD 1B4D 9D8D 984D 7BA1 7378 A38D
Old fingerprint: 58F8 09D4 97E4 D74A 0940 44BC 8D6D C28C 3BC9 B0CB
3
6
Hi Karl,
If you're using a bridge, the IP should be assigned to the bridge interface, not to one of the members.
That might be your issue.
M
________________________________
From: Karl Auer <kauer(a)nullarbor.com.au>
Sent: Saturday, 3 February 2018 2:31 pm
To: MikroTik Australia Public List
Subject: Re: [MT-AU Public] queue noob
On Sat, 2018-02-03 at 13:43 +1100, Mike Everest wrote:
> if the interface is configured as a bridge port, then define the
> bridge as the interface for queue not the physical port.
Thanks - but still no go.
The bridge has three interfaces in it - ether2, wlan1, wlan2. ether3
and ether4 are slaved to ether2. ether5 has been split off as a
management port, nothing on it for these tests.
The network on the bridge (actually on ether2) is 192.168.100.0/24.
The bridge settings are:
use-ip-firewall: yes
use-ip-firewall-for-vlan: no
use-ip-firewall-for-pppoe: no
allow-fast-path: yes
bridge-fast-path-active: no
bridge-fast-path-packets: 0
bridge-fast-path-bytes: 0
bridge-fast-forward-packets: 0
bridge-fast-forward-bytes: 0
My queue looks like this (formatting edits only):
Flags: X - disabled, I - invalid, D - dynamic
0 name="test" target=bridge parent=none
packet-marks="" priority=8/8
queue=default-small/default-small
limit-at=0/0 max-limit=10k/10k
burst-limit=0/0 burst-threshold=0/0
burst-time=0s/0s bucket-size=0.1/0.1
With target=ether1, nothing moves. With target=bridge, the queue has no
effect at all. With target=192.168.100.0/24, the queue seems to slow
down interactive access to the router dramatically (leading to
unfounded optimism), but a file transfer in Firefox scoots up to 100
kiloBYTES per second average over a 50 megabyte download.
The thing is, without the queue the transfer happens at 1.2 megabytes
per second, so clearly the queue is doing something! Just not remotely
like what I am expecting.
In desperation I set max-limit to 1000/1000 and things almost stopped
:-) Interaction with the router CLI involved multi-minute delays. The
browser was rendered unusable, so could not see whether the download
was any slower.
What am I missing?
This seems like a totally simple thing to want, it must be a common
requirement, how come it is so danged hard to achieve? "That link there
- allow no more than X bps inbound and Y bps outbound".
Regards, K.
> >
> > -----Original Message-----
> > From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf
> > Of Karl
> > Auer
> > Sent: Friday, 2 February 2018 11:21 PM
> > To: MikroTik Public <public(a)talk.mikrotik.com.au>
> > Subject: [MT-AU Public] queue noob
> >
> > I bought an HAP ac lite, intending to use it as a throttle between
> > a bunch of
> > evil leeching wifi users and a client's tender defenseless Internet
> > router. I
> > have had a test unit (an older 951 unit) in there and used the
> > bandwidth
> > command on the relevant ethernet port. That worked a treat.
> >
> > Turns out none of the interfaces on the HPA ac line support the set
> > bandwidth
> > command :-(
> >
> > So I have turned to queues. I cannot figure them out. This command
> > should
> > IMHO limit the total bandwidth coming IN to ether1 to 1 megabit,
> > and the
> > total bandwidth for traffic LEAVING ether1 to 500 kilobits:
> >
> > /queue simple
> > add target=ether1 queue=ethernet-default/ethernet-default max-
> > limit=500K/1M
> >
> > But when I do that, nothing moves over ether1 (which is the link
> > between the
> > HAP and the Internet router).
> >
> > So I deleted that queue and tried this (192.168.100.0/24 is the
> > network
> > containing the leeches - wlan1, wlan2, ether2/3/4 bridged):
> >
> > /queue simple
> > add target=192.168.100.0/24 queue=ethernet-default/ethernet-default
> > max-
> > limit=500K/1M
> >
> > Traffic flows over ether1, but this in no way limits the bandwidth
> > to anything
> > like those values. If I use 10K/10K instead and then download a
> > file in Firefox,
> > I see the transfer rate start at 12KB/s (kilobytes per second) and
> > creep
> > steadily up to around 100KB/s by the time the whole 50MB file has
> > been
> > downloaded.
> > That's in stark contrast to the 1 or 2 megabytes per second I get
> > without the
> > queue, so *something* is happening, it just doesn't seem very
> > predictable.
> > Ideas would be very welcome...
> > Regards, K.
> > --
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > ~~~~~~~~
> > Karl Auer (kauer(a)nullarbor.com.au) work +61 2
> > 64957435
> > http://www.nullarbor.com.au mobile +61 428
> > 957160
> >
> > GPG fingerprint: 8454 EE43 6215 B6DD 1B4D 9D8D 984D 7BA1 7378 A38D
> > Old
> > fingerprint: 58F8 09D4 97E4 D74A 0940 44BC 8D6D C28C 3BC9 B0CB
> >
> >
> >
> > _______________________________________________
> > Public mailing list
> > Public(a)talk.mikrotik.com.au
> > http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.c
> > om.au
>
> _______________________________________________
> Public mailing list
> Public(a)talk.mikrotik.com.au
> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com
> .au
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer(a)nullarbor.com.au) work +61 2 64957435
http://www.nullarbor.com.au mobile +61 428 957160
GPG fingerprint: 8454 EE43 6215 B6DD 1B4D 9D8D 984D 7BA1 7378 A38D
Old fingerprint: 58F8 09D4 97E4 D74A 0940 44BC 8D6D C28C 3BC9 B0CB
_______________________________________________
Public mailing list
Public(a)talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
2
5
02 Feb '18
Hi Folks,
(Sorry, this is a bit long, but hoping I'm just missing something
bleedingly obvious..)
Playing with one of the VDSL SFP's this evening, working quite nicely.
However hitting a weird snag. On the Huawei HG658 i was using, I had
vlan100 set on the PTM bridge, so was simply doing ingress/egress
translations of vlan 0 to vlan 99 on the switch chip in the CRS109.
(Vlan100 is already in use in my network, so my PPPOE bridge network ended
up on vlan 99)
Something like:
/interface ethernet switch vlan
add ports=ether1-master-local,ether2-huawei-bridge,switch1-cpu vlan-id=99
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1-master-local,ether2-huawei-bridge,switch1-cpu
vlan-id=99
/interface ethernet switch egress-vlan-translation
add customer-vid=99 customer-vlan-format=untagged-or-tagged
new-customer-vid=0 ports=ether2-huawei-bridge
service-vlan-format=untagged-or-tagged
/interface ethernet switch ingress-vlan-translation
add new-customer-vid=99 ports=ether2-huawei-bridge
That way the bridged VDSL traffic on native VLAN from the huawei ends up in
VLAN99 on the RouterOS CPU interface (And ether1-master-local which goes to
my other CRS-109 which sometimes brings up a separate PPPOE session).
Plugging in the VDSL SFP, I knew I needed to do the vlan 100 tagging
myself, so figured I can simply do VLAN translations 100<>99, instead of
0<>99 on the sfp1-slave-local interface (ether1-master-local is master port
to all ports on the CRS-109). I'm using similar to this on another CRS at
work doing Vlan translations on my uplink port, and it's working fine on
the ether1 port.. Is the SFP port special in any way?
Adding the appropriate rules similar to above to add vlan 99 being
re-written as vlan 100 on SFP side as below, doesn't end up with any
traffic passing:
/interface ethernet switch vlan
add
ports=ether1-master-local,ether2-huawei-bridge,sfp1-slave-local,switch1-cpu
vlan-id=99
/interface ethernet switch egress-vlan-tag
add
tagged-ports=ether1-master-local,ether2-huawei-bridge,sfp1-slave-local,switch1-cpu
vlan-id=99
/interface ethernet switch egress-vlan-translation
add customer-vid=99 customer-vlan-format=untagged-or-tagged
new-customer-vid=100 ports=sfp1-slave-local bridge
service-vlan-format=untagged-or-tagged
/interface ethernet switch ingress-vlan-translation
add customer-vid=100 new-customer-vid=99 ports=sfp1-slave-local
I'd have thought this SHOULD work?
If I pull the SFP1 interface out of the switch chip (i.e. master=none), and
create vlan100 under it, and then assign the pppoe interface to
sfp1_vlan100, it comes up instantly.
If I leave it IN the switch chip, and instead just add vlan 100 to sfp
port, and then use vlan100 for the pppoe dialler, it also works - but I
don't want PPPOE traffic on vlan100 internally, as that's the LAN..
Is this maybe a hiccup with the CRS109's switch chip vlan translations,
that you can't do translations between two vlan ID's which it's using
internally or somesuch?
Thanks,
Damien
--
Damien Gardner Jnr
VK2TDG. Dip EE. GradIEAust
rendrag(a)rendrag.net - http://www.rendrag.net/
--
We rode on the winds of the rising storm,
We ran to the sounds of thunder.
We danced among the lightning bolts,
and tore the world asunder
4
4
For those of you running Mikrotik as a PPPOE LNS what are you doing with Fast Track/Fast Path when you are using dynamic simple queues for users ?
We seem to have hit and miss results with it, sometimes it works, sometimes it doesn't.
If we have a simple queue not matching any upload traffic we have to disable fast path and it works again.
Any thoughts or experiences in this area ?
We even have some routers where some customer queues work ok and others don't match upload traffic with default settings for fast path.
Strange...
Regards
Paul
3
2
Hi all,
Happy New Year BTW !
I am looking to put together a solution which we can provide as a diagnosis service for our customers to help them analyse what is happening on their Internet connection.
There are a number of products which can give you information on such things like PfSense, Untangle, BandwidthD etc, but basically I am after something that can report things to the customer, or us actually so that we can then put together a report and recommendations.
The sort of things we want to report on are:
- Top talkers
- Bandwidth used
- Application usage
We are not interested in tracking end user usage or anything, it's more just so that the customer knows what their Internet is getting used for and how much.
I would really love to put this into a Mikrotik Routerboard but can't see how it's possible.
I know we will need some type of proxy running like Squid or something, but it's the information gathering and reporting that are important.
At this point my best solution seems to be a NUC running windows with Untangle on it and a mAP-2nD or something to redirect the traffic transparently to the NUC Proxy.
Has anybody done a project like this before or does anybody have any better suggestions than what I am thinking of at the moment ?
Thanks
Paul
6
13
Hi all, just wondering if anybody can recommend any tools for monitoring port flaps or OSPF status changes on Mikrotik devices ?
We use a host of monitoring products but the SNMP support within RouterOS is limited/non- existent for these items, and other monitoring tools seem to be unable to pickup some slight issues.
Thanks
Paul
3
2
Thanks for the good advice here everyone.
Something else so add. I also want to setup a HAP and plugin a USB 4G modem but for a different purpose, to use it in areas where no ADSL/Cable is available.
The 320U does not support the 700MHz band which is crucial for me and something you should know about too in case you’re not aware….
With a decent antenna on the roof, 700MHz can reach up to 70km from a cell tower so it’s perfect for rural areas. I’ve set this up with a Dovado router and a Netgear Aircard II previously but want to use MK gear.
Another consideration is indoor penetration. 700Mz is much better at getting thought walls much like 3G at 850Mz.
See here for more: https://www.telcoantennas.com.au/site/telstra-4g-explained <https://www.telcoantennas.com.au/site/telstra-4g-explained>
Does anyone know of a USB 4G 700MHz Mikrotik compatible modem?
MAC, PC, Smartphone & Multimedia
Consulting, Training, Support & Fix-it
screamSaver
When You Just Want IT to Work"
mobile 0412 067 226 email matt(a)screamsaver.net <mailto:matt@screamsaver.net> web www.screamsaver.net <http://www.screamsaver.net/>
On 23 Nov 2017, at 18:34, public-request(a)talk.mikrotik.com.au wrote:
Send Public mailing list submissions to
public(a)talk.mikrotik.com.au
To subscribe or unsubscribe via the World Wide Web, visit
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
or, via email, send a message with subject or body 'help' to
public-request(a)talk.mikrotik.com.au
You can reach the person managing the list at
public-owner(a)talk.mikrotik.com.au
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Public digest..."
Today's Topics:
1. Re: 4G WAN failover question (Ben Jackson - ELOGIK)
2. Re: 4G WAN failover question (Paul Julian)
3. Re: 4G WAN failover question (Jeremy Hall)
----------------------------------------------------------------------
Message: 1
Date: Thu, 23 Nov 2017 17:44:32 +1100
From: Ben Jackson - ELOGIK <ben(a)elogik.net>
To: MikroTik Australia Public List <public(a)talk.mikrotik.com.au>
Subject: Re: [MT-AU Public] 4G WAN failover question
Message-ID:
<CACv=4uqwcspOtPd=Zr-gKztswU2SX=nfTJJCXimn_6Kr86tkJw(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Paul - where do you get your 320U's from? Ebay?
*BEN JACKSON*
Director
*M *0404 924745
*E* ben(a)elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/>
<http://www.elogik.com.au>
On Thu, Nov 23, 2017 at 5:42 PM, Paul Julian <paul(a)oxygennetworks.com.au>
wrote:
> No problem, good luck.
>
> Regards
> Paul
>
> -----Original Message-----
> From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of
> Ben Jackson - ELOGIK
> Sent: Thursday, 23 November 2017 5:38 PM
> To: MikroTik Australia Public List
> Subject: Re: [MT-AU Public] 4G WAN failover question
>
> Great info Paul - thanks for this. I think with all this in mind I'll be
> able to tailor a solution
>
> Thanks again for everyone's input.
>
> *BEN JACKSON*
> Director
>
> *M *0404 924745
> *E* ben(a)elogik.com.au
> *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
>
>
> On Thu, Nov 23, 2017 at 1:53 PM, Paul Julian <paul(a)oxygennetworks.com.au>
> wrote:
>
>> Hi Ben,
>>
>> We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP
>> devices, the Mikrotik creates an LTE interface once the modem is
>> inserted into the USB port, you set the APN within the LTE interface.
>> Once that's connected you then configure a DHCP client on the Mikrotik
>> on the LTE interface and you get a public IP.
>>
>> Some caveats:
>> - You do need to change the mode of the modem, this can be done with
>> the Netgear utility easily, they are a netgear unit basically.
>> - You need to use a 4G SIM from Telstra, prepaid or postpaid should
>> work, however if you want the APN with the public IP you need postpaid
>> and need to request that the SIM be setup with the telstra.extranet
>> APN
>>
>> Apart from that it's pretty easy.
>>
>> We occasionally have the modem drop, we have a script on the Mikrotik
>> which checks connectivity and if it drops it does a USB power cycle
>> which brings it back up most of the time.
>>
>> It's really not hard, and it works well.
>>
>> If you want to go with Optus but without a public IP you can get the
>> $19 dongle from Office Works, it works in the Mikrotik without any
>> real changes, but no public IP, fine if you can VPN out to something
>> to use to get back in.
>>
>> Regards
>> Paul
>>
>>
>> -----Original Message-----
>> From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of
>> Ben Jackson - ELOGIK
>> Sent: Thursday, 23 November 2017 11:10 AM
>> To: Jason Hecker; MikroTik Australia Public List
>> Subject: Re: [MT-AU Public] 4G WAN failover question
>>
>> Thanks for the pointers everyone. There seem to be a number of
>> factors at play here:
>>
>> 1) Most of the LTE USB modems you can purchase have some kind of
>> "router on a stick" built in which provides a firewalled, DHCP
>> assigned private IP on the LAN side in the normal ranges of
>> 192.168.x.x or 10.x.x.x. In Huawei's case this is known as "HiLink mode".
>> 2) In addition to this, depending on which provider they are bought
>> from, these modems / dongles are flashed with an ISP-specific firmware
>> which further locks down the device to stop certain features being
>> exposed to the device's web-interface. This makes it tricky to change
>> things such as the APN settings.
>> 3) The above types of device (i've been mainly concerned with the
>> Huawei
>> E3372 since that's the one my router has support for) can apparently
>> be re-flashed with custom firmware which allows HiLink mode to be
>> switched off (see here:
>> http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-
>> lte-stick-from-hilink-to-stick-mode/)
>> this will apparently allow the "public" IP to be assigned directly to
>> the device connected to the USB port and avoids the pesky double NAT
> situation.
>> 4) The reason I say "public" in quotes above is because even if you
>> manage to pass this address through, quite often the address itself is
>> not a true public IP as it is behind carrier NAT and you are back to
> square 1.
>>
>> For those interested, here are the options I'm exploring:
>>
>> 1) Getting a sierra 320U unlocked from ebay which can be used in
>> "stick mode" without NAT or DHCP enabled and purchasing a SIM plan
>> from either M2MOne or URL networks which has a "true" public IP (with
>> all the public health and DDOS warnings this entails!)
>> 2) Buying an LTE router such as:
>>
>> Dovado Tiny
>> MikroTik SXT LTE
>> Netgear (I know!) LB1111
>> TP-Link MR6400
>>
>> and then using the same sim card as above. From the research I've
>> done, these devices have a "passthrough" or bridge mode which will
>> present the LTE public IP directly to my main router, albeit via an
>> RJ45 / ethernet connection.
>>
>> Ben
>>
>> *BEN JACKSON*
>> Director
>>
>> *M *0404 924745
>> *E* ben(a)elogik.com.au
>> *W* elogik.com.au <http://www.elogik.com.au/>
>> <http://www.elogik.com.au>
>>
>>
>> On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) <
>> jason(a)upandrunningtech.com.au> wrote:
>>
>>> Oh I see, OK, sounds like you need something that will do a PPP
>>> session which some 4G cards will let you do if you put them into
>>> serial mode like the Telit LE910 (which I have tried) or the Sierra
>> modules.
>>>
>>> If you end up with a static or dynamic public IP you can cname the
>>> dynamic DNS Mikrotik provides in the router's ip->cloud settings and
>>> set the timeout to 60, so you could get at it like
>>> bighonchoclient1.elogik.net for example.
>>>
>>> I kicked the idea around but never tried buying a cheap VPS with a
>>> static IP and having the 4G based Mikrotik VPN into it, then on the
>>> VPS port forward any ports to services behind the 4G device.
>>>
>>> On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben(a)elogik.net>
>> wrote:
>>>
>>>> Hi Jason,
>>>>
>>>> OK, I didn't phrase my question very well, what I need is a dongle
>>>> or
>>> card
>>>> that doesn't provide an extra layer of NAT (as many do) and run an
>>> internal
>>>> DHCP sever so that the routers cellular interface ends up with an
>>>> IP address like 192.168.x.x but instead passes the public IP
> directly.
>>>> This
>>> is
>>>> so I don't end up with a double NAT situation (kind of the
>>>> equivalent of bridge mode for a DSL modem) and I can access
>>>> resources (like security systems etc) behind the public IP by
>>>> configuring the main firewall /
>>> router
>>>> accordingly.
>>>>
>>>> Ben
>>>>
>>>> *BEN JACKSON*
>>>> Director
>>>>
>>>> *M *0404 924745
>>>> *E* ben(a)elogik.com.au
>>>> *W* elogik.com.au <http://www.elogik.com.au/>
>>>> <http://www.elogik.com.au>
>>>>
>>>>
>>>> On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech)
>>>> < jason(a)upandrunningtech.com.au> wrote:
>>>>
>>>>> What if you had those routers phone home to a VPN server in your
>>>>> office over 4G? They'd always be in easy reach on private subnet
>>>>> on your LAN
>>> and
>>>>> you wouldn't need to worry about public or static IPs for your 4G
>>> widget.
>>>>>
>>>>> I noticed Duxtel configured devices I have bought have a PPTP
>>>>> client set up so if you activate it then Duxtel can peer into the
>>>>> device and assist
>>> with
>>>>> any issues.
>>>>>
>>>>> On 22 November 2017 at 13:46, Ben Jackson - ELOGIK
>>>>> <ben(a)elogik.net>
>>>>> wrote:
>>>>>
>>>>>> Does anyone have any advice on a) a decent 4g service that
>>>>>> provides a publicly accessible IP address that ports can be
>>>>>> forwarded through as
>>>>> well
>>>>>> as how to get hold of an unlocked USB dongle which will support
>>>>>> the
>>> SIM
>>>>> /
>>>>>> service?
>>>>>>
>>>>>> Or even a provider that provides this on one of their business
>> plans?
>>>>>>
>>>>>> If it can be a prepaid plan even better.
>>>>>>
>>>>>> I'm looking to use said device as 4G failover on a meraki mx64
>>> security
>>>>>> appliance and calling the usual suspects (Optus, telstra) is
>>>>>> giving
>>> me a
>>>>>> headache.
>>>>>>
>>>>>> Any advice on what others have done in this scenario would be
>>>>>> most appreciated.
>>>>>>
>>>>>> Best regards,
>>>>>>
>>>>>> Ben Jackson
>>>>>> eLogik
>>>>>>
>>>>>> (Sent from my mobile device)
>>>>>> _______________________________________________
>>>>>> Public mailing list
>>>>>> Public(a)talk.mikrotik.com.au
>>>>>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik
>>>>> rotik.com.au
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> <https://www.upandrunningtech.com.au>
>>>>> _______________________________________________
>>>>> Public mailing list
>>>>> Public(a)talk.mikrotik.com.au
>>>>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.
>>> mikrotik.com.au
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> <https://www.upandrunningtech.com.au>
>>> _______________________________________________
>>> Public mailing list
>>> Public(a)talk.mikrotik.com.au
>>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
>>> au
>>>
>> _______________________________________________
>> Public mailing list
>> Public(a)talk.mikrotik.com.au
>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
>> au
>>
>>
>> _______________________________________________
>> Public mailing list
>> Public(a)talk.mikrotik.com.au
>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
>> au
>>
> _______________________________________________
> Public mailing list
> Public(a)talk.mikrotik.com.au
> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
>
>
> _______________________________________________
> Public mailing list
> Public(a)talk.mikrotik.com.au
> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
>
------------------------------
Message: 2
Date: Thu, 23 Nov 2017 17:48:19 +1100
From: Paul Julian <paul(a)oxygennetworks.com.au>
To: 'MikroTik Australia Public List' <public(a)talk.mikrotik.com.au>
Subject: Re: [MT-AU Public] 4G WAN failover question
Message-ID:
<f278f2ea-be1f-4edb-b9c2-8a63078f68ad(a)oxygennetworks.com.au>
Content-Type: text/plain; charset="us-ascii"
Yep, should be able to get them for around $40-$50
Regards
Paul
-----Original Message-----
From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben Jackson - ELOGIK
Sent: Thursday, 23 November 2017 5:45 PM
To: MikroTik Australia Public List
Subject: Re: [MT-AU Public] 4G WAN failover question
Paul - where do you get your 320U's from? Ebay?
*BEN JACKSON*
Director
*M *0404 924745
*E* ben(a)elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Thu, Nov 23, 2017 at 5:42 PM, Paul Julian <paul(a)oxygennetworks.com.au>
wrote:
> No problem, good luck.
>
> Regards
> Paul
>
> -----Original Message-----
> From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of
> Ben Jackson - ELOGIK
> Sent: Thursday, 23 November 2017 5:38 PM
> To: MikroTik Australia Public List
> Subject: Re: [MT-AU Public] 4G WAN failover question
>
> Great info Paul - thanks for this. I think with all this in mind I'll
> be able to tailor a solution
>
> Thanks again for everyone's input.
>
> *BEN JACKSON*
> Director
>
> *M *0404 924745
> *E* ben(a)elogik.com.au
> *W* elogik.com.au <http://www.elogik.com.au/>
> <http://www.elogik.com.au>
>
>
> On Thu, Nov 23, 2017 at 1:53 PM, Paul Julian
> <paul(a)oxygennetworks.com.au>
> wrote:
>
>> Hi Ben,
>>
>> We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP
>> devices, the Mikrotik creates an LTE interface once the modem is
>> inserted into the USB port, you set the APN within the LTE interface.
>> Once that's connected you then configure a DHCP client on the
>> Mikrotik on the LTE interface and you get a public IP.
>>
>> Some caveats:
>> - You do need to change the mode of the modem, this can be done with
>> the Netgear utility easily, they are a netgear unit basically.
>> - You need to use a 4G SIM from Telstra, prepaid or postpaid should
>> work, however if you want the APN with the public IP you need
>> postpaid and need to request that the SIM be setup with the
>> telstra.extranet APN
>>
>> Apart from that it's pretty easy.
>>
>> We occasionally have the modem drop, we have a script on the
>> Mikrotik which checks connectivity and if it drops it does a USB
>> power cycle which brings it back up most of the time.
>>
>> It's really not hard, and it works well.
>>
>> If you want to go with Optus but without a public IP you can get the
>> $19 dongle from Office Works, it works in the Mikrotik without any
>> real changes, but no public IP, fine if you can VPN out to something
>> to use to get back in.
>>
>> Regards
>> Paul
>>
>>
>> -----Original Message-----
>> From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf
>> Of Ben Jackson - ELOGIK
>> Sent: Thursday, 23 November 2017 11:10 AM
>> To: Jason Hecker; MikroTik Australia Public List
>> Subject: Re: [MT-AU Public] 4G WAN failover question
>>
>> Thanks for the pointers everyone. There seem to be a number of
>> factors at play here:
>>
>> 1) Most of the LTE USB modems you can purchase have some kind of
>> "router on a stick" built in which provides a firewalled, DHCP
>> assigned private IP on the LAN side in the normal ranges of
>> 192.168.x.x or 10.x.x.x. In Huawei's case this is known as "HiLink mode".
>> 2) In addition to this, depending on which provider they are bought
>> from, these modems / dongles are flashed with an ISP-specific
>> firmware which further locks down the device to stop certain
>> features being exposed to the device's web-interface. This makes it
>> tricky to change things such as the APN settings.
>> 3) The above types of device (i've been mainly concerned with the
>> Huawei
>> E3372 since that's the one my router has support for) can apparently
>> be re-flashed with custom firmware which allows HiLink mode to be
>> switched off (see here:
>> http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-
>> lte-stick-from-hilink-to-stick-mode/)
>> this will apparently allow the "public" IP to be assigned directly
>> to the device connected to the USB port and avoids the pesky double
>> NAT
> situation.
>> 4) The reason I say "public" in quotes above is because even if you
>> manage to pass this address through, quite often the address itself
>> is not a true public IP as it is behind carrier NAT and you are back
>> to
> square 1.
>>
>> For those interested, here are the options I'm exploring:
>>
>> 1) Getting a sierra 320U unlocked from ebay which can be used in
>> "stick mode" without NAT or DHCP enabled and purchasing a SIM plan
>> from either M2MOne or URL networks which has a "true" public IP
>> (with all the public health and DDOS warnings this entails!)
>> 2) Buying an LTE router such as:
>>
>> Dovado Tiny
>> MikroTik SXT LTE
>> Netgear (I know!) LB1111
>> TP-Link MR6400
>>
>> and then using the same sim card as above. From the research I've
>> done, these devices have a "passthrough" or bridge mode which will
>> present the LTE public IP directly to my main router, albeit via an
>> RJ45 / ethernet connection.
>>
>> Ben
>>
>> *BEN JACKSON*
>> Director
>>
>> *M *0404 924745
>> *E* ben(a)elogik.com.au
>> *W* elogik.com.au <http://www.elogik.com.au/>
>> <http://www.elogik.com.au>
>>
>>
>> On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) <
>> jason(a)upandrunningtech.com.au> wrote:
>>
>>> Oh I see, OK, sounds like you need something that will do a PPP
>>> session which some 4G cards will let you do if you put them into
>>> serial mode like the Telit LE910 (which I have tried) or the
>>> Sierra
>> modules.
>>>
>>> If you end up with a static or dynamic public IP you can cname the
>>> dynamic DNS Mikrotik provides in the router's ip->cloud settings
>>> and set the timeout to 60, so you could get at it like
>>> bighonchoclient1.elogik.net for example.
>>>
>>> I kicked the idea around but never tried buying a cheap VPS with a
>>> static IP and having the 4G based Mikrotik VPN into it, then on
>>> the VPS port forward any ports to services behind the 4G device.
>>>
>>> On 22 November 2017 at 15:59, Ben Jackson - ELOGIK
>>> <ben(a)elogik.net>
>> wrote:
>>>
>>>> Hi Jason,
>>>>
>>>> OK, I didn't phrase my question very well, what I need is a
>>>> dongle or
>>> card
>>>> that doesn't provide an extra layer of NAT (as many do) and run
>>>> an
>>> internal
>>>> DHCP sever so that the routers cellular interface ends up with
>>>> an IP address like 192.168.x.x but instead passes the public IP
> directly.
>>>> This
>>> is
>>>> so I don't end up with a double NAT situation (kind of the
>>>> equivalent of bridge mode for a DSL modem) and I can access
>>>> resources (like security systems etc) behind the public IP by
>>>> configuring the main firewall /
>>> router
>>>> accordingly.
>>>>
>>>> Ben
>>>>
>>>> *BEN JACKSON*
>>>> Director
>>>>
>>>> *M *0404 924745
>>>> *E* ben(a)elogik.com.au
>>>> *W* elogik.com.au <http://www.elogik.com.au/>
>>>> <http://www.elogik.com.au>
>>>>
>>>>
>>>> On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running
>>>> Tech) < jason(a)upandrunningtech.com.au> wrote:
>>>>
>>>>> What if you had those routers phone home to a VPN server in
>>>>> your office over 4G? They'd always be in easy reach on private
>>>>> subnet on your LAN
>>> and
>>>>> you wouldn't need to worry about public or static IPs for your
>>>>> 4G
>>> widget.
>>>>>
>>>>> I noticed Duxtel configured devices I have bought have a PPTP
>>>>> client set up so if you activate it then Duxtel can peer into
>>>>> the device and assist
>>> with
>>>>> any issues.
>>>>>
>>>>> On 22 November 2017 at 13:46, Ben Jackson - ELOGIK
>>>>> <ben(a)elogik.net>
>>>>> wrote:
>>>>>
>>>>>> Does anyone have any advice on a) a decent 4g service that
>>>>>> provides a publicly accessible IP address that ports can be
>>>>>> forwarded through as
>>>>> well
>>>>>> as how to get hold of an unlocked USB dongle which will
>>>>>> support the
>>> SIM
>>>>> /
>>>>>> service?
>>>>>>
>>>>>> Or even a provider that provides this on one of their
>>>>>> business
>> plans?
>>>>>>
>>>>>> If it can be a prepaid plan even better.
>>>>>>
>>>>>> I'm looking to use said device as 4G failover on a meraki
>>>>>> mx64
>>> security
>>>>>> appliance and calling the usual suspects (Optus, telstra) is
>>>>>> giving
>>> me a
>>>>>> headache.
>>>>>>
>>>>>> Any advice on what others have done in this scenario would be
>>>>>> most appreciated.
>>>>>>
>>>>>> Best regards,
>>>>>>
>>>>>> Ben Jackson
>>>>>> eLogik
>>>>>>
>>>>>> (Sent from my mobile device)
>>>>>> _______________________________________________
>>>>>> Public mailing list
>>>>>> Public(a)talk.mikrotik.com.au
>>>>>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik
>>>>> rotik.com.au
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> <https://www.upandrunningtech.com.au>
>>>>> _______________________________________________
>>>>> Public mailing list
>>>>> Public(a)talk.mikrotik.com.au
>>>>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.
>>> mikrotik.com.au
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> <https://www.upandrunningtech.com.au>
>>> _______________________________________________
>>> Public mailing list
>>> Public(a)talk.mikrotik.com.au
>>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
>>> au
>>>
>> _______________________________________________
>> Public mailing list
>> Public(a)talk.mikrotik.com.au
>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
>> au
>>
>>
>> _______________________________________________
>> Public mailing list
>> Public(a)talk.mikrotik.com.au
>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
>> au
>>
> _______________________________________________
> Public mailing list
> Public(a)talk.mikrotik.com.au
> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
> au
>
>
> _______________________________________________
> Public mailing list
> Public(a)talk.mikrotik.com.au
> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
> au
>
_______________________________________________
Public mailing list
Public(a)talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
------------------------------
Message: 3
Date: Thu, 23 Nov 2017 15:34:00 +0800
From: Jeremy Hall <jeremy(a)jeremyhall.com.au>
To: public(a)talk.mikrotik.com.au
Subject: Re: [MT-AU Public] 4G WAN failover question
Message-ID:
<CAC2o=79EoV30+kd+QotGW_gd082Pr0MytqZe=WwA7btNcUi=gA(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
I have had pretty good luck using a mikrotik router with a miniPCIe
interface (eg. RB911) and a 3G/4G card such as the ones Sierra Wireless
make. There is a list of compatible cards in the mikrotik wiki somewhere.
It would be a neat solution, no messy USB dongles flapping around. Duxtel
have all the kit of course.
I also highly recommend using m2mone. They can set you up with whatever you
need and it's painless and very cost effective.
On 23 Nov. 2017 2:42 pm, <public-request(a)talk.mikrotik.com.au> wrote:
Send Public mailing list submissions to
public(a)talk.mikrotik.com.au
To subscribe or unsubscribe via the World Wide Web, visit
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik
rotik.com.au
or, via email, send a message with subject or body 'help' to
public-request(a)talk.mikrotik.com.au
You can reach the person managing the list at
public-owner(a)talk.mikrotik.com.au
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Public digest..."
Today's Topics:
1. Re: 4G WAN failover question (Paul Julian)
2. Re: 4G WAN failover question (Ben Jackson - ELOGIK)
3. Re: 4G WAN failover question (Paul Julian)
---------- Forwarded message ----------
From: Paul Julian <paul(a)oxygennetworks.com.au>
To: "'MikroTik Australia Public List'" <public(a)talk.mikrotik.com.au>
Cc:
Bcc:
Date: Thu, 23 Nov 2017 13:53:31 +1100
Subject: Re: [MT-AU Public] 4G WAN failover question
Hi Ben,
We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP devices,
the Mikrotik creates an LTE interface once the modem is inserted into the
USB port, you set the APN within the LTE interface.
Once that's connected you then configure a DHCP client on the Mikrotik on
the LTE interface and you get a public IP.
Some caveats:
- You do need to change the mode of the modem, this can be done with the
Netgear utility easily, they are a netgear unit basically.
- You need to use a 4G SIM from Telstra, prepaid or postpaid should work,
however if you want the APN with the public IP you need postpaid and need
to request that the SIM be setup with the telstra.extranet APN
Apart from that it's pretty easy.
We occasionally have the modem drop, we have a script on the Mikrotik which
checks connectivity and if it drops it does a USB power cycle which brings
it back up most of the time.
It's really not hard, and it works well.
If you want to go with Optus but without a public IP you can get the $19
dongle from Office Works, it works in the Mikrotik without any real
changes, but no public IP, fine if you can VPN out to something to use to
get back in.
Regards
Paul
-----Original Message-----
From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben
Jackson - ELOGIK
Sent: Thursday, 23 November 2017 11:10 AM
To: Jason Hecker; MikroTik Australia Public List
Subject: Re: [MT-AU Public] 4G WAN failover question
Thanks for the pointers everyone. There seem to be a number of factors at
play here:
1) Most of the LTE USB modems you can purchase have some kind of "router on
a stick" built in which provides a firewalled, DHCP assigned private IP on
the LAN side in the normal ranges of 192.168.x.x or 10.x.x.x. In Huawei's
case this is known as "HiLink mode".
2) In addition to this, depending on which provider they are bought from,
these modems / dongles are flashed with an ISP-specific firmware which
further locks down the device to stop certain features being exposed to
the device's web-interface. This makes it tricky to change things such as
the APN settings.
3) The above types of device (i've been mainly concerned with the Huawei
E3372 since that's the one my router has support for) can apparently be
re-flashed with custom firmware which allows HiLink mode to be switched off
(see here:
http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-lte-
stick-from-hilink-to-stick-mode/)
this will apparently allow the "public" IP to be assigned directly to the
device connected to the USB port and avoids the pesky double NAT situation.
4) The reason I say "public" in quotes above is because even if you manage
to pass this address through, quite often the address itself is not a true
public IP as it is behind carrier NAT and you are back to square 1.
For those interested, here are the options I'm exploring:
1) Getting a sierra 320U unlocked from ebay which can be used in "stick
mode" without NAT or DHCP enabled and purchasing a SIM plan from either
M2MOne or URL networks which has a "true" public IP (with all the public
health and DDOS warnings this entails!)
2) Buying an LTE router such as:
Dovado Tiny
MikroTik SXT LTE
Netgear (I know!) LB1111
TP-Link MR6400
and then using the same sim card as above. From the research I've done,
these devices have a "passthrough" or bridge mode which will present the
LTE public IP directly to my main router, albeit via an RJ45 / ethernet
connection.
Ben
*BEN JACKSON*
Director
*M *0404 924745
*E* ben(a)elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) <
jason(a)upandrunningtech.com.au> wrote:
> Oh I see, OK, sounds like you need something that will do a PPP
> session which some 4G cards will let you do if you put them into
> serial mode like the Telit LE910 (which I have tried) or the Sierra
modules.
>
> If you end up with a static or dynamic public IP you can cname the
> dynamic DNS Mikrotik provides in the router's ip->cloud settings and
> set the timeout to 60, so you could get at it like
> bighonchoclient1.elogik.net for example.
>
> I kicked the idea around but never tried buying a cheap VPS with a
> static IP and having the 4G based Mikrotik VPN into it, then on the
> VPS port forward any ports to services behind the 4G device.
>
> On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben(a)elogik.net> wrote:
>
>> Hi Jason,
>>
>> OK, I didn't phrase my question very well, what I need is a dongle
>> or
> card
>> that doesn't provide an extra layer of NAT (as many do) and run an
> internal
>> DHCP sever so that the routers cellular interface ends up with an IP
>> address like 192.168.x.x but instead passes the public IP directly.
>> This
> is
>> so I don't end up with a double NAT situation (kind of the
>> equivalent of bridge mode for a DSL modem) and I can access
>> resources (like security systems etc) behind the public IP by
>> configuring the main firewall /
> router
>> accordingly.
>>
>> Ben
>>
>> *BEN JACKSON*
>> Director
>>
>> *M *0404 924745
>> *E* ben(a)elogik.com.au
>> *W* elogik.com.au <http://www.elogik.com.au/>
>> <http://www.elogik.com.au>
>>
>>
>> On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech) <
>> jason(a)upandrunningtech.com.au> wrote:
>>
>>> What if you had those routers phone home to a VPN server in your
>>> office over 4G? They'd always be in easy reach on private subnet
>>> on your LAN
> and
>>> you wouldn't need to worry about public or static IPs for your 4G
> widget.
>>>
>>> I noticed Duxtel configured devices I have bought have a PPTP
>>> client set up so if you activate it then Duxtel can peer into the
>>> device and assist
> with
>>> any issues.
>>>
>>> On 22 November 2017 at 13:46, Ben Jackson - ELOGIK <ben(a)elogik.net>
>>> wrote:
>>>
>>>> Does anyone have any advice on a) a decent 4g service that
>>>> provides a publicly accessible IP address that ports can be
>>>> forwarded through as
>>> well
>>>> as how to get hold of an unlocked USB dongle which will support
>>>> the
> SIM
>>> /
>>>> service?
>>>>
>>>> Or even a provider that provides this on one of their business plans?
>>>>
>>>> If it can be a prepaid plan even better.
>>>>
>>>> I'm looking to use said device as 4G failover on a meraki mx64
> security
>>>> appliance and calling the usual suspects (Optus, telstra) is
>>>> giving
> me a
>>>> headache.
>>>>
>>>> Any advice on what others have done in this scenario would be
>>>> most appreciated.
>>>>
>>>> Best regards,
>>>>
>>>> Ben Jackson
>>>> eLogik
>>>>
>>>> (Sent from my mobile device)
>>>> _______________________________________________
>>>> Public mailing list
>>>> Public(a)talk.mikrotik.com.au
>>>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik
>>> rotik.com.au
>>>>
>>>
>>>
>>>
>>> --
>>> <https://www.upandrunningtech.com.au>
>>> _______________________________________________
>>> Public mailing list
>>> Public(a)talk.mikrotik.com.au
>>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.
> mikrotik.com.au
>>>
>>
>>
>
>
> --
> <https://www.upandrunningtech.com.au>
> _______________________________________________
> Public mailing list
> Public(a)talk.mikrotik.com.au
> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
> au
>
_______________________________________________
Public mailing list
Public(a)talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
---------- Forwarded message ----------
From: Ben Jackson - ELOGIK <ben(a)elogik.net>
To: MikroTik Australia Public List <public(a)talk.mikrotik.com.au>
Cc:
Bcc:
Date: Thu, 23 Nov 2017 17:38:16 +1100
Subject: Re: [MT-AU Public] 4G WAN failover question
Great info Paul - thanks for this. I think with all this in mind I'll be
able to tailor a solution
Thanks again for everyone's input.
*BEN JACKSON*
Director
*M *0404 924745
*E* ben(a)elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/>
<http://www.elogik.com.au>
On Thu, Nov 23, 2017 at 1:53 PM, Paul Julian <paul(a)oxygennetworks.com.au>
wrote:
> Hi Ben,
>
> We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP
> devices, the Mikrotik creates an LTE interface once the modem is inserted
> into the USB port, you set the APN within the LTE interface.
> Once that's connected you then configure a DHCP client on the Mikrotik on
> the LTE interface and you get a public IP.
>
> Some caveats:
> - You do need to change the mode of the modem, this can be done with the
> Netgear utility easily, they are a netgear unit basically.
> - You need to use a 4G SIM from Telstra, prepaid or postpaid should work,
> however if you want the APN with the public IP you need postpaid and need
> to request that the SIM be setup with the telstra.extranet APN
>
> Apart from that it's pretty easy.
>
> We occasionally have the modem drop, we have a script on the Mikrotik
> which checks connectivity and if it drops it does a USB power cycle which
> brings it back up most of the time.
>
> It's really not hard, and it works well.
>
> If you want to go with Optus but without a public IP you can get the $19
> dongle from Office Works, it works in the Mikrotik without any real
> changes, but no public IP, fine if you can VPN out to something to use to
> get back in.
>
> Regards
> Paul
>
>
> -----Original Message-----
> From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of
> Ben Jackson - ELOGIK
> Sent: Thursday, 23 November 2017 11:10 AM
> To: Jason Hecker; MikroTik Australia Public List
> Subject: Re: [MT-AU Public] 4G WAN failover question
>
> Thanks for the pointers everyone. There seem to be a number of factors at
> play here:
>
> 1) Most of the LTE USB modems you can purchase have some kind of "router
> on a stick" built in which provides a firewalled, DHCP assigned private IP
> on the LAN side in the normal ranges of 192.168.x.x or 10.x.x.x. In
> Huawei's case this is known as "HiLink mode".
> 2) In addition to this, depending on which provider they are bought from,
> these modems / dongles are flashed with an ISP-specific firmware which
> further locks down the device to stop certain features being exposed to
> the device's web-interface. This makes it tricky to change things such as
> the APN settings.
> 3) The above types of device (i've been mainly concerned with the Huawei
> E3372 since that's the one my router has support for) can apparently be
> re-flashed with custom firmware which allows HiLink mode to be switched
off
> (see here:
> http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-
> lte-stick-from-hilink-to-stick-mode/)
> this will apparently allow the "public" IP to be assigned directly to the
> device connected to the USB port and avoids the pesky double NAT
situation.
> 4) The reason I say "public" in quotes above is because even if you manage
> to pass this address through, quite often the address itself is not a true
> public IP as it is behind carrier NAT and you are back to square 1.
>
> For those interested, here are the options I'm exploring:
>
> 1) Getting a sierra 320U unlocked from ebay which can be used in "stick
> mode" without NAT or DHCP enabled and purchasing a SIM plan from either
> M2MOne or URL networks which has a "true" public IP (with all the public
> health and DDOS warnings this entails!)
> 2) Buying an LTE router such as:
>
> Dovado Tiny
> MikroTik SXT LTE
> Netgear (I know!) LB1111
> TP-Link MR6400
>
> and then using the same sim card as above. From the research I've done,
> these devices have a "passthrough" or bridge mode which will present the
> LTE public IP directly to my main router, albeit via an RJ45 / ethernet
> connection.
>
> Ben
>
> *BEN JACKSON*
> Director
>
> *M *0404 924745
> *E* ben(a)elogik.com.au
> *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
>
>
> On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) <
> jason(a)upandrunningtech.com.au> wrote:
>
>> Oh I see, OK, sounds like you need something that will do a PPP
>> session which some 4G cards will let you do if you put them into
>> serial mode like the Telit LE910 (which I have tried) or the Sierra
> modules.
>>
>> If you end up with a static or dynamic public IP you can cname the
>> dynamic DNS Mikrotik provides in the router's ip->cloud settings and
>> set the timeout to 60, so you could get at it like
>> bighonchoclient1.elogik.net for example.
>>
>> I kicked the idea around but never tried buying a cheap VPS with a
>> static IP and having the 4G based Mikrotik VPN into it, then on the
>> VPS port forward any ports to services behind the 4G device.
>>
>> On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben(a)elogik.net>
> wrote:
>>
>>> Hi Jason,
>>>
>>> OK, I didn't phrase my question very well, what I need is a dongle
>>> or
>> card
>>> that doesn't provide an extra layer of NAT (as many do) and run an
>> internal
>>> DHCP sever so that the routers cellular interface ends up with an IP
>>> address like 192.168.x.x but instead passes the public IP directly.
>>> This
>> is
>>> so I don't end up with a double NAT situation (kind of the
>>> equivalent of bridge mode for a DSL modem) and I can access
>>> resources (like security systems etc) behind the public IP by
>>> configuring the main firewall /
>> router
>>> accordingly.
>>>
>>> Ben
>>>
>>> *BEN JACKSON*
>>> Director
>>>
>>> *M *0404 924745
>>> *E* ben(a)elogik.com.au
>>> *W* elogik.com.au <http://www.elogik.com.au/>
>>> <http://www.elogik.com.au>
>>>
>>>
>>> On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech) <
>>> jason(a)upandrunningtech.com.au> wrote:
>>>
>>>> What if you had those routers phone home to a VPN server in your
>>>> office over 4G? They'd always be in easy reach on private subnet
>>>> on your LAN
>> and
>>>> you wouldn't need to worry about public or static IPs for your 4G
>> widget.
>>>>
>>>> I noticed Duxtel configured devices I have bought have a PPTP
>>>> client set up so if you activate it then Duxtel can peer into the
>>>> device and assist
>> with
>>>> any issues.
>>>>
>>>> On 22 November 2017 at 13:46, Ben Jackson - ELOGIK <ben(a)elogik.net>
>>>> wrote:
>>>>
>>>>> Does anyone have any advice on a) a decent 4g service that
>>>>> provides a publicly accessible IP address that ports can be
>>>>> forwarded through as
>>>> well
>>>>> as how to get hold of an unlocked USB dongle which will support
>>>>> the
>> SIM
>>>> /
>>>>> service?
>>>>>
>>>>> Or even a provider that provides this on one of their business
> plans?
>>>>>
>>>>> If it can be a prepaid plan even better.
>>>>>
>>>>> I'm looking to use said device as 4G failover on a meraki mx64
>> security
>>>>> appliance and calling the usual suspects (Optus, telstra) is
>>>>> giving
>> me a
>>>>> headache.
>>>>>
>>>>> Any advice on what others have done in this scenario would be
>>>>> most appreciated.
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Ben Jackson
>>>>> eLogik
>>>>>
>>>>> (Sent from my mobile device)
>>>>> _______________________________________________
>>>>> Public mailing list
>>>>> Public(a)talk.mikrotik.com.au
>>>>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik
>>>> rotik.com.au
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> <https://www.upandrunningtech.com.au>
>>>> _______________________________________________
>>>> Public mailing list
>>>> Public(a)talk.mikrotik.com.au
>>>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.
>> mikrotik.com.au
>>>>
>>>
>>>
>>
>>
>> --
>> <https://www.upandrunningtech.com.au>
>> _______________________________________________
>> Public mailing list
>> Public(a)talk.mikrotik.com.au
>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
>> au
>>
> _______________________________________________
> Public mailing list
> Public(a)talk.mikrotik.com.au
> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
>
>
> _______________________________________________
> Public mailing list
> Public(a)talk.mikrotik.com.au
> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
>
---------- Forwarded message ----------
From: Paul Julian <paul(a)oxygennetworks.com.au>
To: "'MikroTik Australia Public List'" <public(a)talk.mikrotik.com.au>
Cc:
Bcc:
Date: Thu, 23 Nov 2017 17:42:31 +1100
Subject: Re: [MT-AU Public] 4G WAN failover question
No problem, good luck.
Regards
Paul
-----Original Message-----
From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben
Jackson - ELOGIK
Sent: Thursday, 23 November 2017 5:38 PM
To: MikroTik Australia Public List
Subject: Re: [MT-AU Public] 4G WAN failover question
Great info Paul - thanks for this. I think with all this in mind I'll be
able to tailor a solution
Thanks again for everyone's input.
*BEN JACKSON*
Director
*M *0404 924745
*E* ben(a)elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Thu, Nov 23, 2017 at 1:53 PM, Paul Julian <paul(a)oxygennetworks.com.au>
wrote:
> Hi Ben,
>
> We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP
> devices, the Mikrotik creates an LTE interface once the modem is
> inserted into the USB port, you set the APN within the LTE interface.
> Once that's connected you then configure a DHCP client on the Mikrotik
> on the LTE interface and you get a public IP.
>
> Some caveats:
> - You do need to change the mode of the modem, this can be done with
> the Netgear utility easily, they are a netgear unit basically.
> - You need to use a 4G SIM from Telstra, prepaid or postpaid should
> work, however if you want the APN with the public IP you need postpaid
> and need to request that the SIM be setup with the telstra.extranet
> APN
>
> Apart from that it's pretty easy.
>
> We occasionally have the modem drop, we have a script on the Mikrotik
> which checks connectivity and if it drops it does a USB power cycle
> which brings it back up most of the time.
>
> It's really not hard, and it works well.
>
> If you want to go with Optus but without a public IP you can get the
> $19 dongle from Office Works, it works in the Mikrotik without any
> real changes, but no public IP, fine if you can VPN out to something
> to use to get back in.
>
> Regards
> Paul
>
>
> -----Original Message-----
> From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of
> Ben Jackson - ELOGIK
> Sent: Thursday, 23 November 2017 11:10 AM
> To: Jason Hecker; MikroTik Australia Public List
> Subject: Re: [MT-AU Public] 4G WAN failover question
>
> Thanks for the pointers everyone. There seem to be a number of
> factors at play here:
>
> 1) Most of the LTE USB modems you can purchase have some kind of
> "router on a stick" built in which provides a firewalled, DHCP
> assigned private IP on the LAN side in the normal ranges of
> 192.168.x.x or 10.x.x.x. In Huawei's case this is known as "HiLink mode".
> 2) In addition to this, depending on which provider they are bought
> from, these modems / dongles are flashed with an ISP-specific firmware
> which further locks down the device to stop certain features being
> exposed to the device's web-interface. This makes it tricky to change
> things such as the APN settings.
> 3) The above types of device (i've been mainly concerned with the
> Huawei
> E3372 since that's the one my router has support for) can apparently
> be re-flashed with custom firmware which allows HiLink mode to be
> switched off (see here:
> http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-
> lte-stick-from-hilink-to-stick-mode/)
> this will apparently allow the "public" IP to be assigned directly to
> the device connected to the USB port and avoids the pesky double NAT
situation.
> 4) The reason I say "public" in quotes above is because even if you
> manage to pass this address through, quite often the address itself is
> not a true public IP as it is behind carrier NAT and you are back to
square 1.
>
> For those interested, here are the options I'm exploring:
>
> 1) Getting a sierra 320U unlocked from ebay which can be used in
> "stick mode" without NAT or DHCP enabled and purchasing a SIM plan
> from either M2MOne or URL networks which has a "true" public IP (with
> all the public health and DDOS warnings this entails!)
> 2) Buying an LTE router such as:
>
> Dovado Tiny
> MikroTik SXT LTE
> Netgear (I know!) LB1111
> TP-Link MR6400
>
> and then using the same sim card as above. From the research I've
> done, these devices have a "passthrough" or bridge mode which will
> present the LTE public IP directly to my main router, albeit via an
> RJ45 / ethernet connection.
>
> Ben
>
> *BEN JACKSON*
> Director
>
> *M *0404 924745
> *E* ben(a)elogik.com.au
> *W* elogik.com.au <http://www.elogik.com.au/>
> <http://www.elogik.com.au>
>
>
> On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) <
> jason(a)upandrunningtech.com.au> wrote:
>
>> Oh I see, OK, sounds like you need something that will do a PPP
>> session which some 4G cards will let you do if you put them into
>> serial mode like the Telit LE910 (which I have tried) or the Sierra
> modules.
>>
>> If you end up with a static or dynamic public IP you can cname the
>> dynamic DNS Mikrotik provides in the router's ip->cloud settings and
>> set the timeout to 60, so you could get at it like
>> bighonchoclient1.elogik.net for example.
>>
>> I kicked the idea around but never tried buying a cheap VPS with a
>> static IP and having the 4G based Mikrotik VPN into it, then on the
>> VPS port forward any ports to services behind the 4G device.
>>
>> On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben(a)elogik.net>
> wrote:
>>
>>> Hi Jason,
>>>
>>> OK, I didn't phrase my question very well, what I need is a dongle
>>> or
>> card
>>> that doesn't provide an extra layer of NAT (as many do) and run an
>> internal
>>> DHCP sever so that the routers cellular interface ends up with an
>>> IP address like 192.168.x.x but instead passes the public IP directly.
>>> This
>> is
>>> so I don't end up with a double NAT situation (kind of the
>>> equivalent of bridge mode for a DSL modem) and I can access
>>> resources (like security systems etc) behind the public IP by
>>> configuring the main firewall /
>> router
>>> accordingly.
>>>
>>> Ben
>>>
>>> *BEN JACKSON*
>>> Director
>>>
>>> *M *0404 924745
>>> *E* ben(a)elogik.com.au
>>> *W* elogik.com.au <http://www.elogik.com.au/>
>>> <http://www.elogik.com.au>
>>>
>>>
>>> On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech)
>>> < jason(a)upandrunningtech.com.au> wrote:
>>>
>>>> What if you had those routers phone home to a VPN server in your
>>>> office over 4G? They'd always be in easy reach on private subnet
>>>> on your LAN
>> and
>>>> you wouldn't need to worry about public or static IPs for your 4G
>> widget.
>>>>
>>>> I noticed Duxtel configured devices I have bought have a PPTP
>>>> client set up so if you activate it then Duxtel can peer into the
>>>> device and assist
>> with
>>>> any issues.
>>>>
>>>> On 22 November 2017 at 13:46, Ben Jackson - ELOGIK
>>>> <ben(a)elogik.net>
>>>> wrote:
>>>>
>>>>> Does anyone have any advice on a) a decent 4g service that
>>>>> provides a publicly accessible IP address that ports can be
>>>>> forwarded through as
>>>> well
>>>>> as how to get hold of an unlocked USB dongle which will support
>>>>> the
>> SIM
>>>> /
>>>>> service?
>>>>>
>>>>> Or even a provider that provides this on one of their business
> plans?
>>>>>
>>>>> If it can be a prepaid plan even better.
>>>>>
>>>>> I'm looking to use said device as 4G failover on a meraki mx64
>> security
>>>>> appliance and calling the usual suspects (Optus, telstra) is
>>>>> giving
>> me a
>>>>> headache.
>>>>>
>>>>> Any advice on what others have done in this scenario would be
>>>>> most appreciated.
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Ben Jackson
>>>>> eLogik
>>>>>
>>>>> (Sent from my mobile device)
>>>>> _______________________________________________
>>>>> Public mailing list
>>>>> Public(a)talk.mikrotik.com.au
>>>>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik
>>>> rotik.com.au
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> <https://www.upandrunningtech.com.au>
>>>> _______________________________________________
>>>> Public mailing list
>>>> Public(a)talk.mikrotik.com.au
>>>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.
>> mikrotik.com.au
>>>>
>>>
>>>
>>
>>
>> --
>> <https://www.upandrunningtech.com.au>
>> _______________________________________________
>> Public mailing list
>> Public(a)talk.mikrotik.com.au
>> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
>> au
>>
> _______________________________________________
> Public mailing list
> Public(a)talk.mikrotik.com.au
> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
> au
>
>
> _______________________________________________
> Public mailing list
> Public(a)talk.mikrotik.com.au
> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
> au
>
_______________________________________________
Public mailing list
Public(a)talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________
Public mailing list
Public(a)talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
------------------------------
Subject: Digest Footer
_______________________________________________
Public mailing list
Public(a)talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
------------------------------
End of Public Digest, Vol 45, Issue 6
*************************************
1
0
I have had pretty good luck using a mikrotik router with a miniPCIe
interface (eg. RB911) and a 3G/4G card such as the ones Sierra Wireless
make. There is a list of compatible cards in the mikrotik wiki somewhere.
It would be a neat solution, no messy USB dongles flapping around. Duxtel
have all the kit of course.
I also highly recommend using m2mone. They can set you up with whatever you
need and it's painless and very cost effective.
On 23 Nov. 2017 2:42 pm, <public-request(a)talk.mikrotik.com.au> wrote:
Send Public mailing list submissions to
public(a)talk.mikrotik.com.au
To subscribe or unsubscribe via the World Wide Web, visit
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik
rotik.com.au
or, via email, send a message with subject or body 'help' to
public-request(a)talk.mikrotik.com.au
You can reach the person managing the list at
public-owner(a)talk.mikrotik.com.au
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Public digest..."
Today's Topics:
1. Re: 4G WAN failover question (Paul Julian)
2. Re: 4G WAN failover question (Ben Jackson - ELOGIK)
3. Re: 4G WAN failover question (Paul Julian)
---------- Forwarded message ----------
From: Paul Julian <paul(a)oxygennetworks.com.au>
To: "'MikroTik Australia Public List'" <public(a)talk.mikrotik.com.au>
Cc:
Bcc:
Date: Thu, 23 Nov 2017 13:53:31 +1100
Subject: Re: [MT-AU Public] 4G WAN failover question
Hi Ben,
We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP devices,
the Mikrotik creates an LTE interface once the modem is inserted into the
USB port, you set the APN within the LTE interface.
Once that's connected you then configure a DHCP client on the Mikrotik on
the LTE interface and you get a public IP.
Some caveats:
- You do need to change the mode of the modem, this can be done with the
Netgear utility easily, they are a netgear unit basically.
- You need to use a 4G SIM from Telstra, prepaid or postpaid should work,
however if you want the APN with the public IP you need postpaid and need
to request that the SIM be setup with the telstra.extranet APN
Apart from that it's pretty easy.
We occasionally have the modem drop, we have a script on the Mikrotik which
checks connectivity and if it drops it does a USB power cycle which brings
it back up most of the time.
It's really not hard, and it works well.
If you want to go with Optus but without a public IP you can get the $19
dongle from Office Works, it works in the Mikrotik without any real
changes, but no public IP, fine if you can VPN out to something to use to
get back in.
Regards
Paul
-----Original Message-----
From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben
Jackson - ELOGIK
Sent: Thursday, 23 November 2017 11:10 AM
To: Jason Hecker; MikroTik Australia Public List
Subject: Re: [MT-AU Public] 4G WAN failover question
Thanks for the pointers everyone. There seem to be a number of factors at
play here:
1) Most of the LTE USB modems you can purchase have some kind of "router on
a stick" built in which provides a firewalled, DHCP assigned private IP on
the LAN side in the normal ranges of 192.168.x.x or 10.x.x.x. In Huawei's
case this is known as "HiLink mode".
2) In addition to this, depending on which provider they are bought from,
these modems / dongles are flashed with an ISP-specific firmware which
further locks down the device to stop certain features being exposed to
the device's web-interface. This makes it tricky to change things such as
the APN settings.
3) The above types of device (i've been mainly concerned with the Huawei
E3372 since that's the one my router has support for) can apparently be
re-flashed with custom firmware which allows HiLink mode to be switched off
(see here:
http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-lte-
stick-from-hilink-to-stick-mode/)
this will apparently allow the "public" IP to be assigned directly to the
device connected to the USB port and avoids the pesky double NAT situation.
4) The reason I say "public" in quotes above is because even if you manage
to pass this address through, quite often the address itself is not a true
public IP as it is behind carrier NAT and you are back to square 1.
For those interested, here are the options I'm exploring:
1) Getting a sierra 320U unlocked from ebay which can be used in "stick
mode" without NAT or DHCP enabled and purchasing a SIM plan from either
M2MOne or URL networks which has a "true" public IP (with all the public
health and DDOS warnings this entails!)
2) Buying an LTE router such as:
Dovado Tiny
MikroTik SXT LTE
Netgear (I know!) LB1111
TP-Link MR6400
and then using the same sim card as above. From the research I've done,
these devices have a "passthrough" or bridge mode which will present the
LTE public IP directly to my main router, albeit via an RJ45 / ethernet
connection.
Ben
*BEN JACKSON*
Director
*M *0404 924745
*E* ben(a)elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) <
jason(a)upandrunningtech.com.au> wrote:
> Oh I see, OK, sounds like you need something that will do a PPP
> session which some 4G cards will let you do if you put them into
> serial mode like the Telit LE910 (which I have tried) or the Sierra
modules.
>
> If you end up with a static or dynamic public IP you can cname the
> dynamic DNS Mikrotik provides in the router's ip->cloud settings and
> set the timeout to 60, so you could get at it like
> bighonchoclient1.elogik.net for example.
>
> I kicked the idea around but never tried buying a cheap VPS with a
> static IP and having the 4G based Mikrotik VPN into it, then on the
> VPS port forward any ports to services behind the 4G device.
>
> On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben(a)elogik.net> wrote:
>
> > Hi Jason,
> >
> > OK, I didn't phrase my question very well, what I need is a dongle
> > or
> card
> > that doesn't provide an extra layer of NAT (as many do) and run an
> internal
> > DHCP sever so that the routers cellular interface ends up with an IP
> > address like 192.168.x.x but instead passes the public IP directly.
> > This
> is
> > so I don't end up with a double NAT situation (kind of the
> > equivalent of bridge mode for a DSL modem) and I can access
> > resources (like security systems etc) behind the public IP by
> > configuring the main firewall /
> router
> > accordingly.
> >
> > Ben
> >
> > *BEN JACKSON*
> > Director
> >
> > *M *0404 924745
> > *E* ben(a)elogik.com.au
> > *W* elogik.com.au <http://www.elogik.com.au/>
> > <http://www.elogik.com.au>
> >
> >
> > On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech) <
> > jason(a)upandrunningtech.com.au> wrote:
> >
> >> What if you had those routers phone home to a VPN server in your
> >> office over 4G? They'd always be in easy reach on private subnet
> >> on your LAN
> and
> >> you wouldn't need to worry about public or static IPs for your 4G
> widget.
> >>
> >> I noticed Duxtel configured devices I have bought have a PPTP
> >> client set up so if you activate it then Duxtel can peer into the
> >> device and assist
> with
> >> any issues.
> >>
> >> On 22 November 2017 at 13:46, Ben Jackson - ELOGIK <ben(a)elogik.net>
> >> wrote:
> >>
> >> > Does anyone have any advice on a) a decent 4g service that
> >> > provides a publicly accessible IP address that ports can be
> >> > forwarded through as
> >> well
> >> > as how to get hold of an unlocked USB dongle which will support
> >> > the
> SIM
> >> /
> >> > service?
> >> >
> >> > Or even a provider that provides this on one of their business plans?
> >> >
> >> > If it can be a prepaid plan even better.
> >> >
> >> > I'm looking to use said device as 4G failover on a meraki mx64
> security
> >> > appliance and calling the usual suspects (Optus, telstra) is
> >> > giving
> me a
> >> > headache.
> >> >
> >> > Any advice on what others have done in this scenario would be
> >> > most appreciated.
> >> >
> >> > Best regards,
> >> >
> >> > Ben Jackson
> >> > eLogik
> >> >
> >> > (Sent from my mobile device)
> >> > _______________________________________________
> >> > Public mailing list
> >> > Public(a)talk.mikrotik.com.au
> >> > http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik
> >> rotik.com.au
> >> >
> >>
> >>
> >>
> >> --
> >> <https://www.upandrunningtech.com.au>
> >> _______________________________________________
> >> Public mailing list
> >> Public(a)talk.mikrotik.com.au
> >> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.
> mikrotik.com.au
> >>
> >
> >
>
>
> --
> <https://www.upandrunningtech.com.au>
> _______________________________________________
> Public mailing list
> Public(a)talk.mikrotik.com.au
> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
> au
>
_______________________________________________
Public mailing list
Public(a)talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
---------- Forwarded message ----------
From: Ben Jackson - ELOGIK <ben(a)elogik.net>
To: MikroTik Australia Public List <public(a)talk.mikrotik.com.au>
Cc:
Bcc:
Date: Thu, 23 Nov 2017 17:38:16 +1100
Subject: Re: [MT-AU Public] 4G WAN failover question
Great info Paul - thanks for this. I think with all this in mind I'll be
able to tailor a solution
Thanks again for everyone's input.
*BEN JACKSON*
Director
*M *0404 924745
*E* ben(a)elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/>
<http://www.elogik.com.au>
On Thu, Nov 23, 2017 at 1:53 PM, Paul Julian <paul(a)oxygennetworks.com.au>
wrote:
> Hi Ben,
>
> We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP
> devices, the Mikrotik creates an LTE interface once the modem is inserted
> into the USB port, you set the APN within the LTE interface.
> Once that's connected you then configure a DHCP client on the Mikrotik on
> the LTE interface and you get a public IP.
>
> Some caveats:
> - You do need to change the mode of the modem, this can be done with the
> Netgear utility easily, they are a netgear unit basically.
> - You need to use a 4G SIM from Telstra, prepaid or postpaid should work,
> however if you want the APN with the public IP you need postpaid and need
> to request that the SIM be setup with the telstra.extranet APN
>
> Apart from that it's pretty easy.
>
> We occasionally have the modem drop, we have a script on the Mikrotik
> which checks connectivity and if it drops it does a USB power cycle which
> brings it back up most of the time.
>
> It's really not hard, and it works well.
>
> If you want to go with Optus but without a public IP you can get the $19
> dongle from Office Works, it works in the Mikrotik without any real
> changes, but no public IP, fine if you can VPN out to something to use to
> get back in.
>
> Regards
> Paul
>
>
> -----Original Message-----
> From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of
> Ben Jackson - ELOGIK
> Sent: Thursday, 23 November 2017 11:10 AM
> To: Jason Hecker; MikroTik Australia Public List
> Subject: Re: [MT-AU Public] 4G WAN failover question
>
> Thanks for the pointers everyone. There seem to be a number of factors at
> play here:
>
> 1) Most of the LTE USB modems you can purchase have some kind of "router
> on a stick" built in which provides a firewalled, DHCP assigned private IP
> on the LAN side in the normal ranges of 192.168.x.x or 10.x.x.x. In
> Huawei's case this is known as "HiLink mode".
> 2) In addition to this, depending on which provider they are bought from,
> these modems / dongles are flashed with an ISP-specific firmware which
> further locks down the device to stop certain features being exposed to
> the device's web-interface. This makes it tricky to change things such as
> the APN settings.
> 3) The above types of device (i've been mainly concerned with the Huawei
> E3372 since that's the one my router has support for) can apparently be
> re-flashed with custom firmware which allows HiLink mode to be switched
off
> (see here:
> http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-
> lte-stick-from-hilink-to-stick-mode/)
> this will apparently allow the "public" IP to be assigned directly to the
> device connected to the USB port and avoids the pesky double NAT
situation.
> 4) The reason I say "public" in quotes above is because even if you manage
> to pass this address through, quite often the address itself is not a true
> public IP as it is behind carrier NAT and you are back to square 1.
>
> For those interested, here are the options I'm exploring:
>
> 1) Getting a sierra 320U unlocked from ebay which can be used in "stick
> mode" without NAT or DHCP enabled and purchasing a SIM plan from either
> M2MOne or URL networks which has a "true" public IP (with all the public
> health and DDOS warnings this entails!)
> 2) Buying an LTE router such as:
>
> Dovado Tiny
> MikroTik SXT LTE
> Netgear (I know!) LB1111
> TP-Link MR6400
>
> and then using the same sim card as above. From the research I've done,
> these devices have a "passthrough" or bridge mode which will present the
> LTE public IP directly to my main router, albeit via an RJ45 / ethernet
> connection.
>
> Ben
>
> *BEN JACKSON*
> Director
>
> *M *0404 924745
> *E* ben(a)elogik.com.au
> *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
>
>
> On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) <
> jason(a)upandrunningtech.com.au> wrote:
>
> > Oh I see, OK, sounds like you need something that will do a PPP
> > session which some 4G cards will let you do if you put them into
> > serial mode like the Telit LE910 (which I have tried) or the Sierra
> modules.
> >
> > If you end up with a static or dynamic public IP you can cname the
> > dynamic DNS Mikrotik provides in the router's ip->cloud settings and
> > set the timeout to 60, so you could get at it like
> > bighonchoclient1.elogik.net for example.
> >
> > I kicked the idea around but never tried buying a cheap VPS with a
> > static IP and having the 4G based Mikrotik VPN into it, then on the
> > VPS port forward any ports to services behind the 4G device.
> >
> > On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben(a)elogik.net>
> wrote:
> >
> > > Hi Jason,
> > >
> > > OK, I didn't phrase my question very well, what I need is a dongle
> > > or
> > card
> > > that doesn't provide an extra layer of NAT (as many do) and run an
> > internal
> > > DHCP sever so that the routers cellular interface ends up with an IP
> > > address like 192.168.x.x but instead passes the public IP directly.
> > > This
> > is
> > > so I don't end up with a double NAT situation (kind of the
> > > equivalent of bridge mode for a DSL modem) and I can access
> > > resources (like security systems etc) behind the public IP by
> > > configuring the main firewall /
> > router
> > > accordingly.
> > >
> > > Ben
> > >
> > > *BEN JACKSON*
> > > Director
> > >
> > > *M *0404 924745
> > > *E* ben(a)elogik.com.au
> > > *W* elogik.com.au <http://www.elogik.com.au/>
> > > <http://www.elogik.com.au>
> > >
> > >
> > > On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech) <
> > > jason(a)upandrunningtech.com.au> wrote:
> > >
> > >> What if you had those routers phone home to a VPN server in your
> > >> office over 4G? They'd always be in easy reach on private subnet
> > >> on your LAN
> > and
> > >> you wouldn't need to worry about public or static IPs for your 4G
> > widget.
> > >>
> > >> I noticed Duxtel configured devices I have bought have a PPTP
> > >> client set up so if you activate it then Duxtel can peer into the
> > >> device and assist
> > with
> > >> any issues.
> > >>
> > >> On 22 November 2017 at 13:46, Ben Jackson - ELOGIK <ben(a)elogik.net>
> > >> wrote:
> > >>
> > >> > Does anyone have any advice on a) a decent 4g service that
> > >> > provides a publicly accessible IP address that ports can be
> > >> > forwarded through as
> > >> well
> > >> > as how to get hold of an unlocked USB dongle which will support
> > >> > the
> > SIM
> > >> /
> > >> > service?
> > >> >
> > >> > Or even a provider that provides this on one of their business
> plans?
> > >> >
> > >> > If it can be a prepaid plan even better.
> > >> >
> > >> > I'm looking to use said device as 4G failover on a meraki mx64
> > security
> > >> > appliance and calling the usual suspects (Optus, telstra) is
> > >> > giving
> > me a
> > >> > headache.
> > >> >
> > >> > Any advice on what others have done in this scenario would be
> > >> > most appreciated.
> > >> >
> > >> > Best regards,
> > >> >
> > >> > Ben Jackson
> > >> > eLogik
> > >> >
> > >> > (Sent from my mobile device)
> > >> > _______________________________________________
> > >> > Public mailing list
> > >> > Public(a)talk.mikrotik.com.au
> > >> > http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik
> > >> rotik.com.au
> > >> >
> > >>
> > >>
> > >>
> > >> --
> > >> <https://www.upandrunningtech.com.au>
> > >> _______________________________________________
> > >> Public mailing list
> > >> Public(a)talk.mikrotik.com.au
> > >> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.
> > mikrotik.com.au
> > >>
> > >
> > >
> >
> >
> > --
> > <https://www.upandrunningtech.com.au>
> > _______________________________________________
> > Public mailing list
> > Public(a)talk.mikrotik.com.au
> > http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
> > au
> >
> _______________________________________________
> Public mailing list
> Public(a)talk.mikrotik.com.au
> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
>
>
> _______________________________________________
> Public mailing list
> Public(a)talk.mikrotik.com.au
> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
>
---------- Forwarded message ----------
From: Paul Julian <paul(a)oxygennetworks.com.au>
To: "'MikroTik Australia Public List'" <public(a)talk.mikrotik.com.au>
Cc:
Bcc:
Date: Thu, 23 Nov 2017 17:42:31 +1100
Subject: Re: [MT-AU Public] 4G WAN failover question
No problem, good luck.
Regards
Paul
-----Original Message-----
From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben
Jackson - ELOGIK
Sent: Thursday, 23 November 2017 5:38 PM
To: MikroTik Australia Public List
Subject: Re: [MT-AU Public] 4G WAN failover question
Great info Paul - thanks for this. I think with all this in mind I'll be
able to tailor a solution
Thanks again for everyone's input.
*BEN JACKSON*
Director
*M *0404 924745
*E* ben(a)elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Thu, Nov 23, 2017 at 1:53 PM, Paul Julian <paul(a)oxygennetworks.com.au>
wrote:
> Hi Ben,
>
> We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP
> devices, the Mikrotik creates an LTE interface once the modem is
> inserted into the USB port, you set the APN within the LTE interface.
> Once that's connected you then configure a DHCP client on the Mikrotik
> on the LTE interface and you get a public IP.
>
> Some caveats:
> - You do need to change the mode of the modem, this can be done with
> the Netgear utility easily, they are a netgear unit basically.
> - You need to use a 4G SIM from Telstra, prepaid or postpaid should
> work, however if you want the APN with the public IP you need postpaid
> and need to request that the SIM be setup with the telstra.extranet
> APN
>
> Apart from that it's pretty easy.
>
> We occasionally have the modem drop, we have a script on the Mikrotik
> which checks connectivity and if it drops it does a USB power cycle
> which brings it back up most of the time.
>
> It's really not hard, and it works well.
>
> If you want to go with Optus but without a public IP you can get the
> $19 dongle from Office Works, it works in the Mikrotik without any
> real changes, but no public IP, fine if you can VPN out to something
> to use to get back in.
>
> Regards
> Paul
>
>
> -----Original Message-----
> From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of
> Ben Jackson - ELOGIK
> Sent: Thursday, 23 November 2017 11:10 AM
> To: Jason Hecker; MikroTik Australia Public List
> Subject: Re: [MT-AU Public] 4G WAN failover question
>
> Thanks for the pointers everyone. There seem to be a number of
> factors at play here:
>
> 1) Most of the LTE USB modems you can purchase have some kind of
> "router on a stick" built in which provides a firewalled, DHCP
> assigned private IP on the LAN side in the normal ranges of
> 192.168.x.x or 10.x.x.x. In Huawei's case this is known as "HiLink mode".
> 2) In addition to this, depending on which provider they are bought
> from, these modems / dongles are flashed with an ISP-specific firmware
> which further locks down the device to stop certain features being
> exposed to the device's web-interface. This makes it tricky to change
> things such as the APN settings.
> 3) The above types of device (i've been mainly concerned with the
> Huawei
> E3372 since that's the one my router has support for) can apparently
> be re-flashed with custom firmware which allows HiLink mode to be
> switched off (see here:
> http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-
> lte-stick-from-hilink-to-stick-mode/)
> this will apparently allow the "public" IP to be assigned directly to
> the device connected to the USB port and avoids the pesky double NAT
situation.
> 4) The reason I say "public" in quotes above is because even if you
> manage to pass this address through, quite often the address itself is
> not a true public IP as it is behind carrier NAT and you are back to
square 1.
>
> For those interested, here are the options I'm exploring:
>
> 1) Getting a sierra 320U unlocked from ebay which can be used in
> "stick mode" without NAT or DHCP enabled and purchasing a SIM plan
> from either M2MOne or URL networks which has a "true" public IP (with
> all the public health and DDOS warnings this entails!)
> 2) Buying an LTE router such as:
>
> Dovado Tiny
> MikroTik SXT LTE
> Netgear (I know!) LB1111
> TP-Link MR6400
>
> and then using the same sim card as above. From the research I've
> done, these devices have a "passthrough" or bridge mode which will
> present the LTE public IP directly to my main router, albeit via an
> RJ45 / ethernet connection.
>
> Ben
>
> *BEN JACKSON*
> Director
>
> *M *0404 924745
> *E* ben(a)elogik.com.au
> *W* elogik.com.au <http://www.elogik.com.au/>
> <http://www.elogik.com.au>
>
>
> On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) <
> jason(a)upandrunningtech.com.au> wrote:
>
> > Oh I see, OK, sounds like you need something that will do a PPP
> > session which some 4G cards will let you do if you put them into
> > serial mode like the Telit LE910 (which I have tried) or the Sierra
> modules.
> >
> > If you end up with a static or dynamic public IP you can cname the
> > dynamic DNS Mikrotik provides in the router's ip->cloud settings and
> > set the timeout to 60, so you could get at it like
> > bighonchoclient1.elogik.net for example.
> >
> > I kicked the idea around but never tried buying a cheap VPS with a
> > static IP and having the 4G based Mikrotik VPN into it, then on the
> > VPS port forward any ports to services behind the 4G device.
> >
> > On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben(a)elogik.net>
> wrote:
> >
> > > Hi Jason,
> > >
> > > OK, I didn't phrase my question very well, what I need is a dongle
> > > or
> > card
> > > that doesn't provide an extra layer of NAT (as many do) and run an
> > internal
> > > DHCP sever so that the routers cellular interface ends up with an
> > > IP address like 192.168.x.x but instead passes the public IP directly.
> > > This
> > is
> > > so I don't end up with a double NAT situation (kind of the
> > > equivalent of bridge mode for a DSL modem) and I can access
> > > resources (like security systems etc) behind the public IP by
> > > configuring the main firewall /
> > router
> > > accordingly.
> > >
> > > Ben
> > >
> > > *BEN JACKSON*
> > > Director
> > >
> > > *M *0404 924745
> > > *E* ben(a)elogik.com.au
> > > *W* elogik.com.au <http://www.elogik.com.au/>
> > > <http://www.elogik.com.au>
> > >
> > >
> > > On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech)
> > > < jason(a)upandrunningtech.com.au> wrote:
> > >
> > >> What if you had those routers phone home to a VPN server in your
> > >> office over 4G? They'd always be in easy reach on private subnet
> > >> on your LAN
> > and
> > >> you wouldn't need to worry about public or static IPs for your 4G
> > widget.
> > >>
> > >> I noticed Duxtel configured devices I have bought have a PPTP
> > >> client set up so if you activate it then Duxtel can peer into the
> > >> device and assist
> > with
> > >> any issues.
> > >>
> > >> On 22 November 2017 at 13:46, Ben Jackson - ELOGIK
> > >> <ben(a)elogik.net>
> > >> wrote:
> > >>
> > >> > Does anyone have any advice on a) a decent 4g service that
> > >> > provides a publicly accessible IP address that ports can be
> > >> > forwarded through as
> > >> well
> > >> > as how to get hold of an unlocked USB dongle which will support
> > >> > the
> > SIM
> > >> /
> > >> > service?
> > >> >
> > >> > Or even a provider that provides this on one of their business
> plans?
> > >> >
> > >> > If it can be a prepaid plan even better.
> > >> >
> > >> > I'm looking to use said device as 4G failover on a meraki mx64
> > security
> > >> > appliance and calling the usual suspects (Optus, telstra) is
> > >> > giving
> > me a
> > >> > headache.
> > >> >
> > >> > Any advice on what others have done in this scenario would be
> > >> > most appreciated.
> > >> >
> > >> > Best regards,
> > >> >
> > >> > Ben Jackson
> > >> > eLogik
> > >> >
> > >> > (Sent from my mobile device)
> > >> > _______________________________________________
> > >> > Public mailing list
> > >> > Public(a)talk.mikrotik.com.au
> > >> > http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik
> > >> rotik.com.au
> > >> >
> > >>
> > >>
> > >>
> > >> --
> > >> <https://www.upandrunningtech.com.au>
> > >> _______________________________________________
> > >> Public mailing list
> > >> Public(a)talk.mikrotik.com.au
> > >> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.
> > mikrotik.com.au
> > >>
> > >
> > >
> >
> >
> > --
> > <https://www.upandrunningtech.com.au>
> > _______________________________________________
> > Public mailing list
> > Public(a)talk.mikrotik.com.au
> > http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
> > au
> >
> _______________________________________________
> Public mailing list
> Public(a)talk.mikrotik.com.au
> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
> au
>
>
> _______________________________________________
> Public mailing list
> Public(a)talk.mikrotik.com.au
> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
> au
>
_______________________________________________
Public mailing list
Public(a)talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________
Public mailing list
Public(a)talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
1
0