Draytek + routing

adamdavi3s

Well-known Member
Hi All,

This is giving me a literal headache.

I am trying to configure our network at our new home.

I am running DSL plus EE 4G (Mikrotik SXT6) into a draytek vigor (non WiFi) which then feeds our BT whole home. The Mikrotik is in bridge mode and the Draytek is set with a gateway IP of the Mikrotik

I’m trying to configure the draytek using the routing / load balancing policies.

My intended outcome is:

1- my virtual servers route down the DSL line (WAN1) done by directing their fixed IPs to WAN1- priority 1

2- everything else goes down WAN2 (4G) [at a later date I will fail this over to WAN1] priority 50

So I have my routes set up for the virtual servers fine, then I have a catch all route set up with ANY ANY in the source and a priority of 50.
For a while this seemed to work, until a device rebooted then it doesn't seem to be able to connect to the internet. If I pick this device and force it to WAN1 it works... I just can't work it out at all. E.g. iPhone works fine, then turn wifi on and off and it then fails to do anything.

If I kill WAN 1 and turn off all the routing, everything works fine.
 
Last edited:

brunation

Well-known Member
iPhone works fine, then turn wifi on and off and it then fails to do anything.
With everything working: what happens when the Draytek is rebooted?

Edit:

Which Draytek and firmware version?
 

adamdavi3s

Well-known Member
With everything working: what happens when the Draytek is rebooted?

Edit:

Which Draytek and firmware version?
Ok I have found the solution BUT my knowledge isn't sufficient enough to understand the real way to fix it.
Its down to the DNS, if I manually add the Mikrotik device's IP 192.168.88.1 as a DNS server then it works fine so I am guessing it is some config in that or in the Draytek which is clashing
Model NameVigor2862
Firmware Version3.9.2_BT

So I do have DCHP running on the Mikrotik even though it’s on bridge mode so that may be the issue, the Draytek is connecting to it over the fixed IP tab
 
Last edited:

brunation

Well-known Member
The Mikrotik is in bridge mode and the Draytek is set with a gateway IP of the Mikrotik
If the Mikrotik is in bridge mode then the Draytek router is the gateway device.
 

adamdavi3s

Well-known Member
If the Mikrotik is in bridge mode then the Draytek router is the gateway device.
yeah I remember the Mikrotik being a bit weird to set to bridge mode: the gui is a beast, so something isn’t playing correctly. adding the DNS to any devices which aren’t working, is working as a workaround for the moment weirdly some are fine and picking it up as a DNS server automatically
 

brunation

Well-known Member
adding the DNS to any devices which aren’t working, is working as a workaround for the moment
If not explicitly set the Draytek should get the DNS from the connection.

Don't use DHCP much but assume these devices should then get the DNS from the Draytek. For your WiFi devices you could explicitly set the DNS to the address of Draytek and see if that works.
 

brunation

Well-known Member
Telnet into the Draytek and use 'show dns'.

Edit:

show ?

that'll list what's visible. Of course, since it's in router mode the GUI should work too ....
 

adamdavi3s

Well-known Member
Cool thank you I’ll have a crack tomorrow and see what more I can find out

Mikrotik shows:
Dynamic Servers109.249.185.228
109.249.1

Draytek shows nothing static configured
 
Last edited:

adamdavi3s

Well-known Member
This is how the Draytek is connected to the Mikrotik.
I am not sure if they Mikrotik is actually running DHCP or not, I seem to be able to serve everything with their static IP from the Draytek and new devices appear to be getting their IP from the Draytek list but I can't be sure

1599641874442.png
 

adamdavi3s

Well-known Member
Ok so I totally disabled the DHCP on the Mikrotik but didn’t make any difference

edit ok it did mean I had to switch the Draytek config to manually select the Mikrotik IP rather than automatically getting it
 
Last edited:

brunation

Well-known Member
Can you post the screenshot of the PPPoE interface?

Can you confirm what the default IP address is for the Mikrotik i.e. if it's reset?
Can you confirm what the default IP address is for the Draytek i.e. if it's reset?

Can you confirm that that you can save and restore your working configs for the Mikrotik and Draytek? Things will break ....

Background stuff:
  1. When to put modem into bridge mode
  2. Example setting a Vigor 130 in bridge mode
  3. How Draytek accesses a modem on via WAN interface
  4. How Draytek made bridge mode more annoying
  5. How pfSense accesses a modem from inside a firewall.
So I think you have:

Mikrotik in a modem/router mode.
Draytek in router mode.
Your Draytek has a private address in the same subnet as the Mikrotik.

You want (eventually):

Mikrotik in bridge (modem) mode.
Draytek in router mode
Draytek in a different subnet to the Mikrotik just so it proves it's all working.
Mikrotik visible via WAN2 on it's normal private address.

As an intermediate mode: what happens if you set the Draytek DNS to the Mikrotik IP and the DNS of a device using WAN2 to the Draytrek IP - do DNS queries get forwarded and answered from that device?
 

adamdavi3s

Well-known Member
Urgh I am going in circles with this!
I found a post on the Mikrotik forum which should allow me to set the SXT as a passthrough device, BUT because EE ( I assume) uses IPV6 I am unable to configure the passthrough on the APN as it throws up a passthrough can not be used with ipv6 error


Someone else suggested changing the Mac address on the Mikrotik to the Mac address of the WAN2 port but that all went Pete tong however I was thankfully able to find the router in winbox still.

I don't have any PPPoE config for the Mikrotik, its just the fixed IP settings.

I did try adding the Mikrotik IP in that screen as the primary DNS and the system still works, but not if I remove the manually configured DNS from one of my devices.
 

brunation

Well-known Member
Saw your post on ispreview.

pppoe is on the Draytek.

but not if I remove the manually configured DNS from one of my devices.
Assume the Mikrotik is still assigning IP addresses at that point but if the device has the Draytek IP for DNS I expect it to forward it through the chain: Device -> Draytek -> Mikrotik. That was just an aside so that when Mikrotik is in bridge (passthrough as you've discovered elsewhere) nothing else had to change.

IPv6 works with Mikrotik SXT6 in router mode and fails in passthrough mode.

Change APN protocol to IPv4 ?

Edit:

routeros apn config: see ip-type ?
 

adamdavi3s

Well-known Member
Saw your post on ispreview.

pppoe is on the Draytek.



Assume the Mikrotik is still assigning IP addresses at that point but if the device has the Draytek IP for DNS I expect it to forward it through the chain: Device -> Draytek -> Mikrotik. That was just an aside so that when Mikrotik is in bridge (passthrough as you've discovered elsewhere) nothing else had to change.

IPv6 works with Mikrotik SXT6 in router mode and fails in passthrough mode.

Change APN protocol to IPv4 ?

Edit:

routeros apn config: see ip-type ?
Urgh I didn’t even think about googling switching EE to ipv4 only... it’s been “a week” trying to do little bits on between sorting the house and work is not the way to try and deal with this

thank you very much, I will have a further play this evening once the critical time for chuggington and paw patrol has passed!
 

adamdavi3s

Well-known Member
Saw your post on ispreview.

pppoe is on the Draytek.



Assume the Mikrotik is still assigning IP addresses at that point but if the device has the Draytek IP for DNS I expect it to forward it through the chain: Device -> Draytek -> Mikrotik. That was just an aside so that when Mikrotik is in bridge (passthrough as you've discovered elsewhere) nothing else had to change.

IPv6 works with Mikrotik SXT6 in router mode and fails in passthrough mode.

Change APN protocol to IPv4 ?

Edit:

routeros apn config: see ip-type ?
What PPPoe is required on the Draytek though?
The LTE APN is on the Mikrotik so surely the Draytek just needs the Mikrotik IP?

I just tried the passthrough setup to ether2 by switching IPv6 off on the APN (it was set to IPv4 but there is a second setting) but now I don't seem to be able to connect to the Mikrotik on either of its ethernet interfaces so I will have to venture back in the loft to reset it again 🤦‍♂️
 

brunation

Well-known Member
The LTE APN is on the Mikrotik so surely the Draytek just needs the Mikrotik IP?
The Mikrotik is in bridge/passthrough so the public IP address is now on WAN2 of the Draytek.
The Draytek is negotiating through the Mikrotik to your (mobile) ISP to get the connection details: public IP etc.

The private IP address of the Mikrotik is not need to make the connection. It is needed if you want to access it on the WAN2 hence all the other links I posted. You'll want remote access to save going into the loft - getting access to a private address that's connected to your WAN2 interface is the issue you'll face.

Bridge mode first though .....
 
Last edited:

Ross Martin

Standard Member
Could you not have everything go to the Draytek so it is used as the default gateway for everything, then use policy based routing for specific IP objects/IP groups to put the virtual servers down WAN 2 which would be your EE connection?

It is what i do here. Works with VLANS and different IP subnets as well to keep things tidy.
 

adamdavi3s

Well-known Member
Could you not have everything go to the Draytek so it is used as the default gateway for everything, then use policy based routing for specific IP objects/IP groups to put the virtual servers down WAN 2 which would be your EE connection?

It is what i do here. Works with VLANS and different IP subnets as well to keep things tidy.
This is exactly what I am doing, save for having to manually add the Mikrotik IP as a DNS address. All the routing works fine
 

adamdavi3s

Well-known Member
The Mikrotik is in bridge/passthrough so the public IP address is now on WAN2 of the Draytek.
The Draytek is negotiating through the Mikrotik to your (mobile) ISP to get the connection details: public IP etc.

The private IP address of the Mikrotik is not need to make the connection. It is needed if you want to access it on the WAN2 hence all the other links I posted. You'll want remote access to save going into the loft - getting access to a private address that's connected to your WAN2 interface is the issue you'll face.

Bridge mode first though .....
Ok I think my DrayTek setup is fine, it matches the link above for my setup:

1600097809584.png


I am pretty sure the issue here lies within the configuration of the Mikrotik and it just not wanting to share its connection correctly when I am trying to bridge it.

I'll keep fiddling!
 

brunation

Well-known Member
I'll keep fiddling!
*sniff* *sniff* I'm sure somethings burning ......
oh look its Rome!

In bridge mode the Draytek is the gateway. It should obtain it's external/WAN IP via the bridge ........ the IP pass(es)through but in this metaphor it passesover the bridge and arrives at the Draytek.
 

adamdavi3s

Well-known Member
*sniff* *sniff* I'm sure somethings burning ......
oh look its Rome!

In bridge mode the Draytek is the gateway. It should obtain it's external/WAN IP via the bridge ........ the IP pass(es)through but in this metaphor it passesover the bridge and arrives at the Draytek.
Yep and I believe it’s the Mikrotik not behaving correctly, I need to confirm but I am sure earlier I noticed that when I switched off IPv6, it failed to grab the public IP. Which means the setup probably was working but the Mikrotik is misbehaving but we will see
 

adamdavi3s

Well-known Member
*sniff* *sniff* I'm sure somethings burning ......
oh look its Rome!

In bridge mode the Draytek is the gateway. It should obtain it's external/WAN IP via the bridge ........ the IP pass(es)through but in this metaphor it passesover the bridge and arrives at the Draytek.
All sorted, seems like the Mikrotik wanted things done in a very certain order to make it work but I am all up and running now after a slight detour to use googles DNS server so the DHCP didn't mix up the plus net and EE ones when it failed over

Thank you sir.
 

brunation

Well-known Member
Excellent. Now you just need to access the Mikrotik remotely to save going in the loft.
 

The latest video from AVForums

Panasonic HZ2000 OLED TV Review: The best OLED for movie viewing in 2020

Latest News

McIntosh launches MX100 AV processor and MI347 power amp
  • By Andy Bassett
  • Published
Samsung updates and expands access to Samsung TV Plus
  • By Andy Bassett
  • Published
Disney+ UK introduces GroupWatch co-viewing feature
  • By Andy Bassett
  • Published
What's new on Netflix UK for November 2020
  • By Andy Bassett
  • Published
Harman Kardon launches Citation Amp
  • By Andy Bassett
  • Published
Top Bottom