Splynx not working with Mikrotik routers? A long and sorry tale of misconfiguration

Sorry - this is a long one, but I think it might be worth us all being aware of an ‘interesting’ issue which has taken us months to fix.

We run 25 VDSL lines - each with a Mikrotik router and a Draytek Vigor V130 ADSL modem. So far, so very boring. And on each (Zen) line we have a /29 address range - so we have five usable IP addresses - one of which (usually the top one) is the router. Again. So far, so boring.

On each Mikrotik we have two NAT rules (dstnat and srcnat) basically pushing individual customers onto fixed IP addresses.

And we have a static IP on the router, for each of these fixed IP addresses.

In the IP address field, we might have addresses like:

address_________________network______(in this case, the default gateway) for customer #98) for customer #99), set by PPPoE client)

The 123… addresses are our ‘public’ IP addresses, and the 62.x.x.x address is our providers (Zen in this case) default gateway for these addresses. Again, so far so very boring.

We would have an IP routing entry of

target_______gateway___preferred source (our router public IP address)

However, over time, the VDSL line logs in again, and might pick up a new default gateway., set by PPPoE client)

This then creates TWO IP routes (with the same ‘distance’):

target_________gateway______preferred source Lowest ‘fixed’ ip address)
(our router public IP address)

Ta-da! Our radius client would then try to talk to splynx using source address (instead of .128) - and our course Splynx would correctly say ‘Hey, you’re not who I expected - get lost!’. As we’d want it to.

Turned out that we do NOT need to define the fixed IP addresses on our routers for each of our fixed IP address customers. Meaning that we do NOT get two IP routes, and then Splynx works like a dream (as it usually does), because our Mikrotik routers are using the correct source address.

This is the sort of ‘discovered check’ problem that will give you sleepless nights - it certainly gave us some.

The Radius client configuration in the Mikrotik router can specify the ‘source’ address too - and this was being ignored.

We saw this error from firmware versions 6.35.x right through 6.40.5.

And all because we used on-line mikrotik forums to construct and build a core part of our network design. D’OH.

Hope this helps someone else,

—* Bill

Hi Bill, thank you for sharing that experience. So, the Source IP on Mikrotik Radius settings works, but sometimes it’s ignored, this is quite strange. There are no any mangle rules or similar ?

Have you posted a topic on mikrotik forum ? What Mikrotik guys are saying ?

Ha. Mikrotik support. No response whatsoever.

—* Bill

Why do you specify the static IP addresses for the clients on the mikrotik router. Consider setting them in splynx.
For pppoe always make sure the called-id for the radius definition in ROS is set to the service name of the pppoe-server.
Finally consider using proxy-arp on the wan interface of the pppoe-server