So after testing everything: VODAFONE VOIP TRUNK WORKS FLAWLESSLY! YEEEEEEES!
One small problem though:
So like I said before I have some other voip trunks which work with regular internet connection (vlan=835).
So right now, my udm is my router/firewall and makes the regular pppoe connection (vlan=835) and it is connected to a dump switch with the ont and the mikrotik (rb4011 #1) which has the voip pppoe (vlan=838)
I got the 4 static IPs. The provided me with a subnet that looks like this: 195.97.xxx.xx2/30. They told that in order to make it work I have to add to my udm (which I did) and make a pppoe connection from whatever device I want to use the new static IPs. As far as I understand: 195.97.xxx.xx2/30 is the router's (udm) the usable ones are 195.97.xxx.xx3/30 & 195.97.xxx.xx4/30 and the 195.97.xxx.xx5/30 is broadcast IP probably (?). I may be wrong though. They provided me with new pppoe credentials for these 4 static IPs. For the sake of simplicity let's assume that they are guest@onenetdata.gr with password: 1234.
My config looks as follows:So my question is: how to be able to exit from the mikrotik with both pppoe voip and pppoe regular traffic? The regular traffic should get IPs from the new static IPs. (195.97.xxx.xxx/30)
Another question is if possible how to be able to visit the mikrotik from a device from the local subnet of the udm which is on 192.168.88.0/24. Does it need nat rules?
The reason I am asking this, is that way I could have regular traffic for the voip trunks that require the regular internet connection and the vlan=838 for the vodafone voip trunk. So all of trunks can register normal the responding sip servers.
Sorry for putting you into so much trouble!
If anyone could help, I would really appreciate it.
P.S.: Here is a screenshot from the udm of how I have configured the extra static IPs
P.S.2: I tried to follow this tutorial to configure the mikrotik with the new static IPs: https://www.youtube.com/watch?v=TPQ0Mv69M_w
One small problem though:
So like I said before I have some other voip trunks which work with regular internet connection (vlan=835).
So right now, my udm is my router/firewall and makes the regular pppoe connection (vlan=835) and it is connected to a dump switch with the ont and the mikrotik (rb4011 #1) which has the voip pppoe (vlan=838)
I got the 4 static IPs. The provided me with a subnet that looks like this: 195.97.xxx.xx2/30. They told that in order to make it work I have to add to my udm (which I did) and make a pppoe connection from whatever device I want to use the new static IPs. As far as I understand: 195.97.xxx.xx2/30 is the router's (udm) the usable ones are 195.97.xxx.xx3/30 & 195.97.xxx.xx4/30 and the 195.97.xxx.xx5/30 is broadcast IP probably (?). I may be wrong though. They provided me with new pppoe credentials for these 4 static IPs. For the sake of simplicity let's assume that they are guest@onenetdata.gr with password: 1234.
My config looks as follows:
Code:
# 2024-03-03 11:14:20 by RouterOS 7.14# software id = SVGI-A8GB## model = removed# serial number = removed/interface bridgeadd admin-mac=removed auto-mac=no comment=defconf name=bridge \ port-cost-mode=short/interface vlanadd interface=ether1 name=VODAFONE_INTERNET_VLAN vlan-id=835add interface=ether1 name=VODAFONE_VOIP_VLAN vlan-id=838/interface pppoe-clientadd add-default-route=yes default-route-distance=5 disabled=no interface=\ VODAFONE_INTERNET_VLAN name=VODAFONE_INTERNET_PPPOE use-peer-dns=yes \ user=guest@onenetdata.gradd disabled=no interface=VODAFONE_VOIP_VLAN name=VODAFONE_VOIP_PPPOE \ use-peer-dns=yes user=guest@onenetvoice.gr/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface lte apnset [ find default=yes ] ip-type=ipv4 use-network-apn=no/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip pooladd name=default-dhcp ranges=192.168.88.10-192.168.88.254/ip dhcp-serveradd address-pool=default-dhcp interface=bridge lease-time=10m name=defconf/portset 0 name=serial0/interface bridge portadd bridge=bridge comment=defconf ingress-filtering=no interface=ether2 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether3 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether4 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether5 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=sfp1 \ internal-path-cost=10 path-cost=10/ip firewall connection trackingset udp-timeout=10s/ip neighbor discovery-settingsset discover-interface-list=LAN/ipv6 settingsset max-neighbor-entries=8192/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WANadd interface=VODAFONE_VOIP_VLAN list=WANadd interface=VODAFONE_VOIP_PPPOE list=WANadd interface=VODAFONE_INTERNET_VLAN list=WANadd interface=VODAFONE_INTERNET_PPPOE list=WAN/interface ovpn-server serverset auth=sha1,md5/ip addressadd address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0add address=195.97.xxx.xx3/30 interface=VODAFONE_INTERNET_PPPOE network=\ 195.97.xxx.xx2/ip dhcp-clientadd comment=defconf disabled=yes interface=ether1/ip dhcp-server networkadd address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\ 192.168.88.1/ip dnsset allow-remote-requests=yes servers=removed/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan/ip firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall mangleadd action=set-priority chain=forward new-priority=5 out-interface=\ VODAFONE_VOIP_PPPOEadd action=set-priority chain=forward new-priority=5 out-interface=\ VODAFONE_VOIP_PPPOE/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN/ip routeadd disabled=no dst-address=62.38.86.32/28 gateway=VODAFONE_VOIP_PPPOEadd disabled=no dst-address=62.38.86.48/28 gateway=VODAFONE_VOIP_PPPOEadd disabled=no dst-address=62.38.86.144/28 gateway=VODAFONE_VOIP_PPPOEadd disabled=no dst-address=62.38.86.112/28 gateway=VODAFONE_VOIP_PPPOEadd disabled=no distance=1 dst-address=0.0.0.0/0 gateway=195.97.xxx.xx2 \ pref-src="" routing-table=main scope=30 suppress-hw-offload=no \ target-scope=10/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" port=\ 33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN/routing bfd configurationadd disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5/system loggingadd topics=pppoe/system noteset show-at-login=no/system ntp clientset mode=broadcast/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LANAnother question is if possible how to be able to visit the mikrotik from a device from the local subnet of the udm which is on 192.168.88.0/24. Does it need nat rules?
The reason I am asking this, is that way I could have regular traffic for the voip trunks that require the regular internet connection and the vlan=838 for the vodafone voip trunk. So all of trunks can register normal the responding sip servers.
Sorry for putting you into so much trouble!
If anyone could help, I would really appreciate it.
P.S.: Here is a screenshot from the udm of how I have configured the extra static IPs
P.S.2: I tried to follow this tutorial to configure the mikrotik with the new static IPs: https://www.youtube.com/watch?v=TPQ0Mv69M_w
Statistics: Posted by und3rd06012 — Sun Mar 03, 2024 1:52 pm