Handoff public IP to customer's devices

Hopefully I explain this without confusing the living daylights out of people and it is of use to someone.

Currently we have MikroTik routers that NAT the LGW assigned address to a public as described in JNovak’s post found here: LGW router mode. This works fine for most of the customers but several require multiple IPs on different devices and refuse to accept a “192.168.xxx.xxx” address as their public facing IP. To hand off a “chunk” of public IPs, I use an L2TP tunnel to assign a single address from inside our network and then statically route the subnet of public IPs to that address. On the client side I have a MikroTik router that has the first IP of the public subnet on the customer facing interface. The outside interface is set to which is set as the DMZ on the Atom R9 UE.

Edge MikroTik:

/interface l2tp-server server
set authentication=chap,mschap2 enabled=yes
/ip route
add comment=LTEpublicFIX distance=1 dst-address= gateway=
/ppp secret
add name=CUSTOMER password=PASSWORD remote-address=

CLIENT Mikrotik:

/interface l2tp-client
add add-default-route=yes connect-to=111.222.333.1 disabled=no name=l2tp-out1
/ip address
add address= interface=ether2 network=
add address= interface=ether1 network=
/ip route
add distance=1 gateway=



I enjoyed the write up and it was very informative, thanks! I will keep
this in mind if I ever need to use it.



1 Like