Handoff public IP to customer's devices

Hopefully I explain this without confusing the living daylights out of people and it is of use to someone.

Currently we have MikroTik routers that NAT the LGW assigned address to a public as described in JNovak’s post found here: LGW router mode. This works fine for most of the customers but several require multiple IPs on different devices and refuse to accept a “192.168.xxx.xxx” address as their public facing IP. To hand off a “chunk” of public IPs, I use an L2TP tunnel to assign a single address from inside our network and then statically route the subnet of public IPs to that address. On the client side I have a MikroTik router that has the first IP of the public subnet on the customer facing interface. The outside interface is set to 192.168.254.2/24 which is set as the DMZ on the Atom R9 UE.


Edge MikroTik:

/interface l2tp-server server
set authentication=chap,mschap2 enabled=yes
/ip route
add comment=LTEpublicFIX distance=1 dst-address=1.2.3.88/29 gateway=
1.2.4.65
/ppp secret
add name=CUSTOMER password=PASSWORD remote-address=1.2.4.65

CLIENT Mikrotik:

/interface l2tp-client
add add-default-route=yes connect-to=111.222.333.1 disabled=no name=l2tp-out1
password=PASSWORD user=CUSTOMER
/ip address
add address=1.2.3.89/29 interface=ether2 network=1.2.3.88
add address=192.168.254.2/24 interface=ether1 network=192.168.254.0
/ip route
add distance=1 gateway=192.168.254.1

2 Likes

MacGyver,

I enjoyed the write up and it was very informative, thanks! I will keep
this in mind if I ever need to use it.

Thanks,

Joe

1 Like