Marc's Blog

Things from me about me …

Using a RouterOS to connect to POST LuxFibre

| 14 Comments

I have used a Routerboard running Mikrotik’s RouterOS to connect to a POST LuxFibre FTTH access for some time. I have been asked in the past to aid with similar setups, so here comes my configuration for the RouterOS CLI.

Note: This setup does NOT (yet) provide access to the Voice service delivered by POST.

In this example I’m using “ether1” to connect to the GPON NTU. (I haven’t yet tested the RouterBoard GPON SFP module, so no need to ask about it 🙂 )

/interface ethernet
set [ find default-name=ether1 ] comment=LuxFibre

We also need to configure VLAN 35 on this interface.

/interface vlan
add interface=ether1 name=luxfibre35 vlan-id=35

Finally we also need to configure a PPP profile and a PPPoE client to connect to the Internet. Please replace USERNAME and PASSWORD by your PPPoE username and password.

/ppp profile
add change-tcp-mss=yes name=pppoe-luxfibre use-mpls=no
/interface pppoe-client
add add-default-route=yes comment=LuxFibre default-route-distance=1 \
 disabled=no interface=luxfibre35 max-mru=1492 max-mtu=1492 \
 name=pppoe-luxfibre password=PASSWORD profile=pppoe-luxfibre \
 use-peer-dns=yes user=USERNAME

 Do not forget IPv6. 😉

/ipv6 dhcp-client
add add-default-route=yes interface=pppoe-luxfibre \
 pool-name=luxfibre-pool pool-prefix-length=48 request=prefix

This covers the external connectivity, in a later post I will cover the configuration for your internal configuration and very basic network security.

14 Comments

  1. Hallo Marc,
    ist ipv6 zwingend notwendig oder reicht auch ipv4?

    viele grüße
    Bernd

    • Die Frage ist nicht mehr so einfach zu beantworten. Zwingend notwendig um irgendeinen Teil vom Internet zu erreichen ist IPv6 nicht, aber um das ganze Internet zu erreichen reicht IPv4 ohne IPv6 nicht mehr aus.

  2. Hallo Marc,
    PPPOE Einwahl über VLAN 35 funktioniert.., nur wie bekomme ich das VLAN39 für Sprache in mein LAN…
    viele grüße
    Bernd.

    • Wie bereits berichtet habe ich derzeit für den POST Telefonie Service via VLAN39 keine Lösung parat.

  3. Et gedd d’Meiglechkeet, mono Vlan (mengen heecht sou) unzefroen, sou leeft alles, Inet wei och Tel (TV wes ech net) iwer den Vlan35. Domat geet och Asterisk iwer den MT.

    • Bis elo hun ech déi Méiglechkeet nëmmen an de Wholesale Angeboter vun POST Technologies fonnt, net awer bei POST Telecom oder soss engem alternativen Opérateur. Ech géing mech iwwer weider Détailer (z.Bsp. waat fir een Opérateur, bei waat fir enger Offer, asw) fréen.

  4. Hi Marc,

    Is routerOS using a specific dhcpv6 client ?
    Is cloning the Fritzbox MAC mandatory ?
    I’m currently using a ubiquity Edge Router Lite and while ipv4 via PPPoE on vlan is currently working fine, i cannot get any ipv6 via dhcpv6c nor DHCPv6-PD.
    Also, it seems Orange France’s Fiber is using vendors specific DHCPv6c options (https://lafibre.info/remplacer-livebox/remplacer-la-livebox-sans-pppoe/) for client identification during IP retrieval. Do you know if POST is using this kind of method ?

    Anyway, thank you very much for your post !

  5. Hi Marc,

    As described in one your previous post, i’ve putted our Fritzbox behind our router to activate Post’s VoIP service. As many, I tried to eliminate the Fritzbox from our network including for VoIP, and haven’t not found any solution not involving the Fritzbox yet. But I’ve found some infos in the Fritzbox settings file (exported via the Fritzbox setting backup). The good news is that the Fritzbox do not require VLAN39 anymore, the bad news is that a generic SIP client like Ekiga doesn’t connect…

    Here is the config part regarding Post’s VoIP service :

    voipcfg {
    dnsport = 7077;
    rtpport_start = 7078;
    sip_srcport = 5060;
    ua1 {
    enabled = yes;
    username = “$$$$username_in_hex_length_80”;
    authname = “$$$$authname_in_hex_length_104”;
    passwd = “$$$$password_in_hex_length_80”;
    registrar = “voip.dt.ept.lu”;
    ttl = 30m;
    sipping_enabled = yes;
    sipping_interval = 280s;
    name = “telephone_number”;
    providername = “”;
    ims_client = no;
    with_displayname = no;
    read_from_displayname = yes;
    dtmfcfg = dtmfcfg_automatic;
    rtpevent_keep_packetrate = no;
    register_failwait = 0w;
    register_failwaitmax = 30m;
    stunserver = “”;
    stunserverport = 3478;
    use_internat_calling_numb = no;
    is_nat_aware = no;
    localip = 0.0.0.0;
    protocolprefer = protocolprefer_ipv4only;
    ignore_received_header = no;
    always_clir = no;
    clirtype = clir_displayname;
    colptype = colp_none;
    clipnstype = clipns_off;
    vad_enabled = no;
    only_one_dialog = no;
    presence_supported = no;
    mwi_supported = no;
    mwi_inmemoria = no;
    ccbs_supported = no;
    reg_support = regsupport_auto;
    packetization = packetization_fixed;
    tx_packetsize_in_ms = 20;
    xrtp_periodic = 0;
    reject_refer = yes;
    sip_instance = no;
    no_register_fetch = yes;
    do_not_register = no;
    only_call_from_registrar = no;
    invite_without_register_allowed = no;
    outboundproxy = “voip.dt.ept.lu”;
    outboundproxy_without_route_header = no;
    factory_3pty_uri = “”;
    no_hold_speech = no;
    dditype = ddi_none;
    ddireception = “”;
    webui_trunk_id = “”;
    alias_head_number = “”;
    cfxsignaling = cfx_standard;
    backup_wanted = no;
    use_session_timer = no;
    use_rport = yes;
    add_rtpmap_for_all_codecs = no;
    answer_only_one_codec = no;
    without_annexb_no = no;
    srtp_supported = no;
    crypto_avp_mode = crypto_mode_avp_only;
    use_488_for_no_t38 = no;
    g726_via_rfc3551 = no;
    no_g726_32_offer_with_pt2 = no;
    g726_fixed_ptime30 = no;
    dtmf_inband_on_g711g722 = no;
    enable_3xx = yes;
    t38_reinvite_from_remote = no;
    use_t38version0 = no;
    rtcp_xr_media_attribute = no;
    ptime_a_attribute = yes;
    tones_and_announcements_for_service = no;
    read_p_asserted_identity_header = no;
    route_always_over_internet = no;
    sipiface = sipiface_automatic;
    altc_attribute_rfc6947 = no;
    send_extended_sip_client_info = no;
    gui_readonly = yes;
    convertstate = 0;
    snmp_instance = 0;
    }
    register_sequence_timer = 0;
    use_audiocodecs = no;
    audiocodecs = “PCMA”, “PCMU”, “G726-32”, “G726-40”, “G726-24”;
    verbose = no;
    capi_blocksize_in_ms = 30;
    sip_prio = 16;
    rtp_prio = 46;
    rtcp_prio = 0;
    dyn_codecs = yes;
    prio_low_codec = no;
    send_ringtone = no;
    t38_support_enabled = no;
    t38_ignore_provider_profil = no;
    reduce_data_rate = yes;
    enum_support_enabled = no;
    bandwidth_to_leave_KBits = 0;
    dialoglimit = 0;
    enumdomains = “e164.arpa”, “e164.org”, “openenum.eu”;
    rtpstream {
    voice_activity_detection {
    vad_enabled = vadenabled_no;
    vad_threshold = 10000;
    }
    plc {
    in_the_stack = yes;
    }
    jitter {
    auto_on = yes;
    in_ms = 50;
    in_packets = 0;
    }
    rtcp_enabled = yes;
    silence_detection = no;
    }
    voip_assi_enabled = no;
    voip_over_mobile = no;
    gui_readonly = no;
    voipcfg_version = 0;
    }

  6. Maybe not everything is correct (i’m new to asterisk), but try the following (works here):


    [pt]
    host = voip.dt.ept.lu
    defaultuser = PHONENUMBER
    secret = voipxxxxxxxxxx (x=customer number!!)
    trunkname = voip.dt.ept.lu
    qualify=yes
    context=ept_in
    hasexten=no
    hasiax=no
    ;nat=yes
    type=peer
    hassip=yes
    registeriax=no
    registersip = yes
    trunkstyle = voip
    outboundproxy = voip.dt.ept.lu
    fromdomain=voip.dt.ept.lu
    authuser = PHONE_NUMBER@voip.dt.ept.lu
    insecure=invite,port
    qualify=yes
    disallow = all
    allow = ulaw,alaw
    canreinvite=no
    call-limit=1

  7. Salut Marc,
    wollt dech léif ëm hëllef froen.
    Also ech hu doheem een Asus Router AC-5300 an sinn bei der POST mat LuxFibre L (no ipTV) abonnéiert. Ech hu mech gëschter emol fir d’aller éischt kéier, direkt un den Luxfiber connectéiert krit ouni di blöd fritzbox ze benotzen. Dat war nëmmen méiglech well ech däin Blog fonnt hunn! Dowéinst well ech der elo mol scho direkt een groussen Merci soen!
    Ech sinn awer net ganz zefridden mat den Astellungen an hei kënnt elo meng fro, wäers du eventuell interesséiert eng kéier per Skype oder Teamviewer, dir déi ganz Configuratioun eng kéier unzekucken eventuell mir dobäi hëllefen dat ganz besser ze maachen? Ech kéint dir och Suen dofir ubidden.

    Op alle Fall soen ech dir een groussen Merci!

    • Scheck mir per private Message deng Telefonsnummer a wéini dass et dir am beschte geet. Ech kennen de Router zwar net, mee et kann een jo emmer mol driwwer kucken.

  8. to my previous post, i forgot the following:
    Attention: customer has 10 digits!

    [general]
    nat=force_rport,comedia
    externhost = your dyndns, or public static ip
    externrefresh=600
    localnet=192.168.1.0/255.255.255.0
    canreinvite=no
    qualify=no
    bindaddr=0.0.0.0
    udpbindaddr=0.0.0.0
    rtpstart=10000
    rtpend=15000
    allowtransfers=no
    allowexternalinvites=no
    context=ept_in ; Default context for incoming calls. Defaults to ‘default’
    allowguest=no ; Allow or reject guest calls (default is yes)
    allowoverlap=no ; Disable overlap dialing support. (Default is yes)
    udpbindaddr=0.0.0.0 ; IP address to bind UDP listen socket to (0.0.0.0 binds to all)
    tcpenable=no ; Enable server for incoming TCP connections (default is no)
    tcpbindaddr=0.0.0.0 ; IP address for TCP server to bind to (0.0.0.0 binds to all interfaces)
    transport=udp ; Set the default transports. The order determines the primary default transport.
    srvlookup=yes ; Enable DNS SRV lookups on outbound calls
    buggymwi=yes ; Cisco SIP firmware doesn’t support the MWI RFC
    videosupport=no ; Turn on support for SIP video. You need to turn this
    textsupport=no ; Support for ITU-T T.140 realtime text.
    alwaysauthreject = yes ; When an incoming INVITE or REGISTER is to be rejected,
    allowsubscribe=no ; Disable support for subscriptions. (Default is yes)
    nat=force_rport,comedia
    register => PHONENUMBER:voipCUSTOMERNUMBER:”PHONENUMBER@voip.dt.ept.lu”@voip.dt.ept.lu/PHONENUMBER

    changed to pt contect:

    [pt]
    qualify=no
    authuser=PHONENUMBER
    allow = ulaw,alaw,g729

    in+outgoing call works fine (tested!)
    fax outgoing ok, incoming not testetd!

Leave a Reply

%d bloggers like this: