I have used a Routerboard running Mikrotik’s RouterOS to connect to a POST LuxFibre FTTH access for some time. I have been asked in the past to aid with similar setups, so here comes my configuration for the RouterOS CLI.
Note: This setup does NOT (yet) provide access to the Voice service delivered by POST.
In this example I’m using “ether1” to connect to the GPON NTU. (I haven’t yet tested the RouterBoard GPON SFP module, so no need to ask about it 🙂 )
/interface ethernet set [ find default-name=ether1 ] comment=LuxFibre
We also need to configure VLAN 35 on this interface.
/interface vlan add interface=ether1 name=luxfibre35 vlan-id=35
Finally we also need to configure a PPP profile and a PPPoE client to connect to the Internet. Please replace USERNAME and PASSWORD by your PPPoE username and password.
/ppp profile add change-tcp-mss=yes name=pppoe-luxfibre use-mpls=no
/interface pppoe-client add add-default-route=yes comment=LuxFibre default-route-distance=1 \ disabled=no interface=luxfibre35 max-mru=1492 max-mtu=1492 \ name=pppoe-luxfibre password=PASSWORD profile=pppoe-luxfibre \ use-peer-dns=yes user=USERNAME
Do not forget IPv6. 😉
/ipv6 dhcp-client add add-default-route=yes interface=pppoe-luxfibre \ pool-name=luxfibre-pool pool-prefix-length=48 request=prefix
This covers the external connectivity, in a later post I will cover the configuration for your internal configuration and very basic network security.
2016/03/04 at 17:05
Hallo Marc,
ist ipv6 zwingend notwendig oder reicht auch ipv4?
viele grüße
Bernd
2016/03/04 at 17:16
Die Frage ist nicht mehr so einfach zu beantworten. Zwingend notwendig um irgendeinen Teil vom Internet zu erreichen ist IPv6 nicht, aber um das ganze Internet zu erreichen reicht IPv4 ohne IPv6 nicht mehr aus.
2016/03/08 at 14:45
Hallo Marc,
PPPOE Einwahl über VLAN 35 funktioniert.., nur wie bekomme ich das VLAN39 für Sprache in mein LAN…
viele grüße
Bernd.
2016/03/08 at 15:05
Wie bereits berichtet habe ich derzeit für den POST Telefonie Service via VLAN39 keine Lösung parat.
2016/05/06 at 13:58
Et gedd d’Meiglechkeet, mono Vlan (mengen heecht sou) unzefroen, sou leeft alles, Inet wei och Tel (TV wes ech net) iwer den Vlan35. Domat geet och Asterisk iwer den MT.
2016/05/06 at 16:17
Bis elo hun ech déi Méiglechkeet nëmmen an de Wholesale Angeboter vun POST Technologies fonnt, net awer bei POST Telecom oder soss engem alternativen Opérateur. Ech géing mech iwwer weider Détailer (z.Bsp. waat fir een Opérateur, bei waat fir enger Offer, asw) fréen.
2016/05/06 at 16:29
@Marc: kann een Dech per PM uschreiwen ?
Meng mail hues Du jo hei am reply.
2016/05/30 at 11:57
Jo.
2016/08/27 at 21:22
Hi Marc,
Is routerOS using a specific dhcpv6 client ?
Is cloning the Fritzbox MAC mandatory ?
I’m currently using a ubiquity Edge Router Lite and while ipv4 via PPPoE on vlan is currently working fine, i cannot get any ipv6 via dhcpv6c nor DHCPv6-PD.
Also, it seems Orange France’s Fiber is using vendors specific DHCPv6c options (https://lafibre.info/remplacer-livebox/remplacer-la-livebox-sans-pppoe/) for client identification during IP retrieval. Do you know if POST is using this kind of method ?
Anyway, thank you very much for your post !
2016/11/14 at 16:48
Hi Marc,
As described in one your previous post, i’ve putted our Fritzbox behind our router to activate Post’s VoIP service. As many, I tried to eliminate the Fritzbox from our network including for VoIP, and haven’t not found any solution not involving the Fritzbox yet. But I’ve found some infos in the Fritzbox settings file (exported via the Fritzbox setting backup). The good news is that the Fritzbox do not require VLAN39 anymore, the bad news is that a generic SIP client like Ekiga doesn’t connect…
Here is the config part regarding Post’s VoIP service :
voipcfg {
dnsport = 7077;
rtpport_start = 7078;
sip_srcport = 5060;
ua1 {
enabled = yes;
username = “$$$$username_in_hex_length_80”;
authname = “$$$$authname_in_hex_length_104”;
passwd = “$$$$password_in_hex_length_80”;
registrar = “voip.dt.ept.lu”;
ttl = 30m;
sipping_enabled = yes;
sipping_interval = 280s;
name = “telephone_number”;
providername = “”;
ims_client = no;
with_displayname = no;
read_from_displayname = yes;
dtmfcfg = dtmfcfg_automatic;
rtpevent_keep_packetrate = no;
register_failwait = 0w;
register_failwaitmax = 30m;
stunserver = “”;
stunserverport = 3478;
use_internat_calling_numb = no;
is_nat_aware = no;
localip = 0.0.0.0;
protocolprefer = protocolprefer_ipv4only;
ignore_received_header = no;
always_clir = no;
clirtype = clir_displayname;
colptype = colp_none;
clipnstype = clipns_off;
vad_enabled = no;
only_one_dialog = no;
presence_supported = no;
mwi_supported = no;
mwi_inmemoria = no;
ccbs_supported = no;
reg_support = regsupport_auto;
packetization = packetization_fixed;
tx_packetsize_in_ms = 20;
xrtp_periodic = 0;
reject_refer = yes;
sip_instance = no;
no_register_fetch = yes;
do_not_register = no;
only_call_from_registrar = no;
invite_without_register_allowed = no;
outboundproxy = “voip.dt.ept.lu”;
outboundproxy_without_route_header = no;
factory_3pty_uri = “”;
no_hold_speech = no;
dditype = ddi_none;
ddireception = “”;
webui_trunk_id = “”;
alias_head_number = “”;
cfxsignaling = cfx_standard;
backup_wanted = no;
use_session_timer = no;
use_rport = yes;
add_rtpmap_for_all_codecs = no;
answer_only_one_codec = no;
without_annexb_no = no;
srtp_supported = no;
crypto_avp_mode = crypto_mode_avp_only;
use_488_for_no_t38 = no;
g726_via_rfc3551 = no;
no_g726_32_offer_with_pt2 = no;
g726_fixed_ptime30 = no;
dtmf_inband_on_g711g722 = no;
enable_3xx = yes;
t38_reinvite_from_remote = no;
use_t38version0 = no;
rtcp_xr_media_attribute = no;
ptime_a_attribute = yes;
tones_and_announcements_for_service = no;
read_p_asserted_identity_header = no;
route_always_over_internet = no;
sipiface = sipiface_automatic;
altc_attribute_rfc6947 = no;
send_extended_sip_client_info = no;
gui_readonly = yes;
convertstate = 0;
snmp_instance = 0;
}
register_sequence_timer = 0;
use_audiocodecs = no;
audiocodecs = “PCMA”, “PCMU”, “G726-32”, “G726-40”, “G726-24”;
verbose = no;
capi_blocksize_in_ms = 30;
sip_prio = 16;
rtp_prio = 46;
rtcp_prio = 0;
dyn_codecs = yes;
prio_low_codec = no;
send_ringtone = no;
t38_support_enabled = no;
t38_ignore_provider_profil = no;
reduce_data_rate = yes;
enum_support_enabled = no;
bandwidth_to_leave_KBits = 0;
dialoglimit = 0;
enumdomains = “e164.arpa”, “e164.org”, “openenum.eu”;
rtpstream {
voice_activity_detection {
vad_enabled = vadenabled_no;
vad_threshold = 10000;
}
plc {
in_the_stack = yes;
}
jitter {
auto_on = yes;
in_ms = 50;
in_packets = 0;
}
rtcp_enabled = yes;
silence_detection = no;
}
voip_assi_enabled = no;
voip_over_mobile = no;
gui_readonly = no;
voipcfg_version = 0;
}
2016/11/23 at 22:56
Maybe not everything is correct (i’m new to asterisk), but try the following (works here):
[pt]
host = voip.dt.ept.lu
defaultuser = PHONENUMBER
secret = voipxxxxxxxxxx (x=customer number!!)
trunkname = voip.dt.ept.lu
qualify=yes
context=ept_in
hasexten=no
hasiax=no
;nat=yes
type=peer
hassip=yes
registeriax=no
registersip = yes
trunkstyle = voip
outboundproxy = voip.dt.ept.lu
fromdomain=voip.dt.ept.lu
authuser = PHONE_NUMBER@voip.dt.ept.lu
insecure=invite,port
qualify=yes
disallow = all
allow = ulaw,alaw
canreinvite=no
call-limit=1
2016/12/29 at 09:59
Salut Marc,
wollt dech léif ëm hëllef froen.
Also ech hu doheem een Asus Router AC-5300 an sinn bei der POST mat LuxFibre L (no ipTV) abonnéiert. Ech hu mech gëschter emol fir d’aller éischt kéier, direkt un den Luxfiber connectéiert krit ouni di blöd fritzbox ze benotzen. Dat war nëmmen méiglech well ech däin Blog fonnt hunn! Dowéinst well ech der elo mol scho direkt een groussen Merci soen!
Ech sinn awer net ganz zefridden mat den Astellungen an hei kënnt elo meng fro, wäers du eventuell interesséiert eng kéier per Skype oder Teamviewer, dir déi ganz Configuratioun eng kéier unzekucken eventuell mir dobäi hëllefen dat ganz besser ze maachen? Ech kéint dir och Suen dofir ubidden.
Op alle Fall soen ech dir een groussen Merci!
2017/01/31 at 23:50
Scheck mir per private Message deng Telefonsnummer a wéini dass et dir am beschte geet. Ech kennen de Router zwar net, mee et kann een jo emmer mol driwwer kucken.
2017/01/21 at 16:12
to my previous post, i forgot the following:
Attention: customer has 10 digits!
[general]
nat=force_rport,comedia
externhost = your dyndns, or public static ip
externrefresh=600
localnet=192.168.1.0/255.255.255.0
canreinvite=no
qualify=no
bindaddr=0.0.0.0
udpbindaddr=0.0.0.0
rtpstart=10000
rtpend=15000
allowtransfers=no
allowexternalinvites=no
context=ept_in ; Default context for incoming calls. Defaults to ‘default’
allowguest=no ; Allow or reject guest calls (default is yes)
allowoverlap=no ; Disable overlap dialing support. (Default is yes)
udpbindaddr=0.0.0.0 ; IP address to bind UDP listen socket to (0.0.0.0 binds to all)
tcpenable=no ; Enable server for incoming TCP connections (default is no)
tcpbindaddr=0.0.0.0 ; IP address for TCP server to bind to (0.0.0.0 binds to all interfaces)
transport=udp ; Set the default transports. The order determines the primary default transport.
srvlookup=yes ; Enable DNS SRV lookups on outbound calls
buggymwi=yes ; Cisco SIP firmware doesn’t support the MWI RFC
videosupport=no ; Turn on support for SIP video. You need to turn this
textsupport=no ; Support for ITU-T T.140 realtime text.
alwaysauthreject = yes ; When an incoming INVITE or REGISTER is to be rejected,
allowsubscribe=no ; Disable support for subscriptions. (Default is yes)
nat=force_rport,comedia
register => PHONENUMBER:voipCUSTOMERNUMBER:”PHONENUMBER@voip.dt.ept.lu”@voip.dt.ept.lu/PHONENUMBER
changed to pt contect:
[pt]
qualify=no
authuser=PHONENUMBER
allow = ulaw,alaw,g729
in+outgoing call works fine (tested!)
fax outgoing ok, incoming not testetd!
2017/09/04 at 20:17
Hello there,
tutorial doesn’t seem to work with LuxFibre M as of today. Tried on a Routerboard 2011UiAS-IN with valid PPPOE credentials (tested on FritzBox) on ether1. I’ll debug this further when I have some spare time.
Cheers.
2017/09/05 at 22:01
Fixed. My NAT masquerade rules were wonky 😉
Thanks for the tutorial.
Cheers
2017/09/11 at 23:05
Hi,
Great blog. Glad to find some nice tech post around my local problems :D.
One quick question, what model do you have from Mikrotik? I would like to play a bit with routerSO a my Post Fibre.
Thanks
2017/12/06 at 01:25
I’m currently using the following models CRS112-8G-4S, CCR1009-8G-1S-1S+, RB952Ui-5ac2nD and RB962UiGS-5HacT2HnT. In the past I also used a CRS109-8G-1S-2HnD-IN.
2017/09/21 at 15:15
Thank you very much for this article. It helped my tremendeus, as the provider was unwilling to help. I used this information to write a config for cisco ios that worked like a charm. Here it is, if anyone is interested:
interface GigabitEthernet0/0/2
description WAN
no ip address
negotiation auto
interface GigabitEthernet0/0/2.35
description FibreLux
encapsulation dot1Q 35
pppoe enable group global
pppoe-client dial-pool-number 1
interface Dialer1
description FibreLux Dialer
mtu 1492
ip address negotiated
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp authentication chap callin
ppp chap hostname PT333333
ppp chap password 0 L8L8L8L8
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
Of course you’d have to adjust ppp username and password in order for it to work.
2017/12/06 at 01:29
Thanks. It’s missing some ipv6 lines for my taste 😛
2018/09/01 at 00:58
Hi everybody,
until recently, I used a Cisco ASA 5506 to connect to the Internet trough POST. The Setup was rather simple using the GUI. I configured an interface with VLAN 35 an used the credentials supplied by POST to login. Works like a charm.
Now I bought myself a Cisco 1921 Integrated Services Routes, because well it is a router and I want to separate the routing from my firewall.
Unfortunately I am unable to connect with my router to the internet. I setup the Interfaces exactly as Mario described in his post. After some time of waiting, the router then connects, but I don’t receive a public but a private IP.
When I debug, I get the message: “Authentication-Reject”.
Is there anything I have to pay attention to, when entering the ppp chat hostname an password command?
Thanks in advance.
2018/10/11 at 18:03
Not sure I understand everything. You’ve setup the PPPoE client on VLAN 35 and you are getting a private IP? This might be correct, as BAMBOO connection don’t get a public IP unless you pay a monthly fee to POST. When entering the username and password you should check for any unnecessary whitespaces when copy-pasting. You could try tracing the packets sent via VLAN35 and see if you get a reply at all.
2018/10/11 at 19:17
This smells like carrier grade NAT. If the credentials would be wrong, you wouldnt receive an IP at all. Experienced this in the past. Im not familiar with the POST contracts, but it sounds to like Marc is right. Lots of providers ask for extra money if you wanna receive a public IP nowadays.
2017/11/11 at 21:01
Hallo,
ech hu mech lo dru versiicht den IPv6 un laafen ze kreien,
mee et gesäit mer esou aus als hätt POST entretemps en aaneren wee ewéi se prefixen assignéieren. Hues du vläit en Tipp fir mech ? 🙂
Merci
Christian
2017/12/06 at 01:33
Ech hun daat grad nach eemol getest. Des Konfig klappt nach emmer:
/ipv6 dhcp-clientadd add-default-route=yes interface=internet pool-name=test pool-prefix-length=56 request=address,prefix
Den Interface “internet” ass den PPPoE Client interface.
2017/11/20 at 19:45
Heya Marc,
Some very nice work you did there. As lots of people I also am unsatisfied with the Fritz!Box7490 form Post. Your article insipred me to get rid of it. I bought myself a DIR-890L and put dd-wrt on it and it’s quite fun to learn all this. Maybe in a few days I’ll get it up and runing. Would you be ready to help me a little if it doesn’t work out ? Anyway i’m going to write a tutorial about it if I get it to work 🙂 Have a nice one !
2018/09/19 at 00:32
Can I use an Asus router with Post fibre? I don’t have a phone or tv.
2018/10/11 at 17:56
You have to be more specific, which ASUS router exactly?
2019/08/23 at 12:49
Hii. I currently would like to install a Asus Dsl-AC68U. And i can not get it to work. I use bonding for my inet connection. This goes somewhat beyond my pc knowledge 🙂 if un need screenshots i can provide. Your help is appreciated
2019/08/26 at 18:14
From the information available from ASUS, it seems that the ASUS DCL AC68U does not support bonding. In addition I found no information about VLAN support on the VDSL interface. Both features are necessary to operate a VDSL bonding internet access in Luxembourg. From the information available to me, it seems that the ASUS DCL AC68U is unfortunately not suitable for your specific situation.
Currently I only know of the AVM Fritz!Box 7581 https://en.avm.de/products/fritzbox/fritzbox-7581/ capable to support your setup.
2020/01/11 at 13:11
Hi
I’ve got my line upgraded from M (100MBit/s down, 50MBit/s up) to L (500MBit/s down, 250MBit/s up). They replaced the ONT with the actual model as well ass my FritzBox 7390 with a FritzBox 7530. Nothing else in my network has been changed.
After the upgrade, I noticed a huge performance down: temporary very slow loading pages, VoIP calls with lot’s of crackling and noise in it. After monitoring the line every some minutes with a speed test, I’ve noticed increasing ping times (up to 1000ms) and a lot of packet loss (up to 56%), which explains the slow loading pages (TCP piggy backing) and the noise in the VoIP calls (UDP leaving out missed packets).
After reading the present page and the one over here (https://pinguin.lu/node/21), I’ve decided to kick the FritzBox and use my pfSense box instead. PPPOE over VLAN #35 worked out of the box and registering my VOIP line manually (no VLAN needed here) did the trick too. Only IPv6 is not yet working …
Anyway. Since kicking the FritzBox packet loss went down to zero and ping down to around 5-6ms, which I think is “normal”. All this is only constant since some 3 hours and looks very promising so that I hope that it stays stable.
My main question is: Is the FritzBox really so bad that it drops that lot of packets? With my previous one (before the upgrade), there was no problem at all ….
2020/04/24 at 18:52
A Fritz!Box should work just fine, even for that kind of bandwidth (unless you have dozens of devices connected and accessing the Internet at once). So I suspect a defect on the Fritz!Box here.
IPv6 should be quite easy, in most cases it’s just a DHCP request away. (Don’t request a specific prefix length and you should be fine.)