need find pfSense box with SFP~ x86 can handle gigabit easily

I have test ping ttl under Maxis TP-Link - ZTE Dongle



PC:


TP-Link Router with ZTE Dongle Attached:


53 < 54 is decrease by 1,

So, I do test Firewall Mangle on pppoe-out1:

it's worked! so I change pppoe-out1 to lte1, not working!

I wonder why not work on lte1, maybe dongle detect by MAC Address?

hmm so currently:
dongle +sim works when connected to pc --> maxis tplink
dongle doesnt work on mikrotik, sim doesnt work on phone

maxis detects ttl via Outgoing packets to their gateway, so Out Interface should be used instead of In Interface for mangle
https://forum.mikrotik.com/viewtopic.php?t=144140 (example of working for mikrotik dongle).

https://answers.microsoft.com/en-us/windows...3e-92fa5ca0bd16 the ttl from the ping is actually the "final" decremented ttl at the destination and is not what maxis receives! what i suspected was that the "original source" ttl value when dongle is connected to tplink is different from when dongle/sim is plugged anywhere else, so we need to "offset" the ttl somehow...

maybe can try connecting dongle by usb directly into pc instead then ping? that might rule out dongle detect mac address or other problems?

This post has been edited by miloaisdino: Sep 21 2020, 11:43 PM

Yeah,
PC > Maxis TP-Link + 4G Dongle = Works
PC > Mikrotik + 4G Dongle = Not Working, only "nslookup" works

I been thinking the same, I want to know what TTL is set in Maxis TP-Link,
If have tool to crack USB Ethernet between Dongle and Router, inspect packet that way?

Or crack TP-Link router?

I managed to open since I have extra during PKP, put UART header and putty serial console, I stuck at Login, dont know what username and password


Plugging Maxis ZTE 4G Dongle into PC is same like plugging into Mikrotik, only "nslookup" works



I try follow that guide carefully, and do one by one finding, make Mikrotik ALL in One

haha. maybe try static ttl first, easier than cracking tplink (there are only 255 combinations to try! (much fewer since ttl 1-35 will pretty much kill lots of websites)try near 64, 128, 255 +- or other common ttl maybe?)


This post has been edited by miloaisdino: Sep 22 2020, 12:32 AM

Do I need to disable FastTrack Connection?

for traffic destined to the dongle only, yes! anyway 4g isnt that fast shouldn't have any bottlenecks
hmm could be mac address? maybe clone the tplink mac onto mikrotik too?!
https://wiki.mikrotik.com/wiki/Manual:Interface/LTE

confirm mac address!! not TTL!! mac address for maxis usb should be maxis router mac +- a few digits on the last octet!

This post has been edited by miloaisdino: Sep 22 2020, 12:46 AM

No wonder, I type TTL value from 1 until 255 no luck

some digging:

in maxis router show some list mac address


when 4G backup plug into PC, this mac address kind static across connect-disconnect




the Dongle MAC address will generate randomly every USB plugged

Question is, can Mikrotik act like TP-Link? fool ZTE Dongle, or TP-Router has "special" driver for dongle

maybe the dongle sees the mac address of the tplink/mikrotik and decides whether to block the connection. so maybe try using /interface on mikrotik to set the mac address of the maxis router facing the dongle to "fool" the dongle? arp -a shows the mac address of the dongle itself after every reboot (not the pc)

or maybe theres a hidden mac address filtering page on the dongle webui itself that can be found by inspect element. then we can just disable it!

This post has been edited by miloaisdino: Sep 22 2020, 11:23 AM

The reason resolve work because Mikrotik is a client behind the dongle network, thus the packet involved was only outgoing packet.
Forwarding on lte1 interface will be confusing cause duplicate route to internet. In your screenshot, active flag was on pppoe-out1 interface, so your connection will not go through lte1 interface.

Have you tried to disable the pppoe-out1 interface first then check whether internet works with lte?

If you want to test specific client to use on lte, you can try this
1. Disable add default route on dhcp client on lte1 interface

2. Add route to with
2.a Dst addr = 0.0.0.0/0
2.b Gateway = lte1
2.c Routing mark = lte_route (any name to be used later)


After fixing the route, next is prerouting decision what/when packet to go through this route in IP>Firewall>Mangle.
3. Then add new mangle rule with
3.a Chain = prerouting
3.b Action = mark routing
3.c New routing mark = lte_route (whatever routing mark set in 2.c)
3.d Src address = x.x.x.x (ip address)


Then the device with specified ip in mangle rule will be using the dongle internet, assuming you have added NAT masquerade rule for outgoing interface lte1, since you can open the dongle webUI.

Yes, I simply delete pppoe-out1

I can nslookup 192.168.0.1 on PC through Mikrotik > ZTE Dongle
However other traffic are not get through!

If Dongle looking for specific Device MAC Address, how to fool [data] > [dongle interface]

after some digging, I saw Maxis Router can be access via 192.168.100.1 (br1) under 192.168.1.0/24 (br0) network, I guess some NAT happening




cant get br1 MAC Address since 192.168.100.1 is behind 192.168.1.1

I believe mac address seen by the dongle in the maxis router was at dhcp_USB_4G. Try put that mac address into lte interface in Mikrotik.

I tried to change in "Interface" > LTE. it revert back to original MAC.

What if bridge > dummy interface > lte1.

the dummy interface is using maxis router mac address, some kind change mac address

Maybe. Try putting the mac address into that bridge and dhcp client interface point to that bridge.

I think lte interface can be added as port into the bridge. Just create a new bridge then add the lte interface as port. No need of dummy interface in between.

This post has been edited by pacat: Sep 23 2020, 09:41 AM

I have tried this, and not working. bridge > lte1

You mean: bridge > bridgeLTE---lte1 ?
I create bridgeLTE and add a port, the lte1 interface are not exist

https://forum.mikrotik.com/viewtopic.php?t=113569#p614298
this might be helpful!

Yup maybe can try set passthrough to bridgeLTE interface.
https://help.mikrotik.com/docs/display/ROS/...sthroughExample

tried, lte1 passthrough to bridge adapter not work:


I guess, time to UART console for some iptables:

WebGUI login not work in UART console, I dont know what is the valid login
UART log here: https://gist.github.com/Anime4000/4dd729dc4...7eec36121184992

This post has been edited by Anime4000: Sep 24 2020, 03:30 AM

Have you put the mac address into bridgeLTE's mac address? Passthrough mac address is only a filter to pass a client's mac address to the dongle (in case the interface connected to multiple hosts).

Searching for your dongle vid and pid leads to this https://www.development-cycle.com/2017/04/2...e-mf823-inside/. Though not same as yours, is it able to telnet into? Password might not be same.

can't switch usb device
sd 0:0:0:1: [sda] we have tried 10 times, but the USB device is still not ready, just return here!
sd 0:0:0:1: [sda] media is not present, wait for 0.5 seconds
getConfigFromMergeFile 150 decrypt mode_switch.conf successfully

and

usbcore: registered new interface driver cdc_ether
usbcore: registered new interface driver rndis_host
Failed to to open /proc/tty/driver/usbserial

clue from here onwards

and maybe the uart password can be found from router backup config file (downloaded from webui)?

This post has been edited by miloaisdino: Sep 24 2020, 10:09 AM

I tried run nmap scan, none


router backup config is encrypted, cannot see inside, unless I extract router flash and binwalk it, find shadow file and run password crack?

This post has been edited by Anime4000: Sep 24 2020, 09:56 PM