Mac-adress For Vpn On Cme
Applies to RouterOS:v6+,v5.12+
The problem you're having is that the local network (the one with the server) can't see the MAC of the remote PC. All the server knows is that it has to send frames to either a router or to the MAC of your VPN appliance - one of which must be in the same local subnet.
- 2LTE Client
- 2.4User Info command
- 6Tips and Tricks
- 7Troubleshooting
Summary
Package:system
Support for Direct-IP mode type cards only. MBIM support is available in RouterOS v7 releases and MBIM driver is loaded automatically. If modem is not recognized in RouterOS v6 - Please test it in v7 releases before asking for support in RouterOS v6.
To enable access via a PPP interface instead of a LTE Interface, change direct IP mode with /port firmware set ignore-directip-modem=yes command and a reboot. Note that using PPP emulation mode you may not get the same throughput speeds as using the LTE interface emulation type.
Warning: In RouterOS v7 ignore-direct-modem parameter is moved under /system routerboard modem menu
LTE Client
Sub-menu:/interface lte
Properties
| Property | Description | |
|---|---|---|
| allow-roaming (yes no; Default: no) | Enable data roaming for connecting to other countries) | Frequency band used in communication LTE Bands and bandwidths |
| comment (string; Default: ') | Descriptive name of an item | |
| disabled (yes no; Default: yes) | Whether interface is disabled or not. By default it is disabled. | |
| mac-address (MAC; Default: ') | Media Access Control number of an interface. | |
| modem-init (string; Default: ') | Modem init string (AT command that will be executed at modem startup) | |
| mtu (integer; Default: 1500) | Maximum Transmission Unit. Max packet size that LTE interface will be able to send without packet fragmentation. | |
| name (string; Default: ') | Descriptive name of the interface. | |
| network-mode (3g gsm lte; Default: 3g,gsm,lte) | Select/force mode for LTE interface to operate with | |
| operator (integer; Default: ') | used to lock device to specific operator full PLMN number is used for lock consisting from MCC+MNC. PLMN codes | |
| pin (integer; Default: ') | SIM Card's PIN code. |
APN profiles
All network related settings are moved under profiles, starting from RouterOS 6.41
Sub-menu:/interface lte apn
| Property | Description |
|---|---|
| add-default-route (yes no) | Whether to add default route to forward all traffic over the LTE interface. |
| apn (string) | Service Provider's Access Point Name |
| authentication (pap chap none; Default: none) | Allowed protocol to use for authentication |
| default-route-distance (integer; Default: 2) | Sets distance value applied to auto created default route, if add-default-route is also selected. LTE route by default is with distance 2 to prefer wired routes over LTE |
| ip-type (ipv4 ipv4-ipv6 ipv6; Default: ) | Requested PDN type |
| ipv6-interface (; Default: ) | Interface on which to advertise IPv6 prefix |
| name (string; Default: ) | APN profile name |
| number (integer; Default: ) | APN profile number |
| passthrough-interface (; Default: ) | Interface to passthrough IP configuration (activates passthrough) |
| passthrough-mac (MAC; Default: auto) | If set to auto, then will learn MAC from first packet |
| password (string; Default: ) | Password used if any of the authentication protocols are active |
| use-peer-dns (yes no; Default: yes) | If set to yes, uses DNS recieved from LTE interface |
| user (integer) | Username used if any of the authentication protocols are active |
Scanner
It is possible to scan LTE interfaces with /interface lte scan command
Available read only properties:
| Property | Description |
|---|---|
| duration (integer) | Duration of scan in seconds |
| freeze-frame-interval (integer) | time between data printout |
| number (integer) | Interface number or name |
User Info command
It is possible to send special 'info' command to LTE interface with /interface lte info command.
Properties (Up to 6.40)
| Property | Description |
|---|---|
| user-command (string; Default: ') | send a command to LTE card to extract useful information, e.g. with AT commands |
| user-command-only (yes no; Default: ) |
User at-chat command
It is possible to send user defined 'at-chat' command to LTE interface with /interface lte at-chat command.
You can also use 'at-chat' function in scripts and assign command output to variable.
Quick setup example
Start with network settings -
Warning: This guide is for RouterOS versions starting from 6.41
Start with network settings - Add new connection parameters under LTE apn profile (provided by network provider):
Select newly created profile for LTE connection:
LTE interface should appear with running (R) flag:
From RouterOS=>6.41 DHCP client is added automatically. If it's not added - add a DHCP Client to LTE Interface manually:
If required, add NAT Masquerade for LTE Interface to get internet to the local network:
After interface is added, you can use 'info' command to see what parameters client acquired (parameters returned depends on LTE hardware device):
Passthrough Example
Starting from RouterOS v6.41 some LTE interfaces support LTE Passthrough feature where the IP configuration is applied directly to the client device. In this case modem firmware is responsible for the IP configuration and router is used only to configure modem settings - APN, Network Technologies and IP-Type. In this configuration the router will not get IP configuration from the modem.The LTE Passthrough modem can pass both IPv4 and IPv6 addresses if that is supported by modem.Some modems support multiple APN where you can pass the traffic from each APN to a specific router interface. Adobe acrobat for mac free download full version torrent download.
Passthrough will only work for one host. Router will automatically detect MAC address of the first received packet and use it for the Passthrough. If there are multiple hosts on the network it is possible to lock the Passthrough to a specific MAC.On the host on the network where the Passthrough is providing the IP a DHCP-Client should be enabled on that interface to.Note, that it will not be possible to connect to the LTE router via public lte ip address or from the host which is used by the passthrough. It is suggested to create additional connection from the LTE router to the host for configuration purposes. For example vlan interface between the LTE router and host.
To enable the Passthrough a new entry is required or the default entry should be changed in the '/interface lte apn' menu
Warning: Passthrough is not supported by all chipsets. MBIM emulation does not support passthrough.
Examples.
To configure the Passthrough on ether1:
To configure the Passthrough on ether1 host 00:0C:42:03:06:AB:
To configure multiple APNs on ether1 and ether2:
To configure multiple APNs with the same APN for different interfaces:
Dual SIM Example
For some boards with dual SIM slots connected to the same modem slot (like LtAP mini, ltAP) it is possible to alternate between cellular providers. Follow this link - Dual SIM Application, to see examples of how to change SIM slot based on roaming status and in case the interface status is down with help of RouterOS scripts and scheduler.
Tips and Tricks
This paragraph contains information for additional features and usage cases.
Find device location using Cell information
On devices using R11e-LTE International version card (wAP LTE kit) some extra information is provided under info command (from 6.41rc61)
| Property | Description |
|---|---|
| current-operator (integer; Default: ) | Contains MCC and MNC. For example: current-operator: 24701 breaks to: MCC=247 MNC=01 |
| lac (integer; Default: ) | location area code (LAC) |
| current-cellid (integer; Default: ) | Station identification number |
Values can be used to find location in databases: Cell Id Finder
Using Cell lock
It is possible to lock R11e-LTE, R11e-LTE6 and R11e-4G modems and equipped devices to exact LTE tower. LTE info command provides currently used cellular tower information:
| Property | Description |
|---|---|
| phy-cellid (integer; Default: ) | Physical Cell Identification (PCI) of currently used cell tower. |
| earfcn (integer; Default: ) | Absolute Radio Frequency Channel Number |
Exact tower location as well as available bands and other information can be acquired from mobile carrier or by using online services:
By using those acquired variables it's possible to send AT command to modem for locking to tower in current format:
for R11e-LTE and R11e-LTE6
To lock modem at previously used tower at-chat can be used:
For R11e-LTE all set on locks are lost after reboot or modem reset. Cell data can be also gathered from 'cell-monitor'.
For R11e-LTE6 cell lock works only for the primary band, this can be useful if you have multiple channels on the same band and you want to lock it to a specific earfcn. Note, that cell lock is not band-specific and for ca-band it can also use other frequency bands, unless you use band lock.
Use cell lock to set the primary band to the 1300 earfcn and use the second channel for the ca-band:
Now it uses the earfcn: 1300 for the primary channel:
You can also set it the other way around:
Now it uses the earfcn: 1417 for the primary channel:
For R11e-LTE6 modem cell lock information will not be lost after reboot or modem reset. To remove cell lock use at-chat command:
for R11e-4G
All PLMN codes available here this variable can be also left blank
To lock modem to the cell - modem needs to be in non operating state, easiest way for R11e-4G modem is to add CellLock line to 'modem-init' string:
Multiple cells can also be added by providing list instead of one tower informatin in following format:
For example to lock to two different PCIs within same band and operator:
Cell Monitor
Cell monitor allows to scan available nearby mobile network cells:
Gathered data can be used for more precise location detection or for Cell lock.
Troubleshooting
Enable LTE logging:
Check for errors in log:
search for CME error description online,
in this case:CME error 10 - SIM not inserted
Locking band on Huawei and other modems
To lock band for Huawei modems /interface lte set lte1 band=' option can't be used.
It is possible to use AT commands to lock to desired band manually.
To check all supported bands run at-chat command:
Example to lock to LTE band 7,
Change last part 40 to desired band specified hexadecimal value where:
All band HEX values and AT commands can be found in Huawei AT Command Interface Specification guide
Check if band is locked:
For more information check modem manufacturers AT command reference manuals.
mPCIe modems with RB9xx series devices
For mPCIe modems to work in RB9xx series devices it is required to set the USB type to mPCIe, this can be done using the following command:
In case your modem is not being recognized after a soft reboot, then you might need to add a delay before the USB port is being initialized. This can be done using the following command:
Modem firmware upgrade
Warning: Before attempting LTE modem firmware upgrade - upgrade RouterOS version to latest releases How To Upgrade RouterOS
Starting from RouterOS version 6.44beta20 it is possible to upgrade modems firmware.
Firmware update is available only as FOTA Firmware Over The Air - firmware upgrade can only be done through working mobile connection for:
- )R11e-LTE
- )R11e-LTE-US
Firmware update available as FOTA and as well as upgrade from file for:
- )R11e-4G
- )R11e-LTE6
Firmware updates usually includes small improvements in stability or small bug fixes that can't be included into RouterOS.
Check currently used firmware version by running:
Check if new firmware is available:
Upgrade firmware:
Whole upgrade process may take up to 10 minutes, depending on mobile connection speed.
After successful upgrade issue USB power-reset, reboot device or run AT+reset command, to update modem version readout under info command:
if modem has issues connecting to cells after update, or there are any other unrelated issues - wipe old configuration with:
Avoiding tethering speed throttling
Some operators (TMobile, YOTA etc.) allows unlimited data only for device SIM card is used on, all other data coming from mobile hotspots or tethering is highly limited by volume or by throughput speed.Some sources have found out that this limitation is done by monitoring TTL (Time To Live) values from packets to determinate if limitations need to be applied (TTL is decreased by 1 for each 'hop' made).RouterOS allows changing the TTL parameter for packets going from the router to allow hiding sub networks. Keep in mind that this may conflict with fair use policy.
More information: YOTA, TMobile
Unlocking SIM card after multiple wrong PIN code attempts
After locking SIM card, unlock can be done through 'at-chat'
Check current PIN code status:
If card is locked - unlock it by providing:
Replace PUK_code and NEW_PIN with matching values.
[Top Back to Content]Whether your network is wireless or wired, one thing is for sure: you not only need network software but also hardware (like routers or cables, for example) to transmit data from your device or computer to your router or ISP server – or vice versa.
And to ensure the data reaches only you (and that too, without being altered or overheard), it all comes down to the network addresses, more commonly known as a Media Access Control (MAC) address. Both IP addresses and MAC addresses are unique identifiers, and together they make data transmission successful.
Now, moving on to the topic of discussion: MAC Addresses.
A MAC address is a unique identification number or code used to identify individual devices on the network. Therefore, it’s also sometimes referred to as a hardware or physical address. Secure your MAC address with PureVPN’s 7-day trial for just $0.99.
These numbers are embedded into the hardware of the network device during the manufacturing process. While they usually remain constant, you can sometimes find and modify the MAC address settings through software.
MAC addresses are 12-digit hexadecimal numbers (48 bits or 6 bytes in length) and often written in MM:MM:SS:SS:SS format. They help with communication on the network, and also provide some ISPs with a secure means to authenticate devices or computers for internet access.
MAC Address vs. IP Address
Indeed, both MAC addresses and IP addresses are used by a TCP/IP network – but for different purposes. The following are some differences between the two types of network addresses:
MAC Address
| IP Address
|
Tip: Find out what is your IP Address
How to Find the MAC Address on PC?
In Windows
- Type “cmd” in the Windows Search Box
- Use the “ipconfig/all” command, and you will find multiple MAC addresses listed for one computer.
In Mac
- Click the Apple Icon and choose System Preferences
- Select Network.
- Click Advanced.
- Find the MAC address listed in the Hardware section.
What Security Concerns do MAC Addresses Present?
1. You Can Be Tracked
Unless you switch off the Wi-Fi on your phone before heading out, your phone will automatically scan for available Wi-Fi networks as you move from one place to another. Most smartphones use both passive and active scanning to find and connect to Wi-Fi access points.
Since a device includes its MAC address when sending out probe request packets, your smartphone broadcasts its MAC address for anyone to notice within the Wi-Fi range. Therefore, as you walk around, your device will transmit its presence to any nearby network.
This information may be used to track your device’s movements throughout the day, which gives an idea of where you have been moving and at what time. Furthermore, it could also be sold to advertisers so that they can target ads based on the frequency of your visits.
2. You Can Be Hacked
Unfortunately, it’s pretty easy for hackers to get their hands on MAC addresses. Why, you ask? This is because they are sent in the clear from each device, allowing malicious users to “sniff” the traffic to find your MAC address.
The hacker will simply have to monitor your Wi-Fi traffic, analyze a packet to find the MAC address of a permitted device, modify the MAC address of their device with the permitted MAC address, and connect in place of your device.
Think that’s impossible? Well, think again! Even though the device is already connected to a Wi-Fi network, the hacker can forcibly disconnect it by launching a deauthentication attack so they can reconnect instead.
How to Change your MAC Address?
So, “how do I change my MAC address?” you may wonder. This is how you can do it:
On Windows
While most network cards will let you specify a custom MAC address, this feature may not be supported on some network drivers.
Regardless, here’s how to do it:
- Type Device Manager in the Search Box.
- In Device Manager, right-click the network interface you want to change from the Network Adapters section, and then choose Properties.
- Click Advanced and select Network Address from the Property list. Enable Value and type the MAC address of your choosing without any colons or dashes. Hit OK when you are done.
On Mac
The System Preferences pane shows the MAC address of each network interface, but it doesn’t let you modify it.
To do that, you will have to access the Terminal:
- Use Command + Space, type Terminal and then hit Enter.
- Run the command shown below, replace “en0” with the name of your network interface, and fill in the MAC address of your choice.
Note: Run the “ifconfig” command if you are not sure about the appropriate name for your network interface.
How to Find the MAC Address of Your Router?
Method #1 – Check the Label
Just turn over your router, and you will find the MAC address printed on a label at the back of the router.
Method #2 – Use Web Browser
- Open your web browser, insert your router’s IP address in the address bar and then hit Enter.
- Type the router’s Username and Password.
- Check the status of the router to find the MAC address.
How to Find the MAC Address of Your Android Phone?
- Tap Settings.
- Tap About Phone.
- Tap Status.
- Find the Wi-Fi/WLAN MAC Address.
How to Find the MAC Address of Your iPhone?
- Tap Settings.
- Tap General.
- Tap About.
- Find the MAC Address listed as Wi-Fi Address.
How a VPN Helps To Protect Your MAC Address?
By installing PureVPN on your device or router, not only can you change your real IP address and location to anonymize your presence on the internet, but also encrypt all your incoming and outgoing traffic to make it difficult for hackers and snoopers to get hold of your MAC address and use it for their nefarious purposes.