I attended the Sapphire Coast StartUp Camp this weekend. At one point in the leadup to it, it seemed the venue would have no Internet access, so I suggested setting up a MikroTik router with a GSM phone dongle to provide wifii/LAN and Internet connectivity. In the end an alternative was found, but just for the exercise, our team at the camp used my new hotspot, and it worked really well.
The router I used was a Mikrotik RB951G-2HnD, but any model with wifi and a USB port should work. If you don’t need wifi, any model with ethernet ports and a USB port should work.
For the dongle I used a Telstra “Ultimate” USB dongle – actually a rebranded Sierra Wireless “AirCard 312U”. These are in the compatibility list for the MikroTik, as it happens.
All of the following was done after a factory-reset of the router.
Setting up the router basics (password etc) and wifi was no different to setting it up for any other purpose, so I won’t cover that here. I’ll just concentrate on what was needed to get the dongle working and provide Internet connectivity to connected hosts.
The first problem was that the dongle didn’t appear to be addressable. It was visible, but I couldn’t talk to the modem in it. Also, it showed up in the ports list as
lte1, rather than the expected
usb1. A little research suggested that it might be doing “direct IP”, and that this could be disabled using the following command:
/port firmware set directory=firmware ignore-directip-modem=yes
This worked – after rebooting the router, the dongle showed up as
The next step was to configure PPP over the new modem. happily, the MikroTik had automatically added a PPP client interface. I adjusted it so that it looked like this:
name="ppp-out1" max-mtu=1500 max-mru=1500 mrru=disabled port=usb1 data-channel=2 info-channel=2 apn="telstra.internet" pin="" user="" password="" profile=default phone="*99#" dial-command="ATDT" modem-init="" null-modem=no dial-on-demand=no add-default-route=yes use-peer-dns=yes keepalive-timeout=30 allow=pap,chap,mschap1,mschap2
Note that neither username nor password were required. The APN is however critical – make sure you use the right one for your service.
At this point, the dongle was connecting to the ISP and the interface was up, with an IP address retrieved from the ISP. However, internet connectivity for attached hosts was still a few steps away.
The first step was to add firewall rules to control access from outside. This is quite straightforward, so I won’t describe it in detail here. Just remember that the outside interface is
ppp-out1 (or whatever you chose to call the PPP interface). Also remember that if your ISP provides IPv6 connectivity and you enable it on the MikroTik, you will need to add appropriate filtering for IPv6 too.
The second step was to put NAT on the new interface:
/ip firewall nat add action=masquerade chain=srcnat \ disabled=no out-interface=ppp-out1 \ to-addresses=0.0.0.0
At this point, the hotspot was fully functional.
A third, optional, step was to put the first ethernet interface into the same bridge group as the rest of the ethernet interfaces and the WLAN interface. This isn’t really necessary, but it gives you an extra ethernet port and it avoids confusion if someone uses does try to use ether1.
/interface ethernet set 0 name=ether1-slave-local master-port=ether2-master-local /ip neighbor discovery set ether1-gateway disabled=yes
There are lots of little cleanup tasks remaining, but that’s all that’s needed to give you a useful little hotspot. Plug in the dongle, plug in the router, and within thirty seconds you and anyone else you give the wifi passphrase to can be online!