You are here

Mikrotik hAP AC Lite integration into existing 10.0.0.0/16 network

5 posts / 0 new
Last post
w6bi
w6bi's picture
Mikrotik hAP AC Lite integration into existing 10.0.0.0/16 network

We've been deploying hAP AC Lites in all of the agencies where we install ham network equipment.  But the local hospital uses 10.60.0.0/16 as their network, and predictably the nodes connected to the hAP aren't given the correct route to the Internet.

Any suggestions for a workaround?

Thanks.

nc8q
nc8q's picture
AREDN mesh integration into existing 10.0.0.0 network

Me too.
I tried to demonstrate my mesh equipment by tunneling from a
community college satellite classroom to home, but their local
network was 10.x.x.x. Is there a workaround?
Thanks.
Chuck
 

AE6XE
AE6XE's picture
The node's routing tables

The node's routing tables have IP addresses for the following:
1) small subnets for the LAN of every node:  8, 16, or 32 sequential count of IP addresses known on the mesh for each node
2) Individual IP addresses for each of the nodes, count of 2+  dtdlink, RF, plus tunnels

If any 10.60.0.0/16 were included in the list above, then the route would take the traffic to the mesh IP address and never get to this external network -- a conflict.    If an IP address in this 10.60.0.0/16 range was not in conflict on the mesh network, then the mesh routes it to the default path, like going to the internet.   

I have connected mesh nodes to 10.x.x.x foreign networks (happens every year at SCALE).  The WAN IP address shows a 10.x.x.x address.   It has worked, because of luck not yet  accessing a resource with an IP conflict.   However, accessing the internet (non-10.x.x.x addresses) should still work.  The odds that there is a mesh IP in conflict with the single IP address for the WAN IP address of the hAP ac lite means you'd better invest in the power ball lotto right away ;) .

Do a traceroute to an internet address to see what path it takes, 'traceroute 172.217.4.68'  (www.google.com)

Joe AE6XE

w6bi
w6bi's picture
Conflicting subnets

In looking at the mapper's database, there are nine conflicting IP addresses :-/
I'll take the hAP back to the hospital and do some more testing.

Orv W6BI

KE2N
KE2N's picture
workaround

Purists may not like this but there is a workaround that allows internet access for the mesh node and allows limited access to mesh nodes from the WAN side.

You use a router and double-NAT.   I have used the 172.168.xx.xx network as the in-between network.  You need to turn off one rule in the mesh firewall rule*  to use that.   

The router sits on the Hospital's 10.x.x.x network and uses whatever address the hospital wants you to have - preferably a fixed IP of course. That is the WAN side of the router. The LAN side of the router is given the 172.168.xx.xx address range.   The node plugged into the LAN side of the router will use the 172.168.xx.xx address as its WAN address and 172.168.xx.1 as the default gateway for the mesh node. That will map back to 10.0.0.1 and reach the internet. 

Clients on the 10.x.x.x network can reach into the mesh network through port forwarding.  Every mesh node will be at the same address but a different port, from the viewpoint of devices on the 10.x.x.x network.   You can even reach into the mesh network from the Internet but it will require forwarding in the hospital's incoming router as well as the one you provide.

Ken

*   go to /etc/config.mesh/uhttpd and set the option for RFC1918 filtering to 0


 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer