Free Palestine 🇵🇸✊
Ukraine ⚔️ Russia
Say NO To Censorship
Fri, Apr 26, 2024
Parent Category: Networking
Category: MikroTik

MikroTik RB750Gr3 - Setup UniFi-Home, DoH (dns-over-https), IPv6

It's been a long time RB750Gr3, and I literary forgot when I bought it tongue-out

Due to the recent DNSpooq dnsmasq vulnerabilities, I check around found out MikroTik's RouterOS (ROS) not using dnsmasq, also start to support DoH (dns-over-https) around mid last year, so it's time to pull out my dusty RB750Gr3 toy, setup for my UniFi-home to play around again ...

I reset the device connect to internet (Port1=WANport), check/update to current latest firmware ver 6.48 :

Also update the RouterBOARD itself :

 Reset the device for fresh setup :

After reset, accept the default configuration, both the default IPv4 & IPv6 firewall seems ok, so just leave it to default config :

Setup DoH --> one of my main objective !

Actually the setup is quite straight forward, connect the device (Port1=WANport) to internet, just follow MikroTik sifu instruction HERE, open Terminal run those command will do:

/ip dns set servers=1.1.1.1,1.0.0.1
/system ntp client set enabled=yes server-dns-names=time.cloudflare.com
/tool fetch url=https://curl.haxx.se/ca/cacert.pem
/certificate import file-name=cacert.pem passphrase=""
/ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
/ip dns set servers=""

those certs will download as follows :

The above MikroTik setup link uses CloudFlare DNS, I use AdGuard DoH setup as follows :

Next, setup vlan-ing and PPPoE for UniFi connection.

Usually I like to rename those default "Interface Name" ethernet 1/2/3/4/5 ports as follows :
(it seems current stock fw already use the name "WAN" and "LAN", so I use WAN1, LAN1/2/3/4 naming)

Setup/add vlan.500 (for PPPoE) and vlan.600 (for IPTV) :

Then create Bridge for IPTV :
(note: it seems current stock fw use the name "bridge" as for the 4 LANports)

Create/enter UniFi PPPoE user ID & PW as follows :

I want to setup/use IPv6, so check the Profiles-default has IPv6 enabled :

Change the detault NAT's Out-Interface to all-ppp or UniFi :

 

(Optional)
The device's default LAN use 192.168.88.x, I want to setup my LAN as 192.168.0.x, so change the following 3 things Addresses / DHCP Server / Pool :

 

Basic UniFi setup done, restart the device, connect the device's WANport (Port1) to the BTU/GPON, it will connect to UniFi as follows :

TM UniFi IPv6 Setup

Setup ND and the Prefix-Default as follows :

Setup/Add DHCPv6-Client and IPv6-Address as follows :

UniFi IPv6 setup done, it will connect IPv6 as follows :

Run some IPv6 tests OK as follows :

Setup done, using MikroTik + DoH now laughing

I Torch the UniFi interface with port 53, didn't see anything, good !

However, when I Torch the WAN1 (Port1) interface with port 53, it seems to have some kind of 53 with vlan209 roaming around, could be TM's rubbish TR069 or something, hmmmm ... innocent

Initially when I first started I saw the following DoH warning, but later I don't see anymore, not sure what/why though ...

Anyway, that's it, took me a while to fresh setup the RB750Gr3 again for my UniFi, now using the RT-AX55 white limited edition as AP cool

 

ASUS RT-AX55

 ASUS RT-AX55 - Unboxing, Wireless Performance Tests, TM-UniFi Home (800/200Mbps DL/UL)

.