Hi,
yesterday I installed 18.06.2 openwrt to mikrotik sxt lite2 i.e rbsxt2ndr3 ( it has one lan port only eth0 ).
My ISP provided a fiber net with GPON ont router to convert the fiber to data and it has only one port to connect router (openwrt).
Now I m wondering how to connect my Openwrt mikrotik router with pppoe proto to GPON ont.
And setup a wireless ap from openwrt mikrotik to access internet on laptop.
Please help me.
Welcome!
"Easiest" solution would be to configure the WiFi first, connect to the device via WiFi and then set-up the port as WAN. You should probably consider allowing SSH access from the WAN side, in case in the future you have issue with WiFi and you want to access the device using a cable via the port that's now WAN. You can also allow web access (to be able to access the GUI) from the WAN side, but this is not recommended if your device is the first firewall between your network and the outside world.
The link below talks about the subject, but you can easily achieve the task (allowing SSH access from WAN and changing the port to WAN) form the GUI if you prefer. Note that you would want to set the protocol to PPPOE rather than DHCP.
There might be another approach using VLANs, but that will involve using an extra switch and I'm not even sure it would work, and wouldn't be very practical if it works!
Hi, thanks for guiding me.
I did that and worked. Now i configured openwrt router(mikrotik sxt lite2) to connect gpon ont (fiber router)
and wifi AP on mikrotik openwrt. Now i can access internet via pppoe connection. 
here's my config. REMEMBER: my fiber router i.e gpon ont has 192.168.1.1 IP.
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdbb:e701:a84b::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option proto 'pppoe'
option ifname 'eth0'
option username 'USERNAME'
option password 'PASSWORD'
option ipv6 'auto'
config interface 'wan6'
option ifname 'eth1'
option proto 'dhcpv6'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11g'
option path 'platform/ar934x_wmac'
option channel 'auto'
option country 'US'
option legacy_rates '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'SSID'
option encryption 'psk-mixed'
option key 'PASSWORD'
option wpa_disable_eapol_key_retries '1'
Thanks once again. 
Reply
Glad it worked.
The tricky thing though would be to access the device via a cable of something wrong goes with the WiFi. I haven't thought of it in my earlier reply, but with the WAN port configured as PPPoE, accessing the device with have to be via the upstream router-modem and internet, so not the best option for contingency.
Another option would be to add another WAN interface with Static IP (on the same interface as the PPPoE except that it's Static IP), on a subnet different than your LAN of course. So that interface should just be there doing nothing until you need to access the device by cable, so you connect it directly to your PC, set your PC NIC IP in the same subnet as that WAN interface and that should give you access (provided you allowed port 22 from WAN side as explained earlier).
I expect that to work but never tried it, so you may ask a second opinion.
ya just now i tried to change the lan ip and it messed everything. no coonection to ssh / gui via wifi and lan port.
will try your suggestion above and create another interface with new ip for port access for luci gui. (after reinstallation)
Thanks.
What happened exactly? OpenWrt has a feature to revert the change of LAN if the new IP is unreachable by the computer. So there is a chance that the IP didn't change.
You may try the old IP via WiFi (and if you disabled DHCP you would need to set static IP for your PC).
Or did you set the LAN IP to DHCP client? In which case you would need another router to be able to access it.
i don't have ssh connection via lan anymore. I have ssh only via wifi. So i thought changing something on lan and i messed everything. 
. Now i reinstalled everything. now happily using my router. But now i stuck in DnsCrypt-proxy setup to avoid DNS-hijacking issues, but the luci-app-dnscrypt gui is using very old resolvers. It doesn't have CloudFlare 1.1.1.1 dns.
Can you help me with this sir.
Suppose If i use unbound ( https://blog.cloudflare.com/dns-over-tls-for-openwrt/ )
replacing dnsmasq will that break the other apps/tools related to dnsmasq ? little confusing here.
Hi, after configuring and connecting to isp router as wan. Now i dont have any connection to ssh via port anymore. I can ssh only via wifi. Can you tell me how to get connection to ssh via lan port ?? plzzz
You need to forward port 22 from WAN to LAN as explained in the first post.
my bad one more problem arised on security .
after setting wan with pppoe i got ip address by isp i.e 10.2.55.xx
now i want to block luci and ssh access to that IP ( 10.2.55.xx from isp on wan)
How can i do this plzzzzz...
By default, incoming connections on wan are blocked.
but on accessing 10.2.55.xx on browser it opens my router page. How can I block this plzz.
That's because you are accessing it from the lan side of the firewall. Unless you've changed from the default rules, someone on the ISP side will be blocked.
Is above settings are correct. Can plz verify these sir. I disabled some of the ipv4/v6 rules to not accept the input to router.
Try to access your public IP from a phone that's on 4G. I will be rejected.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
