Thanks for the good advice here everyone.
Something else so add. I also want to setup a HAP and plugin a USB 4G modem but for a different purpose, to use it in areas where no ADSL/Cable is available.
The 320U does not support the 700MHz band which is crucial for me and something you should know about too in case you’re not aware….
With a decent antenna on the roof, 700MHz can reach up to 70km from a cell tower so it’s perfect for rural areas. I’ve set this up with a Dovado router and a Netgear Aircard II previously but want to use MK gear.
Another consideration is indoor penetration. 700Mz is much better at getting thought walls much like 3G at 850Mz.
See here for more: https://www.telcoantennas.com.au/site/telstra-4g-explained <https://www.telcoantennas.com.au/site/telstra-4g-explained>
Does anyone know of a USB 4G 700MHz Mikrotik compatible modem?
MAC, PC, Smartphone & Multimedia
Consulting, Training, Support & Fix-it
screamSaver
When You Just Want IT to Work"
mobile 0412 067 226 email matt@screamsaver.net <mailto:matt@screamsaver.net> web www.screamsaver.net <http://www.screamsaver.net/>
On 23 Nov 2017, at 18:34, public-request@talk.mikrotik.com.au wrote:
Send Public mailing list submissions to
public@talk.mikrotik.com.au
To subscribe or unsubscribe via the World Wide Web, visit
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
or, via email, send a message with subject or body 'help' to
public-request@talk.mikrotik.com.au
You can reach the person managing the list at
public-owner@talk.mikrotik.com.au
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Public digest..."
Today's Topics:
1. Re: 4G WAN failover question (Ben Jackson - ELOGIK)
2. Re: 4G WAN failover question (Paul Julian)
3. Re: 4G WAN failover question (Jeremy Hall)
----------------------------------------------------------------------
Message: 1
Date: Thu, 23 Nov 2017 17:44:32 +1100
From: Ben Jackson - ELOGIK <ben@elogik.net>
To: MikroTik Australia Public List <public@talk.mikrotik.com.au>
Subject: Re: [MT-AU Public] 4G WAN failover question
Message-ID:
<CACv=4uqwcspOtPd=Zr-gKztswU2SX=nfTJJCXimn_6Kr86tkJw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Paul - where do you get your 320U's from? Ebay?
*BEN JACKSON*
Director
*M *0404 924745
*E* ben@elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/>
<http://www.elogik.com.au>
On Thu, Nov 23, 2017 at 5:42 PM, Paul Julian <paul@oxygennetworks.com.au>
wrote:
No problem, good luck.
Regards
Paul
-----Original Message-----
From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of
Ben Jackson - ELOGIK
Sent: Thursday, 23 November 2017 5:38 PM
To: MikroTik Australia Public List
Subject: Re: [MT-AU Public] 4G WAN failover question
Great info Paul - thanks for this. I think with all this in mind I'll be
able to tailor a solution
Thanks again for everyone's input.
*BEN JACKSON*
Director
*M *0404 924745
*E* ben@elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Thu, Nov 23, 2017 at 1:53 PM, Paul Julian <paul@oxygennetworks.com.au>
wrote:
Hi Ben,
We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP
devices, the Mikrotik creates an LTE interface once the modem is
inserted into the USB port, you set the APN within the LTE interface.
Once that's connected you then configure a DHCP client on the Mikrotik
on the LTE interface and you get a public IP.
Some caveats:
- You do need to change the mode of the modem, this can be done with
the Netgear utility easily, they are a netgear unit basically.
- You need to use a 4G SIM from Telstra, prepaid or postpaid should
work, however if you want the APN with the public IP you need postpaid
and need to request that the SIM be setup with the telstra.extranet
APN
Apart from that it's pretty easy.
We occasionally have the modem drop, we have a script on the Mikrotik
which checks connectivity and if it drops it does a USB power cycle
which brings it back up most of the time.
It's really not hard, and it works well.
If you want to go with Optus but without a public IP you can get the
$19 dongle from Office Works, it works in the Mikrotik without any
real changes, but no public IP, fine if you can VPN out to something
to use to get back in.
Regards
Paul
-----Original Message-----
From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of
Ben Jackson - ELOGIK
Sent: Thursday, 23 November 2017 11:10 AM
To: Jason Hecker; MikroTik Australia Public List
Subject: Re: [MT-AU Public] 4G WAN failover question
Thanks for the pointers everyone. There seem to be a number of
factors at play here:
1) Most of the LTE USB modems you can purchase have some kind of
"router on a stick" built in which provides a firewalled, DHCP
assigned private IP on the LAN side in the normal ranges of
192.168.x.x or 10.x.x.x. In Huawei's case this is known as "HiLink mode".
2) In addition to this, depending on which provider they are bought
from, these modems / dongles are flashed with an ISP-specific firmware
which further locks down the device to stop certain features being
exposed to the device's web-interface. This makes it tricky to change
things such as the APN settings.
3) The above types of device (i've been mainly concerned with the
Huawei
E3372 since that's the one my router has support for) can apparently
be re-flashed with custom firmware which allows HiLink mode to be
switched off (see here:
http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-
lte-stick-from-hilink-to-stick-mode/)
this will apparently allow the "public" IP to be assigned directly to
the device connected to the USB port and avoids the pesky double NAT
situation.
4) The reason I say "public" in quotes above is because even if you
manage to pass this address through, quite often the address itself is
not a true public IP as it is behind carrier NAT and you are back to
square 1.
For those interested, here are the options I'm exploring:
1) Getting a sierra 320U unlocked from ebay which can be used in
"stick mode" without NAT or DHCP enabled and purchasing a SIM plan
from either M2MOne or URL networks which has a "true" public IP (with
all the public health and DDOS warnings this entails!)
2) Buying an LTE router such as:
Dovado Tiny
MikroTik SXT LTE
Netgear (I know!) LB1111
TP-Link MR6400
and then using the same sim card as above. From the research I've
done, these devices have a "passthrough" or bridge mode which will
present the LTE public IP directly to my main router, albeit via an
RJ45 / ethernet connection.
Ben
*BEN JACKSON*
Director
*M *0404 924745
*E* ben@elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/>
<http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) <
jason@upandrunningtech.com.au> wrote:
Oh I see, OK, sounds like you need something that will do a PPP
session which some 4G cards will let you do if you put them into
serial mode like the Telit LE910 (which I have tried) or the Sierra
modules.
If you end up with a static or dynamic public IP you can cname the
dynamic DNS Mikrotik provides in the router's ip->cloud settings and
set the timeout to 60, so you could get at it like
bighonchoclient1.elogik.net for example.
I kicked the idea around but never tried buying a cheap VPS with a
static IP and having the 4G based Mikrotik VPN into it, then on the
VPS port forward any ports to services behind the 4G device.
On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben@elogik.net>
wrote:
Hi Jason,
OK, I didn't phrase my question very well, what I need is a dongle
or
card
that doesn't provide an extra layer of NAT (as many do) and run an
internal
DHCP sever so that the routers cellular interface ends up with an
IP address like 192.168.x.x but instead passes the public IP
directly.
This
is
so I don't end up with a double NAT situation (kind of the
equivalent of bridge mode for a DSL modem) and I can access
resources (like security systems etc) behind the public IP by
configuring the main firewall /
router
accordingly.
Ben
*BEN JACKSON*
Director
*M *0404 924745
*E* ben@elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/>
<http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech)
< jason@upandrunningtech.com.au> wrote:
What if you had those routers phone home to a VPN server in your
office over 4G? They'd always be in easy reach on private subnet
on your LAN
and
you wouldn't need to worry about public or static IPs for your 4G
widget.
I noticed Duxtel configured devices I have bought have a PPTP
client set up so if you activate it then Duxtel can peer into the
device and assist
with
any issues.
On 22 November 2017 at 13:46, Ben Jackson - ELOGIK
<ben@elogik.net>
wrote:
Does anyone have any advice on a) a decent 4g service that
provides a publicly accessible IP address that ports can be
forwarded through as
well
as how to get hold of an unlocked USB dongle which will support
the
SIM
/
service?
Or even a provider that provides this on one of their business
plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64
security
appliance and calling the usual suspects (Optus, telstra) is
giving
me a
headache.
Any advice on what others have done in this scenario would be
most appreciated.
Best regards,
Ben Jackson
eLogik
(Sent from my mobile device)
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik
rotik.com.au
--
<https://www.upandrunningtech.com.au>
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.
mikrotik.com.au
--
<https://www.upandrunningtech.com.au>
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
au
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
au
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
au
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
------------------------------
Message: 2
Date: Thu, 23 Nov 2017 17:48:19 +1100
From: Paul Julian <paul@oxygennetworks.com.au>
To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au>
Subject: Re: [MT-AU Public] 4G WAN failover question
Message-ID:
<f278f2ea-be1f-4edb-b9c2-8a63078f68ad@oxygennetworks.com.au>
Content-Type: text/plain; charset="us-ascii"
Yep, should be able to get them for around $40-$50
Regards
Paul
-----Original Message-----
From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben Jackson - ELOGIK
Sent: Thursday, 23 November 2017 5:45 PM
To: MikroTik Australia Public List
Subject: Re: [MT-AU Public] 4G WAN failover question
Paul - where do you get your 320U's from? Ebay?
*BEN JACKSON*
Director
*M *0404 924745
*E* ben@elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Thu, Nov 23, 2017 at 5:42 PM, Paul Julian <paul@oxygennetworks.com.au>
wrote:
No problem, good luck.
Regards
Paul
-----Original Message-----
From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of
Ben Jackson - ELOGIK
Sent: Thursday, 23 November 2017 5:38 PM
To: MikroTik Australia Public List
Subject: Re: [MT-AU Public] 4G WAN failover question
Great info Paul - thanks for this. I think with all this in mind I'll
be able to tailor a solution
Thanks again for everyone's input.
*BEN JACKSON*
Director
*M *0404 924745
*E* ben@elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/>
<http://www.elogik.com.au>
On Thu, Nov 23, 2017 at 1:53 PM, Paul Julian
<paul@oxygennetworks.com.au>
wrote:
Hi Ben,
We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP
devices, the Mikrotik creates an LTE interface once the modem is
inserted into the USB port, you set the APN within the LTE interface.
Once that's connected you then configure a DHCP client on the
Mikrotik on the LTE interface and you get a public IP.
Some caveats:
- You do need to change the mode of the modem, this can be done with
the Netgear utility easily, they are a netgear unit basically.
- You need to use a 4G SIM from Telstra, prepaid or postpaid should
work, however if you want the APN with the public IP you need
postpaid and need to request that the SIM be setup with the
telstra.extranet APN
Apart from that it's pretty easy.
We occasionally have the modem drop, we have a script on the
Mikrotik which checks connectivity and if it drops it does a USB
power cycle which brings it back up most of the time.
It's really not hard, and it works well.
If you want to go with Optus but without a public IP you can get the
$19 dongle from Office Works, it works in the Mikrotik without any
real changes, but no public IP, fine if you can VPN out to something
to use to get back in.
Regards
Paul
-----Original Message-----
From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf
Of Ben Jackson - ELOGIK
Sent: Thursday, 23 November 2017 11:10 AM
To: Jason Hecker; MikroTik Australia Public List
Subject: Re: [MT-AU Public] 4G WAN failover question
Thanks for the pointers everyone. There seem to be a number of
factors at play here:
1) Most of the LTE USB modems you can purchase have some kind of
"router on a stick" built in which provides a firewalled, DHCP
assigned private IP on the LAN side in the normal ranges of
192.168.x.x or 10.x.x.x. In Huawei's case this is known as "HiLink mode".
2) In addition to this, depending on which provider they are bought
from, these modems / dongles are flashed with an ISP-specific
firmware which further locks down the device to stop certain
features being exposed to the device's web-interface. This makes it
tricky to change things such as the APN settings.
3) The above types of device (i've been mainly concerned with the
Huawei
E3372 since that's the one my router has support for) can apparently
be re-flashed with custom firmware which allows HiLink mode to be
switched off (see here:
http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-
lte-stick-from-hilink-to-stick-mode/)
this will apparently allow the "public" IP to be assigned directly
to the device connected to the USB port and avoids the pesky double
NAT
situation.
4) The reason I say "public" in quotes above is because even if you
manage to pass this address through, quite often the address itself
is not a true public IP as it is behind carrier NAT and you are back
to
square 1.
For those interested, here are the options I'm exploring:
1) Getting a sierra 320U unlocked from ebay which can be used in
"stick mode" without NAT or DHCP enabled and purchasing a SIM plan
from either M2MOne or URL networks which has a "true" public IP
(with all the public health and DDOS warnings this entails!)
2) Buying an LTE router such as:
Dovado Tiny
MikroTik SXT LTE
Netgear (I know!) LB1111
TP-Link MR6400
and then using the same sim card as above. From the research I've
done, these devices have a "passthrough" or bridge mode which will
present the LTE public IP directly to my main router, albeit via an
RJ45 / ethernet connection.
Ben
*BEN JACKSON*
Director
*M *0404 924745
*E* ben@elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/>
<http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) <
jason@upandrunningtech.com.au> wrote:
Oh I see, OK, sounds like you need something that will do a PPP
session which some 4G cards will let you do if you put them into
serial mode like the Telit LE910 (which I have tried) or the
Sierra
modules.
If you end up with a static or dynamic public IP you can cname the
dynamic DNS Mikrotik provides in the router's ip->cloud settings
and set the timeout to 60, so you could get at it like
bighonchoclient1.elogik.net for example.
I kicked the idea around but never tried buying a cheap VPS with a
static IP and having the 4G based Mikrotik VPN into it, then on
the VPS port forward any ports to services behind the 4G device.
On 22 November 2017 at 15:59, Ben Jackson - ELOGIK
<ben@elogik.net>
wrote:
Hi Jason,
OK, I didn't phrase my question very well, what I need is a
dongle or
card
that doesn't provide an extra layer of NAT (as many do) and run
an
internal
DHCP sever so that the routers cellular interface ends up with
an IP address like 192.168.x.x but instead passes the public IP
directly.
This
is
so I don't end up with a double NAT situation (kind of the
equivalent of bridge mode for a DSL modem) and I can access
resources (like security systems etc) behind the public IP by
configuring the main firewall /
router
accordingly.
Ben
*BEN JACKSON*
Director
*M *0404 924745
*E* ben@elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/>
<http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running
Tech) < jason@upandrunningtech.com.au> wrote:
What if you had those routers phone home to a VPN server in
your office over 4G? They'd always be in easy reach on private
subnet on your LAN
and
you wouldn't need to worry about public or static IPs for your
4G
widget.
I noticed Duxtel configured devices I have bought have a PPTP
client set up so if you activate it then Duxtel can peer into
the device and assist
with
any issues.
On 22 November 2017 at 13:46, Ben Jackson - ELOGIK
<ben@elogik.net>
wrote:
Does anyone have any advice on a) a decent 4g service that
provides a publicly accessible IP address that ports can be
forwarded through as
well
as how to get hold of an unlocked USB dongle which will
support the
SIM
/
service?
Or even a provider that provides this on one of their
business
plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki
mx64
security
appliance and calling the usual suspects (Optus, telstra) is
giving
me a
headache.
Any advice on what others have done in this scenario would be
most appreciated.
Best regards,
Ben Jackson
eLogik
(Sent from my mobile device)
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik
rotik.com.au
--
<https://www.upandrunningtech.com.au>
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.
mikrotik.com.au
--
<https://www.upandrunningtech.com.au>
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
au
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
au
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
au
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
au
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
au
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
------------------------------
Message: 3
Date: Thu, 23 Nov 2017 15:34:00 +0800
From: Jeremy Hall <jeremy@jeremyhall.com.au>
To: public@talk.mikrotik.com.au
Subject: Re: [MT-AU Public] 4G WAN failover question
Message-ID:
<CAC2o=79EoV30+kd+QotGW_gd082Pr0MytqZe=WwA7btNcUi=gA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
I have had pretty good luck using a mikrotik router with a miniPCIe
interface (eg. RB911) and a 3G/4G card such as the ones Sierra Wireless
make. There is a list of compatible cards in the mikrotik wiki somewhere.
It would be a neat solution, no messy USB dongles flapping around. Duxtel
have all the kit of course.
I also highly recommend using m2mone. They can set you up with whatever you
need and it's painless and very cost effective.
On 23 Nov. 2017 2:42 pm, <public-request@talk.mikrotik.com.au> wrote:
Send Public mailing list submissions to
public@talk.mikrotik.com.au
To subscribe or unsubscribe via the World Wide Web, visit
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik
rotik.com.au
or, via email, send a message with subject or body 'help' to
public-request@talk.mikrotik.com.au
You can reach the person managing the list at
public-owner@talk.mikrotik.com.au
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Public digest..."
Today's Topics:
1. Re: 4G WAN failover question (Paul Julian)
2. Re: 4G WAN failover question (Ben Jackson - ELOGIK)
3. Re: 4G WAN failover question (Paul Julian)
---------- Forwarded message ----------
From: Paul Julian <paul@oxygennetworks.com.au>
To: "'MikroTik Australia Public List'" <public@talk.mikrotik.com.au>
Cc:
Bcc:
Date: Thu, 23 Nov 2017 13:53:31 +1100
Subject: Re: [MT-AU Public] 4G WAN failover question
Hi Ben,
We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP devices,
the Mikrotik creates an LTE interface once the modem is inserted into the
USB port, you set the APN within the LTE interface.
Once that's connected you then configure a DHCP client on the Mikrotik on
the LTE interface and you get a public IP.
Some caveats:
- You do need to change the mode of the modem, this can be done with the
Netgear utility easily, they are a netgear unit basically.
- You need to use a 4G SIM from Telstra, prepaid or postpaid should work,
however if you want the APN with the public IP you need postpaid and need
to request that the SIM be setup with the telstra.extranet APN
Apart from that it's pretty easy.
We occasionally have the modem drop, we have a script on the Mikrotik which
checks connectivity and if it drops it does a USB power cycle which brings
it back up most of the time.
It's really not hard, and it works well.
If you want to go with Optus but without a public IP you can get the $19
dongle from Office Works, it works in the Mikrotik without any real
changes, but no public IP, fine if you can VPN out to something to use to
get back in.
Regards
Paul
-----Original Message-----
From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben
Jackson - ELOGIK
Sent: Thursday, 23 November 2017 11:10 AM
To: Jason Hecker; MikroTik Australia Public List
Subject: Re: [MT-AU Public] 4G WAN failover question
Thanks for the pointers everyone. There seem to be a number of factors at
play here:
1) Most of the LTE USB modems you can purchase have some kind of "router on
a stick" built in which provides a firewalled, DHCP assigned private IP on
the LAN side in the normal ranges of 192.168.x.x or 10.x.x.x. In Huawei's
case this is known as "HiLink mode".
2) In addition to this, depending on which provider they are bought from,
these modems / dongles are flashed with an ISP-specific firmware which
further locks down the device to stop certain features being exposed to
the device's web-interface. This makes it tricky to change things such as
the APN settings.
3) The above types of device (i've been mainly concerned with the Huawei
E3372 since that's the one my router has support for) can apparently be
re-flashed with custom firmware which allows HiLink mode to be switched off
(see here:
http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-lte-
stick-from-hilink-to-stick-mode/)
this will apparently allow the "public" IP to be assigned directly to the
device connected to the USB port and avoids the pesky double NAT situation.
4) The reason I say "public" in quotes above is because even if you manage
to pass this address through, quite often the address itself is not a true
public IP as it is behind carrier NAT and you are back to square 1.
For those interested, here are the options I'm exploring:
1) Getting a sierra 320U unlocked from ebay which can be used in "stick
mode" without NAT or DHCP enabled and purchasing a SIM plan from either
M2MOne or URL networks which has a "true" public IP (with all the public
health and DDOS warnings this entails!)
2) Buying an LTE router such as:
Dovado Tiny
MikroTik SXT LTE
Netgear (I know!) LB1111
TP-Link MR6400
and then using the same sim card as above. From the research I've done,
these devices have a "passthrough" or bridge mode which will present the
LTE public IP directly to my main router, albeit via an RJ45 / ethernet
connection.
Ben
*BEN JACKSON*
Director
*M *0404 924745
*E* ben@elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) <
jason@upandrunningtech.com.au> wrote:
Oh I see, OK, sounds like you need something that will do a PPP
session which some 4G cards will let you do if you put them into
serial mode like the Telit LE910 (which I have tried) or the Sierra
modules.
If you end up with a static or dynamic public IP you can cname the
dynamic DNS Mikrotik provides in the router's ip->cloud settings and
set the timeout to 60, so you could get at it like
bighonchoclient1.elogik.net for example.
I kicked the idea around but never tried buying a cheap VPS with a
static IP and having the 4G based Mikrotik VPN into it, then on the
VPS port forward any ports to services behind the 4G device.
On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Hi Jason,
OK, I didn't phrase my question very well, what I need is a dongle
or
card
that doesn't provide an extra layer of NAT (as many do) and run an
internal
DHCP sever so that the routers cellular interface ends up with an IP
address like 192.168.x.x but instead passes the public IP directly.
This
is
so I don't end up with a double NAT situation (kind of the
equivalent of bridge mode for a DSL modem) and I can access
resources (like security systems etc) behind the public IP by
configuring the main firewall /
router
accordingly.
Ben
*BEN JACKSON*
Director
*M *0404 924745
*E* ben@elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/>
<http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech) <
jason@upandrunningtech.com.au> wrote:
What if you had those routers phone home to a VPN server in your
office over 4G? They'd always be in easy reach on private subnet
on your LAN
and
you wouldn't need to worry about public or static IPs for your 4G
widget.
I noticed Duxtel configured devices I have bought have a PPTP
client set up so if you activate it then Duxtel can peer into the
device and assist
with
any issues.
On 22 November 2017 at 13:46, Ben Jackson - ELOGIK <ben@elogik.net>
wrote:
Does anyone have any advice on a) a decent 4g service that
provides a publicly accessible IP address that ports can be
forwarded through as
well
as how to get hold of an unlocked USB dongle which will support
the
SIM
/
service?
Or even a provider that provides this on one of their business plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64
security
appliance and calling the usual suspects (Optus, telstra) is
giving
me a
headache.
Any advice on what others have done in this scenario would be
most appreciated.
Best regards,
Ben Jackson
eLogik
(Sent from my mobile device)
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik
rotik.com.au
--
<https://www.upandrunningtech.com.au>
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.
mikrotik.com.au
--
<https://www.upandrunningtech.com.au>
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
au
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
---------- Forwarded message ----------
From: Ben Jackson - ELOGIK <ben@elogik.net>
To: MikroTik Australia Public List <public@talk.mikrotik.com.au>
Cc:
Bcc:
Date: Thu, 23 Nov 2017 17:38:16 +1100
Subject: Re: [MT-AU Public] 4G WAN failover question
Great info Paul - thanks for this. I think with all this in mind I'll be
able to tailor a solution
Thanks again for everyone's input.
*BEN JACKSON*
Director
*M *0404 924745
*E* ben@elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/>
<http://www.elogik.com.au>
On Thu, Nov 23, 2017 at 1:53 PM, Paul Julian <paul@oxygennetworks.com.au>
wrote:
Hi Ben,
We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP
devices, the Mikrotik creates an LTE interface once the modem is inserted
into the USB port, you set the APN within the LTE interface.
Once that's connected you then configure a DHCP client on the Mikrotik on
the LTE interface and you get a public IP.
Some caveats:
- You do need to change the mode of the modem, this can be done with the
Netgear utility easily, they are a netgear unit basically.
- You need to use a 4G SIM from Telstra, prepaid or postpaid should work,
however if you want the APN with the public IP you need postpaid and need
to request that the SIM be setup with the telstra.extranet APN
Apart from that it's pretty easy.
We occasionally have the modem drop, we have a script on the Mikrotik
which checks connectivity and if it drops it does a USB power cycle which
brings it back up most of the time.
It's really not hard, and it works well.
If you want to go with Optus but without a public IP you can get the $19
dongle from Office Works, it works in the Mikrotik without any real
changes, but no public IP, fine if you can VPN out to something to use to
get back in.
Regards
Paul
-----Original Message-----
From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of
Ben Jackson - ELOGIK
Sent: Thursday, 23 November 2017 11:10 AM
To: Jason Hecker; MikroTik Australia Public List
Subject: Re: [MT-AU Public] 4G WAN failover question
Thanks for the pointers everyone. There seem to be a number of factors at
play here:
1) Most of the LTE USB modems you can purchase have some kind of "router
on a stick" built in which provides a firewalled, DHCP assigned private IP
on the LAN side in the normal ranges of 192.168.x.x or 10.x.x.x. In
Huawei's case this is known as "HiLink mode".
2) In addition to this, depending on which provider they are bought from,
these modems / dongles are flashed with an ISP-specific firmware which
further locks down the device to stop certain features being exposed to
the device's web-interface. This makes it tricky to change things such as
the APN settings.
3) The above types of device (i've been mainly concerned with the Huawei
E3372 since that's the one my router has support for) can apparently be
re-flashed with custom firmware which allows HiLink mode to be switched
off
(see here:
http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-
lte-stick-from-hilink-to-stick-mode/)
this will apparently allow the "public" IP to be assigned directly to the
device connected to the USB port and avoids the pesky double NAT
situation.
4) The reason I say "public" in quotes above is because even if you manage
to pass this address through, quite often the address itself is not a true
public IP as it is behind carrier NAT and you are back to square 1.
For those interested, here are the options I'm exploring:
1) Getting a sierra 320U unlocked from ebay which can be used in "stick
mode" without NAT or DHCP enabled and purchasing a SIM plan from either
M2MOne or URL networks which has a "true" public IP (with all the public
health and DDOS warnings this entails!)
2) Buying an LTE router such as:
Dovado Tiny
MikroTik SXT LTE
Netgear (I know!) LB1111
TP-Link MR6400
and then using the same sim card as above. From the research I've done,
these devices have a "passthrough" or bridge mode which will present the
LTE public IP directly to my main router, albeit via an RJ45 / ethernet
connection.
Ben
*BEN JACKSON*
Director
*M *0404 924745
*E* ben@elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) <
jason@upandrunningtech.com.au> wrote:
Oh I see, OK, sounds like you need something that will do a PPP
session which some 4G cards will let you do if you put them into
serial mode like the Telit LE910 (which I have tried) or the Sierra
modules.
If you end up with a static or dynamic public IP you can cname the
dynamic DNS Mikrotik provides in the router's ip->cloud settings and
set the timeout to 60, so you could get at it like
bighonchoclient1.elogik.net for example.
I kicked the idea around but never tried buying a cheap VPS with a
static IP and having the 4G based Mikrotik VPN into it, then on the
VPS port forward any ports to services behind the 4G device.
On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben@elogik.net>
wrote:
Hi Jason,
OK, I didn't phrase my question very well, what I need is a dongle
or
card
that doesn't provide an extra layer of NAT (as many do) and run an
internal
DHCP sever so that the routers cellular interface ends up with an IP
address like 192.168.x.x but instead passes the public IP directly.
This
is
so I don't end up with a double NAT situation (kind of the
equivalent of bridge mode for a DSL modem) and I can access
resources (like security systems etc) behind the public IP by
configuring the main firewall /
router
accordingly.
Ben
*BEN JACKSON*
Director
*M *0404 924745
*E* ben@elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/>
<http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech) <
jason@upandrunningtech.com.au> wrote:
What if you had those routers phone home to a VPN server in your
office over 4G? They'd always be in easy reach on private subnet
on your LAN
and
you wouldn't need to worry about public or static IPs for your 4G
widget.
I noticed Duxtel configured devices I have bought have a PPTP
client set up so if you activate it then Duxtel can peer into the
device and assist
with
any issues.
On 22 November 2017 at 13:46, Ben Jackson - ELOGIK <ben@elogik.net>
wrote:
Does anyone have any advice on a) a decent 4g service that
provides a publicly accessible IP address that ports can be
forwarded through as
well
as how to get hold of an unlocked USB dongle which will support
the
SIM
/
service?
Or even a provider that provides this on one of their business
plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64
security
appliance and calling the usual suspects (Optus, telstra) is
giving
me a
headache.
Any advice on what others have done in this scenario would be
most appreciated.
Best regards,
Ben Jackson
eLogik
(Sent from my mobile device)
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik
rotik.com.au
--
<https://www.upandrunningtech.com.au>
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.
mikrotik.com.au
--
<https://www.upandrunningtech.com.au>
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
au
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
---------- Forwarded message ----------
From: Paul Julian <paul@oxygennetworks.com.au>
To: "'MikroTik Australia Public List'" <public@talk.mikrotik.com.au>
Cc:
Bcc:
Date: Thu, 23 Nov 2017 17:42:31 +1100
Subject: Re: [MT-AU Public] 4G WAN failover question
No problem, good luck.
Regards
Paul
-----Original Message-----
From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben
Jackson - ELOGIK
Sent: Thursday, 23 November 2017 5:38 PM
To: MikroTik Australia Public List
Subject: Re: [MT-AU Public] 4G WAN failover question
Great info Paul - thanks for this. I think with all this in mind I'll be
able to tailor a solution
Thanks again for everyone's input.
*BEN JACKSON*
Director
*M *0404 924745
*E* ben@elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Thu, Nov 23, 2017 at 1:53 PM, Paul Julian <paul@oxygennetworks.com.au>
wrote:
Hi Ben,
We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP
devices, the Mikrotik creates an LTE interface once the modem is
inserted into the USB port, you set the APN within the LTE interface.
Once that's connected you then configure a DHCP client on the Mikrotik
on the LTE interface and you get a public IP.
Some caveats:
- You do need to change the mode of the modem, this can be done with
the Netgear utility easily, they are a netgear unit basically.
- You need to use a 4G SIM from Telstra, prepaid or postpaid should
work, however if you want the APN with the public IP you need postpaid
and need to request that the SIM be setup with the telstra.extranet
APN
Apart from that it's pretty easy.
We occasionally have the modem drop, we have a script on the Mikrotik
which checks connectivity and if it drops it does a USB power cycle
which brings it back up most of the time.
It's really not hard, and it works well.
If you want to go with Optus but without a public IP you can get the
$19 dongle from Office Works, it works in the Mikrotik without any
real changes, but no public IP, fine if you can VPN out to something
to use to get back in.
Regards
Paul
-----Original Message-----
From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of
Ben Jackson - ELOGIK
Sent: Thursday, 23 November 2017 11:10 AM
To: Jason Hecker; MikroTik Australia Public List
Subject: Re: [MT-AU Public] 4G WAN failover question
Thanks for the pointers everyone. There seem to be a number of
factors at play here:
1) Most of the LTE USB modems you can purchase have some kind of
"router on a stick" built in which provides a firewalled, DHCP
assigned private IP on the LAN side in the normal ranges of
192.168.x.x or 10.x.x.x. In Huawei's case this is known as "HiLink mode".
2) In addition to this, depending on which provider they are bought
from, these modems / dongles are flashed with an ISP-specific firmware
which further locks down the device to stop certain features being
exposed to the device's web-interface. This makes it tricky to change
things such as the APN settings.
3) The above types of device (i've been mainly concerned with the
Huawei
E3372 since that's the one my router has support for) can apparently
be re-flashed with custom firmware which allows HiLink mode to be
switched off (see here:
http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-
lte-stick-from-hilink-to-stick-mode/)
this will apparently allow the "public" IP to be assigned directly to
the device connected to the USB port and avoids the pesky double NAT
situation.
4) The reason I say "public" in quotes above is because even if you
manage to pass this address through, quite often the address itself is
not a true public IP as it is behind carrier NAT and you are back to
square 1.
For those interested, here are the options I'm exploring:
1) Getting a sierra 320U unlocked from ebay which can be used in
"stick mode" without NAT or DHCP enabled and purchasing a SIM plan
from either M2MOne or URL networks which has a "true" public IP (with
all the public health and DDOS warnings this entails!)
2) Buying an LTE router such as:
Dovado Tiny
MikroTik SXT LTE
Netgear (I know!) LB1111
TP-Link MR6400
and then using the same sim card as above. From the research I've
done, these devices have a "passthrough" or bridge mode which will
present the LTE public IP directly to my main router, albeit via an
RJ45 / ethernet connection.
Ben
*BEN JACKSON*
Director
*M *0404 924745
*E* ben@elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/>
<http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) <
jason@upandrunningtech.com.au> wrote:
Oh I see, OK, sounds like you need something that will do a PPP
session which some 4G cards will let you do if you put them into
serial mode like the Telit LE910 (which I have tried) or the Sierra
modules.
If you end up with a static or dynamic public IP you can cname the
dynamic DNS Mikrotik provides in the router's ip->cloud settings and
set the timeout to 60, so you could get at it like
bighonchoclient1.elogik.net for example.
I kicked the idea around but never tried buying a cheap VPS with a
static IP and having the 4G based Mikrotik VPN into it, then on the
VPS port forward any ports to services behind the 4G device.
On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben@elogik.net>
wrote:
Hi Jason,
OK, I didn't phrase my question very well, what I need is a dongle
or
card
that doesn't provide an extra layer of NAT (as many do) and run an
internal
DHCP sever so that the routers cellular interface ends up with an
IP address like 192.168.x.x but instead passes the public IP directly.
This
is
so I don't end up with a double NAT situation (kind of the
equivalent of bridge mode for a DSL modem) and I can access
resources (like security systems etc) behind the public IP by
configuring the main firewall /
router
accordingly.
Ben
*BEN JACKSON*
Director
*M *0404 924745
*E* ben@elogik.com.au
*W* elogik.com.au <http://www.elogik.com.au/>
<http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech)
< jason@upandrunningtech.com.au> wrote:
What if you had those routers phone home to a VPN server in your
office over 4G? They'd always be in easy reach on private subnet
on your LAN
and
you wouldn't need to worry about public or static IPs for your 4G
widget.
I noticed Duxtel configured devices I have bought have a PPTP
client set up so if you activate it then Duxtel can peer into the
device and assist
with
any issues.
On 22 November 2017 at 13:46, Ben Jackson - ELOGIK
<ben@elogik.net>
wrote:
Does anyone have any advice on a) a decent 4g service that
provides a publicly accessible IP address that ports can be
forwarded through as
well
as how to get hold of an unlocked USB dongle which will support
the
SIM
/
service?
Or even a provider that provides this on one of their business
plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64
security
appliance and calling the usual suspects (Optus, telstra) is
giving
me a
headache.
Any advice on what others have done in this scenario would be
most appreciated.
Best regards,
Ben Jackson
eLogik
(Sent from my mobile device)
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik
rotik.com.au
--
<https://www.upandrunningtech.com.au>
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.
mikrotik.com.au
--
<https://www.upandrunningtech.com.au>
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
au
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
au
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
au
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
------------------------------
Subject: Digest Footer
_______________________________________________
Public mailing list
Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
------------------------------
End of Public Digest, Vol 45, Issue 6
*************************************