4G WAN failover question
Does anyone have any advice on a) a decent 4g service that provides a publicly accessible IP address that ports can be forwarded through as well as how to get hold of an unlocked USB dongle which will support the SIM / service? Or even a provider that provides this on one of their business plans? If it can be a prepaid plan even better. I'm looking to use said device as 4G failover on a meraki mx64 security appliance and calling the usual suspects (Optus, telstra) is giving me a headache. Any advice on what others have done in this scenario would be most appreciated. Best regards, Ben Jackson eLogik (Sent from my mobile device)
You can get public ip on Telstra 4g but not static so port forwarding will be tricky. We use Telstra 4G with sierra wireless USB dongles in hAp devices and the setup works very well for our out of band network access Regards Paul
On 22 Nov 2017, at 1:49 pm, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Does anyone have any advice on a) a decent 4g service that provides a publicly accessible IP address that ports can be forwarded through as well as how to get hold of an unlocked USB dongle which will support the SIM / service?
Or even a provider that provides this on one of their business plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64 security appliance and calling the usual suspects (Optus, telstra) is giving me a headache.
Any advice on what others have done in this scenario would be most appreciated.
Best regards,
Ben Jackson eLogik
(Sent from my mobile device) _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
M2MOne can help. They can do static internal, public, vpn access etc. They use the Telstra network. Regards Russell -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 22 November 2017 11:12 To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] 4G WAN failover question You can get public ip on Telstra 4g but not static so port forwarding will be tricky. We use Telstra 4G with sierra wireless USB dongles in hAp devices and the setup works very well for our out of band network access Regards Paul
On 22 Nov 2017, at 1:49 pm, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Does anyone have any advice on a) a decent 4g service that provides a publicly accessible IP address that ports can be forwarded through as well as how to get hold of an unlocked USB dongle which will support the SIM / service?
Or even a provider that provides this on one of their business plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64 security appliance and calling the usual suspects (Optus, telstra) is giving me a headache.
Any advice on what others have done in this scenario would be most appreciated.
Best regards,
Ben Jackson eLogik
(Sent from my mobile device) _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Cheers Russell - I'm talking to them right now *BEN JACKSON* Director *M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au> On Wed, Nov 22, 2017 at 2:14 PM, Russell Hurren < russell@zeropointnetworks.com> wrote:
M2MOne can help. They can do static internal, public, vpn access etc. They use the Telstra network.
Regards
Russell
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 22 November 2017 11:12 To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] 4G WAN failover question
You can get public ip on Telstra 4g but not static so port forwarding will be tricky.
We use Telstra 4G with sierra wireless USB dongles in hAp devices and the setup works very well for our out of band network access
Regards Paul
On 22 Nov 2017, at 1:49 pm, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Does anyone have any advice on a) a decent 4g service that provides a publicly accessible IP address that ports can be forwarded through as well as how to get hold of an unlocked USB dongle which will support the SIM / service?
Or even a provider that provides this on one of their business plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64 security appliance and calling the usual suspects (Optus, telstra) is giving me a headache.
Any advice on what others have done in this scenario would be most appreciated.
Best regards,
Ben Jackson eLogik
(Sent from my mobile device) _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hi Paul, Dynamic or static is no issue - I can always set up a vpn or DDNS service to cope with those vagaries. Its more about getting a public IP address directly on the USB interface. I suppose maybe another way of doing it is buying something like a TPLink MR6400 and setting up a failover ethernet link (still backed by an LTE service) instead of via USB? *BEN JACKSON* Director *M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au> On Wed, Nov 22, 2017 at 2:11 PM, Paul Julian <paul@oxygennetworks.com.au> wrote:
You can get public ip on Telstra 4g but not static so port forwarding will be tricky.
We use Telstra 4G with sierra wireless USB dongles in hAp devices and the setup works very well for our out of band network access
Regards Paul
On 22 Nov 2017, at 1:49 pm, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Does anyone have any advice on a) a decent 4g service that provides a publicly accessible IP address that ports can be forwarded through as well as how to get hold of an unlocked USB dongle which will support the SIM / service?
Or even a provider that provides this on one of their business plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64 security appliance and calling the usual suspects (Optus, telstra) is giving me a headache.
Any advice on what others have done in this scenario would be most appreciated.
Best regards,
Ben Jackson eLogik
(Sent from my mobile device) _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
You would get a public ip on the interface yes Regards Paul
On 22 Nov 2017, at 4:31 pm, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Hi Paul,
Dynamic or static is no issue - I can always set up a vpn or DDNS service to cope with those vagaries.
Its more about getting a public IP address directly on the USB interface.
I suppose maybe another way of doing it is buying something like a TPLink MR6400 and setting up a failover ethernet link (still backed by an LTE service) instead of via USB?
*BEN JACKSON* Director
*M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 2:11 PM, Paul Julian <paul@oxygennetworks.com.au> wrote:
You can get public ip on Telstra 4g but not static so port forwarding will be tricky.
We use Telstra 4G with sierra wireless USB dongles in hAp devices and the setup works very well for our out of band network access
Regards Paul
On 22 Nov 2017, at 1:49 pm, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Does anyone have any advice on a) a decent 4g service that provides a publicly accessible IP address that ports can be forwarded through as well as how to get hold of an unlocked USB dongle which will support the SIM / service?
Or even a provider that provides this on one of their business plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64 security appliance and calling the usual suspects (Optus, telstra) is giving me a headache.
Any advice on what others have done in this scenario would be most appreciated.
Best regards,
Ben Jackson eLogik
(Sent from my mobile device) _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
What if you had those routers phone home to a VPN server in your office over 4G? They'd always be in easy reach on private subnet on your LAN and you wouldn't need to worry about public or static IPs for your 4G widget. I noticed Duxtel configured devices I have bought have a PPTP client set up so if you activate it then Duxtel can peer into the device and assist with any issues. On 22 November 2017 at 13:46, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Does anyone have any advice on a) a decent 4g service that provides a publicly accessible IP address that ports can be forwarded through as well as how to get hold of an unlocked USB dongle which will support the SIM / service?
Or even a provider that provides this on one of their business plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64 security appliance and calling the usual suspects (Optus, telstra) is giving me a headache.
Any advice on what others have done in this scenario would be most appreciated.
Best regards,
Ben Jackson eLogik
(Sent from my mobile device) _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hi Jason, OK, I didn't phrase my question very well, what I need is a dongle or card that doesn't provide an extra layer of NAT (as many do) and run an internal DHCP sever so that the routers cellular interface ends up with an IP address like 192.168.x.x but instead passes the public IP directly. This is so I don't end up with a double NAT situation (kind of the equivalent of bridge mode for a DSL modem) and I can access resources (like security systems etc) behind the public IP by configuring the main firewall / router accordingly. Ben *BEN JACKSON* Director *M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au> On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
What if you had those routers phone home to a VPN server in your office over 4G? They'd always be in easy reach on private subnet on your LAN and you wouldn't need to worry about public or static IPs for your 4G widget.
I noticed Duxtel configured devices I have bought have a PPTP client set up so if you activate it then Duxtel can peer into the device and assist with any issues.
On 22 November 2017 at 13:46, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Does anyone have any advice on a) a decent 4g service that provides a publicly accessible IP address that ports can be forwarded through as well as how to get hold of an unlocked USB dongle which will support the SIM / service?
Or even a provider that provides this on one of their business plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64 security appliance and calling the usual suspects (Optus, telstra) is giving me a headache.
Any advice on what others have done in this scenario would be most appreciated.
Best regards,
Ben Jackson eLogik
(Sent from my mobile device) _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Oh I see, OK, sounds like you need something that will do a PPP session which some 4G cards will let you do if you put them into serial mode like the Telit LE910 (which I have tried) or the Sierra modules. If you end up with a static or dynamic public IP you can cname the dynamic DNS Mikrotik provides in the router's ip->cloud settings and set the timeout to 60, so you could get at it like bighonchoclient1.elogik.net for example. I kicked the idea around but never tried buying a cheap VPS with a static IP and having the 4G based Mikrotik VPN into it, then on the VPS port forward any ports to services behind the 4G device. On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Hi Jason,
OK, I didn't phrase my question very well, what I need is a dongle or card that doesn't provide an extra layer of NAT (as many do) and run an internal DHCP sever so that the routers cellular interface ends up with an IP address like 192.168.x.x but instead passes the public IP directly. This is so I don't end up with a double NAT situation (kind of the equivalent of bridge mode for a DSL modem) and I can access resources (like security systems etc) behind the public IP by configuring the main firewall / router accordingly.
Ben
*BEN JACKSON* Director
*M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
What if you had those routers phone home to a VPN server in your office over 4G? They'd always be in easy reach on private subnet on your LAN and you wouldn't need to worry about public or static IPs for your 4G widget.
I noticed Duxtel configured devices I have bought have a PPTP client set up so if you activate it then Duxtel can peer into the device and assist with any issues.
On 22 November 2017 at 13:46, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Does anyone have any advice on a) a decent 4g service that provides a publicly accessible IP address that ports can be forwarded through as well as how to get hold of an unlocked USB dongle which will support the SIM / service?
Or even a provider that provides this on one of their business plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64 security appliance and calling the usual suspects (Optus, telstra) is giving me a headache.
Any advice on what others have done in this scenario would be most appreciated.
Best regards,
Ben Jackson eLogik
(Sent from my mobile device) _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik rotik.com.au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Thanks for the pointers everyone. There seem to be a number of factors at play here: 1) Most of the LTE USB modems you can purchase have some kind of "router on a stick" built in which provides a firewalled, DHCP assigned private IP on the LAN side in the normal ranges of 192.168.x.x or 10.x.x.x. In Huawei's case this is known as "HiLink mode". 2) In addition to this, depending on which provider they are bought from, these modems / dongles are flashed with an ISP-specific firmware which further locks down the device to stop certain features being exposed to the device's web-interface. This makes it tricky to change things such as the APN settings. 3) The above types of device (i've been mainly concerned with the Huawei E3372 since that's the one my router has support for) can apparently be re-flashed with custom firmware which allows HiLink mode to be switched off (see here: http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-lte-stick-from-hilin...) this will apparently allow the "public" IP to be assigned directly to the device connected to the USB port and avoids the pesky double NAT situation. 4) The reason I say "public" in quotes above is because even if you manage to pass this address through, quite often the address itself is not a true public IP as it is behind carrier NAT and you are back to square 1. For those interested, here are the options I'm exploring: 1) Getting a sierra 320U unlocked from ebay which can be used in "stick mode" without NAT or DHCP enabled and purchasing a SIM plan from either M2MOne or URL networks which has a "true" public IP (with all the public health and DDOS warnings this entails!) 2) Buying an LTE router such as: Dovado Tiny MikroTik SXT LTE Netgear (I know!) LB1111 TP-Link MR6400 and then using the same sim card as above. From the research I've done, these devices have a "passthrough" or bridge mode which will present the LTE public IP directly to my main router, albeit via an RJ45 / ethernet connection. Ben *BEN JACKSON* Director *M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au> On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
Oh I see, OK, sounds like you need something that will do a PPP session which some 4G cards will let you do if you put them into serial mode like the Telit LE910 (which I have tried) or the Sierra modules.
If you end up with a static or dynamic public IP you can cname the dynamic DNS Mikrotik provides in the router's ip->cloud settings and set the timeout to 60, so you could get at it like bighonchoclient1.elogik.net for example.
I kicked the idea around but never tried buying a cheap VPS with a static IP and having the 4G based Mikrotik VPN into it, then on the VPS port forward any ports to services behind the 4G device.
On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Hi Jason,
OK, I didn't phrase my question very well, what I need is a dongle or card that doesn't provide an extra layer of NAT (as many do) and run an internal DHCP sever so that the routers cellular interface ends up with an IP address like 192.168.x.x but instead passes the public IP directly. This is so I don't end up with a double NAT situation (kind of the equivalent of bridge mode for a DSL modem) and I can access resources (like security systems etc) behind the public IP by configuring the main firewall / router accordingly.
Ben
*BEN JACKSON* Director
*M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
What if you had those routers phone home to a VPN server in your office over 4G? They'd always be in easy reach on private subnet on your LAN and you wouldn't need to worry about public or static IPs for your 4G widget.
I noticed Duxtel configured devices I have bought have a PPTP client set up so if you activate it then Duxtel can peer into the device and assist with any issues.
On 22 November 2017 at 13:46, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Does anyone have any advice on a) a decent 4g service that provides a publicly accessible IP address that ports can be forwarded through as well as how to get hold of an unlocked USB dongle which will support the SIM / service?
Or even a provider that provides this on one of their business plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64 security appliance and calling the usual suspects (Optus, telstra) is giving me a headache.
Any advice on what others have done in this scenario would be most appreciated.
Best regards,
Ben Jackson eLogik
(Sent from my mobile device) _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik rotik.com.au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk. mikrotik.com.au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hi Ben, We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP devices, the Mikrotik creates an LTE interface once the modem is inserted into the USB port, you set the APN within the LTE interface. Once that's connected you then configure a DHCP client on the Mikrotik on the LTE interface and you get a public IP. Some caveats: - You do need to change the mode of the modem, this can be done with the Netgear utility easily, they are a netgear unit basically. - You need to use a 4G SIM from Telstra, prepaid or postpaid should work, however if you want the APN with the public IP you need postpaid and need to request that the SIM be setup with the telstra.extranet APN Apart from that it's pretty easy. We occasionally have the modem drop, we have a script on the Mikrotik which checks connectivity and if it drops it does a USB power cycle which brings it back up most of the time. It's really not hard, and it works well. If you want to go with Optus but without a public IP you can get the $19 dongle from Office Works, it works in the Mikrotik without any real changes, but no public IP, fine if you can VPN out to something to use to get back in. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben Jackson - ELOGIK Sent: Thursday, 23 November 2017 11:10 AM To: Jason Hecker; MikroTik Australia Public List Subject: Re: [MT-AU Public] 4G WAN failover question Thanks for the pointers everyone. There seem to be a number of factors at play here: 1) Most of the LTE USB modems you can purchase have some kind of "router on a stick" built in which provides a firewalled, DHCP assigned private IP on the LAN side in the normal ranges of 192.168.x.x or 10.x.x.x. In Huawei's case this is known as "HiLink mode". 2) In addition to this, depending on which provider they are bought from, these modems / dongles are flashed with an ISP-specific firmware which further locks down the device to stop certain features being exposed to the device's web-interface. This makes it tricky to change things such as the APN settings. 3) The above types of device (i've been mainly concerned with the Huawei E3372 since that's the one my router has support for) can apparently be re-flashed with custom firmware which allows HiLink mode to be switched off (see here: http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-lte-stick-from-hilin...) this will apparently allow the "public" IP to be assigned directly to the device connected to the USB port and avoids the pesky double NAT situation. 4) The reason I say "public" in quotes above is because even if you manage to pass this address through, quite often the address itself is not a true public IP as it is behind carrier NAT and you are back to square 1. For those interested, here are the options I'm exploring: 1) Getting a sierra 320U unlocked from ebay which can be used in "stick mode" without NAT or DHCP enabled and purchasing a SIM plan from either M2MOne or URL networks which has a "true" public IP (with all the public health and DDOS warnings this entails!) 2) Buying an LTE router such as: Dovado Tiny MikroTik SXT LTE Netgear (I know!) LB1111 TP-Link MR6400 and then using the same sim card as above. From the research I've done, these devices have a "passthrough" or bridge mode which will present the LTE public IP directly to my main router, albeit via an RJ45 / ethernet connection. Ben *BEN JACKSON* Director *M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au> On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
Oh I see, OK, sounds like you need something that will do a PPP session which some 4G cards will let you do if you put them into serial mode like the Telit LE910 (which I have tried) or the Sierra modules.
If you end up with a static or dynamic public IP you can cname the dynamic DNS Mikrotik provides in the router's ip->cloud settings and set the timeout to 60, so you could get at it like bighonchoclient1.elogik.net for example.
I kicked the idea around but never tried buying a cheap VPS with a static IP and having the 4G based Mikrotik VPN into it, then on the VPS port forward any ports to services behind the 4G device.
On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Hi Jason,
OK, I didn't phrase my question very well, what I need is a dongle or card that doesn't provide an extra layer of NAT (as many do) and run an internal DHCP sever so that the routers cellular interface ends up with an IP address like 192.168.x.x but instead passes the public IP directly. This is so I don't end up with a double NAT situation (kind of the equivalent of bridge mode for a DSL modem) and I can access resources (like security systems etc) behind the public IP by configuring the main firewall / router accordingly.
Ben
*BEN JACKSON* Director
*M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
What if you had those routers phone home to a VPN server in your office over 4G? They'd always be in easy reach on private subnet on your LAN and you wouldn't need to worry about public or static IPs for your 4G widget.
I noticed Duxtel configured devices I have bought have a PPTP client set up so if you activate it then Duxtel can peer into the device and assist with any issues.
On 22 November 2017 at 13:46, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Does anyone have any advice on a) a decent 4g service that provides a publicly accessible IP address that ports can be forwarded through as well as how to get hold of an unlocked USB dongle which will support the SIM / service?
Or even a provider that provides this on one of their business plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64 security appliance and calling the usual suspects (Optus, telstra) is giving me a headache.
Any advice on what others have done in this scenario would be most appreciated.
Best regards,
Ben Jackson eLogik
(Sent from my mobile device) _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik rotik.com.au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk. mikrotik.com.au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Great info Paul - thanks for this. I think with all this in mind I'll be able to tailor a solution Thanks again for everyone's input. *BEN JACKSON* Director *M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au> On Thu, Nov 23, 2017 at 1:53 PM, Paul Julian <paul@oxygennetworks.com.au> wrote:
Hi Ben,
We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP devices, the Mikrotik creates an LTE interface once the modem is inserted into the USB port, you set the APN within the LTE interface. Once that's connected you then configure a DHCP client on the Mikrotik on the LTE interface and you get a public IP.
Some caveats: - You do need to change the mode of the modem, this can be done with the Netgear utility easily, they are a netgear unit basically. - You need to use a 4G SIM from Telstra, prepaid or postpaid should work, however if you want the APN with the public IP you need postpaid and need to request that the SIM be setup with the telstra.extranet APN
Apart from that it's pretty easy.
We occasionally have the modem drop, we have a script on the Mikrotik which checks connectivity and if it drops it does a USB power cycle which brings it back up most of the time.
It's really not hard, and it works well.
If you want to go with Optus but without a public IP you can get the $19 dongle from Office Works, it works in the Mikrotik without any real changes, but no public IP, fine if you can VPN out to something to use to get back in.
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben Jackson - ELOGIK Sent: Thursday, 23 November 2017 11:10 AM To: Jason Hecker; MikroTik Australia Public List Subject: Re: [MT-AU Public] 4G WAN failover question
Thanks for the pointers everyone. There seem to be a number of factors at play here:
1) Most of the LTE USB modems you can purchase have some kind of "router on a stick" built in which provides a firewalled, DHCP assigned private IP on the LAN side in the normal ranges of 192.168.x.x or 10.x.x.x. In Huawei's case this is known as "HiLink mode". 2) In addition to this, depending on which provider they are bought from, these modems / dongles are flashed with an ISP-specific firmware which further locks down the device to stop certain features being exposed to the device's web-interface. This makes it tricky to change things such as the APN settings. 3) The above types of device (i've been mainly concerned with the Huawei E3372 since that's the one my router has support for) can apparently be re-flashed with custom firmware which allows HiLink mode to be switched off (see here: http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g- lte-stick-from-hilink-to-stick-mode/) this will apparently allow the "public" IP to be assigned directly to the device connected to the USB port and avoids the pesky double NAT situation. 4) The reason I say "public" in quotes above is because even if you manage to pass this address through, quite often the address itself is not a true public IP as it is behind carrier NAT and you are back to square 1.
For those interested, here are the options I'm exploring:
1) Getting a sierra 320U unlocked from ebay which can be used in "stick mode" without NAT or DHCP enabled and purchasing a SIM plan from either M2MOne or URL networks which has a "true" public IP (with all the public health and DDOS warnings this entails!) 2) Buying an LTE router such as:
Dovado Tiny MikroTik SXT LTE Netgear (I know!) LB1111 TP-Link MR6400
and then using the same sim card as above. From the research I've done, these devices have a "passthrough" or bridge mode which will present the LTE public IP directly to my main router, albeit via an RJ45 / ethernet connection.
Ben
*BEN JACKSON* Director
*M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
Oh I see, OK, sounds like you need something that will do a PPP session which some 4G cards will let you do if you put them into serial mode like the Telit LE910 (which I have tried) or the Sierra modules.
If you end up with a static or dynamic public IP you can cname the dynamic DNS Mikrotik provides in the router's ip->cloud settings and set the timeout to 60, so you could get at it like bighonchoclient1.elogik.net for example.
I kicked the idea around but never tried buying a cheap VPS with a static IP and having the 4G based Mikrotik VPN into it, then on the VPS port forward any ports to services behind the 4G device.
On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Hi Jason,
OK, I didn't phrase my question very well, what I need is a dongle or card that doesn't provide an extra layer of NAT (as many do) and run an internal DHCP sever so that the routers cellular interface ends up with an IP address like 192.168.x.x but instead passes the public IP directly. This is so I don't end up with a double NAT situation (kind of the equivalent of bridge mode for a DSL modem) and I can access resources (like security systems etc) behind the public IP by configuring the main firewall / router accordingly.
Ben
*BEN JACKSON* Director
*M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
What if you had those routers phone home to a VPN server in your office over 4G? They'd always be in easy reach on private subnet on your LAN and you wouldn't need to worry about public or static IPs for your 4G widget.
I noticed Duxtel configured devices I have bought have a PPTP client set up so if you activate it then Duxtel can peer into the device and assist with any issues.
On 22 November 2017 at 13:46, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Does anyone have any advice on a) a decent 4g service that provides a publicly accessible IP address that ports can be forwarded through as well as how to get hold of an unlocked USB dongle which will support the SIM / service?
Or even a provider that provides this on one of their business plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64 security appliance and calling the usual suspects (Optus, telstra) is giving me a headache.
Any advice on what others have done in this scenario would be most appreciated.
Best regards,
Ben Jackson eLogik
(Sent from my mobile device) _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik rotik.com.au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk. mikrotik.com.au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
No problem, good luck. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben Jackson - ELOGIK Sent: Thursday, 23 November 2017 5:38 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] 4G WAN failover question Great info Paul - thanks for this. I think with all this in mind I'll be able to tailor a solution Thanks again for everyone's input. *BEN JACKSON* Director *M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au> On Thu, Nov 23, 2017 at 1:53 PM, Paul Julian <paul@oxygennetworks.com.au> wrote:
Hi Ben,
We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP devices, the Mikrotik creates an LTE interface once the modem is inserted into the USB port, you set the APN within the LTE interface. Once that's connected you then configure a DHCP client on the Mikrotik on the LTE interface and you get a public IP.
Some caveats: - You do need to change the mode of the modem, this can be done with the Netgear utility easily, they are a netgear unit basically. - You need to use a 4G SIM from Telstra, prepaid or postpaid should work, however if you want the APN with the public IP you need postpaid and need to request that the SIM be setup with the telstra.extranet APN
Apart from that it's pretty easy.
We occasionally have the modem drop, we have a script on the Mikrotik which checks connectivity and if it drops it does a USB power cycle which brings it back up most of the time.
It's really not hard, and it works well.
If you want to go with Optus but without a public IP you can get the $19 dongle from Office Works, it works in the Mikrotik without any real changes, but no public IP, fine if you can VPN out to something to use to get back in.
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben Jackson - ELOGIK Sent: Thursday, 23 November 2017 11:10 AM To: Jason Hecker; MikroTik Australia Public List Subject: Re: [MT-AU Public] 4G WAN failover question
Thanks for the pointers everyone. There seem to be a number of factors at play here:
1) Most of the LTE USB modems you can purchase have some kind of "router on a stick" built in which provides a firewalled, DHCP assigned private IP on the LAN side in the normal ranges of 192.168.x.x or 10.x.x.x. In Huawei's case this is known as "HiLink mode". 2) In addition to this, depending on which provider they are bought from, these modems / dongles are flashed with an ISP-specific firmware which further locks down the device to stop certain features being exposed to the device's web-interface. This makes it tricky to change things such as the APN settings. 3) The above types of device (i've been mainly concerned with the Huawei E3372 since that's the one my router has support for) can apparently be re-flashed with custom firmware which allows HiLink mode to be switched off (see here: http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g- lte-stick-from-hilink-to-stick-mode/) this will apparently allow the "public" IP to be assigned directly to the device connected to the USB port and avoids the pesky double NAT situation. 4) The reason I say "public" in quotes above is because even if you manage to pass this address through, quite often the address itself is not a true public IP as it is behind carrier NAT and you are back to square 1.
For those interested, here are the options I'm exploring:
1) Getting a sierra 320U unlocked from ebay which can be used in "stick mode" without NAT or DHCP enabled and purchasing a SIM plan from either M2MOne or URL networks which has a "true" public IP (with all the public health and DDOS warnings this entails!) 2) Buying an LTE router such as:
Dovado Tiny MikroTik SXT LTE Netgear (I know!) LB1111 TP-Link MR6400
and then using the same sim card as above. From the research I've done, these devices have a "passthrough" or bridge mode which will present the LTE public IP directly to my main router, albeit via an RJ45 / ethernet connection.
Ben
*BEN JACKSON* Director
*M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
Oh I see, OK, sounds like you need something that will do a PPP session which some 4G cards will let you do if you put them into serial mode like the Telit LE910 (which I have tried) or the Sierra modules.
If you end up with a static or dynamic public IP you can cname the dynamic DNS Mikrotik provides in the router's ip->cloud settings and set the timeout to 60, so you could get at it like bighonchoclient1.elogik.net for example.
I kicked the idea around but never tried buying a cheap VPS with a static IP and having the 4G based Mikrotik VPN into it, then on the VPS port forward any ports to services behind the 4G device.
On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Hi Jason,
OK, I didn't phrase my question very well, what I need is a dongle or card that doesn't provide an extra layer of NAT (as many do) and run an internal DHCP sever so that the routers cellular interface ends up with an IP address like 192.168.x.x but instead passes the public IP directly. This is so I don't end up with a double NAT situation (kind of the equivalent of bridge mode for a DSL modem) and I can access resources (like security systems etc) behind the public IP by configuring the main firewall / router accordingly.
Ben
*BEN JACKSON* Director
*M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
What if you had those routers phone home to a VPN server in your office over 4G? They'd always be in easy reach on private subnet on your LAN and you wouldn't need to worry about public or static IPs for your 4G widget.
I noticed Duxtel configured devices I have bought have a PPTP client set up so if you activate it then Duxtel can peer into the device and assist with any issues.
On 22 November 2017 at 13:46, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Does anyone have any advice on a) a decent 4g service that provides a publicly accessible IP address that ports can be forwarded through as well as how to get hold of an unlocked USB dongle which will support the SIM / service?
Or even a provider that provides this on one of their business plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64 security appliance and calling the usual suspects (Optus, telstra) is giving me a headache.
Any advice on what others have done in this scenario would be most appreciated.
Best regards,
Ben Jackson eLogik
(Sent from my mobile device) _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik rotik.com.au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk. mikrotik.com.au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Paul - where do you get your 320U's from? Ebay? *BEN JACKSON* Director *M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au> On Thu, Nov 23, 2017 at 5:42 PM, Paul Julian <paul@oxygennetworks.com.au> wrote:
No problem, good luck.
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben Jackson - ELOGIK Sent: Thursday, 23 November 2017 5:38 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] 4G WAN failover question
Great info Paul - thanks for this. I think with all this in mind I'll be able to tailor a solution
Thanks again for everyone's input.
*BEN JACKSON* Director
*M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Thu, Nov 23, 2017 at 1:53 PM, Paul Julian <paul@oxygennetworks.com.au> wrote:
Hi Ben,
We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP devices, the Mikrotik creates an LTE interface once the modem is inserted into the USB port, you set the APN within the LTE interface. Once that's connected you then configure a DHCP client on the Mikrotik on the LTE interface and you get a public IP.
Some caveats: - You do need to change the mode of the modem, this can be done with the Netgear utility easily, they are a netgear unit basically. - You need to use a 4G SIM from Telstra, prepaid or postpaid should work, however if you want the APN with the public IP you need postpaid and need to request that the SIM be setup with the telstra.extranet APN
Apart from that it's pretty easy.
We occasionally have the modem drop, we have a script on the Mikrotik which checks connectivity and if it drops it does a USB power cycle which brings it back up most of the time.
It's really not hard, and it works well.
If you want to go with Optus but without a public IP you can get the $19 dongle from Office Works, it works in the Mikrotik without any real changes, but no public IP, fine if you can VPN out to something to use to get back in.
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben Jackson - ELOGIK Sent: Thursday, 23 November 2017 11:10 AM To: Jason Hecker; MikroTik Australia Public List Subject: Re: [MT-AU Public] 4G WAN failover question
Thanks for the pointers everyone. There seem to be a number of factors at play here:
1) Most of the LTE USB modems you can purchase have some kind of "router on a stick" built in which provides a firewalled, DHCP assigned private IP on the LAN side in the normal ranges of 192.168.x.x or 10.x.x.x. In Huawei's case this is known as "HiLink mode". 2) In addition to this, depending on which provider they are bought from, these modems / dongles are flashed with an ISP-specific firmware which further locks down the device to stop certain features being exposed to the device's web-interface. This makes it tricky to change things such as the APN settings. 3) The above types of device (i've been mainly concerned with the Huawei E3372 since that's the one my router has support for) can apparently be re-flashed with custom firmware which allows HiLink mode to be switched off (see here: http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g- lte-stick-from-hilink-to-stick-mode/) this will apparently allow the "public" IP to be assigned directly to the device connected to the USB port and avoids the pesky double NAT situation. 4) The reason I say "public" in quotes above is because even if you manage to pass this address through, quite often the address itself is not a true public IP as it is behind carrier NAT and you are back to square 1.
For those interested, here are the options I'm exploring:
1) Getting a sierra 320U unlocked from ebay which can be used in "stick mode" without NAT or DHCP enabled and purchasing a SIM plan from either M2MOne or URL networks which has a "true" public IP (with all the public health and DDOS warnings this entails!) 2) Buying an LTE router such as:
Dovado Tiny MikroTik SXT LTE Netgear (I know!) LB1111 TP-Link MR6400
and then using the same sim card as above. From the research I've done, these devices have a "passthrough" or bridge mode which will present the LTE public IP directly to my main router, albeit via an RJ45 / ethernet connection.
Ben
*BEN JACKSON* Director
*M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
Oh I see, OK, sounds like you need something that will do a PPP session which some 4G cards will let you do if you put them into serial mode like the Telit LE910 (which I have tried) or the Sierra modules.
If you end up with a static or dynamic public IP you can cname the dynamic DNS Mikrotik provides in the router's ip->cloud settings and set the timeout to 60, so you could get at it like bighonchoclient1.elogik.net for example.
I kicked the idea around but never tried buying a cheap VPS with a static IP and having the 4G based Mikrotik VPN into it, then on the VPS port forward any ports to services behind the 4G device.
On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Hi Jason,
OK, I didn't phrase my question very well, what I need is a dongle or card that doesn't provide an extra layer of NAT (as many do) and run an internal DHCP sever so that the routers cellular interface ends up with an IP address like 192.168.x.x but instead passes the public IP directly. This is so I don't end up with a double NAT situation (kind of the equivalent of bridge mode for a DSL modem) and I can access resources (like security systems etc) behind the public IP by configuring the main firewall / router accordingly.
Ben
*BEN JACKSON* Director
*M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
What if you had those routers phone home to a VPN server in your office over 4G? They'd always be in easy reach on private subnet on your LAN and you wouldn't need to worry about public or static IPs for your 4G widget.
I noticed Duxtel configured devices I have bought have a PPTP client set up so if you activate it then Duxtel can peer into the device and assist with any issues.
On 22 November 2017 at 13:46, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Does anyone have any advice on a) a decent 4g service that provides a publicly accessible IP address that ports can be forwarded through as well as how to get hold of an unlocked USB dongle which will support the SIM / service?
Or even a provider that provides this on one of their business plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64 security appliance and calling the usual suspects (Optus, telstra) is giving me a headache.
Any advice on what others have done in this scenario would be most appreciated.
Best regards,
Ben Jackson eLogik
(Sent from my mobile device) _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik rotik.com.au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk. mikrotik.com.au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Yep, should be able to get them for around $40-$50 Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben Jackson - ELOGIK Sent: Thursday, 23 November 2017 5:45 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] 4G WAN failover question Paul - where do you get your 320U's from? Ebay? *BEN JACKSON* Director *M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au> On Thu, Nov 23, 2017 at 5:42 PM, Paul Julian <paul@oxygennetworks.com.au> wrote:
No problem, good luck.
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben Jackson - ELOGIK Sent: Thursday, 23 November 2017 5:38 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] 4G WAN failover question
Great info Paul - thanks for this. I think with all this in mind I'll be able to tailor a solution
Thanks again for everyone's input.
*BEN JACKSON* Director
*M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Thu, Nov 23, 2017 at 1:53 PM, Paul Julian <paul@oxygennetworks.com.au> wrote:
Hi Ben,
We use the Telstra Sierra Wireless 320U modems in our Mikrotik hAP devices, the Mikrotik creates an LTE interface once the modem is inserted into the USB port, you set the APN within the LTE interface. Once that's connected you then configure a DHCP client on the Mikrotik on the LTE interface and you get a public IP.
Some caveats: - You do need to change the mode of the modem, this can be done with the Netgear utility easily, they are a netgear unit basically. - You need to use a 4G SIM from Telstra, prepaid or postpaid should work, however if you want the APN with the public IP you need postpaid and need to request that the SIM be setup with the telstra.extranet APN
Apart from that it's pretty easy.
We occasionally have the modem drop, we have a script on the Mikrotik which checks connectivity and if it drops it does a USB power cycle which brings it back up most of the time.
It's really not hard, and it works well.
If you want to go with Optus but without a public IP you can get the $19 dongle from Office Works, it works in the Mikrotik without any real changes, but no public IP, fine if you can VPN out to something to use to get back in.
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben Jackson - ELOGIK Sent: Thursday, 23 November 2017 11:10 AM To: Jason Hecker; MikroTik Australia Public List Subject: Re: [MT-AU Public] 4G WAN failover question
Thanks for the pointers everyone. There seem to be a number of factors at play here:
1) Most of the LTE USB modems you can purchase have some kind of "router on a stick" built in which provides a firewalled, DHCP assigned private IP on the LAN side in the normal ranges of 192.168.x.x or 10.x.x.x. In Huawei's case this is known as "HiLink mode". 2) In addition to this, depending on which provider they are bought from, these modems / dongles are flashed with an ISP-specific firmware which further locks down the device to stop certain features being exposed to the device's web-interface. This makes it tricky to change things such as the APN settings. 3) The above types of device (i've been mainly concerned with the Huawei E3372 since that's the one my router has support for) can apparently be re-flashed with custom firmware which allows HiLink mode to be switched off (see here: http://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g- lte-stick-from-hilink-to-stick-mode/) this will apparently allow the "public" IP to be assigned directly to the device connected to the USB port and avoids the pesky double NAT situation. 4) The reason I say "public" in quotes above is because even if you manage to pass this address through, quite often the address itself is not a true public IP as it is behind carrier NAT and you are back to square 1.
For those interested, here are the options I'm exploring:
1) Getting a sierra 320U unlocked from ebay which can be used in "stick mode" without NAT or DHCP enabled and purchasing a SIM plan from either M2MOne or URL networks which has a "true" public IP (with all the public health and DDOS warnings this entails!) 2) Buying an LTE router such as:
Dovado Tiny MikroTik SXT LTE Netgear (I know!) LB1111 TP-Link MR6400
and then using the same sim card as above. From the research I've done, these devices have a "passthrough" or bridge mode which will present the LTE public IP directly to my main router, albeit via an RJ45 / ethernet connection.
Ben
*BEN JACKSON* Director
*M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 6:15 PM, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
Oh I see, OK, sounds like you need something that will do a PPP session which some 4G cards will let you do if you put them into serial mode like the Telit LE910 (which I have tried) or the Sierra modules.
If you end up with a static or dynamic public IP you can cname the dynamic DNS Mikrotik provides in the router's ip->cloud settings and set the timeout to 60, so you could get at it like bighonchoclient1.elogik.net for example.
I kicked the idea around but never tried buying a cheap VPS with a static IP and having the 4G based Mikrotik VPN into it, then on the VPS port forward any ports to services behind the 4G device.
On 22 November 2017 at 15:59, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Hi Jason,
OK, I didn't phrase my question very well, what I need is a dongle or card that doesn't provide an extra layer of NAT (as many do) and run an internal DHCP sever so that the routers cellular interface ends up with an IP address like 192.168.x.x but instead passes the public IP directly. This is so I don't end up with a double NAT situation (kind of the equivalent of bridge mode for a DSL modem) and I can access resources (like security systems etc) behind the public IP by configuring the main firewall / router accordingly.
Ben
*BEN JACKSON* Director
*M *0404 924745 *E* ben@elogik.com.au *W* elogik.com.au <http://www.elogik.com.au/> <http://www.elogik.com.au>
On Wed, Nov 22, 2017 at 2:24 PM, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
What if you had those routers phone home to a VPN server in your office over 4G? They'd always be in easy reach on private subnet on your LAN and you wouldn't need to worry about public or static IPs for your 4G widget.
I noticed Duxtel configured devices I have bought have a PPTP client set up so if you activate it then Duxtel can peer into the device and assist with any issues.
On 22 November 2017 at 13:46, Ben Jackson - ELOGIK <ben@elogik.net> wrote:
Does anyone have any advice on a) a decent 4g service that provides a publicly accessible IP address that ports can be forwarded through as well as how to get hold of an unlocked USB dongle which will support the SIM / service?
Or even a provider that provides this on one of their business plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64 security appliance and calling the usual suspects (Optus, telstra) is giving me a headache.
Any advice on what others have done in this scenario would be most appreciated.
Best regards,
Ben Jackson eLogik
(Sent from my mobile device) _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mik rotik.com.au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk. mikrotik.com.au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hi Ben, We use the Sierra/Netgear 320U modems, I still haven't found a replacement for them that allows you to land the IP directly on the Mikrotik, be interested to know if anyone else knows of a device that will replace the 320U cards and in production still. We can do static IP's on 4G via Optus on plans up to 30GB per month. Cheers, Ash. URL Networks - http://url.net.au // On 22/11/17 13:46, Ben Jackson - ELOGIK wrote:
Does anyone have any advice on a) a decent 4g service that provides a publicly accessible IP address that ports can be forwarded through as well as how to get hold of an unlocked USB dongle which will support the SIM / service?
Or even a provider that provides this on one of their business plans?
If it can be a prepaid plan even better.
I'm looking to use said device as 4G failover on a meraki mx64 security appliance and calling the usual suspects (Optus, telstra) is giving me a headache.
Any advice on what others have done in this scenario would be most appreciated.
Best regards,
Ben Jackson eLogik
(Sent from my mobile device) _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
participants (5)
-
Ashley Breeden
-
Ben Jackson - ELOGIK
-
Jason Hecker (Up & Running Tech)
-
Paul Julian
-
Russell Hurren