Hi Lonnie
Looks like the Netgear 2120 is only available in Australia which I assume will
be similar. A bit expensive but nice not having to use a USB modem.
So Bridge mode works then! Cool I might check this out then.
Yes Telstra provides a Private IP Address which is obviously NAT'ed but much
better to run it in Bridge mode to reduce the number of NAT's.
Regards
Michael Knill
On 21/5/18, 6:11 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote:
Per a post by Michael Knill "4G backup" I purchased a Netgear LB1121-100NAS
(North America) supporting PoE and includes a power adapter.
LTE Modem LB1120 and LB1121 User Manual
https://www.downloads.netgear.com/files/GDC/LB1120/LB112x_UM_EN.pdf
Overall, I'm pleased with the LB1121, the PoE is good to have, makes easy
positioning for good reception.
I also tested the Netgear 6000450 MIMO Antenna, it can add 1-bar, but with
no antenna and 4 out of 5 bars sitting on the lab bench I was able to get 90/20
Mbps (down/up) on a speed test.
If a person were to mount the modem on a wall next to a window, the antenna
would be useful to reach over and place on the glass.
I tested with "Ting" a MVNO (Mobile Virtual Network Operator) for
T-Mobile's GSM network. I ordered a GSM SIM card from Ting, the Netgear LB1121
comes with an empty SIM slot.
I connected the Netgear LB1121 to a spare ethernet interface, Network tab
-> Failover Interface: [eth2] and also ...
-- Network tab -> WAN Failover Configuration: --
External Failover Interface:
Connection Type: [DHCP]
External Failover Destination Routes:
IPv4 Routes: 192.168.5.0/24
--
If you change the LB1121's IPv4 address, also change the above IPv4 Routes:
as this is required when the LB1121 is set to "Bridge Mode".
Note: WAN Failover is disabled at this point in time. We are now simply
defining a 2nd external interface.
With Ting I needed to edit the APN ...
--
Ting (GSM) T-Mobile
APN: wholesale
--
and the LB1121 easily allows for that via the web interface, which defaults
to http://192.168.5.1
Firmware updates are via the web interface, but you must have a SIM card
activated and installed to perform an upgrade over the GSM network.
Web interface password changes don't ask for a match, so a typo requires a
reset to factory defaults to fix it. But overall, the web interface is nicely
done.
After I got the LB1121 configured as desired, working, and firmware
upgraded, I then switched to "Bridge Mode", depending on your 4G/LTE carrier
your DHCP will acquire a publicly routable IPv4 address or an address that
looks public but is actually behind NAT.
BTW: Ting/T-Mobile uses odd "private" address ranges like 25.0.0.0/8 (UK
Ministry of Defense) and 100.128.0.0/9 (T-Mobile), they look publicly routable,
but they are NAT'ed to a different public address :-(
On a PoE 802.3af switch, the LB1121 draws 1.1 Watts, cool to the touch.
The main issues are the 4G/LTE networks, the Ting MVNO for T-Mobile is IPv4
only, and NAT'ed even when in bridge mode. So a true failover is difficult to
do, but by limiting your failover requirements this can still be useful. Below
is one such technique using WireGuard VPN.
I have a test AstLinux box talking to my main AstLinux box over WireGuard
over 4G/LTE ... works nicely. Though "PersistentKeepalive = 25" is required to
deal with the NAT and dynamic addressing.
FYI: Interestingly, the WireGuard overhead even with a keepalive every 25
seconds results in 454 KB/day of data, which at $10/GB is only 0.00454 $/day.
== Dynamic 4G/LTE Modem Endpoint
-- WireGuard IPv4 10.4.1.10/255.255.255.0 --
[Peer]
## 4G/LTE Endpoint
PublicKey = <For Static Endpoint>
Endpoint = 1.2.3.4:51820
AllowedIPs = 10.4.1.1/32
PersistentKeepalive = 25
--
-- Network tab -> WAN Failover Configuration: --
External Failover Interface:
Connection Type: [DHCP]
External Failover Destination Routes:
IPv4 Routes: 192.168.5.0/24 1.2.3.4
--
== Static IPv4 1.2.3.4 Endpoint
-- WireGuard IPv4 10.4.1.1/255.255.255.0 --
[Peer]
## Static Endpoint
PublicKey = <For 4G/LTE Endpoint>
AllowedIPs = 10.4.1.10/32
--
iperf3 test across the VPN ...
4G/LTE ~ # iperf3 -s
Static ~ # iperf3 -c 10.4.1.10 -u
Connecting to host 10.4.1.10, port 5201
[ 5] local 10.4.1.1 port 37415 connected to 10.4.1.10 port 5201
[ ID] Interval Transfer Bitrate Total Datagrams
[ 5] 0.00-1.00 sec 128 KBytes 1.05 Mbits/sec 96
...
[ 5] 9.00-10.00 sec 128 KBytes 1.05 Mbits/sec 96
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Jitter Lost/Total
Datagrams
[ 5] 0.00-10.00 sec 1.25 MBytes 1.05 Mbits/sec 0.000 ms 0/959 (0%)
sender
[ 5] 0.00-10.16 sec 1.25 MBytes 1.03 Mbits/sec 2.543 ms 0/959 (0%)
receiver
Typical ping times: 100-400 ms
Note that without the VPN there would be no way to reach "4G/LTE" from
"Static" with the network NAT issues described above.
So with a Netgear LB1121 4G/LTE Modem, by using this WireGuard VPN
technique on the "Failover Interface" (2nd External) your public server on
1.2.3.4 will be able to access a remote AstLinux box via 4G/LTE.
Lonnie
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
