Using mobile hotspot for WAN
-
@wgstarks said in Using mobile hotspot for WAN:
Right now I’m using a cable modem for WAN but will soon be relocating to an area where the only current option is a mobile hotspot. I’m on the waiting list for Skylink but that won’t be available until later this year. Is it possible to use a mobile hotspot for WAN? Is there recommendations for specific hardware? The carrier will be Verizon if that matters.
Its possible. I used it, and it works.
However, it all depends on whether or not pfSense (FreeBSD) is able to recognize your phone once you plug it into your appliance USB port.
These are the steps:
-
Plug your phone into a USB port.
-
Enable USB tethering on your phone.
-
In pfSense go to Interface / Assignments and see if your phone showed up as new interface. If it didnt, your phone is not supported. If it did, proceed to step 4.
-
Add the new interface and chose DHCP under IPv4 Configuration Type.
-
Disconnect your phone from USB and then repeat steps 1 and 2.
-
Crete a outbound NAT rule for your new interface.
Once you are done. Your phone will create a new gateway. Select new gateway in your firewall rules and you are good to go.
@gblenn said in Using mobile hotspot for WAN:
You can certainly use mobile access and with 5G you can potentially get fiber/cable like speeds and latency, depending on where you live. A mobile hotspot doesn't sound like the solution though. You need a router, preferably with external antennas.
Check out Verizon 5G Wireless Home... or T-Mobiles equivalent for that matter. They will provide you with the HW needed and believe you can bridge them...Thats not what he asked for.
-
-
@gblenn
I know that Verizon does not have home internet for this area but mobile hotspot does work barely. This is with a cheap wifi mobile hotspot (provided by Verizon) that my spouse is currently using for internet access.I’m hoping I can use perhaps a Nighthawk M1 (or similar) with and outdoor antenna that might boost the signal slightly. I’ll have to talk to Verizon regarding this but want to know for sure that my SG-3100 will be compatible with this setup prior to buying a bunch of equipment and getting new accounts?
-
@nimrod
My spouse is currently using a cheap mobile hotspot provided by Verizon. No model or manufacturer info but it does have a USB-C port. I’m assuming this is for connecting a laptop or other appliance. I can probably test with this but would prefer a higher quality unit with ability to connect an outdoor antenna. Hoping I can get recommendations for specific hardware. -
@wgstarks said in Using mobile hotspot for WAN:
@nimrod
My spouse is currently using a cheap mobile hotspot provided by Verizon. No model or manufacturer info but it does have a USB-C port. I’m assuming this is for connecting a laptop or other appliance. I can probably test with this but would prefer a higher quality unit with ability to connect an outdoor antenna. Hoping I can get recommendations for specific hardware.This is the hardware that i would recommend.
https://protectli.com/product/idg400/
Im not a fan of USB devices on pfSense because USB ports (controlers) are crap in general. They should be used only as a temporary/emergency solutions and nothing more.
-
@nimrod
Would something like the Nighthawk M6 Pro work?Not sure how easy any of these are to integrate with pfsense.
-
@wgstarks I had plan on trying this with the iPhone but the seller didn't have possession on eBay so I didn't bother...Ethernet to pfSense.
-
@wgstarks said in Using mobile hotspot for WAN:
Nighthawk M6 Pr
Why are you so into "mobile hotspots"? Those are primarily intended for nomadic use and seldom or never have external antennas which is crucial for good performance. Actually, one good "use" is of course that if you tell them it is for a mobile hotspot, they will still sell you the SIM card. Even if they don't provide home internet in your area.
And Verizon isn't the only game in town, check coverage for the other service providers, T-mobile or whoever else you may have in the area.Look for a 4G LTE Router instead, something like this. Two of the visible antennas are for LTE and detachable so you can connect to outdoor antennas for better performance.
On mobile networks you typically get a "reserved" IP, even on a broadband connection, which means you are behind NAT. So you might want to ask them to provide a public IP.
No problem with compatibility, at least in terms of connections. You simply plug your pfSense WAN into one of the LAN ports and give it a static IP (on the LTE router) and place it in a DMZ. Don't forget to turn off wifi on the router, since it's outside of the LAN controlled by pfSense.
Where you may run into issues is with UPnP and some gaming, but there are solutions to that as well. Port forwarding works for some of the more challenging games for example.
-
@gblenn said in Using mobile hotspot for WAN:
Why are you so into "mobile hotspots"? Those are primarily intended for nomadic use and seldom or never have external antennas which is crucial for good performance. Actually, one good "use" is of course that if you tell them it is for a mobile hotspot, they will still sell you the SIM card. Even if they don't provide home internet in your area.
And Verizon isn't the only game in town, check coverage for the other service providers, T-mobile or whoever else you may have in the area.I've been digging into coverage and it looks like AT&T is probably best although no one provides home internet yet.
@gblenn said in Using mobile hotspot for WAN:
Look for a 4G LTE Router instead, something like this. Two of the visible antennas are for LTE and detachable so you can connect to outdoor antennas for better performance.
AT&T requires a minimum Cat 11 cellular modem (Cat 18 for higher data plans). It's hard searching google for "cat11" since most of the equipment listing don't provide that data but I did find this one with a Cat 18 modem and detachable antennas.
@gblenn said in Using mobile hotspot for WAN:
On mobile networks you typically get a "reserved" IP, even on a broadband connection, which means you are behind NAT. So you might want to ask them to provide a public IP.
I'll check that with AT&T but I bet they aren't free (or even cheap).
@gblenn said in Using mobile hotspot for WAN:
No problem with compatibility, at least in terms of connections. You simply plug your pfSense WAN into one of the LAN ports and give it a static IP (on the LTE router) and place it in a DMZ. Don't forget to turn off wifi on the router, since it's outside of the LAN controlled by pfSense.
Where you may run into issues is with UPnP and some gaming, but there are solutions to that as well. Port forwarding works for some of the more challenging games for example.I've already been digging into this problem since LTE and Starlink will both use CG-NAT. Looks like my best bet for remote access will be Tailscale but still researching so there may be other issues I'm not aware of. Don't really do much gaming and not using UPnP for anything that I'm aware of. Not sure about my Plex server though? Right now I'm forwarding a port in pfsense.
BTW- Really appreciate the help.
-
@wgstarks said in Using mobile hotspot for WAN:
AT&T requires a minimum Cat 11 cellular modem (Cat 18 for higher data plans). It's hard searching google for "cat11" since most of the equipment listing don't provide that data but I did find this one with a Cat 18 modem and detachable antennas.
None of the carriers "require" any specific category for it to actually work. But of course the subscribed speed is only achievable with a matching device. A cat 11 can give up to 600 Mbps and for the Cudy you linked to they say up to 150 so I doubt it's more than a category 4...
Perhaps you should check with the carriers to find out what their plans are for your area. They are continuously building out and may be offering 5G some time soon. Especially T-Mobile have been very aggressive in their Wireless Broadband roll out. Long term that would be a much better solution than Starlink if you ask me. One benefit is that you can switch to a different ISP any time. It's just a matter of changing the SIM...
And depending on your needs, perhaps you should look for a more advanced device. Those targeting SME's, like Cradlepoint or Mikrotik will be more expensive but likely also the best performing. Especially if you can use an outdoor unit since you can get away from cable loss (antenna to unit).@wgstarks said in Using mobile hotspot for WAN:
I've already been digging into this problem since LTE and Starlink will both use CG-NAT. Looks like my best bet for remote access will be Tailscale but still researching so there may be other issues I'm not aware of. Don't really do much gaming and not using UPnP for anything that I'm aware of. Not sure about my Plex server though? Right now I'm forwarding a port in pfsense.
Well, I would at least check with them if you can get a Public IP for free. CG-NAT is a gapfiller in this context, until they move to IPv6.
But Plex or any type of smart home solution will unfortunately not work, as is, behind CG-NAT. The port you forward is used by Plex to reach out to their servers (and your account) to provide your Public IP so the App can find it...Optimally you would have Public IP and a router that supports bridging, which means pfSense will get that IP directly on WAN. The next best option is NAT with DMZ which will still allow Plex and any other services to work. If the router allows using an IP that is not from the private IP range, UPnP will work as well should you need it...
Tailscalse is a cool solution and I have been using it as a backup to reach my mothers house, should the VPN go down and I need to support her. You set up a server at home acting as a "subnet router" and then your clients can access your home LAN through the tunnel.
I recently saw some video from Lawrence Systems on Cloudflare Tunnel, which could also be a solution. here -
@gblenn said in Using mobile hotspot for WAN:
perhaps you should look for a more advanced device. Those targeting SME's, like Cradlepoint or Mikrotik will be more expensive but likely also the best performing. Especially if you can use an outdoor unit since you can get away from cable loss (antenna to unit).
Care to recommend one. I’ve been looking but honestly I don't know what I’m looking at so it’s hard to know which to get.
@gblenn said in Using mobile hotspot for WAN:
Optimally you would have Public IP and a router that supports bridging, which means pfSense will get that IP directly on WAN. The next best option is NAT with DMZ which will still allow Plex and any other services to work. If the router allows using an IP that is not from the private IP range, UPnP will work as well should you need it...
I’m going to try for a public IP. What is NAT with DMZ? I understand what the DMZ is but not sure what you’re referring to.
-
@wgstarks said in Using mobile hotspot for WAN:
Care to recommend one. I’ve been looking but honestly I don't know what I’m looking at so it’s hard to know which to get.
To be honest I have not looked too much beyond the consumer model (TP-Link archer600) I happen to have for my failover. I just know these guys have the equipment for the SME segment. But I guess the Chateau 6-US from Mikrotik looks like a really good fit. For any alternatives, compare the LTE bands it supports as they may be US specific.
It will likely require some work on your part if you are to really get the most out of it. It depends so much on the location of your house vs the cell tower, and any obstacles in between. A more distant cell from a different carrier may provide better performance if it's line of site for example.
A high gain antenna (perhaps directional) and high up is usually the best but with an indoor unit you need to pull the antenna cable through the wall. And the longer the cables the more attenuation you get. With an indoor unit, try finding a spot high up on the wall facing the tower and shortest possible cable (pair) through to the router (wall mounted on the inside).
@wgstarks said in Using mobile hotspot for WAN:
I’m going to try for a public IP. What is NAT with DMZ? I understand what the DMZ is but not sure what you’re referring to.
What I meant was that if the router doesn't support bridging, you are stuck with NAT, even though DMZ basically opens up all ports towards pfSense.
-
@gblenn said in Using mobile hotspot for WAN:
But I guess the Chateau 6-US from Mikrotik looks like a really good fit.
~~It does look good. Of course I can’t find it for sale anywhere.~~
Emailed Mikrotik. Maybe I’ll get lucky.Found the last one on Amazon.
@gblenn said in Using mobile hotspot for WAN:
To be honest I have not looked too much beyond the consumer model (TP-Link archer600)
Thought I would take look at this one too but can't find a US version. All the sellers seem to be in the EU so the power adapters are probably wrong.
-
@nollipfsense said in Using mobile hotspot for WAN:
@wgstarks I had plan on trying this with the iPhone but the seller didn't have possession on eBay so I didn't bother...Ethernet to pfSense.
I have one of those, and an iphone, and pfsense! Want me to give it a try?
I had never considered using it that way, as a wired WAN into pfsense. It does work the other way I intended, getting an iphone onto a wired ethernet network. That works just fine.
-
@akuma1x said in Using mobile hotspot for WAN:
@nollipfsense said in Using mobile hotspot for WAN:
@wgstarks I had plan on trying this with the iPhone but the seller didn't have possession on eBay so I didn't bother...Ethernet to pfSense.
I have one of those, and an iphone, and pfsense! Want me to give it a try?
I had never considered using it that way, as a wired WAN into pfsense. It does work the other way I intended, getting an iphone onto a wired ethernet network. That works just fine.
No. I only have one iPhone and not gonna tie it to my pfsense 24/7. Cheaper to buy an lte router. Just need to find one. Thanks though
-
@wgstarks said in Using mobile hotspot for WAN:
Thought I would take look at this one too but can't find a US version. All the sellers seem to be in the EU so the power adapters are probably wrong.
I know, it seems they don't sell them in the US. I suppose besides the power adapter, it may not have the right frequency bands. The Mikrotik Chateau-6 has 'US' added to the name for a reason.
Not sure why but we seem to have more consumer variants to choose from here in the EU.
Do some testing in your house to find the ideal location, unless you know where the cell tower is. A simple way is to run speedtest in different locations. Otherwise there are apps (perhaps not on iPhone?) which will tell you the signal strength. Some may even provide the direction to or location of the tower, like Network Cell Info on Android (not sure how precise it is though).
After that you set it up and use it for a while and depending on performance you may want to look into external antennas. Cross polarized antennas are suggested... I'm using a Poynting XPOL which you can find on Amazon. They ship with cables but unless you set it up on a long pole, I suggest to change them out for the shortest cables possible.
-
@gblenn said in Using mobile hotspot for WAN:
@wgstarks said in Using mobile hotspot for WAN:
Thought I would take look at this one too but can't find a US version. All the sellers seem to be in the EU so the power adapters are probably wrong.
I know, it seems they don't sell them in the US. I suppose besides the power adapter, it may not have the right frequency bands. The Mikrotik Chateau-6 has 'US' added to the name for a reason.
Not sure why but we seem to have more consumer variants to choose from here in the EU.
Do some testing in your house to find the ideal location, unless you know where the cell tower is. A simple way is to run speedtest in different locations. Otherwise there are apps (perhaps not on iPhone?) which will tell you the signal strength. Some may even provide the direction to or location of the tower, like Network Cell Info on Android (not sure how precise it is though).
After that you set it up and use it for a while and depending on performance you may want to look into external antennas. Cross polarized antennas are suggested... I'm using a Poynting XPOL which you can find on Amazon. They ship with cables but unless you set it up on a long pole, I suggest to change them out for the shortest cables possible.
Thanks. I managed to find the last one on Amazon.
There were also a couple on eBay for about 10 times there normal price. As soon as I get the new router I’ll hook it to an extension cord and try it in different spots. I have a good idea where the closest towers are in my area so that won’t be too complicated. A timber company has purchased all the local timber and should begin harvesting soon so I expect that will improve line of sight reception.Once again, thanks for all your help.
-
@gblenn said in Using mobile hotspot for WAN:
Chateau 6-US from Mikrotik looks like a really good fit
I agree and just waiting for the price to fall...makes a great fail over for fiber.
-
@wgstarks
Most of the Cellular accounts I have been on have used carrier grade NAT they basically give you a NATed IP address.I briefly had an encounter with frontier and then went to Hughesnet which was even worse surprisingly. All the time running my home built PFSense box as much as I could. I was actually able to sustain VOIP over Hughes net GEN2 with Vonage. The nice thing about routing through PFSense is it would hold the state longer than most of the devices upstream which really helped with connection drop outs.
I started off with AT&T cellular hotspots then went to Sprint then went to T-Mobile. I also have a Verizon MVO SIM with Visible now. Most of what I've seen online encourages the use of a USB modem and supposedly you can connect these hotspots over USB. they usually percent some sort of ethernet connection over USB although I'm trying mine and they're not working with PFSense yet.
The most reliable way I have found is to pick up a TP Link travel router there like 25 bucks at the most you plug that into one of your WAN connections and configure it with a static IP address in the same range as the hotspot and then tell it to act as a client basically a Wi-Fi ethernet bridge. Then you can position your hotspot at a reasonable distance in a good signal location somewhere where you can preferably get an external antenna ( make sure your device supports external antennas some do and are hidden some don't and some are hidden but don't ). This is sort of the best of both worlds, PF sense handles all the routing the hotspot handles the Cellular and the travel router links the two in between. The only downside is your double NAT but you're probably actually gonna be triple NAT unless you work out some sort of deal with a corporate account to get a public IP address and APN.
This also has the benefit of working with any! wireless hotspot.I do find the Netgear ones to be the nicest as they have a app that lets you monitor them on your phone and that can easily be forwarded through PFSense.
They also make a wireless cellular modem, stick a Sim card in and get ethernet out works really nice if it's compatible with your carrier. although they have a new model now with tri-carrier support.One thing to be aware of is battery bloat not all of these devices properly handle the charging so it might be worth sticking them on a timer that goes off for a few hours during the night to kind of cycle the battery a little bit since I've been doing that I haven't had too much of an issue.
But a few years ago I also got Comcast Business which came with it's own cradlepoint back up connection.
You're definitely going to be looking at some sort of NAT penetration remote access. The pricing for public IP address space is ridiculous assuming they have it listed on their website and most of what I saw it seems to indicate you would need a business account.
I've also heard that some android devices will let you tether over a USB ethernet adapter, although well they might have better modem support you are now running a full-fledged phone.
There's also a lot of corporate grade stuff out there but prices go up quick.
Sounds like you might've worked out some thing already hope it's working well.
Thought I would add my two cents in here for anybody else who might run across this post. -
@imark77 said in Using mobile hotspot for WAN:
Most of the Cellular accounts I have been on have used carrier grade NAT they basically give you a NATed IP address.
Yesterday, I watched a video about how bad CGNAT is.
As they point out, the only solution to this nonsense is to move to IPv6.
-
@JKnott said in Using mobile hotspot for WAN:
the only solution to this nonsense is to move to IPv6.
I know T-Mobile home Internet box doesn't pass-through IPv6 router advertising...