Using mobile hotspot for WAN

JKnott

@imark77 said in Using mobile hotspot for WAN:

From what I understand most networks have switched to IPV6 internally which is what they should've done instead of carrier grade NAT in the first place. There's an entire address block for IPV4 within IPV6 it makes no sense to me why they're not just using that on the backend to route IPV4 into IPV6 and then back to IPV4.

Originally, the cell networks didn't support IPv6 and CGNAT was the only way to provide IPv4. Some of those IPv6 blocks containing IPv4 addresses are using for conversion methods such as 464XLAT. Changing from IPv4 to IPv6 didn't happen all at once, but rather in stages.

JKnott

@sarrasine said in Using mobile hotspot for WAN:

Both devices can connect to your pfSense box either through Ethernet or USB and offer passthrough mode.

Does that include DHCPv6-PD to pfSense?

sarrasine

@JKnott

Right now I can't confirm because it looks like T-Mobile does not provide prefix delegation, before T-Mobile I had AT&T and as far as I can recall, I was getting an IPv6 on all of my devices connected to the pFSense box.
Sorry I could not offer better explanation, I am trying to learn all of this new (to me) terminology and possibly sound dumb at times.

wgstarks

@sarrasine
Actually I went a different route. Found out that my local cable company will install cable to anywhere for about $8(US)/foot so paid them for about 4700 feet. Was really the only option. No cell towers within 2 miles. T-mobile was willing to sell me a plan anyway be the speeds were awful. Starlink is still not available in my area.

madbrain

@imark77 The 0.0.7 / 0.04 speeds are from really bad T-Mobile signal. It is not roaming. I live on a hill, and that's the speeds I get in my home office when the phone is on 4G LTE. Sometimes it switches to 5G, and the download speed goes way up, but the upload speed remains the same. This morning it wasn't getting any data signal at all for several minutes, just a few bars, presumably GSM only. Voice calls over cell tend to have frequent periods of >1s silence. This weak T-mobile signal was unfortunately the best cell signal I could get in this room, and in most rooms, between the major 3 carriers for the 14 years I have been here. 3 years ago I tried a Verizon 5G SIM with my phone. Speedtest got 0.001 Mbps down / 0.000 up. Ie. just 1kbps ... It was a free trial and I obviously cancelled.
Basically, only Wifi calling works for calls, or wired VoIP. I had Ooma before, and switched to voip.ms a few weeks ago using a Grandview HT802 analog telephone adapter. The Panasonic DECT 6.0 analog phone with the maximum 6 handsets covers my entire property inside and out, something that Wifi cannot do even with 6 APs, and that the cell carriers couldn't do either, but that may have changed recently with the new Verizon towers.

As far as the price, not sure where you got $600/month. I clearly mentioned Verizon was charging $50/month, which is $600/year. I still think it's too much for a backup that's seldom used. I would prefer a less expensive plan without unlimited data. Maybe a plan with only 1GB of data included, and the ability to pay extra by the GB, as needed.

I am not sure how Comcast business is going to be any better than Comcast residential service (Xfinity) which I have at the moment. When Comcast does their so-called "scheduled maintenance", the cable modem loses sync. Unless they are running a separate cable on which they aren't doing this maintenance, I don't see how business will it help. It will certainly cost more, though, and I'm trying to minimize costs and ditch Comcast altogether due to both the outages and price increases.
I was paying $80/month for 1200 / 200 service. The speeds were more than good enough, as well as the price. But it went to $150 after the contract ended. I got a new contract, but the best they would do was $110, even though new customers pay $90 for the same service. For the first time in 20 years with Comcast, they just wouldn't match new customer price. The fact that speeds drop to 0 / 0 during all the outages is much more problematic though. I'm tired of having to go outside late at night to make a call and request a bill credit. I would like to trade some speed for more reliability, preferably without contract, which means without Comcast, and at lower cost than the $110 I'm paying right now.

I believe a 5G smartphone could be used as a WAN with pfSense, either through USB tethering, Wifi hotspot, or even Ethernet tethering that I read about. All those should do the job, but they have one thing in common - they probably will only work for outbound connections due to the phone acting as a router, and performing NAT. That covers most of the use cases, which are principally outbound traffic late at night when streaming and getting a Comcast outage. I would like to also cover inbound traffic for remote access to my home, but this will require a public IP address from the carrier, either IPv4 or IPv6, and I'm not sure it's possible to get one with a SIM. Verizon 5G Home Internet does hand out public IPs, but requires the $50/month subscription. I need a device that will take a physical SIM to use a US Mobile Warp 5G shared data plan that uses the Verizon cell network. Fedex just delivered such a SIM a few minutes ago. I'm going to port my cell phone line from GSM 5G (T-Mobile) to Warp 5G (Verizon) while staying with the same MVNO, US Mobile. Hopefully, my signal issues on the phone will finally be history. And I will be able to see what kind of IPs the phone gets, once the port is done. It would great if one of the IPs was public.

madbrain

@sarrasine Thanks. I don't need the mmWave here in the hills. It is not economically viable to deploy it in this area. I saw those Netgear devices. Both are pretty expensive, though, and are a bit overkill. I believe a cheap 5G smartphone such as a used, unlocked Samsung A14 could do the same job. I don't need very high speeds at this is just for backup. Verizon throttles the home internet service to about 110 Mbps down / 12 Mbps max and that still works fine as a backup.

I believe Wifi can be used as a WAN in pfSense, both with these Netgear devices and a smartphone. But it is not the preferred method. USB or Ethernet would be better.

A smartphone will only act as a router when tethering, though. Will the Netgear hotspots work in bridge mode, as opposed to router mode ?

I'm interested in a BYOD plan, but probably not an unlimited one due to price constraints. I still would like to know what the terms are, and in particular whether a public IP is offered or not.

madbrain

@wgstarks There is AT&T fiber half a mile downhill. I do not have $8/ft to spare right now, though. And I do not think AT&T would take my money to run it, also :-(. My home is within the coverage area of all 3 cell operators, and has been for many years. But the maps are really fantasy, and none of the cell signals have been usable until recently, at least not indoors.

madbrain

FYI, I spent many hours last night researching 5G modems/router devices. I found the following 3 :
https://www.neteon.net/idg450-0gt0c/
https://www.getic.com/product/teltonika-trb500-industrial-gateway?vat_state=excl&currency=USD
https://www.waveshare.com/rm520n-gl-5g-router.htm?sku=25520

These are less expensive than the Netgear devices mentioned upthread. I'm not sure if they all support the required bands for US 5G services, though. I would have to dig deeper into the specs. I believe all 3 can be put in bridge mode, and avoid double NAT, something I believe a 5G smartphone cannot do. The 5G provider still needs to provide a public IP address for bridge mode to help, though.

sarrasine

@madbrain
Hi,
The Netgear hotspots will work in IP Passthrough mode, I am not sure if this is the same as Bridge Mode though.
I am in a place where I can get Comcast (cable, used to have it), AT&T fiber, but I chose to go wireless (and complicated the hell out of my life, lol). I dropped the cable, because it is a lightning surge risk (a major no-no for me, nobody properly grounds these), I was going to get AT&T fiber, but they insist on me using their gateway, which I won't do - I never use carrier branded equipment. So until AT&T start allowing us to buy our own modems, I am out. The only option left was to go wireless, but then the carriers still insist on you using their crappy gateway. So I had to get a SIM by becoming a member of FMCA and getting one of their plans : )
But... The plan comes with a 100 GB of priority data and is deprioritised after that, although it is marketed as unlimited. $60 a month.
Additionally, it comes with a heavy video throttling . So I have to run a VPN on my pfSense box in order to get rid of the video throttling.

madbrain

@sarrasine Yes, IP passthrough is the same as bridge mode. Comcast calls it bridge mode, and it is easy to find. Verizon calls it IP passthrough, and it is buried behind quite a few clicks in the web admin.

You are lucky to be able to get fiber, cable and wireless Internet. Until recently, I could only get cable.
I don't find the carrier gateway to be a serious issue, from a technical standpoint at least. As long as they are in bridge/IP passthrough mode, and the ISP provides public IPs, it all works great with pfSense. I have my Comcast XB8 in bridge mode, and Verizon ARC-XCI55AX gateway in IP passthrough mode. That means all router functionality is disabled, as well as Wifi. It would be better to have a strict modem without routing or Wifi, but economies of scale probably means such a device would sell less, and cost more.
Of course, the price of the device is built into the service cost. I prefer to have one time cost than a recurring one. Comcast will not offer unlimited data service if you use your own equipment, unfortunately. It's not every month that I use over 1.2TB of data, though.

I also have a 3rd ISP in trial right now, Sail Internet. They installed a fixed wireless antenna on my roof. I was supposed to get 200 / 200 Mbps, but a palmtree grew in the line of sight. They had to install a new antenna pointed somewhere else. I get about 200 / 30 from it.
Sail uses a POE modem that's actually on the roof. It is a straight modem, not router. They asked me if I needed a router when I signed up, and I told them no, as I have my own pfSense box.

I don't get why you are so concerned about lightning surges. If the cable is not properly grounded, can't you get the cable company to come over and ground it properly ? It should be their responsibility. Also, there are surge protectors for coaxial cable. I'm not sure how effective they are, but name brands usually provide some kind of insurance, which could cover some damage to your equipment.
All my equipment is plugged into surge protectors. I even installed many surge protecting outlets. I also have a heavy duty surge protector installed in my main electrical panel, and 2 in electrical subpanels as well.

Right now, I have two coax cables coming into my office, once from Comcast and one from Sail. In my home theater, there used to be another 2 coax, one from my OTA for TV channels, and another from Dish. The Dish came down a few years ago during fumigation. I was able to keep the OTA, which I still use daily with a HD Homerun DVR and attached USB SSD.

We had some serious lightning strikes in 2020 around here, but no actual issues at my home, except that we were subject to a pending evacuation order that fortunately never came. The air quality was awful for a month following all these fires, though..
https://en.wikipedia.org/wiki/August_2020_California_lightning_wildfires

I would not choose wireless if wired was reliable, but unfortunately it isn't. 100GB is about 3% of my usual monthly consumption with Comcast. I have exceeded the 1.2TB cap a few times, but am paying for unlimited data.

Funny that your ISP only throttles video and not VPN traffic after you exceed your high-speed data.

The Party of Hell No

@nimrod
I tried this not using a phone but a wireless access point called Pantech 4G from Verizon (I was charged $35.00 per month to have this device activated), which plugged into a usb port. It worked, however it was spotty like a cell signal can be and the biggest problem was if pfsense was restarted the configuration would be lost; something about the order of loading USB drivers in freeBSD caused a hickup. So are you able to reboot pfsense and not loose the configuration? As someone below stated they don't like using USB devices because of lack of support.

sarrasine

@madbrain

I don't get why you are so concerned about lightning surges. If the cable is not properly grounded, can't you get the cable company to come over and ground it properly ? It should be their responsibility. Also, there are surge protectors for coaxial cable. I'm not sure how effective they are, but name brands usually provide some kind of insurance, which could cover some damage to your equipment.

Lighting surges are a major phobia for me. I have changed many high-end surge protectors (Panamax, Furman, ZeroSurge and finally top of the line SurgeX).
Coaxial can never be 100% protected and Comcast would definitely not do it properly. I live in an apartment and a few of my neighbors lost electronics due to surges on the coaxial line. Theirs were not expensive to buy again, but I have Mark Levinson gear that would be prohibitively expensive to replace. So, I have sworn off cable for good.
Fiber would be best, but as I said I hate the idea of using AT&T provided gateway, even if I could configure it with real IP passthrough, which I can't. Who knows what kind of deeply imbedded spyware they have (just my own two cents) in their boxes. It is a hard pass for me.
If you are still looking for wireless 5G modems/hotspots, make sure they have at least a Qualcomm X62 or better yet X65/67
modem, as that will ensure you have all the necessary bands.
Also, you might want to take a look at Peplink.

madbrain

@The-Party-of-Hell-No Thanks. Good to know about USB devices being problematic for pfSense reboot. Does this issue also apply to USB NICs ? I am using one right now for my 3rd ISP which is Verizon 5G. I have not tried rebooting pfSense to find out.

madbrain

@madbrain Unfortunately, the Warp 5G SIM still didn't provide the expected results in my Samsung S22 Ultra. Despite the fact that the phone is unlocked, and that the Verizon web site IMEI check page says my phone is a perfect match for their network, the only thing that worked reliably initially was voice and texts, ie. GSM. For data to work, I had to add 3 APNs manually. I got a 5G signal, but speedtest is very slow, in the 0-2 Mbps range down and 0-3 Mbps up. The phone also sometimes loses the 5G data signal altogether. It does not drop down to 4G. This does not make a lot of sense to me, because the Verizon 5G home router/gateway in the same room a few feet away gets 100 Mbps down / 12 Mbps up. I am guessing the phone doesn't support all the 5G bands that Verizon uses, as it was originally locked to T-Mobile. Sigh. I suppose 0-2 Mbps up / 0-3 Mbps down is better than 1 kbps down / 0 kbps up I got 3 years ago. And it's better than the 0.07 Mbps / 0.03 Mbps that T-mobile achieves in the same location. Obviously, neither is suitable as a 5G WAN for pfSense. Perhaps if I had an unlocked 5G phone designed for the Verizon network and supporting all the bands, I might get different results. I thought the Verizon IMEI check would do the band check for me, but I was obviously mistaken.
As far as the IP addresses given, the v4 address starts with 100.118 and is not pingable or routable. At the moment, I have IPv6 disabled on my LAN/WAN in pfSense, and haven't checked whether the v6 address is the same. Time to turn it back on.

madbrain

@madbrain Looks like the IPv6 address on Warp 5G might be routable. At least traceroute goes through about 10 hops before it fails. That is better than the IPv4 address. The addressed cannot be pinged. It could be that the phone is blocking ICMP over cellular. Or it could be the carrier doing that, of course. Or both.

Dobby_

@NollipfSense said in Using mobile hotspot for WAN:

I had plan on trying this with the iPhone but the seller didn't have possession on eBay so I didn't bother...Ethernet to pfSense.

Cool gadget!!! Perhaps I take also one of them!

madbrain

FYI, for those who want to follow in my footsteps and try to use a US Mobile Warp 5G SIM (Verizon network) and smartphone for backup WAN, I was not successful at doing that. When at home, my unlocked Samsung Galaxy Ultra 5G, originally for T-mobile, gets 4 bars of GSM (voice/SMS) signal in my home office, but no data whatsoever, whether 2G, 3G, 4G or 5G. Meanwhile, the Verizon 5G Home Internet gateway, model ARC-XCI55AX, gets a perfectly good 5G signal, and is perfectly usable over gigabit Ethernet with pfSense, getting peak speeds of about 105 Mbps down / 12 Mbps up.
The only explanation I have for the gateway having a good data signal, but not the phone, is that they must be operating on different bands. The 5G gateway admin page unfortunately does not list the band, just signal strength.
It's unclear if the issue with the phone is the phone not supporting all the same 5G bands that the gateway does, or if the MVNO is deprioritized and not allowed on those bands. But the result is the same - I cannot use the phone for WAN with pfSense, at least not if it's located in the same room. The phone does get a weak 5G data signal in other rooms, and could potentially be used over Wifi, if I added a Wifi NIC to my pfSense box. But the 5G speeds I achieved on the phone of 1-3 Mbps are so low that it's not really a viable backup ISP. No streaming possible for sure with that setup.
I did get a much better 5G signal with the phone in other cities earlier today - achieved 100 Mbps down / 10 Mbps up. Way better than 0 / 0 at home.

JKnott

@madbrain said in Using mobile hotspot for WAN:

FYI, for those who want to follow in my footsteps and try to use a US Mobile Warp 5G SIM (Verizon network) and smartphone for backup WAN

FWIW, my ISP apparently is planning on providing backup over 5G.

'“Storm-Ready WiFi” powered by a device equipped with cellular backup and a rechargeable battery, which allows users to stay connected when their power is out, is also part of Roger’s new Xfinity-powered offerings.'

sarrasine

@madbrain
You probably know about this, but there is a wealth of information about mobile internet (both cellular and satellite) here:

https://www.rvmobileinternet.com/

madbrain

@sarrasine I didn't know about it, actually.

It looks like Verizon might be using a band called n77 in my area. That works fine with the provided 5G Gateway. But does not with my carrier-unlocked S22 Ultra originally for T-mobile. Some are saying I can flash the firmware to the U1 version instead of U version and make it work. I don't think I'm going to bother.

I don't know if any of unlocked 5G modems / gateways support this particular band or not.