4G LTE connection on Pfsense? USB dongle suggestion!
-
In NDIS mode, how does the host PC get a public IP address? Is it like bridged mode? Where do you configure the APN settings? I'm trying to understand how these dongles work before buying one.
I need to plug the dongle into my Hyper-V host and get a public IP address in my pfSense VM. Can I attach the NDIS Ethernet interface to the VM? How will it get a public IP address?
-
With the modem in NDIS mode it will appear as a network card, it will obtain whatever IP assigned by the ISP.
APN is set by the command which actually brings connection up, for example:AT^NDISDUP=1,1,"web.vodafone.de"Please refer to the previous discussion:
https://forum.pfsense.org/index.php?topic=86064.msg581741#msg581741 -
In that thread, he seems to be using HiLink mode. In that case DHCP on the NDIS interface will work with an unnecessary NAT performed by the dongle. The only issue for him was the USB mode switching, which can be permanently set via AT commands.
However I want the public IP address on pfSense. If I disable HiLink mode using the AT commands, how will the NDIS interface function? I believe it uses NCM instead of NDIS, which also presents an Ethernet interface. But how can it automatically mirror the same public IP address over Ethernet via DHCP? What if the public IP address changes?
-
Successful NDIS connection:
https://forum.pfsense.org/index.php?topic=86064.msg581645#msg581645 -
According to this, in NCM mode the dongle presents both a serial interface and an Ethernet device. The Ethernet device reports a link down state until the connection is established via AT commands to the serial interface. This forces a DHCP renewal and the public IP address is obtained by the host whenever the link state changes.
https://dev.openwrt.org/ticket/15328Now the question is, will pfSense automatically send the AT commands to connect the session? Because this is not a PPP session like older modems that pfSense supports. From what I understand, the commands need to be sent in parallel on the serial interface, and the link comes up on the Ethernet interface. On a desktop PC, the ISP software sends the AT commands to the serial interface and the OS handles the rest when it sees the link up on the Ethernet interface.
-
@KurianOfBorg:
Now the question is, will pfSense automatically send the AT commands to connect the session?
AFAIK, no. You can try to do this yourself in earlyshellcmd.
Similar to https://forum.pfsense.org/index.php?topic=103676.msg590927#msg590927
(disregard usb_modeswitch) -
But that is not a fully working solution - failure on unplug / disconnect etc. Now we know the proper name is NCM mode, but this thread discusses this exact type of connection and its problems: https://forum.pfsense.org/index.php?topic=100917.0
It looks like the best solution is to use HiLink mode where the dongle only presents a NATed Ethernet interface and use DMZ to forward all ports to pfSense. USB mode can be permanently switched with a one time AT command. This is the only way it will recover from all failures automatically.
-
Using the legacy PPP mode will be a safe choice. No additional NAT, the only potential drawback is potential decrease in speed comparing to NDIS and HiLink.
Note that HiLink is not un-plug safe - I've warned here: https://forum.pfsense.org/index.php?topic=106477.msg594536#msg594536 -
Using the legacy PPP mode will be a safe choice. No additional NAT, the only potential drawback is potential decrease in speed comparing to NDIS and HiLink.
Note that HiLink is not un-plug safe - I've warned here: https://forum.pfsense.org/index.php?topic=106477.msg594536#msg594536If I use HiLink mode, then I will plug it into the Hyper-V host and bridge the Ethernet interface to the pfSense VM, which should be unplug safe. I am not sure whether Hyper-V can do USB passthrough to a Generation 1 FreeBSD VM such as pfSense for PPP mode or NCM mode.
Thanks for your assistance.
-
Hi, sorry for bringing up the old post, but i have tried usb modem ZTE MF-825A and it just works when i put it in, just use it as WAN and its done.