Multi-WAN, LTE Gateway problems

brucehowells · Jul 24, 2020, 3:44 PM

I recently adopted an LTE Gateway, which can't be switched into bridged mode (not sure if that's relevant for LTE, anyway, but...) and I've spent more time than I care to admit trying to get Multi-WAN to work with it.

I have two WAN interfaces defined - WAN, which goes to Comcast and gets a public IPv4 address, and WWAN which goes to the LTE, getting a NAT IP - at the moment, I have it set to 172.16.0.0/24. My LAN is in 10.0.0.0/23.

Creating the gateway group works well, but I can not seem to get failover or policy-based routing to work.

Has someone written up a setup guide for this kind of scenario?

Rico · Jul 24, 2020, 4:07 PM

Double NAT is not ideal but just works, I do this a lot with LTE too.
Show your settings via Screenshot.

-Rico

brucehowells · Jul 24, 2020, 4:15 PM

@Rico It'll be later today. Just didn't want to gunk up the forum with a bunch of screenshots if the answer was "oh, yea, just go to this page in the pfSense book, you ninny." :)

Rico · Jul 24, 2020, 5:45 PM

Oh well here we go. ;-)
https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html
https://docs.netgate.com/pfsense/en/latest/routing/troubleshooting-multi-wan.html

-Rico

DaddyGo · Jul 26, 2020, 1:36 PM

@brucehowells said in Multi-WAN, LTE Gateway problems:

reating the gateway group works well, but I can not seem to get failover or policy-based routing to work.

we had problems with this for a long time and so we solved it....

Special SIM card from the service provider (industrial non - NATd)
Huawei B2338-168 4G LTE modem / router in IP pass mode

https://www.4gltemall.com/blog/huawei-b2338-outdoor-lte-cpe/

WWAN on pfSense works perfectly after replacements

brucehowells · Jul 26, 2020, 1:38 PM

@DaddyGo Well, yea, but... :)

DaddyGo · Jul 26, 2020, 1:47 PM

@brucehowells

dual-NAT on the secondary WAN connection is just a headache
does not work properly the VOIP (SIP), icecast stream, reverse proxy, etc

can I list more?

+++edit:
https://www.verizon.com/support/knowledge-base-213106/
https://community.sophos.com/products/xg-firewall/f/hardware/94546/lte-modem-with-passthrough-of-external-ip-address
https://www.netgear.com/images/datasheet/mobile/LB1120.pdf

brucehowells · Aug 20, 2020, 6:57 PM

I think I identified my problem, and figured I'd share with the community if anyone ever sees this breadcrumb again.

I was trying to use a gateway group so that I had fallback for PBR - "prefer WWAN, use WAN if you must" and that didn't quite seem to be working as expected; I'd get SYN-SENT on WWAN and active state on WAN.

Once I changed the PBR rule to use the gateway and not the gateway group (and, of course, tossed the states on WAN), traffic started flowing as desired.

Fun, fun, fun.