Resolved: T-Mobile CellSpot connectivity issues
-
Made some progress, I think.
I let it sit behind the modem to update itself. Everything looked good. Then I moved it behind the router with the updated software. This time the power light (green) and the Internet (orange) light blinks with a steady GPS light. Orange meaning an issue.
I suspect it's not able to talk to the outside world due to DNS issue. How do I troubleshoot the DNS resolver? Weird is that the cellphones use the same network on WiFi and don't have any issues. They all point to 10.2.1.1.
-
It is locating its destination address as shown by the fact it is actually connected to the server by what is shown in your state table. If you had DNS problems it wouldn't be able to locate the servers.
My guess is that something is screwing up the VPN packets somehow.
Your connected using a wired connection? Un-managed switch?
-
Yes wired connection. Managed switch as I have several VLANs. But no changes on the switch since last 4 years. Same VLAN used by 4 cellphones and 1 VoIP sip hone.
-
Looks like good two-way traffic to me.
-
Orange Internet light means it does not have an internet connection or unable to talk to the internet.
-
Orange Internet light means it does not have an internet connection or unable to talk to the internet.
They really need to re-write their guide.
Is the light flashing or solid?
-
Have you tried a different Ethernet cable? Solid light would seem to indicate no connection to your switch..
-
Orange Internet light means it does not have an internet connection or unable to talk to the internet.
They really need to re-write their guide.
Is the light flashing or solid?
Internet light is Flashing orange. When it has good internet connection its solid green.
If I turn off the cellspot for some time and then turn it back on the GPS light turns steady green as it was previously configured and acquires a signal. So it's blinking green power light and orange Internet light and steady green GPS light.
If I do a hard reset to factory defaults, just the green power light blinks as its trying to communicate to T-Mobile for a software download.
-
Have you tried a different Ethernet cable? Solid light would seem to indicate no connection to your switch..
Yeah ..lol. I can see it acquires an IP address in the DHCP leases table. I can ping it. Moved to LAN subnet and it works the same way. Same cable used to connect directly to the modem and it works.
-
https://support.t-mobile.com/docs/DOC-24271 I was just reading this doc..
Your cellspot is making a VPN connection to the Tmobile servers as proven by your state table.
Your cellspot is not making an connection inside the VPN as shown by your blinking orange light.
Something is messing up the VPN packets. Can you try connecting the cellspot direct to your pfsense box without the switch? Have an extra interface?
Just trying to rule things out.
-
Yep, just tried it. Plugged in the VoIP interface straight… no go :(
-
And to verify- No static DHCP setting for it is there?
Your not blocking DNS in any way? These devices unless you see different as it starts, tend to use their own DNS so your DNS should not matter
-
This seems like a 100% problem for t-mobile to solve. Too bad their support is so unhelpful and ignorant.
-
And to verify- No static DHCP setting for it is there?
Your not blocking DNS in any way? These devices unless you see different as it starts, tend to use their own DNS so your DNS should not matter
Wide open same as default LAN.
IPv4 * VOIP net * * * * none Default allow VoIP to any rule
-
This seems like a 100% problem for t-mobile to solve. Too bad their support is so unhelpful and ignorant.
Sounds like the device is not set for NAT operation.
Many people here including myself (for my office and two other customers) have these femtocell devices up and running behind our pfsense boxes with no issue. If this was an issue with pfSense there would be tons of posts with complaints of the same. But it just works for me and seemingly everyone else.
To test my NAT therory.. do you have a SOHO router hanging around? Your not double NATted are you?
-
There are generally zero configurable options on these things.
-
There are generally zero configurable options on these things.
Yea- has to be done by the carrier.
-
No double NAT. Just different subnets for LAN, VoIP and Video. I used a simple Asus SOHO router and it connected in matter of mins. Right now I have plugged it in directly behind the modem and that works as well. Just the moment I move it behind pfSense it hits a block. Firewall logs (when logging enabled for VoIP subnet rules) show a green check for the CellSpot IP.. means it passed through.
What I have not tried yet is force opening port 53 for the CellSpot even though the VoIP subnet (like the LAN) is wide open. I have even tried keeping on default LAN on a fresh plain install.. same issue.
What baffles me is that, nothing changed on my network except moving to v2.3.2. I may have to go back to v2.2 if this issue is not resolved.
-
What I have not tried yet is force opening port 53 for the CellSpot even though the VoIP subnet (like the LAN) is wide open. I have even tried keeping on default LAN on a fresh plain install.. same issue.
Your interface the cellspot is on needs full access to the internet. Basically it needs to be able to surf to anything it wants to. Rule= Voipnet any port any destination any port. Block nothing if you have not already. You really need nothing on WAN for it at all.
Other thing- Go to System/Advanced/Firewall&NAT TFTP Proxy. Enable that for your VOIP interface.
Another thing you could try is to make your devices port 4500 static in the outbound NAT page.
Im off to work in the field today so good luck!
-
Tried everything except for the TFTP Proxy. Will see if it does anything.
My VoIP Rule is like LAN.. [ IPv4 * VOIP net * * * * none Default allow VoIP to any rule ]
No change in data counters with port forwards for 4500, 500 and 123 directing to the CellSpot.