Resolved: T-Mobile CellSpot connectivity issues
-
As I said before. Those port forwards might be screwing things up. They are 1000% not required for outbound connections.
I would get rid of all of that, get good two-way traffic on the IPsec session (500 and 4500 - whether it keeps increasing or not - look at all states on all interfaces filtering on whatever public IP you're connecting to) and call T-mobile and see whether they can see your unit connecting.
-
As I said before. Those port forwards might be screwing things up. They are 1000% not required for outbound connections.
I would get rid of all of that, get good two-way traffic on the IPsec session (500 and 4500 - whether it keeps increasing or not - look at all states on all interfaces filtering on whatever public IP you're connecting to) and call T-mobile and see whether they can see your unit connecting.
What I meant was port forwards didn't help. The system is on the default build state with no user changes.
Had called T-Mobile, but they said the CellSpot is not visible once behind the router and no connection requests are seen. Data counters are not showing any improvements. The CellSpot leaves the old connections and then tries with a new server every few mins.
-
If you have states to them and two-way traffic to them and no connection requests are seen by them, not sure what to tell you really.
You could packet capture but all you will be able to see is probably some DNS then the outside of an IKE/IPsec tunnel. You might do it and see if things seem to break down when packet sizes increase past about 1400 or something.
-
Tell us more about the hardware you are running pfSense on..
Especially the interface types.
-
What I have not tried yet is force opening port 53 for the CellSpot even though the VoIP subnet (like the LAN) is wide open. I have even tried keeping on default LAN on a fresh plain install.. same issue.
Your interface the cellspot is on needs full access to the internet. Basically it needs to be able to surf to anything it wants to. Rule= Voipnet any port any destination any port. Block nothing if you have not already. You really need nothing on WAN for it at all.
Other thing- Go to System/Advanced/Firewall&NAT TFTP Proxy. Enable that for your VOIP interface.
Another thing you could try is to make your devices port 4500 static in the outbound NAT page.
Im off to work in the field today so good luck!
FINALLY !!!! I can see the counters increasing steadily !!
It wasn't the TFTP Proxy.. but the MFS (Maximum Frame Size) on the network. Not sure why this happened now in pfSense v2.3.2 but I have the network config on 9216 (9000K) since 2012 with zero issues and the CellSpot worked just fine all these months. I installed an older v2.2 copy of pfSense last night on a backup server and the CellSpot connected fine once I restored the old config on it.
Definitely a frame size issue on v2.3.2. I confirmed this twice by changing the MFS to 9K and see the CellSpot disconnect. Tried putting a 9000 MTU on the interface but it didn't help.
-
ALL devices on a jumbo frame segment have to support, and be configured for, the jumbo frame size. Not quite sure how you are doing that on the cell spot with no config knobs.
-
Yeah, the CellSpot has 100Mbps port and not gigabit.
Along with changing the MFS to 1518 I had to enable (uncheck) the default set on the interface : Hardware TCP Segmentation Offloading & Hardware Large Receive Offloading.
Since I have intel 4 port NIC, I thought enabling it wouldn't hurt.
-
Yeah, the CellSpot has 100Mbps port and not gigabit.
Along with changing the MFS TO 1518 I had to enable (uncheck) the default set on the interface : Hardware TCP Segmentation Offloading & Hardware Large Receive Offloading.
Since I have intel 4 port NIC, I thought enabling it wouldn't hurt.
Intel drivers are generally just fine with those two checked. Is it em, igb or ?? Are you sure it's a real intel card and not a far-east knockoff?
-
It's igb. Yeah it was brand new ordered through corporate supplies.
-
Thousands and thousands and thousands of igb ports out there running 2.3.2 with those two options disabled (checked) by default. Zero issues as far as I know.
-
Yeah, the MFS setting resolved my issue. Enabling the other two options was just a test to see if it helped.
-
Congrats! Good info to know for others that come along as well with similar issues.
:)
-
Since T-Mobile cellspot is no longer available, I wonder if anyone has had good experience with signal boosters like the ones shown here: https://www.signalbooster.com/pages/tmobile
-
Do your phone and carrier support Wifi calling? I have lousy cell service in my home but, with Wifi calling, I now have an excellent signal. Added bonus is data does not count against my cell phone.
