TMobile cell spot not having internet
-
I found a really old threads that resolved this issue by changing the MFS... can anyone show me where to find this setting?
https://forum.netgate.com/topic/131363/t-mobile-cellspot-not-working
-
Changing the what?
Those little microcells generally need nothing but a good GPS signal and time to sync with the mothership. They work fine with the default pfSense configuration.
-
@Derelict said in TMobile cell spot not having internet:
ne with the default pfSense configu
In that thread, the OP mentioned the fix was to change the MFS Max Frame Size to 1518.
FWIW, it requires UDP port 500, 4500 and 123
-
Sounds like misinformation.
Those are outbound ports. All open by default.
500 and 4500 are IPsec. 123 is NTP.
The node establishes a connection to the mothership using IPsec. it communicates with them over that.
Guess it sets the clock using NTP too.
Nothing should need to be done in the firewall. It's all open by default.
You can open Diagnostics > States and filter on the inside IP address assigned to the cell and see what you see. Probably a pair of states on 4500. Maybe one on 500 and 123.
-
My DHCP lease shows the cellspot being online but under states, there are 0 traffic found for the IP.
-
well, it's going to need to make outgoing connections to be able to transfer any data.
-
@Derelict and this is what I'm trying to figure out.... It's been hooked up for 5 hours still blinking internet light
-
No idea. What do they have to say for themselves? "It's your firewall!" ??
Have you messed with the firewall rules on the interface it is on at all?
-
@Derelict said in TMobile cell spot not having internet:
No idea. What do they have to say for themselves? "It's your firewall!" ??
Have you messed with the firewall rules on the interface it is on at all?
Haven't contact them. Going to change it up and have the cellspot on the internet first then pass to pfsense to see if it works.
-
Make port 4500 a static port.
-
If they did that they broke NAT-T and everything NAT-T is supposed to do. Wouldn't surprise me though. If they did that they might as well just use port 500.
