Backup WAN showing 10.x.x.x IP address?



  • I have implemented a backup WAN with a cellular LTE modem. The modem is a Teltonika RUT240 working in bridge mode. It has been set with the mac address of the pfsense NIC for the backup WAN.
    I have set up a pfsense Gateway for the backup cellular WAN and made it a tier 2 to go with the tier 1 gateway of the regular WAN in a Gateway group. The default Gateway is set as Automatic.
    There are obviously additional things to do to get blocking and snorting on the backup WAN.
    It appears to work exactly as intended with the regular land line WAN taking all the traffic until a fail is declared on the basis of dpinger finding the delays or packet loss above the trigger level. The cellular backup WAN then takes over with a small pause of seconds and all is well.
    When the regular WAN recovers (plugging the cable back in!) it switches back after a few seconds and returns to the nominal state.
    My question is this.
    The backup WAN gateway is set as DHCP to take its IP address from the 4G cellular network DHCP server and indeed receives an IP which is the one that 'what's my IP' says it is. However, the IP address shown in the pfsense control panel interfaces widgit, see image, is a 10.1.x.x scope; why?
    The address shown in the inteface widgit for the regular WAN is the same as the what's my IP address returned by DDNS service. The regular WAN is a PPPoE gateway to suite the ISP. Thge only configuration type that works for the backup cellular WAN is DHCP.
    Any ideas as to where this 10.1.xx IP address comes from or if it is a bad sign?

    Note:- 2.4.4-p3 running in an Optiplex quad core i5 +8Gb.

    BackupWANIP.JPG


  • Global Moderator

    @STEAMENGINE If you use LTE modem on laptop. which IP address you get?
    Some ISP give you IP address from private range ("grey network") and then do NAT to public IP.


  • LAYER 8 Global Moderator

    ^exactly its not uncommon to see rfc1918 used in this way, especially when lack of available IPv4 space - its easier to setup for them then say 464XLAT, they could also use the space in the 100.64.0.0/10 as CGN (carrier grade nat)



  • Thanks Guys. It is not today possible to test the modem with a laptop. However, it seems you are saying that the manifestaion is not so strange after all.
    If I can take away from this that it is not a bad sign that I need to do something about I am content. I will do the laptop test when I can.


  • LAYER 8 Global Moderator

    Its not uncommon - but still not an optimal sort of setup ;) But what you going to do when you don't have enough public IPv4 to use for your clients.. Just how you at home only having 1 public IP have to nat so your multiple clients can share your 1 public IP.

    As the world transitions to ipv6 this will at some point fade into memory.. But that is quite a few years off to be honest.. Pretty sure I will be retired from the biz before it actually becomes mainstream for anything other then mobile devices.

    It also could be that your isp devices is just not in "bridge" mode..


  • LAYER 8 Rebel Alliance

    Obfuscating IPs in screenshots but not the hostnames is weird. 😁

    -Rico


  • LAYER 8 Global Moderator

    Hiding the rfc1918 also weird... They hide one, but not the other? They left the 192.168.1.1 but hid part of the other 192.168 address.



  • Further searches reveal that most European cellular carriers are using the CGNAT trick for the mass market, including my carrier.
    The down side seems to be that VPNs etc won't work. On the up side it transpires that my carrier and some others offer fixed IP cellular SIMs but they are expensive with limited data allocation. It would be strictly a backup plan and more pricey than a whole additional broadband wired wan. The reason to use it would be that mostly only city folk in the UK can get choice of dual independent WAN feeds.
    Thank you for your quick recognition of the problem.


Log in to reply