Multi-WAN, LTE Gateway problems
-
I recently adopted an LTE Gateway, which can't be switched into bridged mode (not sure if that's relevant for LTE, anyway, but...) and I've spent more time than I care to admit trying to get Multi-WAN to work with it.
I have two WAN interfaces defined - WAN, which goes to Comcast and gets a public IPv4 address, and WWAN which goes to the LTE, getting a NAT IP - at the moment, I have it set to 172.16.0.0/24. My LAN is in 10.0.0.0/23.
Creating the gateway group works well, but I can not seem to get failover or policy-based routing to work.
Has someone written up a setup guide for this kind of scenario?
-
Double NAT is not ideal but just works, I do this a lot with LTE too.
Show your settings via Screenshot.-Rico
-
@Rico It'll be later today. Just didn't want to gunk up the forum with a bunch of screenshots if the answer was "oh, yea, just go to this page in the pfSense book, you ninny." :)
-
Oh well here we go. ;-)
https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html
https://docs.netgate.com/pfsense/en/latest/routing/troubleshooting-multi-wan.html-Rico
-
@brucehowells said in Multi-WAN, LTE Gateway problems:
reating the gateway group works well, but I can not seem to get failover or policy-based routing to work.
we had problems with this for a long time and so we solved it....
- Special SIM card from the service provider (industrial non - NATd)
- Huawei B2338-168 4G LTE modem / router in IP pass mode
https://www.4gltemall.com/blog/huawei-b2338-outdoor-lte-cpe/
WWAN on pfSense works perfectly after replacements
-
@DaddyGo Well, yea, but... :)
-
dual-NAT on the secondary WAN connection is just a headache
does not work properly the VOIP (SIP), icecast stream, reverse proxy, etccan I list more?
+++edit:
https://www.verizon.com/support/knowledge-base-213106/
https://community.sophos.com/products/xg-firewall/f/hardware/94546/lte-modem-with-passthrough-of-external-ip-address
https://www.netgear.com/images/datasheet/mobile/LB1120.pdf -
I think I identified my problem, and figured I'd share with the community if anyone ever sees this breadcrumb again.
I was trying to use a gateway group so that I had fallback for PBR - "prefer WWAN, use WAN if you must" and that didn't quite seem to be working as expected; I'd get SYN-SENT on WWAN and active state on WAN.
Once I changed the PBR rule to use the gateway and not the gateway group (and, of course, tossed the states on WAN), traffic started flowing as desired.
Fun, fun, fun.
