Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    External 4G router in bridge/passthru

    DHCP and DNS
    2
    6
    210
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tsmalmbe last edited by

      I'm using a Mobile RUT-950 router and connecting it to my WAN-port on pfsense. The router is working in bridge/passthru mode which in this case means it provides the real ip directly to pfsense and bypasses most of its own internal workings (firewall etc). Short story effective - when RUT950 reboots or it's modem reboots or anything similar, the ip in 9 cases out of 10 gets renewed by the mobile operator. However, pfsense does not "sense" this in any way. It marks the connection as down. I have to manually release-renew it under Interfaces.

      I have the WAN set to renew every hour ( the shortest possible in interface configuration) - but this still leaves me with the possibility of 59 minutes 59 seconds of downtime.

      There has to be a better way surely for this? An option like "when down, try intensily to both ping and renew the dhcp address". Or something. Or anything? Or there is something obvious that I'm doing wrong because this is the first use case where I have to configure WAN-DHCP and not just a static WAN address.

      Security Consultant at Mint Security Ltd - www.mintsecurity.fi

      Raffi_ 1 Reply Last reply Reply Quote 0
      • Raffi_
        Raffi_ @tsmalmbe last edited by

        @tsmalmbe it is possible that pfSense is getting the private address of the modem when it loses its public IP.

        See the option below under the Wan interface settings. If your modem has a web UI which you can access via its private IP, it is typically that IP you want to enter in there. In my case, my modem private IP is 192.168.20.1.

        e57ab4d0-ff30-4931-a95e-cb2eee44395e-image.png

        T 1 Reply Last reply Reply Quote 0
        • T
          tsmalmbe @Raffi_ last edited by

          Forgot to mention that I already configured the private ip of the router in the dhcp exception.

          Security Consultant at Mint Security Ltd - www.mintsecurity.fi

          T 1 Reply Last reply Reply Quote 0
          • T
            tsmalmbe @tsmalmbe last edited by

            Meaning that the problem is still a problem. pfSense keeps the "outdated" public ip until the next dhcp renewal and marks the gateway as down instead of trying to remediate it by renewing it immediately.

            Security Consultant at Mint Security Ltd - www.mintsecurity.fi

            Raffi_ 1 Reply Last reply Reply Quote 0
            • Raffi_
              Raffi_ @tsmalmbe last edited by

              @tsmalmbe Did a quick google on that router. Looking at the firmware release notes, I caught this. Not sure if that would help, but if you don't already have the latest firmware I would suggest trying to do that.

              35ff4457-4229-48f1-8260-1f27b9abae0e-image.png

              1 Reply Last reply Reply Quote 0
              • T
                tsmalmbe last edited by

                That's actually quite an old fix 2019 - but yes, this is not my only 950 hence I do know that there are useful fixes and just for the sake of eliminating all potential old issues, this time I started with updating it to the newest available 2020 firmware.

                There's no options to "tune" this in the 950, as it is passthru....well, it is just passing thru. Not really sure what the 950 could actually do in this case either? Good ideas are welcome, I can always pass them on to the dev's.

                Security Consultant at Mint Security Ltd - www.mintsecurity.fi

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post