Spark 4G router - bridge mode

Forums › Spark New Zealand (including Skinny and BigPipe) › Spark 4G router - bridge mode

1 | 2 | 3

3606 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2471071 25-Apr-2020 14:17

hio77:
snnet:

.. nztim: change the APN to direct.telecom.co.nz = dynamic public ip and no CG-NAT...

Would assume they've not allowed that with these SIMs for FWA

Correct. It won't terminate on the correct network.

It's actually not provisioned to the device profile rather than won't terminate on the correct network as the only allowed APN on Wireless Broadband was "broadband". Plus you need to have the Huawei B315/618 IMEI range for the SIM to work as you can't move it from the Spark supplied device into your own device.

It was done so the rating and billing process can be done differently ie when you connect wireless broadband you get a larger data allocation before the core router needs to check back with the billing platform if they still have available data... Or that was how it was setup when I was at Spark. ;)

And for Static IP it is provisioned at the core so the end-user doesn't need to change their APN setting to be terminated onto the fixed broadband network over a L2TP tunnel rather than being routed via the mobile core and being behind the CGNAT gateway.

hio77

12999 posts

Uber Geek

ID Verified

Trusted

Lizard Networks

#2471077 25-Apr-2020 14:23

I was simplifying it for posting :)

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

AndyT

164 posts

Master Geek

#2557416 5-Sep-2020 12:38

An old thread, but one of interest to me as I have pretty much the same scenario, i.e. Spark ISP with Huawei 618s-65d on 4G rural BB, with an Edgerouter X itching to be useful!

Forgive my layman's questions but can I ask:

Cyril 7 suggests on 23/04/20 using a transport network between Huawei and USG. I've read up about transport network layers on Google, but how can I implement this at a domestic level on my system?
Cyril7 also suggests 23/04/20 putting a static route on the Huawei pointing back to the USG. Is this as simple as creating a static IP for the ER-X of say 192.168.10.1, i.e. different to the default 192.168.1.1?
Where in EdgeOS do i turn off NAT in the ER-X?
Am I correct in leaving the Huawei IP as default 192.168.1.254, but disable DHCP?
Am I correct in changing fixed infrastructure such as each of the WAPs to static IPs of 192.168.10.x?

Look forward to any and all responses.

Thanks & regards,

cyril7

9058 posts

Uber Geek

ID Verified

Trusted

Subscriber

#2557707 6-Sep-2020 07:59

Hi, have answered this in your other thread, but you cannot bridge the 618, but you can remove all features except NAT and then use the ERX to do all that. The 618 DHCP does not need to be turned off, as all it will be connecting to is the ERX Wan, which will be statically set anyway.

Cyril

jweichler

6 posts

Wannabe Geek

#2558193 7-Sep-2020 08:12

Cyril is correct. There is no bridge mode on the Huawei.

Firstly, I ran through one of the ER setup wizards - probably 1 WAN and 1 LAN port.

My Huawei is set to 192.168.X.254. I disabled DHCP, WiFi and anything else that was not required.

The WAN (eth0) port on my ER is set to 192.168.X.253.

I have the system gateway in the ER dashboard set to point to the Huawei - 192.168.X.254

I have local networks assigned to the other ER LAN ports (e.g. eth1 = 192.168.Y.0) with DHCP enabled.

Hope this helps.

AndyT

164 posts

Master Geek

#2559812 7-Sep-2020 18:48

Thanks for the update ... and thanks to Cyril7 for his postings in my other thread.

I've taken all feedback on board and got as far as fully configuring the ER-X "in isolation" via a static IP on my iMac and so far, so good.

I haven't yet had the opportunity to connect the ER-X into the system and dumb-down the B618s - I have to wait for an empty house for that to give me (i) time to give it a go, and (ii) more time to rescue things if it all turns to custard, before I get complaints about the IT systems being down!

I'll post the outcome after I've had that opportunity.

The only point I'm still confused on is Cyril7's posting 6/09/20 13.29 to the effect that as the B618 cannot be bridged, I'd need to leave the NAT functioning on the ER-X. But doesn't that create at least a double NAT which I've always understood to be a non-no, and I'm still reading-up about the added complication of CG NAT, which is a new term to me, which I'm sure I read somewhere is a third NAT?

Thanks & regards,

cyril7

9058 posts

Uber Geek

ID Verified

Trusted

Subscriber

#2559846 7-Sep-2020 19:51

Hi yes if you are on a cg nat then you would have three NATs, not ideal, but not the end of the world unless you play games, or want to host services

Cyril

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

BarTender

3606 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2559850 7-Sep-2020 19:59

You can setup DMZ mode and forward all inbound traffic to your internal router. Which for the most part would achieve what you’re looking forward.

AndyT

164 posts

Master Geek

#2561920 10-Sep-2020 21:41

Last night i had the (brief) opportunity, with the house to myself, to install the pre-configured ER-X .... but I couldn't get an internet connection. Everything else seemed fine i.e. the link between desktop and ER-X and between desktop and other clients on the system, but no internet, so Im clearly doing something wrong. Here are my setup notes which might give a clue as to where I'm going wrong, and any advice to get me back on-track would be very much appreciated.

Thanks & regards,

iMac / Laptop:

1. Download latest ER-X software from Ui.com
2. Temporary static IP on iMac / laptop of 192.168.1.10
3. Connect iMac / laptop to eth0
4. Chrome login to ER-X default 192.168.1.1 (default / original) or 192.168.1.20 (as 2.b.iii below)
5. Update ER-X software
6. Basic wizard
7. PPPoE internet connection
  1. Username
  2. Password = password
  3. MTU set to 1492

8. ER-X config:

1. 1. U/N: ubnt
  2. P/W: **********

9. Save

10. Reboot

11. Revert to auto IP on iMac / laptop

12. Connect iMac / laptop to eth1

13. Chrome login to 192.168.1.1

14. Enable Hardware offload & IPSec offload

2. B618 & ER-X install:

1. Huawei B681:
  1. Disable DHCP (as can’t set WAN of ER-X statically in B618)
  2. Disable firewall
  3. Disable wifi (providing other WAPs available)
  4. Enable DMZ function and point to ER-X WAN at 192.168.1.20

2. ER-X:

1. 1. Retain NAT
  2. Create static IP of 192.168.10.1/24 on switch eth1,2,3,4 in Dashboard Interface Actions
  3. Create static WAN interface IP of 192.168.1.20 /24 in Dashboard Interface Actions
  4. Set Gateway to B618 at IP 192.168.1.254/24 in System Basic Settings
  5. Disable default DHCP Server “LAN” 192.168.1.0/24 in Services DHCP Server
  6. Enable DHCP and create DHCP IP pool range 192.168.10.50 to 254 in Services DHCP Server with lease time of 86,400
  7. Emulate B618 primary and secondary DNS settings e.g. Spark Primary 122.56.237.1 / Secondary 210.55.111.1 or Google 8.8.8.8 in Services DHCP Server
  8. Disable UPnP in Config Tree Services (disabled by default)
  9. Set TCP MSS to value 1452 not default 1412 in TCP MSS Wizard

3. Fixed client infrastructure:

1. 1. Create static IPs of 192.168.10.x per Client
  2. Check printer auto IP via test page
  3. Load all Client icons onto iMac for network management

4. Cat 6 connect Huawei B618 LAN to ER-X WAN on eth0

5. ER-X LANs to eth1 & eth2

6. Power up

7. Test:

1. 1. Generally
  2. Check double NAT in Mac OS terminal – traceroute 8.8.8.8. More than one private IP address (i.e. 192.168.x.x) in trace indicates double NAT. Resolution is DMZ per note 2.a.iv

AndyT

164 posts

Master Geek

#2561921 10-Sep-2020 21:44

Apologies for that .... the formatting went completely awry - but hopefully it will be understood!

Spyware

3764 posts

Uber Geek

Lifetime subscriber

#2562019 11-Sep-2020 08:40

Need to remove PPPoE client from ER-X if exists.

Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, Unifi UAP, U6-Pro, UAP-AC-M-Pro, Apple TV 4K (2022), Apple TV 4K (2017), iPad Air 1st gen, iPad Air 4th gen, iPhone 13, SkyNZ3151 (the white box). If it doesn't move then it's data cabled.

AndyT

164 posts

Master Geek

#2563051 12-Sep-2020 18:41

Many thanks Spyware, I deleted a PPPoE interface that was "disconnected" but I'm afraid it didn't resolve the issue and I still don't have an internet connection.

Everything else appears OK so I'm stumped I guess!

Is there a config file in the ER-X somewhere that I can access, extract and post on this forum for the experts to check and perhaps identify the glitch?

Thanks,

Spyware

3764 posts

Uber Geek

Lifetime subscriber

#2563056 12-Sep-2020 19:01

https://help.ui.com/hc/en-us/articles/360002535514

AndyT

164 posts

Master Geek

#2563248 13-Sep-2020 12:09

OK, copy + paste of Edge OS Config file from MacOS Text Editor below.

Can anyone out there advise if there is there a clue in here as to why I cant get internet access? I've reconfigured the system all over again this morning but again no luck. As soon as I plug the B618 into eth0 on the ER-X the B618 status light goes out meaning "data server connection is disconnected".

Many thanks in anticipation.

firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
options {
mss-clamp {
interface-type all
mss 1452
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.1.20/24
duplex auto
pppoe 0 {
default-route auto
mtu 1492
name-server auto
password password
user-id username@xtra.co.nz
}
speed auto
vif 10 {
description "Internet (PPPoE)"
}
}
ethernet eth1 {
description Local
duplex auto
speed auto
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.10.1/24
description Local
mtu 1500
switch-port {
interface eth1 {
}
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative enable
disable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.38 {
stop 192.168.1.243
}
}
}
shared-network-name LAN-B681 {
authoritative disable
subnet 192.168.10.0/24 {
default-router 192.168.10.1
dns-server 122.56.237.1
dns-server 8.8.8.8
lease 86400
start 192.168.10.50 {
stop 192.168.10.254
}
}
}
static-arp disable
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on switch0
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
log disable
outbound-interface pppoe0
protocol all
type masquerade
}
}
pppoe-server {
authentication {
mode radius
radius-server 0.0.0.0 {
key secret-radius
}
}
client-ip-pool {
start 192.168.10.50
stop 192.168.10.254
}
dns-servers {
server-1 122.56.237.1
server-2 8.8.8.8
}
interface eth0.10
mtu 1492
}
ssh {
port 22
protocol-version v2
}
unms {
disable
}
}
system {
gateway-address 192.168.1.254
host-name ubnt
login {
user ubnt {
authentication {
encrypted-password ********
}
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat enable
ipsec enable
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}

/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.10.11.5274269.200221.1028 */

Spyware

3764 posts

Uber Geek

Lifetime subscriber

#2563250 13-Sep-2020 12:15

Most obvious problem is the PPPoE client on eth0 which has no place in this config as ER-X does not connect to ISP. Also the masquerade rule (NAT) appears to be bound to PPPoE client - hence why Internet doesn't work.

As for the PPPoE server bit, I'm not sure why that is there. Of no relevance at all to this.

1 | 2 | 3