Scottmichaelj Posted February 10, 2017 Posted February 10, 2017 I am starting a new thread here for anyone who wants to talk about misc router hardware and setups. This is also helpful for those of us who want to use a 4G/LTE Cellular device for a backup for their ISY or Elk Alarm systems if their primary ISP goes down. I recently did a roll your own router using pfsense (https://pfsense.org/), using an older PC I had. I have only had it for a week so still learning. All I had to add was an a quad port Intel I340 network card, which came last weekend. So far its been easier to work with than the Mikrotik I was testing. Still working on the backup via Cellular. My PC Specs are: Intel® Core2 Duo CPU, E8400 @ 3.00GHz, Wolfdale GA-E7AUM-DS2H Intel Quad Port I340 Networking Card 2GB DDR2 Ram32GB SATA SSD Drive My router plan is something like this: -Auto reboot devices via ping using my Digital Loggers power switch (DONE) -Setup VPN Service (Client) on Router for all PCs behind the router for privacy (DONE) -Email or Pushover on VPN disconnect and reconnect (DONE - outside router) -Setup incoming VPN (Server) for secure internet access when traveling and so I don't have to open ports (DONE) -DDNS setup (DONE) -Port Forwarding only MUST NEEDED PORTS (DONE) -SquidProxy & SquidGuard Installed on Router (DONE) STILL PENDING: -SSL Certificate on router -Setup backup internet (3G/4G/LTE) stopping certain traffic (Waiting for Netgear router mentioned below) -Anonymous DNS Server on router Not sure how far Ill get as I am pretty green when it comes to advanced enterprise level routers. I have pretty good networking knowledge but when it comes to custom NAT and firewalls, I am super GREEN - or is there a color before that? Special thanks to @GGiesen @Cyberk @MWareman EDIT: Updated progress on the router tasks above. Also based on the recommendation by @MWareman I purchased from Amazon a Protectli The Vault Essential 4-Port Device found at the link below. It will be here soon and I plan on scrapping the high power draw PC in place of this device which sips only 10W. http://protectli.com/products/
cyberk Posted February 10, 2017 Posted February 10, 2017 Great choice with pfsense, that's the way to go! Sent from my iPhone using Tapatalk
MWareman Posted February 10, 2017 Posted February 10, 2017 I'm going to join you in this journey I think. I currently only do dial with my Elk, but have VoIP thru Asterisk (a Flowroute SIP trunk) as primary dial tone, and a T-Mobile sim backed 'LTE Home Phone' device as backup. I am using a relay to switch the backup in when primary dial connectivity is down. I'd like to add IP based reporting. I'm on Alarm Relay, and have not contacted them yet to get IP reporting enabled. I need to do that first. I'm thinking a FreedomPOP sim in a mifi type device (Hauwai makes one with an Ethernet port). Just need to figure out fail over, routing etc... I have pfSense running as my primary edge router (does NAT, firewall, send registration, and haproxy reverse proxy IMG) so I need to figure out how I can configure the mifi as a secondary wan, but only use it for defined devices internally (I wouldn't want other devices using it as a tailored, only the ELK and ISY).
Scottmichaelj Posted February 10, 2017 Author Posted February 10, 2017 I'm going to join you in this journey I think. I'm thinking a FreedomPOP sim in a mifi type device (Hauwai makes one with an Ethernet port). Just need to figure out fail over, routing etc... I have pfSense running as my primary edge router (does NAT, firewall, send registration, and haproxy reverse proxy IMG) so I need to figure out how I can configure the mifi as a secondary wan, but only use it for defined devices internally (I wouldn't want other devices using it as a tailored, only the ELK and ISY). So this is the issue I have found. You either have to search and find a device that works via USB OR do as you suggest use a device with a LAN port and add it to the ethernet port on the pfsense. However my issue is signal strength, so I need a device that has an external antenna connection. So thats my issue I am trying to overcome, before I can move on.
MWareman Posted February 10, 2017 Posted February 10, 2017 As far as finding a compatible device, looks like this work is off to a great start already.... https://doc.pfsense.org/index.php/Known_Working_3G-4G_Modems
elvisimprsntr Posted February 10, 2017 Posted February 10, 2017 It's not what hardware but the recurring cost for the LTE service. I am just waiting on one piece of hardware to be delivered and I will have LTE failover for $2/mo. My requirement are: 1. Dual wan 2. Dual DyDNS 3. Port forwarding 4. Throttling for LTE connection 5. Service or IP address blocking. 6. No or extremely low cost recurring monthly extortion fee. I'm at the pub so I will have to post my solution later.
Scottmichaelj Posted February 10, 2017 Author Posted February 10, 2017 As far as finding a compatible device, looks like this work is off to a great start already.... https://doc.pfsense.org/index.php/Known_Working_3G-4G_Modems Yes I have seen that, but they are all USB Dongles. You know what they say about dongles? Also the Huawei B315 has external antenna connections however it does require a ton of space and can not be installed in my alarm can. Still might be the better way to go. http://consumer.huawei.com/en/smart-home/lte-router/features/b315-en.htm
MWareman Posted February 10, 2017 Posted February 10, 2017 Yes, they track USB devices only because there is a driver dependency. This doesn't matter for Ethernet connected devices. I have a Huawei e5770 that I plan on using (http://consumer.huawei.com/en/mobile-broadband/mobile-wifi/features/e5770-en.htm). It has an Ethernet port that I'll connect to my pfSense box as a secondary wan port. Just need to order a sim for it... Another advantage, it's built in battery lasts a looong time. So, won't need to connect it to my ups... However, there is an advantage to most USB devices - pfSense is going to be able to tell if there is no connection without using data unnecessarily. Using an Ethernet connection, pfSense will have to ping something - using a (small) amount of data.
Scottmichaelj Posted February 10, 2017 Author Posted February 10, 2017 Yes, they track USB devices only because there is a driver dependency. This doesn't matter for Ethernet connected devices. I have a Huawei e5770 that I plan on using (http://consumer.huawei.com/en/mobile-broadband/mobile-wifi/features/e5770-en.htm). It has an Ethernet port that I'll connect to my pfSense box as a secondary wan port. Just need to order a sim for it... Another advantage, it's built in battery lasts a looong time. So, won't need to connect it to my ups... However, there is an advantage to most USB devices - pfSense is going to be able to tell if there is no connection without using data unnecessarily. Using an Ethernet connection, pfSense will have to ping something - using a (small) amount of data. All true and good points however your device is not listed on the page. I have an AT&T Wireless Unite Explorer I just connected via USB and I can't "see" it via SSH on the USB. So...depends on Linux drivers. Not sure whats better trying to make things work or just buying proven devices and spending time in other areas.
MWareman Posted February 11, 2017 Posted February 11, 2017 The device I have does wifi and wired Ethernet - not USB. That's why it's not on the list. My plan is to use wired Ethernet into the pfSense - no driver needed.
Scottmichaelj Posted February 11, 2017 Author Posted February 11, 2017 The device I have does wifi and wired Ethernet - not USB. That's why it's not on the list. My plan is to use wired Ethernet into the pfSense - no driver needed. Does it use a dongle? I don't see one based on your link. Dont think it would work for me though, seems my signal is weak in the area I am trying to use it.
MWareman Posted February 11, 2017 Posted February 11, 2017 Does it use a dongle? No, the cellular part is internal to the device.
elvisimprsntr Posted February 11, 2017 Posted February 11, 2017 BACKGROUNDInitially, I looked at adding a USB LTE modem to a DD-WRT router, configure it for dual WAN, add scripts to do the failover/failback, change the IPTABLE to limit what IPs and throttle the BW over the LTE WWAN. While all technically possible, it seemed like a PITA.So, here is the lowest non-recurring and recurring cost, minimal effort solution I am implementing.NETGEAR LTE MODEMSNetgear announced at CES 2017 a new line of LTE modems, ranging in price from $120 to $160. The LB1120 (Bridge) and LB1121 (Bridge w/PoE) will be released on Feb 20th, and the LB2120 (LTE Failover) on March 20th. https://netgear.com/home/products/mobile-broadband/lte-modems/ These are basically the same models as the UK versions (LB1110, LB1111) which have been available since June 2016, presumably with different LTE bands. There was a UK version (LB2110) of the US LB2120, but for some reason the product was either never introduced or pulled from the market. http://www.downloads.netgear.com/files/DoC/204-10950-01_CE_LB2110_EN-EP-FR-IT_20JUN16.pdf LTE Bridge - US LB1120 - UK LB1110 LTE Bridge w/PoE - US LB1121 - UK LB1111 LTE Failover - US LB2120 - UK LB2110 (never released) ORDER NOWYou can pre-order all three devices on Amazon. https://www.amazon.com/NETGEAR-LTE-Modem-Network-Ready-LB1120-100NAS/dp/B01N5ASNTE/ref=sr_1_1?ie=UTF8&qid=1486853740&sr=8-1&keywords=netgear%2Bmodem%2Blb1120&th=1I was able to find one distributor who already has the first two in stock and is shipping now. Mine will be delivered Feb 17th. http://www.provantage.com/service/searchsvcs?QUERY=netgear+lte+modem&SUBMIT.x=15&SUBMIT.y=15These units are significantly lower in price than any of the LTE failover products and services on the market (Cradlepoint, Cisco, Sierra, Peplink, etc.) I've looked at them all.HOW IT WORKSThe first two units, you still need a dual WAN router with failover/failback.. The third model is installed between your WAN router and WAN ISP hardware, it does the failover/failback. There are no US model User's Manuals yet, but you can look at the UK equivalent for the first two. http://www.downloads.netgear.com/files/GDC/LB1110/LB111X_UM_EN.pdf. The product support page for the third UK model was never published.Not knowing why Netgear never released the UK version of the unit with LTE failover and skeptical how mature the firmware will be, I ended up getting the LB1120 (LTE Bridge). For the dual WAN failover, I purchased a well proven Linksys LRT224 (Dual WAN VPN Router). https://www.amazon.com/Linksys-Business-Gigabit-Router-LRT224/dp/B00GK640D6/ref=sr_1_1?ie=UTF8&qid=1486855892&sr=8-1&keywords=linksys+dual+vpn. It meets all of my requirements, including dual DyDNS. A secondary benefit of the LRT224 is all the complex LAN configuration is now in a dedicated appliance, which reduces my DD-WRT router to simple WLAN APs. Much easier to manage after a firmware upgrade or factory reset.LTE SERVICE OPTIONSNow that I have a low cost hardware solution, time to look for low cost LTE service. Since the failover WWAN is a very infrequent use scenario for temporary primary WAN service outages, I really don't need a lot of data. One option was to add a SIM to my existing cell phone data plan for an additional $25 per month, but I wanted to find an even lower cost solution.IOT PLANS TO THE RESCUEIn the US, both ATT and T-Mobile have announced IoT data plans for companies who want to build products which use very little data and sell the products with services to consumers. I briefly looked at T-Mobile. ATT seemed to offer a lower cost option. With ATT, for as little as $25 you get 1 GB/year. ATT has plans with higher amounts, but if you reach the data bucket limit it simply charges for another data bucket. You can have up to 1000 SIMs under the same plan. Each SIM costs $1 per month. So I registered with ATT as a developer, linking my GitHub account. https://m2x.att.com I bought and already received my 1 GB IoT SIM card. https://iotdataplans.att.com I just have to activate it once my LB1120 arrives on Feb 17th and configure the APN in the LTE modem for ATT IoT (m2m.com.attz) https://developer.att.com/technical-library/apns/apn-descriptions-and-characteristicsCONCLUSIONSo for basically a few hundred bucks and $3/month, I will have 24/7 LTE failover/failback for my whole house. My ISY/Elk can continue to send SMS notifications and receive push notifications from third party mobile apps. Another benefit is the next time Comcast raises my internet access rates, I can simply pop in a higher data bucket LTE SIM and tell Comcast to pound sand.
jtara92101 Posted February 12, 2017 Posted February 12, 2017 For me, just using a WiFi hotspot from my Mac Mini to my phone is good enough. There's nothing else on my network that is important. But.... if I did want some automatic/dedicated backup, recent Asus routers (I have RT-88) can use an LTE dongle. Actually, it looks like it might be possible to use a WiFi hotspot on your phone with AsusWRT-Merlin. If you enable dual-WAN, you can choose in a drop-down: - WAN - USB - Ethernet LAN Dunno if "Ethernet LAN" includes WiFi I already assign my iPhone a fixed IP via DHCP reservation. Nope. "Ethernet LAN" actually assigns a LAN port on the back of the router to the secondary WAN. So, you could use some Ethernet dongle, or some USB dongle. But not WiFi. It seems to be, though, that it should be POSSIBLE. Maybe it's something Merlin could implement.
Scottmichaelj Posted February 12, 2017 Author Posted February 12, 2017 NETGEAR LTE MODEMS Netgear announced at CES 2017 a new line of LTE modems, ranging in price from $120 to $160. The LB1120 (Bridge) and LB1121 (Bridge w/PoE) will be released on Feb 20th, and the LB2120 (LTE Failover) on March 20th. https://netgear.com/home/products/mobile-broadband/lte-modems/ These are basically the same models as the UK versions (LB1110, LB1111) which have been available since June 2016, presumably with different LTE bands. There was a UK version (LB2110) of the US LB2120, but for some reason the product was either never introduced or pulled from the market. http://www.downloads.netgear.com/files/DoC/204-10950-01_CE_LB2110_EN-EP-FR-IT_20JUN16.pdf LTE Bridge - US LB1120 - UK LB1110 LTE Bridge w/PoE - US LB1121 - UK LB1111 LTE Failover - US LB2120 - UK LB2110 (never released) ORDER NOW You can pre-order all three devices on Amazon. https://www.amazon.com/NETGEAR-LTE-Modem-Network-Ready-LB1120-100NAS/dp/B01N5ASNTE/ref=sr_1_1?ie=UTF8&qid=1486853740&sr=8-1&keywords=netgear%2Bmodem%2Blb1120&th=1 I was able to find one distributor who already has the first two in stock and is shipping now. Mine will be delivered Feb 17th. http://www.provantage.com/service/searchsvcs?QUERY=netgear+lte+modem&SUBMIT.x=15&SUBMIT.y=15 These units are significantly lower in price than any of the LTE failover products and services on the market (Cradelpoint, Cisco, Sierra, Peplink, etc.) I've looked at them all. The Netgear product seems like it could fit the bill for what I need nicely. I need a small device that has external antenna connections that supports AT&T Wireless. Thanks for your post! I can then add it to my family data share plan for backup. I don't lose my ISP that much, maybe once a year if that, however it did go down other day for a few hours due to a "snow storm" in the area so I needed the backup then, so can't get away that cheap. EDIT: I got pretty far along today and finally found a VPN that actually has low speed loss.
elvisimprsntr Posted February 12, 2017 Posted February 12, 2017 The Netgear product seems like it could fit the bill for what I need nicely. I need a small device that has external antenna connections that supports AT&T Wireless. I ordered this since where I need to place the modem only gets 2 bars using my cell phone. Also allows me to put some separation distance between the LTE modem antenna and WLAN routers. https://www.amazon.com/gp/aw/d/B00DN3J03O/ref=ya_aw_od_pi?ie=UTF8&psc=1
Scottmichaelj Posted February 12, 2017 Author Posted February 12, 2017 I ordered this since where I need to place the modem only gets 2 bars using my cell phone. Also allows me to put some separation distance between the LTE modem antenna and WLAN routers. https://www.amazon.com/gp/aw/d/B00DN3J03O/ref=ya_aw_od_pi?ie=UTF8&psc=1 Thanks! I will grab one of these as well. Finally I might be able to check this off as DONE on my "To Do" list!
elvisimprsntr Posted February 16, 2017 Posted February 16, 2017 My Netgear LB1120 arrived today, 5 days before official release. I did some basic failover/back testing to confirm it works seemlessly with my Linksys LRT224. I'll do some more failover/back stress testing this weekend. Otherwise, it works "Like a boss!" I bought the external Netgear low gain LTE antenna, but I think I could do without it.
Scottmichaelj Posted February 16, 2017 Author Posted February 16, 2017 My Netgear LB1120 arrived today, 5 days before official release. I did some basic failover/back testing to confirm it works seemlessly with my Linksys LRT224. I'll do some more failover/back stress testing this weekend. Otherwise, it works "Like a boss!" LB1120.jpg I bought the external Netgear low gain LTE antenna, but I think I could do without it. Did you buy the one with LAN and WAN or just WAN? Also signal with and without the antenna not much change?
elvisimprsntr Posted February 16, 2017 Posted February 16, 2017 Did you buy the one with LAN and WAN or just WAN? Also signal with and without the antenna not much change? Unsure why Netgear never released the UK version of the WAN/LAN model (LB2110) with failover and skeptical about the maturity of the firmware at launch for the US model (LB2120), I opted to get a separate dual WAN router with failover/back capability. Thus, I bought for the WAN only model (LB1120). The low gain Netgear external antenna didn't seem to make a significant difference, but then I am less than 5 miles from the nearest ATT tower over flat Florida terrain.
Scottmichaelj Posted February 16, 2017 Author Posted February 16, 2017 Unsure why Netgear never released the UK version of the WAN/LAN model (LB2110) with failover and skeptical about the maturity of the firmware at launch for the US model (LB2120), I opted to get a separate dual WAN router with failover/back capability. Thus, I bought for the WAN only model (LB1120). The low gain Netgear external antenna didn't seem to make a significant difference, but then I am less than 5 miles from the nearest ATT tower over flat Florida terrain. Running a pfsense router would it matter if you have WAN/LAN? I assume the cheaper WAN only will work just fine. Ill order the modem and antenna combo and can always return it if I dont need it. Thanks for the feedback.
elvisimprsntr Posted February 16, 2017 Posted February 16, 2017 Running a pfsense router would it matter if you have WAN/LAN? I assume the cheaper WAN only will work just fine. Ill order the modem and antenna combo and can always return it if I dont need it. Thanks for the feedback.While the WAN/LAN model might be used in the same way as the other two models, there is no Users Manual to look through to find out. Thus took the low risk approach and bought the LB1120 and separate LRT224. I haven't researched pfSense, but if you know it can support dual WAN failover/back it should work just fine.
MWareman Posted February 16, 2017 Posted February 16, 2017 pfSense can support dual-wan in either a failover/fail-back or load balancing way. If you don't need to worry about the amount of data sent thru the backup, it would be fine. My issue is I need the backup to only apply for the M1XEP and ISY - and no other devices on my network. Still working on that...
jasont Posted February 16, 2017 Posted February 16, 2017 elvisimprsntr, with the LR224, when it fails-over to LTE, does it allow you to restrict devices (say you only wanted to let your ELK and ISY have Internet access when on LTE)? Was also wondering if FreedomPop's free plan was a consideration when you were looking for inexpensive LTE service. Thanks for pointing out the Netgear LTE modems, they look awesome!
elvisimprsntr Posted February 16, 2017 Posted February 16, 2017 My issue is I need the backup to only apply for the M1XEP and ISY - and no other devices on my network. Still working on that...The LRT224 has service throttling but no white/black list for ports. So I configured the LTE BW to a crawl to effectively render any other access useless. I'll look the other setting in the LRT224 to find some other way to prevent other devices. Perhaps putting the Elk and ISY on its own subnet might allow a way to limit other devices. If you find a solution, post back.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.