Jump to content

Backup ISP via Cellular


Scottmichaelj

Recommended Posts

Posted

So I installed the ISY Portal tonight and hooked up the LB2120 (I'm using an Xfinity Mobile sim, it shows up as Verizon). I unplugged the WAN and I could still control my ISY through cellular!! I can arm and disarm my ELK through the admin console (I'm not getting pushover notifications, but I think I just need to change some timing settings. I have the timeout set at 2000ms). I also realized I could remote into my desktop with Splashtop and see my Blue Iris.

 

I think I can live with this setup as long as I can get the notifications working.

 

You said that the ELK can communicate to central station through the LTE? I have to check that out next.

Congratulations!

 

Sent from my SM-G955U1 using Tapatalk

Posted

So they guys at UDI said I should increase the timeout to push the notifications and make sure SNI was enabled.  He said it was a tick box in the resource editor. Am I missing something? Where is the box?

 

Also, do I really need to enable this? I never had a problem before. I think I will test out the longer timeout. It may be getting choked out because the speeds are so much slower than the Xfinity. I normally get 250mb/s, I get 25 on the LTE.

post-5957-0-38125200-1510801503_thumb.jpg

Posted

So they guys at UDI said I should increase the timeout to push the notifications and make sure SNI was enabled. He said it was a tick box in the resource editor. Am I missing something? Where is the box?

 

Also, do I really need to enable this? I never had a problem before. I think I will test out the longer timeout. It may be getting choked out because the speeds are so much slower than the Xfinity. I normally get 250mb/s, I get 25 on the LTE.

Pushover doesn't need SNI.

 

Sent from my SM-G955U1 using Tapatalk

Posted

The missing SNI is likely an old admin console. What is the version of your console and ISY?

 

(SNI is also not needed for Pushover. It appears to be needed for Pushbullet.)

  • 3 months later...
Posted

BACKGROUND

Update on low cost LTE failover plan options.  I am using pfSense and a Netgear LB1120 LTE modem.

Currently using an ATT IoT SIM plan, which previously was $25/yr for 1Gb + $1/mo.  Unfortunately, ATT has changed its IoT data plans which would increase my monthly cost to approx $15/mo.  

ALTERNATIVE FAILOVER PLANS

1. Looked at the FreedomPop plans, but they make it extremely difficult and try to upsell you, and from what I have read, customer support/billing is non-existent.  They make their money from forced trial upsell and overage charges.  

2. Looked at adding a line to my existing ATT mobile share data plan, but that would cost $20/mo.  ATT would not let me add it as an iPad for $10/mo.  

3. Bought a SpeedTalk GPS tracker SIM (for a different reason which did not pan out).  I dropped the SpeedTalk SIM into the LB1120.  Presto!  The SpeedTalk GPS SIM works without issue.   It runs on T-Mobile. 

https://www.amazon.com/Prepaid-Tracker-Devices-Locators-Wireless/dp/B01HHEWEK0/ref=sr_1_7?ie=UTF8&qid=1520103185&sr=8-7&keywords=speedtalk+gps+sim+card

CONCLUSION

1. The SpeedTalk GPS plans do the job.  Easy to buy and set up without upsell games. So my monthly cost is $4/mo, up from $3/mo. 

 

 

 

Posted

3. Bought a SpeedTalk GPS tracker SIM (for a different reason which did not pan out).  I dropped the SpeedTalk SIM into the LB1120.  Presto!  The SpeedTalk GPS SIM works without issue.   It runs on T-Mobile.


That awesome. Too bad TMobile didn’t work at my home and they were dorks helping me setup the Netgear. I ended up switching from my old grandfathered in ATT unlimited plan to the “new” unlimited plans and even with my Netgear added for backup my bill dropped. So no savings but no losses. The one benefit is the old unlimited plan didn’t allow “hotspots” the new plan does AND I am able to save $10 on my DTVNow sub so I am happy enough.

Sounds like a great option for most. How much bandwidth does that give you? IE if your internet goes down are you using the LTE for whole home internet backup or just for your Elk/more important items? I had to fall back a few times last year on my LTE for at least 4-5 hours per incident, so it’s handy bc I work from home and have no interruptions.

Are you doing anything else cool on the pfsense? I am still dialing in snort and pfblocker. I have both installed along with NPTop. I am super happy with my setup and love (now after learning how it all works) that I can make specific rules, gateways and splitting device paths for my needs.
Posted
  • SpeedTalk is a T-Mobile MVNO.  Works fine in the LB1120.  It just would not work in the GPS tracker I attempted to use it in.
  • Not using the SpeedTalk GPS SIM plan for failover of my entire network.  Just ISY and Elk to provide redundancy in the event my primary goes down or is intentionally tampered.  My primary is now ATT Fiber (50 Mbps up/down) for $30/mo when combined with my ATT wireless service.  I dug a trench and put in armored flexible conduit to protect the fiber from the landscapers and vandals.  All my neighbors did not do the same, thus their fiber has already been damaged.  ATT Fiber has been 100% reliable so far. We'll see during the next hurricane season (impact windows will be installed in April.)  Fibre is directly into my junction box. Managed to fit a CyberPower UPS into the junction box to keep things running during momentary power outtages.  
  • Already route all my DNS traffic via a Cisco OpenDNS Server free Home account.  Actually installed pfBlockerNG just the other day and added a few block lists.  Doesn't block everything, thus still have getadblock installed on primary clients.  I just wish there was a single open source block list from a known, trusted source.  On a side note, I installed cron to schedule a script to backup my pfSense config.xml file to a USB thumb drive. 
#!/bin/sh
DATE=`date +%Y%m%d`

# mkdir /media/usb

mount_msdosfs /dev/da0s1 /media/usb
mount | grep /dev/da0s1 > /dev/null
if [ "$?" -eq "0" ]; then
	cp /cf/conf/config.xml /media/usb/config_$DATE.xml
	find /media/usb/* -name config_*.xml -mtime +180 -exec rm {} \;
	echo "Backup config_$DATE.xml created"
else
	# send something
fi
umount /media/usb

# install cron package and add cron job
# 0 4 * * Sun /bin/sh /root/backup.sh > /dev/null

 

Posted
  • SpeedTalk is a T-Mobile MVNO.  Works fine in the LB1120.  It just would not work in the GPS tracker I attempted to use it in.
  • Not using the SpeedTalk GPS SIM plan for failover of my entire network.  Just ISY and Elk to provide redundancy in the event my primary goes down or is intentionally tampered.  My primary is now ATT Fiber (50 Mbps up/down) for $30/mo when combined with my ATT wireless service.  I dug a trench and put in armored flexible conduit to protect the fiber from the landscapers and vandals.  All my neighbors did not do the same, thus their fiber has already been damaged.  ATT Fiber has been 100% reliable so far. We'll see during the next hurricane season (impact windows will be installed in April.)  Fibre is directly into my junction box. Managed to fit a CyberPower UPS into the junction box to keep things running during momentary power outtages.  
  • Already route all my DNS traffic via a Cisco OpenDNS Server free Home account.  Actually installed pfBlockerNG just the other day and added a few block lists.  Doesn't block everything, thus still have getadblock installed on primary clients.  I just wish there was a single open source block list from a known, trusted source.  On a side note, I installed cron to schedule a script to backup my pfSense config.xml file to a USB thumb drive. 
#!/bin/shDATE=`date +%Y%m%d`# mkdir /media/usbmount_msdosfs /dev/da0s1 /media/usbmount | grep /dev/da0s1 > /dev/nullif [ "$?" -eq "0" ]; thencp /cf/conf/config.xml /media/usb/config_$DATE.xmlfind /media/usb/* -name config_*.xml -mtime +180 -exec rm {} \;echo "Backup config_$DATE.xml created"else# send somethingfiumount /media/usb# install cron package and add cron job# 0 4 * * Sun /bin/sh /root/backup.sh > /dev/null

 



Have you seen https://www.iblocklist.com/ auto updates, open and seems trusted/trustworthy
Posted
2 minutes ago, Scottmichaelj said:

 


Have you seen https://www.iblocklist.com/ auto updates, open and seems trusted/trustworthy

 

They were my first stop.  Using a few more sources.   Currently investigating https://github.com/StevenBlack/hosts

I assume that OpenDNS is protecting me from malicious site DNS lookups.    

I am hoping to find a one stop shopping set of IP list(s) from a reputable source to block ads, malware, ransomware, etc. that may utilize hard coded IP addresses.  

 

 

 

Posted

The commercial OpenDNS (Cisco Umbrella) is very good at blocking malicious stuff. The free OpenDNS not so much. It’s more about parental control than malware blocking.

Consider 9.9.9.9 instead... it’s designed to block malware and backed by IBMs X-Force. Also free to use. https://arstechnica.com/information-technology/2017/11/new-quad9-dns-service-blocks-malicious-domains-for-everyone/

Posted

The free OpenDNS does not protect against hard coded IPs either. Cisco Umbrella uses a TCP proxy to capture hard coded IPs and do a risk assessment before forwarding the traffic. So, it can protect against malware using hard coded IPs.

 

At home I use pfSense with pfBlocker for this at home, along with IP block lists.

 

  • 1 month later...
Posted

Today I finally got around to setting up pfblocker on pfsense. If anyone else is using pfsense and would like to block sites like pihole does take a look at this tutorial. You can actually use the same pihole lists on pfsense and duplicate pihole on pfsense. I have tested some sites and it works perfectly.

 

Posted
34 minutes ago, Goose66 said:

Ok now you guys are just making up words! ?

It's just Scott's heavy accent! Notice how some of his letters have a slight lean on them (like everything he owns)?

        ..........or is it just our eyes?

Posted
Announcing 1.1.1.1: the fastest, privacy-first consumer DNS service - Cloudflare

https://blog.cloudflare.com/announcing-1111/

So, the big question now is do you use IBM’s DNS or Cloudflare? I picked the latter but IBM isn’t to be taken lightly. Still debating if I made the right choice.


For the moment, I’m sticking with IBMs service. They also have a good privacy commitment, but the threat feed they use to block bad requests is pretty good and it provides a significant security benefit to machines using it. I’ve not seen anything about any security benefit to Cloudflares service - other than privacy.
Posted


For the moment, I’m sticking with IBMs service. They also have a good privacy commitment, but the threat feed they use to block bad requests is pretty good and it provides a significant security benefit to machines using it. I’ve not seen anything about any security benefit to Cloudflares service - other than privacy.


I am still on the fence and may go back myself. However I did run a DNS benchmark program and Cloudflare was faster.
Posted
Ok now you guys are just making up words!

It's just Scott's heavy accent! Notice how some of his letters have a slight lean on them (like everything he owns)?
        ..........or is it just our eyes?


You two are just jealous because I know the difference between a Snort and an Oink. Lol jk -all this pfsense is new to me and so is running NodeLink and Polyglot on VM Linux! I don’t know a Bash from a Sudo hahaha
  • 5 months later...
Posted

pfsense doesn't allow natively for auto backups of the configuration file. However I recently found a script that can be installed and ran to do this for anyone who wants a backup to happen automatically.

https://github.com/badbread/breadsPFsenseAutoBackup

Just wanted to share. As of this post my pfsense, LTE backup, Elk reporting over IP and internet have been working well via pfsense and it was well worth the switch/upgrade.

  • 7 months later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...