Just a quick update. I have setup the BR1 so tech support can remotely access the device over a dedicated Internet connection. This is a good as it gets short of shipping the unit to them. I will update the topic when I have something to add.
I just noticed the Peplink removed some tags. They donāt think it is an issue but a feature. When support spins a bug to an undocumented feature you know there is an issue. I wonder how many other posts have been changed.
I just got my MaxTransit 5G back online with a VZ sim and I see the same issueā¦
WAN Quality Monitoring and Health Check Method are disabled.
15:05:38.709557 IP (tos 0x0, ttl 2, id 15018, offset 0, flags [none], proto TCP (6), length 44)
100.107.116.165.3111 > 8.8.8.8.443: Flags [S], cksum 0xa4c0 (correct), seq 0, win 0, options [mss 536], length 0
15:05:38.734458 IP (tos 0x0, ttl 254, id 47786, offset 0, flags [none], proto ICMP (1), length 56)
69.83.7.128 > 100.107.116.165: ICMP time exceeded in-transit, length 36
IP (tos 0x0, ttl 1, id 15018, offset 0, flags [none], proto TCP (6), length 44)
So I went back to my B20X, disabled WAN Quality Monitoring. And that did not stop the traffic until after I disabled and re-enabled the Cellular interface. Then the traffic was gone.
Next I dragged the Cellular interface on the Transit to disabled and back, that has not stopped the traffic.
(EDIT)
I re-checked the Transit, and the Persistence HTTPS and Default (auto) rules were in the outbound policy. Default (auto) is a latency policy, and I canāt tell if Persistence Auto is as well.
Once I changed those outbound Policies to weighted balance (anything other than latency) and again dragged the interface to disabled and back, the traffic was finally gone.
So, check your outbound policies and remove any āautoā settings, and re-cycle the interface.
2 Likes
After 21 days 59 responses to my ticket I got some answers. The Peplink products do run what they call smart services that cannot be disabled. They say that these services are required for the operation of the unit. I think the services are used for the add-on and subscriptions that they offer. What I have found is this service used about 7KB per hour and about 40KB with each reboot. I also suspect that any change to the status of the connection will generate the 40KB hit as well. These numbers are coming from my unit with everything disabled and turned off that can be accessed. In my case I only use cellular service for the data connection. When WAN is enabled all the traffic is routed to the WAN and 0 bytes on the cellular. I think I pushed the tech team hard and I believe most donāt have a good understanding of these services are doing and how much data they require. It is not like sending a 1K packet every hour. It is more like running a Window update. God only know what is coming after you click check.
are they willing to make you a special firmware that disables?
are you able to block the traffic using the firewall? last year or the year before they updated the firewall to be able to block internal service ports IIRC.
i am guessing there are other customers that might want to deploy the devices in secure environments and canāt have any random connections/transmissions?
No special firmware. The firewall will not block. It is a take it or leave it situation.
Update:
I have been working with the peplink engineers and Phil offline for a few weeks now and I have confirmation that we can elimiate ALL pepwave router generated traffic if so desired.
This feature was first available via a special firmware and is now included in 8.2.0b01 firmware.
Available here:
Specific new option on the support page is:
Release notes
In addition to this check box you have to have the following setup.
Here are all the steps that you need to take to disable all router generated traffic.
WAN - Reply to ICMP Ping No
Cellular - Reply to ICMP Ping no
Wan - Disable health check
Cellular - Disable health check
Network, WAN Quality Monitoring - Disable
Outbound policies, set default(at bottom) to custom, enforced to either wan or cellular only
System, Incontrol Disable
System, Time, select GPS (disable ntp server checks)
support.cgi , at bottom Download package updates , auto update: enabled (uncheck)
AP, OFF (if you donāt use wifi)
If you have a public ip on the cellular you will also need to block unwanted traffic via firewall rules.
The traffic will still intially hit the radio , but then get denied by rules.
Best option here is to either use a non-routable ip, private apn, or sd-wan speedfusion tunnel to map a public ip.
Anther option is to make the processes that you utilize connect outbound to establish their sockets.
Note: You will not be able to use any advanced rules like lowest latency etc, as we are disabling the traffic that measures the latency.
11 Likes
Wow, impressive team work!
Any Further update on this? I have exactly the same issue. I have done everything outlined above, but still continue to get about 2GB per day. No other routers I have used have had this issue. I have about 100 routers in the field and they use about 6GB per month for the data they are sending to my server. Any pointers would be greatly appreciated.
Yes , I have been able to reduce the peplink generated traffic to zero.
You need to be on 8.2 fw
Here are all the steps that you need to take to disable all router generated traffic.
WAN - Reply to ICMP Ping No
Cellular - Reply to ICMP Ping no
Wan - Disable health check
Cellular - Disable health check
Network, WAN Quality Monitoring - Disable
Outbound policies, set default(at bottom) to custom, enforced to either wan or cellular only
System, Incontrol Disable
System, Time, select GPS (disable ntp server checks)
support.cgi , at bottom Download package updates , auto update: enabled (uncheck)
AP, OFF (if you donāt use wifi)
If a GPS antenna is attached then on the device dashboard RWA you may still see a little data transferred for the gps tiles.
Additional data may be used if you use any speed fusion tunnels as well, so for our test we had those disabled.
Note: You will not be able to use any advanced rules like lowest latency etc, as we are disabling the traffic that measures the latency.
6 Likes
Thanks Jonathan. It is still not working. I am using Firmware 8.2.0, build 5167. A couple of differences that may be causing the issue.
-
When I go to Network-Wan-WAN Quality Monitoring, I do not have the option to disable. I can only choose between Auto or Custom. If Custom is chosen, I can then choose WAN, Cellular, or Wi-Fi Wan as the was connection.
-
I donāt have an Outbound Policies option in the Network-WAN Quality Monitoring screen.
Thank you in advance for any additional information.
Thank You Jonathan. That did the trick. I greatly appreciate your help.
Hi Steve,
Iām hoping youāve been able to further reduce your routersā usage since Mar 25? Please advise. After doing everything suggested Iām still seeing 2-3MB per day. My other brands of routers used for SCADA get by on a 2, 3 or 5MB per month plan.
Thanks!
Whatās the ball park cost per month for a plan like that?
1 Like
The below monthly data plans Iām using are through Telit. We use their static IP SIM cards on a VPN they provide from NCP Secure Communications.
1M $3.49
2M $4.99
3M $5.99
5M $7.99