Remote BR1 WAN to local LAN on 380 connection issues

Hello,

I can’t figure out how to make this work, i hope someone can point me in the right direction:

I have an MPU5 radio which connects to my 380 home LAN
That radio connects to another MPU5 with an ethernet out. (this works and i have access to my main LAN hooking up my laptop to the remote end)
I have attached the remote ETH to WAN on a BR1 (I get a dhcp lease from my home LAN)

I have speedfusion VPN enabled and it works fine over LTE both ways. Disabled for WAN since its on the home LAN already.

That BR1 has failover LTE in case i cant connect to my home LAN via the WAN MPU5 connection.

However using the WAN connection on the BR1:
I can connect to my home LAN from the remote BR1 network
I can however not connect from my main LAN to the BR1 network

I have disabled nat and used passthrough for the WAN connection.

Would anyone shine some light?

Thanks.

Ezra

IP Passthrough on the WAN would only provide the IP address you get from the 380 LAN to the first available client on the BR1 LAN. Could that be the issue?

Hello Ron,

Thank you for your reply. I was actually talking about the setting ip passthrough at routing mode, as seen in the screenshot, would that do the same as ip passthrough a few options below that?

Or would a solution be to specify the WAN ip and LAN ip on the BR1 speedfusion settings of my 380 to setup the vpn, i know that would be unnecessary but if that means a temp fix, i’d be glad.

IP Forwarding allows you to route to the BR1 LAN without a NAT. This option will work with a LAN static route in the Balance 380 for the BR1 LAN network, pointing to the BR1 WAN IP address. You can do a DHCP reservation in the 380 so the BR1 WAN always gets the same IP address.

Thank you Ron, so to verify:

BR1 has 192.168.76.0/24 as LAN

380 has 192.168.75.0/24 as LAN
380 has 192.168.101.0/24 for the MPU5 radio’s

So i’d set a static route to 192.168.101.0/24 to 192.168.101.10 (BR1 WAN ip), right?

380 settings:

Thanks again, appreciate the help!

edit: Should i also setup the same static route on the BR1 but with the 192.168.101.1 GW ip?

The 380 already knows about the 192.168.101.0/24 network as it is directly connected as VLAN 101. Here is what you need for a LAN static route in the 380:

Destination Network = 192.168.76.0
Subnet Mask = 255.255.255.0
Gateway = 192.168.101.10 (BR1 WAN IP)

The BR1 does not need a static route as it will use the default gateway it receives from the DHCP lease which should be the 192.168.101.1 IP address of the 380. Be sure to have Inter-VLAN routing enabled on the 380 LAN interfaces.

1 Like

Ron,

Thank you for your post!

So would this affect WAN failover via LTE once WAN van MPU5 is down? since the static route is 76.0/24 to 101.10 (which cant connect once this link is down obviously). Thanks again.

Edit: to be more complete. We use speedfusion VPN for LTE which automatically sets up 76.0/24 on the 380 side. Meaning would these 2 setups conflict with each other once one or the other is down?

Ezra

Hi Ezra,

You are correct this would affect SpeedFusion as the 192.168.76.0/24 network would become local to the 380. I would make the following changes for this scenario:

BR1 LAN = 192.168.76.0/24
BR1 WAN = 192.168.101.0/24 for MPU5 radio (IP forwarding is no longer needed)
BR1 secondary WAN = Cellular IP for failover
*BR1 sends all traffic through SpeedFusion

380 LAN = 192.168.75.0/24 (remove the 192.168.76.0/24 LAN static route)
380 WAN = ISP provided
380 secondary WAN = 192.168.101.0/24 for MPU5 radio

*Both WANs are used for SpeedFusion
*Outbound policy rule is needed in the 380 for sending internet traffic only out the ISP WAN

This design allows you to route to the BR1 LAN and it fails over to the cellular connection as needed. Using SpeedFusion also gives you session persistence if the cellular remains connected.