SSH to Modems on WAN side of Balance 380 Router

Hello Everyone,

I am not sure if this is possible. I have many locations that are remote. These are in remote areas and running on cellular. This is costly but worth the connectivity for what they are doing. Lots of these locations use one MAX-BR1 radio. Some are more robust and act as hubs for PepVPN connections. These hub locations utilize a Balance 380 router with two MAX-BR1-MINI’s providing cellular through the WAN ports. These connections are managed by the Balance 380. This is for increased connection count and redundancy.

Throughout my deployment we have faced cellular connectivity degrading and causing comms issues. Through 3 years of Firmware updates (including radio module updates) this issue has persisted. Changing settings within the BR1-MINI’s and BR1-LTE/MK2 has not resolved the issue. We are talking a few hundred of these devices, over a few hundred square miles. We point most of the issue on the extremely remote nature of the locations.

We found a solution by running software on windows/linux based machines on the LAN side of the modems that monitors connectivity by regular ping/DNS testing. If the connection fails long enough, the program runs a script that logins into the peplinks CLI via SSH and runs “system reboot” to re-establish a clean connection. This appears to have worked flawlessly. Some locations can run for months without needing the reboot, others it maybe once every 3-5 days. My weekend and late night phone calls are reduced greatly.

My final deployment requires me to apply this to the hub locations with the BR1-MINIs that reside in front of the balance 380 router.

I cannot think of a viable way to access the CLI from the LAN side of the Balance 380 to SSH in and reboot via the CLI. These are unmanned locations typically 2 hours drive for any given personnel, so costly to truck roll. That is the reason for automated connection monitoring/reboots. I have provided an image of general network layout for reference. Any ideas as to how one might access these two devices?

Is the challenge that the B380 marks the wan as unhealthy so you can’t route traffic to the LAN IPs of the BR1s?

If so add two outbound policies set to enforced with a destination of the Lan IP of each br1 with a wan set for the right wan port for each destination IP.

Then you’ll be able to access the BR1s even if they have no internet connectivity.

In addition to what Martin said you probably just need a few static routes on the Cicso.
on add a static route for via gateway
on add a static route for via gateway