I know this is a very specific configuration question but the principle is pretty standard so I thought someone might have some experiance. The Starlink router has an IP passthrough/“turn off the router” option which pushes the IP down to the next level device. Also important, Starlink ONLY allows one DHCP address. In my case the MAX BR1 is next in line followed by a UDM-Pro. While I’d never recommend a dual router (dual NAT) setup I’m a little locked in from a failover/need perspective. If I run the Peplink into the failover WAN2 port on the UniFi I can’t access the Peplink interface unless the UniFi is in failover mode not to mention the UniFi is really slow to swap over. While the Starlink is great and has a 100% clear sky view I do get minor drops in connection every other day or so either from sat changes or sat network related stuff.
Issue#1 (causing issue #2) IP passthrough doesn’t work when set on both the Starlink and the MAX BR1 which would allow the UDM-P to pull an address direct from Starlink. (Pretty sure I understand why with the dual hop through the Peplink.) The Starlink DHCP will assign an address to the UDM-P however, The Peplink WAN flaps (fails DNS or ping connection test) and the UDM-P doesn’t pass any traffic. This is what’s causing me to run the Peplink as a router adding a 2nd L3 network and possible NAT issues.
Issue#2 When the Starlink router is set in bypass mode the Starlink router still responds on a 192.168.100.1 address. Normally I’d set a static route in the edge device (Peplink in this example) that points to the 192.168.100.0 network on the WAN interface. However, the Peplink doesn’t give me that option that I can see. The static route settings in the MAX BR1 only allow me to set a next hop static reference. Seeing as the Peplink WAN address is pulling as a Starlink address (100.76.x.x) it’s just pushing all other IP routing up to the stars literally. Does anyone know how to set a static route to an interface in the MAX BR1?
Thanks Paul!
Issue#2 is fixed simple enough. Drop-in-mode doesn’t seem to be supported on the BR1 Pro 5g yet so I’ll have to keep my dual NAT setup for now.
The master website says it is… but I don’t have one: My MAX transit isn’t powered up so I can’t check if it is a balance VS MAX issue. Perhaps you should open a ticket asking about it, or they can fix their documentation.
Drop-In Mode Yes
Rather than double NAT I would pick a 192.168.??.0/24 network and manually put the wan of the UDM-P as 192.168.??.2 (no NAT) and the BR! as 192.168.??.1 add a default route out the UDM-P and put a static route back to the nextworks behind the UDM-P via 192.168.??.2…
Here is the rub, the SL Dishy will always hand off a 100.X.X.X due to CNAT. I’ve rarely seen a public IP handed off from Dishy when bypassing the router (I’ve seen it but not very common).
Also, fun little story with the UDMP. Same setup here. There is a way to put the UDMP into a DMZ with the BR1 Pro that removes all the double NATing.
If you want to chat more DM me, I have a virtually identical setup in the lab.
