In many projects, we are configuring VPNs for example between multiple cell gateways for a customer. When the carrier assigns IPs, unfortunately they often assign sequential IPs from the public static IP pool and then we end up getting something on two modems like
Modem A
166.x.y.243
255.255.255.248
166.x.y.241
Modem B
166.x.y.242
255.255.255.252
166.x.y.241
Above are real values on a current - no typos. Based on the above values, Modem B will not build a tunnel to Modem A as the target IP appears (based on its ipconfig) to be its broadcast address. We see similar issues with the DG of one being an IP of another, etc. etc.
From over a dozen similar projects with VZW and another modem manufacturer, it has been explained to us multiple times that VZW only assigns the IP to the modem (no mask and gateway) and the mask and gateway are assigned locally at the modem using some algorithm (often /30 mask and IP+1 = dg but you see above there are other versions) from the chipset. In order to overcome this default assignment creating issues, other vendor includes a “subnet selection mode” feature in which the user can “override” the default module mask and gateway assignment. Typically we “force 24 subnet” which then assigns a mask of /24 and a dg of .1. Alternatively we can use an “IP overrides” feature to manually set the mask and gateway (again most typically assign a /24 mask and .1 gateway. Either of these options lets us overcomes the issue and VPNs to be established.
Below is an excerpt from other vendors manual. Can Peplink add a similar override ability? It is critical to solve these kinds of issues as the only alternative is requesting different IPs from the carrier which can sometimes stall the project.
Subnet Selection Mode
Thisoption overrides the subnet mask that is assigned to the modem from thecarrier. In some cases, you may be assigned static IP addresses in the samenetwork at multiple locations, or a subnet mask that would designate that theIP address is a non-usable network or broadcast address and cause the internalrouter to reject it. In these cases, it is necessary to force a differentsubnet mask.
“Force24 Subnet” – this setting will alleviate the issue where you are assigned IPaddresses in the same network at multiple locations, or an IP address andsubnet mask combination that designates the IP address as a non-usable networkor broadcast address and is rejected by an internal router. If you have astatic IP address from you ISP this is the recommended setting.
Since you mentioned Modem A and B need to build VPN tunnel, I assume both modems are in different location but having same IP subnet. Therefore you have difficulty to build VPN tunnel. So I just want to confirm both IPs is reachable between each other?
No one cannot reach the other; this is exactly the issue. There are two “solutions” to this problem: request different IPs (non sequential) IPs from the carrier or utilize a router feature such as subnet selection mode. We prefer the latter as we can address the issue quickly on our own, without having to wait for carrier, and result is routers can then reach each other and establish VPN.
Hello jvarghese, we have prepared a special MAX BR1 firmware to force /24 subnet on cellular WAN. Here is the firmware download link. Please help to verify on the VPN scenario. If everything goes well, we will integrate this feature as a configurable option in the official release.
This project has shipped already (carrier supplied new non-sequential IPs after one week); however, we will try and test this in the lab later this week. Will report back.
Wait, can you confirm that in this firmware you are simply forcing /24 and .1 gateway rather than giving the user a choice of what to configure? That is what is seems here:
For the most part this is probably ok, but we have seen the carrier actually assign .1 as the host IP address for the customer. In this case with other product we force /24 subnet and set a dummy .254 gateway instead of .1. So to be clear the mask and gateway are user-configurable for this feature…
Does this make sense? Thoughts?
I suppose just forcing /24 and .1 should work with a probability of 253/254 with the carrier assignment; perhaps in the 1/254 chance carrier provides a .1 IP its ok to request new IP from them…as this situation should occur only rarely…
Wait, can you confirm that in this firmware you are simply forcing /24 and .1 gateway rather than giving the user a choice of what to configure? That is what is seems here:
For the most part this is probably ok, but we have seen the carrier actually assign .1 as the host IP address for the customer. In this case with other product we force /24 subnet and set a dummy .254 gateway instead of .1. So to be clear the mask and gateway are user-configurable for this feature…
Does this make sense? Thoughts?
I suppose just forcing /24 and .1 should work with a probability of 253/254 with the carrier assignment; perhaps in the 1/254 chance carrier provides a .1 IP its ok to request new IP from them…as this situation should occur only rarely…
Not sure when you say “we will integrate this feature as a configurable option in the official release” whether:
“configurable” = user chooses between default algorithm vs force /24 sm and .1 dg
or
“configurable” = user chooses between default algorithm vs freely configurable sm and freely configurable dg
Yes, the force /24 subnet is not configurable in this special firmware. The idea is that we would like to release the experimental feature in a short time frame, get the feedback and finalize the design.
For “configurable”, it would be the first option, user chooses between default algorithm vs force /24 sm and .1 dg. We got your point on the .1 rare situation but we would keep the option as simple as possible.
I am trying to do something similar and would like the manually set the WAN gateway and subnet mask for the modem in my Pepwave MAX HD2 LTE IP67. Other router/modem manufacturers allow me to override the WAN gateway and subnet settings, but I cannot do this on Pepwave. I just want to set them to something simple, such as:
WAN Gateway: 166.x.y.1
WAN Subnet Mask: 255.255.255.0
Is there a hidden way to do this or can this feature be implemented?
I have firmware version 6.3 installed, but it seems this setting only changes the subnet to 255.255.255.254. It won’t let me change the WAN gateway and subnet to a custom setting, such as:
I am trying to communicate with devices that are connected to routers from another (X) manufacturer, but I cannot even ping between the X routers and the Pepwave (in either direction). I also had this problem with the X routers, in which I could not ping between them even though they were like model. Their customer support told me to override the WAN gateway and subnet settings, setting them all to 166.x.y.1 and 255.255.255.0 respectively. After that, I could ping between the X routers. If I can also set the Pepwave WAN gateway and subnet to match that of the X routers, perhaps I’ll be able to ping between them and allow my devices to communicate with each other.
