This info is difficult to find. My understanding is the various DUO’s do not support IP PASSTHROUGH but some (all??) single modem models do. If only some, which ones?
Lastly while on topic, does the MBX MINI support it?
just for clarification, IP PASSTHROUGH not ip forwarding.
Thanks!!
Hello Jaime,
You can find out which devices support it in the Product Overview page.
It’s going to be under “Features”.
What models do you have ,and what firmware are they running?
Multi cellular units don’t have ip pass thru, but there are other options.
You can setup NAT mapping or port forwarding.
Advanced → NAT Mappings (pass all ports)
Advanced → Port Forwarding (pass specific ones)
Advanced → Outbound Policy
Enforce the local ip to the same wan you are mapping on Nat or Port forwarding
If you have a peplink you will need to define the local ip under servers first.
Network → inbound access → servers
Let me know if you need help setting it up.
@Paulius_Minke Thanks! That’s helpful but also confusing 
It lists the Transit Duo as supporting IP Passthrough but I thought the Duo did NOT support IP passthrough? I have only seen IP forwarding on my duo as an option/feature.
@Jonathan_Pitts - Thank you, that was my understanding. I currently have the Max Transit Duo. I apologize but am not 100% sure on the firmware but can confidently say that it is the latest version as of about 2 weeks ago. So unless a new firmware was released, it’s up to date
What I want to do is fairly simple, but my understanding and ‘googling’ led me to believe I need IP Passthrough which was only supported on the single modem MAX models.
I have my Max Transit Duo and it operates in a vehicle 98% of the time solely off of cellular WAN. For the purpose of this, it’s safe to assume WiFi as WAN and a hardwired WAN to an ISP will never be used, so only cellular.
Max Transit Duo → Unify Router → devices
I simply want to have the Peplink router passthrough whatever WAN public IP it gets (from whatever cell connection I have established at the time) through its WAN port to my router.
My router would then handle NAT/DHCP server etc and act as if the Peplink wasn’t there. But of course I need the Peplink to handle the Cellular connections
Can that be done with the method you described above or do I need IP Passthrough specifically?
About a month ago I did try enabling the IP ‘Forwarding’ option on the cellular connection instead of NAT, but this didn’t appear to passthrough the IP unless further config is required after selecting that checkbox to function properly.
Thank You!
p.s. I fully understand that overall, everything I need to do is capable via the Peplink, but I want to handle routing through the Unify router (UDM Pro SE). I know it’s possible, but unsure if it’s possible with my exact device (MTD)
Does either of your Cellular WAN devices have the IP Passthrough selection?
I don’t have a duo, so my devices have the IP passthrough button.
If you don’t have that option, then it won’t work for you. I am assuming you are using the Duo only because it was hardware on hand. The limitation is that only a single cell modem can be in passthrough, so why would someone buy a multi modem device and then disable one of the modems?.. Peplink may have removed the feature to reduce confusion. (Try disabling cell#2’s wan)
So without that you will be stuck in a routed mode.
Do you have public routable static ip’s on your cellular accounts?
If you do , and you have it on both accounts, which one do you want to use?
If you don’t have static/routable ip’s then we would need to do some tunnels.
You can still get what you want to do to work with the methods I described.
If you do the 1-1 nat on the pepwave and the outbound route it will work almost identical to ip pass thru. The only difference is it is a private ip on the unify router. It’s just double nat and will work.
Curious why you have a unify router in the mix with the duo?
@Paul_Mossip - Nope I do not have that option, which falls inline with my assumption that the Duo’s don’t have it. I only have IP Forwarding.
I got the Duo for the ‘Duo’ functionality haha. Being on the road I figured it’d be nice to have, but honestly aside from testing, I always only have one sim/modem connected at a time depending on the area and am not doing any bonding.
@Jonathan_Pitts - you know, I thought I did have public routable IP’s on the cell accounts, but I just checked and I actually have one of each depending on the carrier.
I have a private IP on my AT&T sim (10.239.X.X) and
100.X.X.X on my Verizon sim. I haven’t watched but I’m guessing this isn’t a static IP and probably changes on some interval. I have not requested a static ip nor do I pay for it, my understanding is that a typical data plan does not just get a static IP.
The majority of the time I use the AT&T sim, for my typical areas as it has better signal strength, and a much higher data plan. The verizon account I use as a backup for when At&T isn’t good for that specific area.
I was hoping they were both public IP’s too since I do have a DDNS service as well readily available, but it is currently NOT configured for either connection. Would’ve made setting up a VPN easier, but that will be the next hurdle.
As for the why I have a unifi router in the mix. I’ve installed a handful of unifi devices already (router, switches, cameras, AP’s) so it just makes it easy tracking them through the UDM-Pro
If you don’t have a static/public ip , then I guess you don’t have to do pass thru.
You can setup a solo fusionhub and a pepvpn then bond the connections and map a static ip that way.
Thanks for sharing about the UDM , makes sense.
Given that you want to use the dual modem feature of the Duo, you must have it in router mode.
Both of your cellular connections are CGNAT.
IANA has recorded the allocation of an IPv4 /10 for use as Shared Address Space.
The Shared Address Space address range is 100.64.0.0/10.
If you want to go back into your network from remote, you are going to have to run a FusionHub (see Martin’s posts about running one in VULTR). And add L2TP remote access.
So, I suggest that you go with that design, turn off NAT at the UDMPro. Set up a short static network between the UDM and the DUO. The UDM gets a default route to the Duo… The Duo needs some static routes back to the networks behind the UDM. That will minimize the NAT transitions, allow complete modem failover, routing and backup. Allow you to have bonded connections via the FH, and provide secure remote access with a fixed IP.
Hey guys,
Sorry for the delay, I had some changes I was considering which I finally pulled the trigger on. Long story short, I needed another Pepwave router for a different project and will be using the original Duo on that project.
I’ve purchased a new Max BR1 Pro 5G and am now using that in this same scenario. I’m still using two different SIM’s (Verizon and AT&T) but I never use them simultaneously or bond them so the Max BR1 will be great for this application still, and a little newer/faster.
The BR1 Pro gives me the IP Passthrough option on the cell connection, so that is now back on the table as an option. It is not currently enabled though.
In the interim, to be prepared for any testing, I’ve followed Martin’s post and setup a FusionHub in VULTR and have the BR1 Pro connected to the FusionHub. I have NOT setup L2TP remote access yet.
My SIM connections are still exactly the same, meaning I still have no public/static IP’s. so is IP Passthrough even beneficial? I guess it would disable NAT correct?
With this new info/update, is using IP Passthrough the best way to go about this with my UDM router? Does that even matter since I’d be now getting my public/static IP from the FusionHub?
On that same note, does it matter if I disable NAT from the BR1 vs disabling it from the UDM? or as long as it’s disabled on ONE device then all is equal?
Once I configure L2TP remote access from the FusionHub, I would then get an IP from a defined pool setup on the FusionHub correct? (DHCP is still intended to be disabled on the BR1 since I have my local networks configured via the UDM).
Thanks again, now that I at least have my hardware finalized, I can figure out all the settings to get this done, with your generous and much appreciated help 
One update from my post yesterday, I configured the VPN (L2TP) on the FusionHub and can access/connect to the VPN on my phone, so that is successfully working.
I still have no routes or access to any devices on the UDM yet, not sure which route (no pun intended) to take to get that configured.
But making progress and can at least connect to the VPN which is great, one step closer! Appreciate any advice
-Jaime
