Please, need some help with TTL issue (4G LTE modem + R7000)

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
raulo1985
DD-WRT Novice


Joined: 21 Jun 2019
Posts: 26

PostPosted: Sat Jun 25, 2022 1:29    Post subject: Please, need some help with TTL issue (4G LTE modem + R7000) Reply with quote
Hi there. I have an issue and I guess it’s time for me to ask for help, hope you guys don’t mind.

A little summary of the situation:

I created a thread some months ago because my parents live in a rural area and our only option is getting internet through 4G LTE. I bought a Netgear lm1200 4G LTE modem and connected it to the WAN port of their R7000 DD-WRT flashed router, and could successfully get internet. The problem was (and still is, I’m working on it) that I needed port forwarding and CG-NAT ruined my day, since their IP is shared with other users of the carrier we chose (not an option really, it’s the only one that gets decent signal at my parents).

So port forwarding being out the picture, I decided to make the other thread because I went the OpenVPN route to create a site-to-site connection to my own DD-WRT router (miles a away), so whenever we need direct access to a device (mainly IP cameras) from the outside, we could connect to my router (which has dynamic IP, but I use DDNS) and access the devices by port forwarding at my router side.

Well, I couldn’t make it on my last trip to my parent’s, I almost didn’t sleep those days, but I’m new to VPN stuff and my attempt of solving that was kinda messy. I tried my best trying to learn and just asked a couple of questions here (the answers were very helpful), but didn’t have enough time and had to return home (almost lost my flight 😆), leaving them with just a working local network and internet access, but no access to the IP cameras from the outside.

I’m at my parent’s again and I think I’m more prepared to create that VPN tunnel (I’m planning to to try Wireguard this time), so I’m only going to bother you guys if things get messy again. Since that time I’ve made my homework and learned more about Wireguard and OpenVPN (special thanks to @egc, your guides are top notch. Really, really appreciate the time you took to write such well explained guides), so I’m going to do it myself (and not try. “Do, or do not. There is no try” is my way of thinking on this 😆). But I’ll shout for help here if time is against me and things are not working as expected again.

Current issue:

That was a summary so you know what I want to accomplish, and if I run into issues when creating the tunnel I’ll surely ask for help here. The thing is, I ran into another issue that I’ve been trying to solve by myself (and learned quite a bit in the process), which is that the carrier is dropping the connection almost everyday (and GUI access to the lm1200 modem is lost too when it happens). At first I didn’t have a clue what was happening and almost asked for help here, but I feel lazy asking without even trying to solve things by myself. My parents didn’t tell me about this because luckily I left the router configured to reboot everyday, so every morning the internet returned when the router renewed the WAN IP.

Setup:

Long story short and after reading and experimenting quite a bit, I’m almost sure the issue is the ttl thing (before this I didn’t even know what ttl is). To give you some info, my configuration is:

- LM1200 4G LTE modem, bridged, IP 192.168.5.1.

- R7000 with latest DD-WRT firmware (r49326), WAN set as Automatic-DHCP, DHCP server and dnsmasq disabled, firewall enabled, LAN port of the LM1200 modem connected to WAN port of the R7000. Wireless configured with N / G mixed (2,4 Ghz), 5 Ghz disabled, WPA2-PSK. IP 192.168.11.1, so different subnet than the modem, as it should be. The rest is set at their defaults.

- Google Nest Wifi. Its WAN port is connected to one of the LAN ports of the R7000, IP 192.168.22.1, and its DHCP server serves IP addresses to devices like smartphones and stuff like that. Those can’t be set with static IPs, since sometimes my parents get visits that don’t know a thing about network stuff, so a DHCP server was needed. Google Nest Wifi has done the job so far. It’s WAN port is configured as static IP 192.168.11.180, so it gets internet from the R7000 network. It just works.

- Some IP devices, mainly IP cameras and Smart TV. Those are wirelessly connected to the R7000 with static IPs in the 192.168.11… subnet.

The whole thing works (not counting the VPN tunnel, I’m going to work on that as long as I solve the present issue), but I run into the dropping internet problem. After researching, I came to the conclusion that the carrier is blocking hotspots, so I started to mess with ttl to make their systems see my connection as a regular phone. I understand that the default ttl of a smartphone is 64, so in order to solve this every outgoing packet must have a ttl of 64.

My attempts at solving the issue:

Most guides online talk about tethering from a phone or a USB dongle, and in those cases the outgoing packets from the WAN or the R7000 should be 65. The thing is, I already added the PREROUTING and POSTROUTING rules and saved them at the firewall:

iptables -t mangle -I POSTROUTING -o `get_wanface` -j TTL --ttl-set 65

iptables -t mangle -I PREROUTING -i `get_wanface` -j TTL --ttl-set 65

And then checked them with the command:

iptables -t mangle -vnL POSTROUTING

The ttl was correctly set. When I did that the situation didn’t improve, so I changed the rules to a ttl of 66. When I did that, the speed improved a lot, and started to get a lot less disconnections, but they still happen (on a side note, I’m not sure why there’s two hops between the R7000 WAN port and the outside world. Maybe the modem and the R7000 WAN interface, I really don’t know). To me it’s a mystery why things improved with a ttl of 66, but at least things are working better, but still get some disconnections that only get fixed by renewing the WAN IP or rebooting the R7000.

In concept, the carrier should be seeing packets with a ttl of 64 if I set the ttl at 65 at the R7000, since the modem (or the WAN interface, I still don’t know which one counts as a hop there) should count as one hop, no matter which device is sending it. Still no clue why 66 works better than 65.

Questions:

My question is, could it be that the LM1200 is sending its own packets with their own ttl to the carrier, that make it realize the SIM card is being used as a hotspot? And do bridged modems count as a hop? Sadly the LM1200 doesn’t have the option to play with ttl settings, so I can’t be sure every single packet that’s going outside has a ttl of 64. And if I set the modem as router and not bridged is kind of the same situation but worse, since I have no control over the ttls it’s sending out.

Sorry for the long post, for my lack of knowledge about this topic, and for my bad English, but I guess every bit of info I can give could be useful for you guys to understand what the situation is. The best configuration so far is setting the R7000 WAN ttl to 66 and leaving the modem as bridged, but I still get disconnections (like one per day aprox). Any clue about what could be happening? How can I make sure that every single packet going out of the LM1200 has a ttl of 64 without having the possibility of setting that at the LM1200 itself?

Thanks in advance!

PS: the modem has a keep alive function, that pings 8.8.8.8 every 15 mins. Couldn’t that be a part of the problem? Maybe those packets have a who knows what ttl, and perhaps the carrier is seeing a ttl of 64 almost all the time (traffic from the R7000), with occasional packets with a different ttl from the modem that make the connection drop. Just a theory, I really don’t know.


Last edited by raulo1985 on Sat Jun 25, 2022 16:11; edited 2 times in total
Sponsor
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1889

PostPosted: Sat Jun 25, 2022 5:18    Post subject: Reply with quote
You might want to use the safer format of those rules:

iptables -t mangle -I POSTROUTING -o $(get_wanface) -j TTL --ttl-set 65
iptables -t mangle -I PREROUTING -i $(get_wanface) -j TTL --ttl-set 65

_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
raulo1985
DD-WRT Novice


Joined: 21 Jun 2019
Posts: 26

PostPosted: Sat Jun 25, 2022 16:00    Post subject: Re: Please, need some help with TTL issue (4G LTE modem + R7 Reply with quote
dale_gribble39 wrote:
You might want to use the safer format of those rules:

iptables -t mangle -I POSTROUTING -o $(get_wanface) -j TTL --ttl-set 65
iptables -t mangle -I PREROUTING -i $(get_wanface) -j TTL --ttl-set 65


Hi, thanks for your reply. My mistake, sorry, the rules I set are exactly the ones you mentioned, it was a typo at thread level (I think I just copy pasted the rules here from one of the sources I read, but the ones I applied are exactly like you wrote them). I corrected my post now, sorry about that.

The rules are correctly set, when I run the command:

iptables -t mangle -vnL POSTROUTING

This is what I get, so I guess the rules are correctly applied (I understand vlan2 in the case of the R7000 corresponds to the WAN interface):

Chain POSTROUTING (policy ACCEPT 976K packets, 860M bytes)
pkts bytes target prot opt in out source destination
533K 525M TTL all -- * vlan2 0.0.0.0/0 0.0.0.0/0 TTL set to 66

When I set them with a ttl of 65, things get kinda ugly. Low speeds, and a couple of disconnections per day. I still don’t know why things work better when I consider two hops before the packets go to the outside world, but it is noticeable. Between the WAN port of the R7000 and the outside there’s only the 4G LTE modem, and it’s bridged, if configured as router I have no control over outgoing ttls since the Netgear firmware doesn’t have an option to mess with that. And I always prefer to let the routing work to be done by a DD-WRT flashed device anyway, so I always try to bridge modems.

(Maybe) A noob question:

This may be a noob question, but is there a way to effectively know the real ttl value of the packets that are leaving the network? The command iptables -t mangle -vnL POSTROUTING shows that it’s not a problem at DD-WRT side, all outgoing packets from the router itself should have the ttl I set with the firewall rules. The thing is that I’m not quite sure every packet that goes to the carrier has that ttl, perhaps the modem is the issue (just my theory). It’s not a problem about them detecting an unusual high traffic either, since my parents haven’t used the internet these days and I’m only setting things up, I’m not browsing, Youtubing or anything.

Is there a way to effectively verify the ttl of the packets that go outside from the modem and not the router? After all, those are the packets the carrier is receiving. I can’t ping the modem from the outside since I’m CG-Natted, I don’t have a public IP to ping, and I understand (I could be wrong) that pinging from inside the network is not the correct way to check those values.

Some extra (and maybe unuseful) info:

Regardless of what I just said, I pinged the public IP that is shown in DD-WRT (R7000) with my notebook connected to the network, which I know is not a public IP that can be reached from the outside, but still gave it a go. It shows a ttl of 63 when the rules are set with a ttl of 66, and when I ping the gateway’s IP, it shows a value of 64. Same thing happens when I ping the router and modem IPs (192.168.11.1 and 192.168.5.1, I get ttls of 63 and 64, respectively). I really don’t know if that is useful info and if one of those are indeed the ttl of the packets leaving the router or network, but didn’t hurt to check and tell you.

Can the ttl of the outgoing packets that come from the modem somehow be verified? The LM1200 has a LAN port, besides the WAN port that’s connected to the R7000. Perhaps connecting my notebook to the LAN port can be a way to verify those ttl leaving my network? If that’s possible, I haven’t found a way to do it, and I already tried (not sure if I did that in a proper way, like I said earlier I try to ask for help only when I try my best to solve things by myself, but this time it seems I’m not good enough).

My theory:

The issue at least to me behaves like a ttl problem, usually the speed/connection drops periodically, and almost always occurs at least once a day before 7 AM when nobody is using the internet (maybe the carrier does its evil things at that time?). And when it happens, not only the internet drops, but also the access to the modem’s GUI, which after a lot of reading I believe other users that experience ttl issues suffer from the same type of behavior. But everything should be fine at least at the R7000, so my guess is that the modem is doing something that I can’t pinpoint, maybe sending packets with a different ttl that’s not helping my case. From my inexperienced point of view, that’s the only thing I can think of after all I’ve tried and researched. If there’s a proper way to verify the ttl of outgoing packets from the modem to the outside it would be great, that way I can make sure which ttl value the carrier is seeing.

Little update:

On a side note, a little update on this matter. Since my theory is that the modem may be guilty here, I disabled its keep alive feature. The feature is there to periodically ping an outside IP (usually Google’s 8.8.8.8 ), because I’ve read some carriers disable the 4G when the connected device is inactive for some time. If it’s true in my case, it would be a necessary feature, since my parent’s sometimes travel and we want to still have access to the network (IP cameras). After all, that’s the main purpose of the cameras, but if there’s nobody home to use the internet the carrier may disable the 4G and we will be out of luck until they return home.

Anyway, I disabled it some hours ago for testing purposes and still haven’t had a disconnection yet. I wouldn’t say I found the issue because it’s been only hours and the connection could still drop, but it’s a start and hopefully the issue may be solved. If that’s the case, should I write a command in the R7000 for the same purposes (periodically pinging a public outside IP to keep the connection alive)? I’m just throwing things that come into my mind, but if the connection in fact doesn’t drop after disabling the LM1200 keep alive function, at least to me it sounds like a plan. But I’m clearly no expert, all I said could be nonsense to more knowledgeable people like everyone else here. I’m just a guy that happens to know some things about networks, and that tries to solve things by himself, messing things up and maybe talking nonsense in the process 😆.

Anyway, if that happens to solve my issue, I would still want to make sure every outgoing packet that goes out of the modem has a ttl of 64, but I don’t know how to do it or if it’s even possible without having a real public IP to ping from the outside. My eyes already hurt after spending hours trying to find an answer to that question, so it felt like it was time to bother you guys and just ask.

Well, thanks again for replying and for taking the time to read what I wrote, I know it’s not a short text, but I kinda don’t like people posting their issues without even trying to solve it by themselves first, while thinking that you guys can read minds. I’m just giving you every info I can that I think could be useful so you don’t have to spend time asking for that info. But if there’s some info missing, I’ll be happy to provide it.

This whole thing has been an odyssey, I’m working on the Wireguard tunnel too and I’m short on time again, but if I run into an issue regarding that I’ll post it on my other thread. At least after disabling the keep alive feature of the modem the speed and connection haven’t dropped (yet), fingers crossed that they won’t. If by tomorrow things are still stable, I think I’ll try to write a command so I can keep the connection alive by periodically pinging 8.8.8.8 but with packets coming from the R7000 (which should have the correct ttl). How, I still don’t know, but I’ll try to do it if it happens that the connection is still solid by tomorrow.

Lastly and a little off topic, I want to say that I honestly hate when carriers do this, ttl is not meant for this, I’m paying for an unlimited plan and that’s what I should get, there’s no ethical reason for them to limit the way I use that bandwidth that I’m already paying for. But I can’t do anything about it but to try to make them think I’m using their precious SIM card inside a regular phone. I feel I’m almost there, hopefully I can make it (with a little help from you guys).
raulo1985
DD-WRT Novice


Joined: 21 Jun 2019
Posts: 26

PostPosted: Sun Jun 26, 2022 17:01    Post subject: Reply with quote
Update and questions. I REALLY need a little help guys 🙏, it’s important to me and my parents this time 😕:

Update:

Since I disabled the keep alive function of the modem (periodic pings to 8.8.8.Cool the situation has improved, but feels like it’s not solved yet. I went out with my parents yesterday and when we returned home and used our devices (Iphones in this case), the connection dropped again and couldn’t access the modem’s GUI. It returned when I rebooted the R7000. In other words, same behavior as before, but less frequently. The improvement is kinda noticeable (a little more speed and before I got like 2-4 disconnections per day). And again, the connection dropped a second time after that when we were asleep, at around 5-6 AM.

Edit: I went back to setting a ttl of 65 instead of 66 because apparently it was just my impression that things improved a lot for like a day, after that the issue persisted (but as said, not as bad as before).

It feels like ttl is playing a role in this issue (if not, the situation wouldn’t have improved, I guess), but idk if it’s the only issue or if it’s only the ttl problem that I haven’t managed to solve completely.

Questions/other things I’ve tried:

When bridged, a modem counts as a hop (noob question, but haven’t found a direct answer to that question yet)? I’m trying to find about that by myself by researching and also pinging and tracerouting the public IP the R7000 is showing from my notebook connected to the network (I may be losing my time with that, idk if it’s useful). When I ping and traceroute to the modem’s private IP and add both values (ttl and number of hops), I get a ttl of 65 (when ttl is set at 65 with the firewall rules I mentioned earlier), and when I do the same thing with the “public” IP I get from the carrier at the R7000 (modem is bridged), I get 64. From my very inexperienced point of view I guess the modem’s interface is counting as a hop or something like that, but I obviously could be completely wrong.

But if that’s the case, what am I doing wrong? The carrier should be seeing a ttl of 64 and connection should be solid. I feel I’m missing something, perhaps the modem is sending its own packets with their own ttl, even after disabling the keep alive feature. I really don’t know, idk if somehow the outgoing ttls from my modem can be verified while being CG-Natted without a public IP to ping from the outside, and the thing is frustrating. I wouldn’t have come here to ask for help if I wouldn’t have tried and researched all I can, but I feel stuck now, I’m running out of ideas of things to try.

Please, any clue what could be causing this? I don’t even know what extra info could be useful for you, so feel free to ask.

I tried setting the modem as router, not bridged (don’t like that setup, but I tried anyway). I suppose in that case the router counts as a hop for every single packet, so I set a ttl of 65 at the R7000 and its WAN to a static IP inside the modem’s subnet (modem IP is 192.168.5.1, I set the WAN IP of the R7000 to 192.168.5.2, with gateway 192.168.5.1). The thing worked, I got internet and decent speeds, but the connection dropped again.

I guess having the modem as router and not bridged rises the chances of it sending packets to the carrier with their own ttl. After all, if I’m doing things right (and at least I’m fairly positive I’m not making a mistake while setting the rules, since I verified them with the iptables -t mangle -vnL POSTROUTING command), I only have control over the ttl of packets that get out of the WAN of the R7000, but who knows what happens at the LM1200 modem.

Guys, like I mentioned I really need some guide now, I’m running out of time and ideas again and I traveled just to solve the VPN situation I mentioned earlier (on a side note, I have good news on that regard, I’ll post them in the other thread 😀. So I guess I wont have to bother you with that anymore), but wasn’t counting on this. If I can’t pinpoint what the dropping connection issue is, what would you do in my case?

I’m already thinking about a plan B, perhaps a script that renews the WAN IP when it drops, or reboot the router when that happens. If I only rely on the scheduled reboot feature (I set it to reboot everyday at 7 AM, hopefully after the usual early drop that I don’t have an explanation why it happens other than the carrier is going John Wick style with tethered connections at that time of the day), if the connection drops lets say at midday, my parents will lose internet till the next day (and the router is out of reach for them to just reboot it manually, is located at a place that they can’t reach because of their health issues).

In fact, that has been the situation since my last trip, they just didn’t want to bother me since they saw me last time almost not sleeping trying to solve the VPN issue by myself. And it wouldn’t be ideal to write a script to make the router reboot every single hour for example, just in case the connection drops whenever it wants.

Any idea or suggestion? I really don’t like bothering you guys and feel kinda dumb because I’ve tried many things thinking they’ll finally solve the issue, and the thing still returns. I’d greatly appreciate if you could help me with this, not asking you to spoon feed me the solution, just pointing me in the right direction and the rest is a homework that I have to finish. But now I don’t even know what the homework is or where to continue trying. On paper, a ttl of 65 set at the R7000’s WAN interface (rules already verified) and having the modem bridged should do the trick, but feels like they are the ones tricking me. And the clock is ticking till my return flight home again 😕

A little context (very important to me):

Really sorry to bother you guys again, but please, any ideas? I don’t want to leave them with a very inconsistent internet connection, and I don’t have enough money yet to travel as often as I wanted to. I’m working hard on some projects so hopefully in a future I can spend more time with them, they have some health issues and I’m doing my best to be with them as often as possible, and I’m dedicating a great part of my life towards that goal (I’m not complaining or anything, it’s what I want).

That’s another story, but in the meantime I want to leave them with a solid internet connection, my dad can’t go outside that often so he watches a lot of movies and Youtube, and my mother talks (Zoom) to her best friend almost everyday. I feel bad because all this time they had a very inconsistent internet and didn’t want to bother me, and I’m not being capable of solving this now again. Idk when I’ll be able to return, I’m working as hard as I can to have the money so they can have a better quality of life, almost my whole life is dedicated to that these last years. And I’m happy to do it, don’t get me wrong, I want them to be as happy and comfortable as they can be, they’ve given me so much in my life that this doesn’t feel like a duty, but like a joy. That’s why it’s so important to me to be able to solve this issue. Since they don’t move that much, internet is very important for them and that depends on me.

Again, sorry to bother you guys and for telling you things not related to the issue itself, it was just to give you some context. After all, all we do here, all the tech stuff, always has a purpose. And in my case, in the real world, the purpose is my parents being comfortable and entertained/happy while I’m not with them.

In my book, that’s a very good purpose, so on a side note I also want to thank everyone here, specially BS and egc, in my case without them things would be a lot harder and frustrating. I’m telling you this so you know that what you do doesn’t just help people play online games, check their Facebook, read the news or things like that, it helps with things like having my most loved ones happy and connected to the rest of my family/friends. I can’t thank you enough for that, even if this issue doesn’ get solved. But I’m not giving up.

Thanks again, any help would be highly appreciated 🙏

PS: I’m starting to really hate my carrier because of this. But my parents live in the middle of nowhere and they are my only option. And they don’t help at all, when I call them they don’t even know what a WAN port is. No point insisting on getting help there, I would gladly pay them for giving me a solid connection, but they don’t offer anything besides this 4G LTE plan at my parent’s location, and they simply don’t help me with these issues. I pay for an unlimited plan and that’s what I should get, this thing is just unethical to me. Just wanted to get that out of my chest.

PS 2: sorry for my English.
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1444
Location: Appalachian mountains, USA

PostPosted: Mon Jun 27, 2022 13:59    Post subject: Reply with quote
Greetings, friend. Stop worrying about your English. It's fine.

Now maybe relax a little. I don't know why you are so hooked on the TTL idea. If your carrier is using CGNAT, they are likely giving you a modem with keep-alive enabled so that your CGNAT IP mapping won't time out and cause you to have a midday IP change.

You shouldn't need their keep-alive if you are using your own in dd-wrt, and using your own would give you a reboot also in the unlikely case of a router issue. Have you considered following their lead and enabling dd-wrt's keep-alive feature in GUI > Administration > Keep Alive? I have mine ping three IP addresses (8.8.8.8 and 1.1.1.1 and a VPN server that is important to me) every 20m and reboot the router if all three pings fail, meaning that - in the language of a famous Emerald City munchkin - it's not just merely dead, it's truly most sincerely dead.

And if you need remote access to your parents' network restored quickly, you could certainly set up DDNS on their router like you do at home. (It's not perfect, as your remote wireguard client will likely fail to pick up the new DNS entry until you cycle the connection off/on.)

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1889

PostPosted: Mon Jun 27, 2022 14:29    Post subject: Reply with quote
Not a new topic:

Setting up Netgear Nighthawk MR1100 as a modem
DD-WRT router with LTE modem
Can't get WHR-G54S to use the internet from Netgear MR1100
Netgear Nighthawk M1 passthru to DDWRT
Re: Nighthawk M1 (MR1100) / DD-WRT Double NAT

_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
raulo1985
DD-WRT Novice


Joined: 21 Jun 2019
Posts: 26

PostPosted: Sat Jul 02, 2022 2:32    Post subject: Reply with quote
SurprisedItWorks wrote:
Greetings, friend. Stop worrying about your English. It's fine.

Now maybe relax a little. I don't know why you are so hooked on the TTL idea. If your carrier is using CGNAT, they are likely giving you a modem with keep-alive enabled so that your CGNAT IP mapping won't time out and cause you to have a midday IP change.

You shouldn't need their keep-alive if you are using your own in dd-wrt, and using your own would give you a reboot also in the unlikely case of a router issue. Have you considered following their lead and enabling dd-wrt's keep-alive feature in GUI > Administration > Keep Alive? I have mine ping three IP addresses (8.8.8.8 and 1.1.1.1 and a VPN server that is important to me) every 20m and reboot the router if all three pings fail, meaning that - in the language of a famous Emerald City munchkin - it's not just merely dead, it's truly most sincerely dead.

And if you need remote access to your parents' network restored quickly, you could certainly set up DDNS on their router like you do at home. (It's not perfect, as your remote wireguard client will likely fail to pick up the new DNS entry until you cycle the connection off/on.)


Hi, thanks for your reply (and sorry again for the long post. Just trying to give any info that could be useful).

Sadly I can’t count on the ISP for this, the whole purpose of what I want to achieve is them « seeing » my connection as a regular phone. They don’t offer a wireless 4G LTE plan for homes, and there’s no other carrier that gets to my parent’s house, neither by wire nor wirelessly. So asking for a modem most likely will end up with them not knowing what to do, or terminating the line. Some time ago I tried to ask for this, and the answer was “we don’t offer plans for that location”, being that the 4G signal is quite decent. They just aren’t willing to help.

This is becoming quite an issue because they were getting many disconnections per day, and if I use that SIM card on a regular phone, it gets a solid and fast connection. So my theory is that they are just blocking hotspots, and there’s no chance they’ll help me with… anything. What I did was purchasing a regular SIM card from them with an unlimited plan, a Netgear LM1200 4G LTE modem, and wanted to use it as the usually cabled modem connected to their R7000’s WAN port. Auto DHCP at WAN configuration at the R7000, with the modem on a different subnet (GUI IP 192.168.5.1, while their LAN network is 192.168.11…) and modem is bridged (with DHCP disabled, and APN is automatically configured when the SIM is in place).

The way I understand this, the modem is bridged so the R7000 gets the “public” CG-Nat IP. And it does, with this setup the R7000 shows a WAN IP in the 10… range, not a local one as if the modem was doing some NAT. In my head this should work and I left things that way last time I went there, but when I went there again last week they told me about this issue, and tbh it was very noticeable and made internet connection almost useless for them. But if technically everything should work, and works like a charm when the SIM is placed inside a regular phone, I started to research and found that many run into the same issue, and TTL was the main topic when trying to get past this. It could be something else (maybe MTU? I left it at default, maybe I should try with 1452 or something like that), it’s just that the behavior the network was showing was almost the same as many people were getting and that many solved by changing the outgoing ttl.

The ISP won’t give me a modem for this, they might as well terminate the line because I’m using a modem of my own. And they barely know what a WAN port is, support couldn’t be more useless, but I’m stuck with them since they are the only ones with decent coverage at my parents. So that’s my problem, I’m not trying to mess with advanced networking stuff if I don’t have to (I like to learn, but not by experimenting with my parents source of entertainment these days), but if it’s not a TTL issue (or perhaps MTU), I really don’t know what’s happening. That’s why I decided to get to you guys, I simply run out of ideas and things to try 😕

Little update (kinda bad news):

I’m not at my parent’s anymore, had to return to work. Since my initial issue was creating a VPN tunnel to get access to their network while being CG-Natted (no public IP, no ddns), my priority was to get there prepared to create that tunnel. I did my homework and I managed to create a working Wireguard tunnel (thanks to egc excellent guides) the first day I arrived. But I found out about the other issue (disconnections) and started to research. In my head I wasn’t that worried by then, because I noticed that every time the connection was lost, it came back with a router (R7000) reboot. The 4G modem doesn’t have and auto reboot feature, but every time the connection was lost, I didn’t have to reboot it, just the R7000 (or renewing the WAN IP). So worst case scenario (in my head) was not being able to solve the disconnections, and leaving auto reboot scheduled every day, and also the DD-WRT keep alive feature enabled with pings to 8.8.8.8 every 10 mins (and also the Wireguard persistent keep alive set to 20 at the R7000, so the tunnel could be established again if lost).

In other words, without knowing what was happening and if the cause was ttl or not, I assumed that at least at every WAN disconnection, the router would reboot, the WAN IP renewed, and the tunnel established again. I tested that setup for a couple of days (couldn’t stay longer) and even manually taking out the SIM card from the modem and placed it again to see if a total loss of internet indeed triggered a router reboot, and it did (and didn’t when the connection was up, as expected). I also created a cron script for the R7000 to ping 8.8.8.8 every 5 mins, because apparently the carrier drops connection if a device is “inactive”. So, while being there, at least my messy solution seemed to work regardless of disconnections, and if the connection dropped, the router rebooted and the connection and GUI access to the modem was restored. Not ideal, but it worked. The rest of the time I played with different ttls, but didn’t manage to solve that issue.

The bad news is that like three days after leaving my parent’s house, the connection dropped one more time, and then didn’t return. My parent’s aren’t at home now, and even if they were, they are not even able to power cycle the devices (for signal purposes, they are out of their reach, mostly because of their health issues). And they don’t have a notebook I can Teamviewer to, which isn’t useful anyway since there’s no internet now.

A bit of info that could be useful:

Yesterday there was a power outage there and part of their network is a Google Nest Wifi mesh, which keeps logs about the connection to the internet and I can look at it without them having a connection now. They told me the power was lost, came back, lost, etc like 5 times. I looked at the logs, and could notice that, since they lost the connection days ago, it returned for less than 5 mins during those power outages. So, I’m guessing a modem power cycle is indeed necessary at least to regain a working WAN IP (the R7000 is supposed to be rebooting itself everyday, and regardless of that the connection didn’t return not even a single time until the power outages), but the modem doesn’t have an auto reboot feature (and its keep alive feature is there only to ping a public IP so the carrier won’t go into sleep mode, not for rebooting).

But also, why did the connection return but lost after no more than 5 mins? Those power outages may have been useful to pinpoint what’s happening here, if it wasn’t for them, connection wouldn’t have been restored. The connection is still down and now they don’t have internet, only local networking (IP cameras while they are connected to the network, not from the outside). But at least I know now that it’s not that somehow the ISP terminated the line, otherwise the connection wouldn’t have returned during those outages.

To sum up:

I have a 4G LTE WAN port connected to a LAN port of an R7000 (latest BS firmware), modem is bridged, WAN at R7000 is auto dhcp, local dhcp server and dnsmasq disabled, different subnets for both devices, and when the connection is established I have a working Wireguard tunnel, so at least during those moments I can troubleshoot the R7000 through my own network (the server side of the tunnel). But disconnections persists and I’m almost positive it’s an ISP issue, most likely blocking hotspots. Doesn’t make sense to me if that’s not the cause, since it worked perfectly when the SIM was in my phone.

Sadly, I didn’t managed to solved it, and also returned with the sensation that at least at every disconnection the setup I made almost guaranteed a return of the WAN connection. Turns out I was wrong, and the only thing that seems to get the connection back (and for not longer than 5 mins) is power cycling the modem (which doesn’t have an auto reboot feature, let alone a real keep alive function that reboots the device if WAN is lost). I’m almost planning to buy a plug with a timer to force periodic power cycles of the modem, but since they were happening more than once a day, it wouldn’t be a good solution to have it reboot many times per day either.

Right now I can’t do very much, they don’t even have internet since a couple of days and only returned for useless minutes during power outages that rebooted the modem. I’m thinking about asking someone I know to go there with a notebook to troubleshoot this from here, but I need to have a working plan for that, he doesn’t live too close to my parent’s (but a lot closer than me).

That’s the situation. I’ve tried my best, but seem I’m not good enough and I’m still researching. I’m still not giving up on this thing, from my pov this should be fixable, otherwise the SIM wouldn’t work properly inside a phone there. There must be a way to make the carrier see my network as a phone, if that’s the issue (I’m not even sure about that anymore).

Quick questions:

1) When a modem is bridged, does it count as a hop for ttl? The firewall rules the R7000 has now set the ttl to 65, but perhaps that should be done when double natted (like tethering using the phone as router through usb). If the modem is bridged, should the ttl be set to 64 so the carrier sees it as a phone? Or even bridged the modem counts as a hop?

2) Could this be a MTU issue? The R7000 has its MTU left at default, and didn’t thought of playing with that setting while being there. I’ve read that ADSL uses 1492, and also read that LTE should use 1452 or less. Not sure if that’s right.

3) I could set the modem as router and have it assign a private IP to the WAN port of the R7000. I don’t like that kind of setup and tbh I don’t see how it could help, but do you think it’s an option? At least with the R7000 I have control over ttl of outgoing packets, with the LM1200 modem, I don’t have a clue.

Well, that’s my problem. It mutated from a VPN issue that’s already solved, to a (for now) useless WAN connection, with complete loss of internet as a result. I really don’t know why WAN connection is behaving like this, but since the setup seems to be ok on their router/modem side, the issue must be at ISP side. Which makes sense, considering the randomness of disconnections, and that the problem got worse all of a sudden without changing anything. It just got worse, till the point that now not even a router reboot and WAN IP renewal solves anything. TTL is what came to my mind because of this behavior and after all I was able to research, but clearly it could be tons of other things that I don’t know. I’m doing my best trying to learn, but I think it’s wise to ask for help when things don’t get solved after a decent amount of unsuccessful tries. Which is the case now 🤷🏻‍♂️

Anyway, what would you do in my situation? Like I said, I think I can get someone there (with almost no networking knowledge) with a notebook, but he doesn’t live that close and I don’t even have a plan this time. The only thing would be to try a ttl of 64 while keeping the modem bridged, to change the MTU to 1420-1452, and if that doesn’t work, try to set the modem as router and not bridged, to see if that helps.

Those are the only things I can think of right now, and if I was there I would try them all, but I don’t think I can travel again soon. And my parents don’t have internet now, that’s really an issue for them (and me) because internet had improved their quality of life a lot during these last years, I feel bad not being able to provide them with it, even though it should be technically possible without much trouble. Kinda frustrating, but I’m determined to solve this, so I’m sorry if all of this sounds like the sky is falling apart, but at least I want something as simple as Netflix available for my dad (he has a moving disability and loves movies. When he can’t watch them he gets a little depressed, I’m simply trying to paint a clear picture of why this is important to me).

Thanks again!
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Sat Jul 02, 2022 8:58    Post subject: Reply with quote
Remote access can be achieved via VNC or teamviewer for router management/troubleshooting if SSH remote management is problematic e.g. for fw upgrades and which can also be done both for keeping settings even after resetting nvram if necessary via easyddup.

DDNS would be needed if there is no fixed IP parents side.

You could also setup a router reboot during the night, plenty others have solutions for tracking VPN connections (via script) and doing this via some method or another.

It all comes down to planning, if you leave a physical location its all down to remote management in some way or another, without this its going to be a hell of a job.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Sat Jul 02, 2022 9:08    Post subject: Reply with quote
If you have 5 power outages shortly after each other the router will reset to defaults!

Unless you disable this, see administration/Bootfail handling

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1444
Location: Appalachian mountains, USA

PostPosted: Sat Jul 02, 2022 17:43    Post subject: Reply with quote
Thanks for patiently going through it all again. It happened to catch me at a less-harried moment today, so now I appreciate the complexity of your situation much better. I wish I had answers, but all I can offer at the moment is a few thoughts that might or might not be useful.

It certainly seems reasonable to experiment with a modestly lower MTU, something that seldom causes problems and occasionally miraculously solves them. My guess though is that you are right that it's an ISP issue instead.

I also noticed you said you got a 10... WAN IP, but do you mean 10.X.X.X, which is a private IP, or 100.X.X.X, which is common for CGNAT?

Don't be afraid to try it without bridge mode, so that the "modem" is also functioning as a router and assigning your R7000 a private IP on its own little network. These "double NAT" configurations in theory increase latency a touch - never noticeable to me - but it should not affect throughput, and those configurations tend to be simple and reliable. I have used them many times with zero issues. Two of my five production routers are set up that way (two daughters in shared apartments that already had routers).

Since you have a phone that gets a solid connection at your parents' place, have you looked into the "tethered" configuration, which would wire your R7000 to the phone, which would in turn act as a hotspot? There are threads in the forum about it. Maybe even a wiki. I've never tried it, but others certainly have. I believe that TTL is indeed one of the discussion topics in those threads.

I have experimented myself with TTL-setting firewall rules to try and fool a host system that my client-mode router was not a router at all but just a laptop or phone. I never got those questions of 64 vs 65 vs 66 quite sorted out either, but I tried every variation I could think of, and it never solved my connection problems. Maybe TTL was never the issue at all.

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
raulo1985
DD-WRT Novice


Joined: 21 Jun 2019
Posts: 26

PostPosted: Tue Jul 05, 2022 0:17    Post subject: Reply with quote
Hi there, and thank you all for taking the time to read those walls of text I wrote (and the one that I’m writing now). I guess it’s better that way instead of you trying to find out what the issue is, or having to ask for info I should provide from the start. But sorry, those are in fact really big walls 🤷🏻‍♂️

the-joker wrote:
Remote access can be achieved via VNC or teamviewer for router management/troubleshooting if SSH remote management is problematic e.g. for fw upgrades and which can also be done both for keeping settings even after resetting nvram if necessary via easyddup.

DDNS would be needed if there is no fixed IP parents side.

You could also setup a router reboot during the night, plenty others have solutions for tracking VPN connections (via script) and doing this via some method or another.

It all comes down to planning, if you leave a physical location its all down to remote management in some way or another, without this its going to be a hell of a job.


Yeah, having a device there to troubleshoot via Teamviewer would be nice, but sadly they don’t have one know. In the future I may build a small linux server, it would make things easier and also I can create a nice Plex movie library for my dad. But it won’t be a solution for some time now.

And the whole purpose of learning about and creating a Wireguard VPN tunnel (long story, in another thread) was in fact having direct access to their devices (mainly IP cameras) and router, since they don’t have a public IP. Not a chance to get past that, the ISP won’t give us a fixed or dynamic IP, so DDNS is out of the picture. My parent’s real public IP is shared with other users, CG-NAT style, so the only way I could come up with to be able to remotely troubleshoot is creating a VPN tunnel. Just wasn’t counting on this new issue, a VPN tunnel won’t do much good if they don’t have internet access 🤦🏻‍♂️

In other words, I really don’t need the tunnel that much (although it’s nice to connect directly to the IPs of the IP cameras instead on relying on a cloud service), but since remote access is not possible without having a real public IP, the tunnel was the way to go. If it wasn’t for that, perhaps I wouldn’t even create that tunnel. But now, with that tunnel correctly set for its intended purposes which was troubleshooting, I can’t even use it to troubleshoot because they don’t have internet 🤦🏻‍♂️

Oh, and as stated in my previous posts, the router is set to auto reboot everyday at 5 AM. I left it that way thinking that the connection issues were fixed as soon as the router tried to renew the WAN IP at rebooting. Because of that, I also enabled the keep alive feature, so it reboots when it doesn’t get a response from three public IPs (8.8.8.8, 8.8.4.4 and 4.2.2.1). I tested that feature when I was there by taking out the SIM card, and the R7000 did in fact reboot until I inserted the SIM again and internet returned. Because of that most likely their R7000 is on a permanent reboot loop now, since internet doesn’t seem to want to return and it must be pinging as if there’s no tomorrow, with nobody listening (kinda sad if you think about that poor lonely R7000).
And I also used the watchdog daemon and persistent keepalive feature at Wireguard, so if the client (my parent’s R7000) lost the tunnel connection, it would quickly come back.

As you can see, I took the measures I could think of to try to maintain a solid internet and tunnel connection, so it seems that this issue is at the ISP side, most likely blocking me because they see me as a hotspot. The thing is, I’ve done everything I’ve read, and they still seem to be treating my network as a hotspot (or maybe the issue is a completely different thing, but I don’t have another explanation so far). I’m positive the SIM works as expected when used in a phone, so what I’m trying to do is making my parent’s R7000 look like a phone 🤷🏻‍♂️. Seems easier said than done, apparently.

egc wrote:
If you have 5 power outages shortly after each other the router will reset to defaults!

Unless you disable this, see administration/Bootfail handling


Hey man, first of all, thanks a lot for all the help you gave me while creating the VPN tunnel (and for those great guides you wrote). Your help was just what I needed to go in the right direction. I managed to create a working Wireguard tunnel and was able (at least when they had internet) to access every device from my own network. It just worked like a site-to-site set up, with the added value of Wireguard’s speed. Again, thank you very much for that 👍
I may posts the details in the other thread regarding that so I won’t go off topic here, and I’ll also make another donation to the project (because why not), support is top notch here and that alone deserves some retribution. Really grateful for all the help received 🙂

Back on topic. I’m fairly positive the router didn’t reset to its defaults (I could be wrong, though). First, the IP I set for the router was 192.168.11.1, so if it went to defaults I shouldn’t have had a short reconnection after the outages. The Google Nest Wifi got a working connection for like 5 mins after the power outages, and its WAN port is connected to a LAN port of the R7000, with a static IP (192.168.11.180, with gateway 192.168.11.1). I doubt the Google Nest would also have gone to its defaults, so if the R7000 went to defaults the Google Nest wouldn’t have had access to a gateway that is no longer in the subnet it’s set to connect (DD-WRT default gateway is 192.168.1.1, not 192.168.11.1).
In short, I got little gasps of life from the Google Nest the day after the outages, and if the R7000 would have gone to defaults the Google Nest would have been trying to connect to a non existent gateway (192.168.11.1), so those little signs of life wouldn’t have happened. Perhaps those outages weren’t that close to each other (they surely were more than five though, but during the whole night).

But I won’t discard that possibility. The best thing I can think of to make sure about that is asking someone I know to go near my house and check with his phone if my SSID is still up (and not the default dd-wrt SSID). If the SSID I set is up, I guess it would be a clear sign that the router is still working with the settings I set. Just an idea.

BTW, never messed with the bootfail handling feature. I’ll look into that, thanks for pointing that out.

SurprisedItWorks wrote:
It certainly seems reasonable to experiment with a modestly lower MTU, something that seldom causes problems and occasionally miraculously solves them. My guess though is that you are right that it's an ISP issue instead.


Thanks for taking the time to read the whole thing, and yeah, it appears to be more complicated that at first sight.

MTU is one of the settings I didn’t play with while I was there (foolish thing, but the issue presented a lot more after I came back home). I really should have tried a lower value.
But at least it seems like another thing to try, so what value do you think would be correct/safe considering it’s a 4G LTE connection? I’ve read values of 1492, 1452, 1420, etc, and I don’t really know if there’s a specific recommended value for a 4G connection or if that’s something I have to find by trial and error. But changing the MTU value seems like the next step trying to fix this thing.

SurprisedItWorks wrote:
I also noticed you said you got a 10... WAN IP, but do you mean 10.X.X.X, which is a private IP, or 100.X.X.X, which is common for CGNAT?


Yeah, that’s something I noticed too (it wasn’t a typo), but I guess it’s right after all. 10.X.X.X are supposed to be reserved for private networks, but I’ve read more than once that some carriers give you that kind of IP because your WAN connection is made directly to one of their private internal routers. I can confirm that, when I used the 4G LTE as router (with the correct APN configured), the “public” IP it got was in that range (10…), and when set to bridged, the R7000 got the same type of WAN IP. I guess it’s just part of the internal ISP routing to get you to the outside while saving IPv4 addresses.
And also, my personal smartphone has a SIM card from a different ISP here, but when I’m not connected to wifi I can see with the Net Analyzer app that the “public” IP my ISP assigns me is in the 10.X.X.X range too. And that’s a direct, regular and ordinary 4G connection from an IPhone directly to the ISP, no personal router involved. I guess ISPs here do a lot of internal routing, with users connecting to routers on their side that just happen to have private IPs.

SurprisedItWorks wrote:
Don't be afraid to try it without bridge mode, so that the "modem" is also functioning as a router and assigning your R7000 a private IP on its own little network. These "double NAT" configurations in theory increase latency a touch - never noticeable to me - but it should not affect throughput, and those configurations tend to be simple and reliable. I have used them many times with zero issues. Two of my five production routers are set up that way (two daughters in shared apartments that already had routers).


I’m not really afraid nor have anything against double natting tbh, I even have more than one network set up that way (at my job for example, I decided to double NAT there and zero problems so far). About latency, I don’t think that would be an issue (we don’t use things that require low latencies, like gaming), and throughout, while it worked, was pretty decent for what we need. The issue, sadly, is the still unusable internet as a whole, connection hasn’t come back since my last post. And apparently, if restored because of some random modem power cycle (like with the outages), and with the current set up, it keeps the WAN connection up for like 5 mins tops before is dropped for good again. It doesn’t even give you enough time to try to troubleshoot 😕

I wanted to make a bridged configuration mainly because of three reasons (maybe I’m wrong about the three of them):

- I always prefer a DD-WRT flashed device to do the NAT job. Idk, I guess it’s a trust thing, I tend to think that the Natting modems do is prone to disconnections or unstable behavior. As long as DD-WRT can be in charge of Natting (and firewall), I always prefer going that route.
- Since I’m trying to make the ISP see me as a phone connected to their gateway, seems like I have more options/features with DD-WRT than with the modem’s firmware. I really don’t know which TTL the modem is using when it sends packets to the ISP, nor the MTU, and I can’t tweak those values. With DD-WRT I have more control over them.
- Besides, considering what I mentioned, if the ISP receives packets from the R7000 and the TTL (and perhaps MTU) is what they’re expecting, why this shouldn’t work? What would make DD-WRT look different to them than a phone if they only see packets with a phone TTL and all the Natting is done outside of their sight? I’m surely missing something, but clearly I don’t know what.

I’m not against trying to solve this by setting the modem as router (on a side note, I think I tried it once the last time I was there and got disconnections too. Not 100% sure about that, though), it’s just that a bridged set up seemed cleaner, and I even expected to have less connectivity issues than with the modem doing the routing stuff, since I don’t have control over almost anything there. The Netgear firmware of the LM1200 is really lacking features, I would even thank an auto reboot feature, or a keep alive feature that reboots the modem when it doesn’t get a ping response from a public IP. None of those features are present (and they wouldn’t be very useful in my case anyway, the last WAN connections didn’t last for more than 5 mins. The modem can’t be rebooting that often, nor should it).

Next time I go there I’ll try this way too (modem set as router, with a double NAT set up), but from a theoretical point of view a bridged set up with a correct TTL and MTU, at least in my head, should work. I obviously don’t understand why it doesn’t and haven’t managed to solve it yet, but not for a lack of trying as you can see 🤷🏻‍♂️

SurprisedItWorks wrote:
Since you have a phone that gets a solid connection at your parents' place, have you looked into the "tethered" configuration, which would wire your R7000 to the phone, which would in turn act as a hotspot? There are threads in the forum about it. Maybe even a wiki. I've never tried it, but others certainly have. I believe that TTL is indeed one of the discussion topics in those threads.


Yeah, I’ve read those guides/wiki (a lot), I really lost count of all the sources from where I’ve read before asking here tbh (sometimes getting to like the 10th page of a Google search 😫). In fact, there’s a lot more info online for tethering through usb using a phone than with a WAN connection when it comes to 4G LTE. And I’ve already tried all those guides suggestions, with no success so far.

Question regarding tethering / TTL:

I have a question on this regard, though. When tethering, is the phone acting like a router, receiving the “public” IP and doing some NAT so the router receives a private IP? Kind of like a not bridged modem? Or does it work like a bridged modem and the public IP is received by the router?

I mainly ask this because I’m trying to understand the TTL thing a little better. All those guides include setting an outgoing TTL of 65 at the router’s WAN interface, so I guess the phone counts as a hop (so the carrier receives a TTL of 64. I’m just guessing, but sounds logical to me). What happens with bridged (and not bridged) modems? When using a bridged set up, should I set the TTL to 64 because the bridged modem doesn’t count as a hop, and set it to 65 if using a non bridged set up (usb tethering style)? Or does the modem always count as a hop, regardless of being set as router or modem? In other words, could it be a part of the problem that I set the outgoing TTL to 65 and having the modem bridged?

And while talking about it, quick question. When I set the TTL rule and run the check command I can see that the rule is applied to the vlan2 interface. I understand that for the R7000 that corresponds to the WAN interface, right? I ask this because I’ve seen posted the same rule many times, but with eth0 (which I understand is the physical network interface) instead of vlan2. Should I try those firewall rules with eth0 instead of wan?

And I agree, TTL maybe just a part (or not a part at all) of the problem. It’s just that the behavior I’m seeing is almost the same as all the people that’s talking about TTL online, and most of them managed to get past these issues by simply setting the router outgoing TTL to 65. It didn’t work in my case, but perhaps after tweaking the MTU things will get better. Who knows, but at least to me it seems like TTL is playing some role 🤷🏻‍♂️

Perhaps on a more basic level, I know that my Iphone has a default TTL of 64 (if TTL is the problem) and there’s never been an issue with these SIM cards. So there must be something at router or modem level that the ISP is detecting and messing with my connection because of that. Somehow, apparently the ISP is still seeing the modem as a hotspot, and haven’t being able to get past that yet (I just hope they don’t blacklist IMEIs. If that’s the case, I guess that’s a problem I can’t solve).

That’s my theory, though, the issue could be something completely different that I haven’t even thought about. So, any ideas would be greatly appreciated 🙂

Thanks for reading again!

PS: another thing I may try is to clone an unused phone’s WAN MAC at the R7000 WAN port. Idk if it’ll do any good, it’s just another thing I can try to make my parent’s R7000 look like a phone. After all, that’s the main goal, it seems.
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Tue Jul 05, 2022 15:26    Post subject: Reply with quote
raulo1985 wrote:
the ISP won’t give us a fixed or dynamic IP, so DDNS is out of the picture. My parent’s real public IP is shared with other users, CG-NAT style,


Sorry walls of text, TMI, brain overload. Smile

So wait what when where? You ISP wont give you a static IP or dynamic IP? what?

DDNS works fine with dynamic shared IP's in fact that's what its for, you dont need fixed IP's, what happens is when you sign up for a DDNS service (You need the current IP) and then enter that on the relevant DD-WRT page, even with a shared IP, the DDNS service you setup is connected to what settings you enter in DDNS -- DD-WRT side.

So it knows where to redirect traffic, it needs a user name/password to connect to the DDNS service and using the given domain you can choose, it makes mince of the rest.

The dynamic IP usually only changes (for whoever uses shared IP's) when the WAN MAC address of the device connected changes, and then you move to a different public shared IP. I force this change with all my previous/current ISP, sod them, they dont need to monitor my traffic reliably, if they monitor it at all, they have to work for it.

I use to run FTP servers WAN facing via DDNS and my IP's have always only been shared IP's in a pool of users.

Your ISP uses CG-NAT because they have a limited IP block and doesn't matter you can wack a great deal of users in one single IP with no issues whatsoever.

So your claim is somewhat perplexing, it should work and DD-WRT supports many different and even custom DDNS providers, that is key, choosing the right one, especially if its free as in free beer.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14102
Location: Texas, USA

PostPosted: Tue Jul 05, 2022 15:32    Post subject: Reply with quote
DDNS doesn't work for CG-NAT. The WAN IP is a CG-NAT private subnet IP that is non-routable for any purpose of hosting web, email, or vpn server or using DDNS.

https://forums.tomshardware.com/threads/do-ddns-services-work-through-cgnat.3696849/

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1444
Location: Appalachian mountains, USA

PostPosted: Tue Jul 05, 2022 22:41    Post subject: Reply with quote
Interesting wall of text actually.

On MTU, if you are running a wireguard tunnel on the device in question, try lowering the router MTU and the wireguard MTU by the same increment, and aim to put the smaller of them (wireguard, should be) at 1300. That's really low, but workable. If that actually works, you can work your way back up.

If your config is reset, you'll see SSID DDWRT (IIRC) and a GUI at 192.168.1.1. If you get a response at 192.168.11.1, you have not been reset.

TTL: I have no idea what counts as a hop, unfortunately. That hop-counting business is what defeated me in my similar situations in the past. I have no tethering experience, but I wonder whether maybe in the phone it shares code with the hotspot feature, which would do NAT so that multiple clients could connect. So maybe it is a little router indeed. But maybe the tethering feature in particular puts the little router in bridge mode! Who knows?

Now you deserve a smile after all this, so go look up the English word "retribution." Your English seems generally as good as ours, but in a second/third/whatever language, vocabulary is going to create interesting moments for just about anyone. Some years ago I used scilab, a free alternative to matlab, for awhile, and once I mangled an assignment statement somehow and got the message "Illegal assignation." While you're looking, look up "assignation." I told the scilab people, in France, about it, and they were sufficiently amused that they decided to keep the message unchanged.

Unfortunately, it seems to me the real answer to your technical dilemma is likely to be that your ISP is terrible and that there's no way around that. If I had that lousy deal here, I'd be looking into satellite internet, even though that can be pretty awful also. One of my daughters rented a place with satellite internet while on a temporary work assignment (Covid nursing) in a rural area, and her download speeds were modest numbers of kbps, not Mbps. But decent installation matters, and I'm sure you'd cover that appropriately.

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Wed Jul 06, 2022 9:19    Post subject: Reply with quote
For sure indeed look at a different service, starlink is one such but IMO too overpriced since they are so clever and this is why the man behind it is a multi billionaire. Making customers pay for 50% of the infrastructure (not counting the terrestrial equipment ISP side) and the service ontop of that is a great business model, not so great for the customers who need to fork out a hefty amount for the equipment.

But it could also be a shared service hidden from the provider where two neighbors have the same problem and the solution would be to share costs an find a way to share the service, cof.

Wireless Internet is not terrible either (via a ubiquity Litebeam AC gen2), I have it since I live in the middle of nowhere city and fibre is far away and ADSL would be slow as hell given the distance to the cabinet. I can get up to 400/400 symmetric, we did that test on the install day, but the price is too much so I went with a more modest package 100/10 still quite expensive.

I have a public IP and share it with quite a few others, I'm happy with that and DDNS is a possibility, the ISP tried selling me a static IP but I declined, its a rip off to me and not needed for running servers WAN facing.

You could also try to get your ISP to setup port forwarding on the modem whatever so DDNS would work over CG-NAT, or tell them otherwise you gonna go elsewhere for your WAN access needs.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum