Kitz Forum

Broadband Related => Broadband Hardware => Topic started by: IBeAdam on December 29, 2020, 09:47:53 AM

Title: UniFi USG to Pfsense appliance for Huawei 4G modem
Post by: IBeAdam on December 29, 2020, 09:47:53 AM

Hi all,

Some of might remember a few months ago i migrated from a slow and unreliable FTTC connection to solely 4G using a Huawei B535 in to an Unifi USG. Also using the L2TP service from AAISP to bypass CGNAT and give me a fixed IP. It’s been fast, reliable and cheaper!

However, I’m having problems exposing ports of internal devices. B535 is used for the AAISP VPN client and has DMZ set to the WAN interface IP of the USG. USG does the port forwarding etc. This setup worked great with my old router.

Except it isn't working!

Difficult to fault trace on the B535 as logs and tools are limited. After monitoring port traffic on the USG I believe the packets are not being forwarded to the USG.

I therefore believe the B535 does not forward VPN traffic, either by design or a bug. Clearly i need the VPN otherwise no external IP.

If i put the B535 in bridge mode that should work. Except bridge mode disables the VPN. So run that on the USG, except the USG doesn’t support L2TP client! Catch 22!

I understand pfsense would allow the B535 to be placed in bridge mode and for it to initiate the VPN as required. So, thinking of replacing the USG with a Netgate SG-1100.

Anyone use something similar in this configuration?

Title: Re: UniFi USG to Pfsense appliance for Huawei 4G modem
Post by: Alex Atkin UK on December 29, 2020, 05:42:58 PM

Yes, port forwarding a VPN in pfSense is no different to any other WAN.  I have multiple WANs using port forwarding and it just works.

I will admit I haven't used L2TP but I don't see it likely it would pose a problem.

Title: Re: UniFi USG to Pfsense appliance for Huawei 4G modem
Post by: IBeAdam on February 04, 2021, 08:16:19 PM

Forgot to update this, always hate it when people don’t!

I dug out an old hp microserver and tried a number of solutions - pfsense, opnsense, untangle and sophos.

Finally settled on opnsense, which has been working beautifully for a couple of months now. Huawei in bridge mode. Opnsense handling vpn client. Fixed IP. All great.

Still surprised ubiquity doesn’t support such basic functionality.

Now that I’ve been forced to dump the USG I’m not inclined to add any of their switches and will probably move to another make for access points in the future.