10887 questions

12975 answers

20228 comments

26223 members

0 votes
169 views 5 comments
by

I have a dozen of RUT240s (4G mobile connection) in combination with SenseCAP M1 miners (Helium). 

Every day some of the miners go from NAT: none to NAT: symmetric & even restricted sometimes. Is there a fix for this? (tried to reboot the miners and yes they usually go back to NAT: none but a day after might return to NAT: symmetric). Everything set up correctly: mobile as main wan, static dhcp lease, port forwarding TCP 44158... Is there something extra that needs to be done, a checkbox somewhere that needs to be unchecked or checked or...?

Any help would be appreciated - A LOT!

by
Can someone experienced from Teltronika please answer? 14 RUT240s are not a small deal & it's been 100 hours of silence...

2 Answers

0 votes
by

Hello,

Some Helium miner users have faced this issue before and while I'm not sure what exactly may be causing this to happen (issue seems to be inconsistent, some users are facing it with this configuration while others are fine), I've seen some miner owners suggesting to use a full-tunnel VPN instead of split-tunnel for the VPN solution. Could you please try to do the following:

  1. Login to the router via CLI (either using built-in WebUI CLI at System > CLI or using third party SSH client, such as PuTTY). When logging in via CLI, enter username "root" and password "WebUI password" (without quotation marks).
  2. Run the commands provided below. Please note - you must change <peer_interface> with the actual name of peer interface and <main_wg_interface> with the name of your actual WireGuard interface. 

uci del network.<peer_interface>.allowed_ips 

uci add_list network.<peer_interface>.allowed_ips='0.0.0.0/1' 

uci add_list network.<peer_interface>.allowed_ips='128.0.0.0/1'

uci add_list network.<main_wg_interface>.dns='1.1.1.1'

uci add_list network.<main_wg_interface>.dns='8.8.8.8'

uci commit

reload_config && sleep 5 && /etc/init.d/network restart

Note - if you do not know the names of your interfaces, verify via WebUI, at WG settings (Services > VPN > WireGuard). The <main_wg_interface> will be named as the "Tunnel name" field in WebUI (example below):

The <peer_interface> will be named according to the "Peer name" field in WebUI (edit main WG interface to see it):

With this change, any traffic originating from the router will be routed through the WG tunnel (full-tunnel configuration). I've included 1.1.1.1 and 8.8.8.8 as the DNS servers, you may change these DNS servers to your preferred ones if needed.

Please let me know if this work since it may be needed to add a note in the guide for those who are facing the relayed issues. If it doesn't work, please inform me as well, an issue may be somewhere else. 

Also, after applying this configuration, please verify whether you have internet connectivity and if the port forward is working as intended.

Best regards,

Tomas.

by

Hi Thomas, I really appreciate the effort and thank you for the guidance, but I think we're on different setups. I'm not using Wireguard...

Specifically, if you are referring to the guide https://wiki.teltonika-networks.com/view/Providing_connectivity_for_Helium_miners_using_the_RUT240, I'm then reffering to the Scenario #1 (port forwarding with public IP address) and not Scenario #2 (passthrough) or #3 (private WAN ip i.e. Linode + Wireguard). 

Do you perhaps have a recommendation for that scenario?

by

Regarding this scenario in particular - there is not much that can be done from your end as far as I know (at least with Teltonika router). Just to be clear - when using the first two methods correctly, an issue will never be related to Teltonika device. Our devices only provide internet connectivity and as long as either port forward or passthrough is configured correctly and port forward shows up as "Open" (when verifying), there is nothing else that can be done specifically from our end.

The only time an issue may arise (from what I've seen online) is when using port forward over VPS, but it doesn't seem to like the issue is set in stone either since for some people the port forward (over VPN tunnel) works while using split-tunnel and others have reported requiring full-tunnel VPN configuration. Either way, it is unrelated to your case. 

If you're having troubles with your miner, I would highly recommend reaching out to the manufacturer or trying to find some diagnostic resources from online forums and Helium Discord.

by
Thank you @tomaspr! Figured as much but needed confirmation. Unfortunately, one rarely finds concrete information on discord or from manufactures as they tend to generally dodge & avoid admitting fault.
0 votes
by
How are you getting the static ip on your wan side?  VPN or carrier ordered?
by

Neither. I went with Scenario #1 on all of mine. Follow the guide: https://wiki.teltonika-networks.com/view/Providing_connectivity_for_Helium_miners_using_the_RUT240