WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

netmask for wan over mobile (ppp) - no ACK packets

0 votes
155 views 2 comments
by anonymous

We have more than 1000 devices with RUT230/240 with only 2 versions legacy firmware (Only 00.01.05.1 and 00.01.11.3, 00.01.14.6 is actually in testing). Main WAN connection is over ppp from T-mobile and all SIM cards is in APN (without internet access!). Actually we have problem with WAN netmask, because sometimes TCP packets not routed back.

I have not use WEB GUI for confoguration, because it not work over 2G on existing devices and manufacturing must using only bash scripts and uci (faster than WEB GUI).


APN have IP range 172.17.0.1/16 and internel LAN network with static IP 192.168.1.90/24 + DMZ IP 192.168.1.199 (server). APN from T-mobile have not any blocking firewall.

I tested TCP connectons over netcast between two routers with the same configuration with older FW 00.01.11.3 and with newer FW 00.01.14.6 too to DMZ device on second router.

Problem is netmask on WAN. In WEB GUI Status/NETWORK/WAN is still netmask 255.255.255.255, but there must be only 255.255.0.0 (/16)
 

1 Answer

0 votes
by anonymous

So my testing:

client - RUT240 mobile data with IP 172.17.2.51

server router - RUT240 mobile data with IP 172.17.2.55, static LAN IP 192.168.1.90/24 and DMZ IP 192.168.1.199

server in LAN - 192.168.1.199

client - 172.17.2.51

root@RUT240-satturn:~# netcat 172.17.2.55 10000

a

b

c

^C

root@RUT240-satturn:~# tcpdump -i wwan0 port 10000

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on wwan0, link-type EN10MB (Ethernet), capture size 262144 bytes

02:00:55.788743 IP 172.17.2.51.48209 > 172.17.2.55.10000: Flags [S], seq 3567746213, win 29200, options [mss 1460,sackOK,TS val 689427 ecr 0,nop,wscale 8], length 0

02:00:56.787582 IP 172.17.2.51.48209 > 172.17.2.55.10000: Flags [S], seq 3567746213, win 29200, options [mss 1460,sackOK,TS val 689527 ecr 0,nop,wscale 8], length 0

02:00:58.787554 IP 172.17.2.51.48209 > 172.17.2.55.10000: Flags [S], seq 3567746213, win 29200, options [mss 1460,sackOK,TS val 689727 ecr 0,nop,wscale 8], length 0

^C

3 packets captured

3 packets received by filter

0 packets dropped by kernel

server router - 172.17.2.55

root@RUT240-satturn:~# tcpdump -i wwan0 port 10000

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on wwan0, link-type EN10MB (Ethernet), capture size 262144 bytes

10:33:25.790704 IP 172.17.2.51.48209 > 172.17.2.55.10000: Flags [S], seq 3567746213, win 29200, options [mss 1344,sackOK,TS val 689427 ecr 0,nop,wscale 8], length 0

10:33:26.514831 IP 172.17.2.51.48209 > 172.17.2.55.10000: Flags [S], seq 3567746213, win 29200, options [mss 1344,sackOK,TS val 689527 ecr 0,nop,wscale 8], length 0

10:33:28.435206 IP 172.17.2.51.48209 > 172.17.2.55.10000: Flags [S], seq 3567746213, win 29200, options [mss 1344,sackOK,TS val 689727 ecr 0,nop,wscale 8], length 0

^C

3 packets captured

3 packets received by filter

0 packets dropped by kernel

server in LAN - 192.168.1.199

matlala@nas-htpc ~ $ netcat -l 10000

^C

matlala@nas-htpc ~ $ sudo tcpdump -i eth0 port 10000 -n

tcpdump: verbose output suppressed, use -v[v]... for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

10:33:25.913653 IP 172.17.2.51.48209 > 192.168.1.199.10000: Flags [S], seq 3567746213, win 29200, options [mss 1344,sackOK,TS val 689427 ecr 0,nop,wscale 8], length 0

10:33:26.637700 IP 172.17.2.51.48209 > 192.168.1.199.10000: Flags [S], seq 3567746213, win 29200, options [mss 1344,sackOK,TS val 689527 ecr 0,nop,wscale 8], length 0

10:33:28.558179 IP 172.17.2.51.48209 > 192.168.1.199.10000: Flags [S], seq 3567746213, win 29200, options [mss 1344,sackOK,TS val 689727 ecr 0,nop,wscale 8], length 0

^C

3 packets captured

3 packets received by filter

0 packets dropped by kernel

by anonymous

Configuration:

client - 172.17.2.51

root@RUT240-satturn:~# cat /etc/config/network 

config interface 'wan'

option proto 'none'

option ifname 'wwan0'

option enabled '1'

config interface 'wan2'

option disabled '1'

option proto 'dhcp'

option ifname 'eth1'

option enabled '0'

config interface 'wan3'

option proto 'dhcp'

option ifname 'wlan0'

option enabled '0'

option disabled '1'

config interface 'loopback'

option ifname 'lo'

option proto 'static'

option ipaddr '127.0.0.1'

option netmask '255.0.0.0'

config interface 'lan'

option type 'bridge'

option proto 'static'

option netmask '255.255.255.0'

option ip6assign '60'

option ipaddr '192.168.0.12'

option ifname 'eth0 tap0 eth1'

config switch

option name 'switch0'

option reset '1'

option enable_vlan '1'

config switch_vlan

option device 'switch0'

option vlan '1'

option vid '1'

option ports '0 2 3 4'

config route

option interface 'wan'

option table 'wan'

option target '0.0.0.0'

option netmask '0.0.0.0'

config route

option interface 'wan2'

option table 'wan2'

option target '0.0.0.0'

option netmask '0.0.0.0'

config route

option interface 'wan3'

option table 'wan3'

option target '0.0.0.0'

option netmask '0.0.0.0'

config interface 'ppp'

option enabled '1'

option cid '1'

option ifname 'wwan0'

option auth_mode 'none'

option proto 'qmi2'

option service 'auto'

option device '/dev/cdc-wdm0'

option dialnumber '*99#'

option pppd_options 'noipdefault'

option pdptype '1'

option backup '0'

option peerdns '1'

option method 'nat'

option mtu '1500'

option apn 'apn02.domain.cz'

option pincode '1234'

config globals 'globals'

config interface 'tun'

config interface 'eth1v6'

config interface 'wwan0v6'

option metric '10'

config interface 'wlan0v6'

config interface 'stabridge'

option enabled '0'

server router - 172.17.2.55

root@RUT240-satturn:~# cat /etc/config/network 

config interface 'wan'

option proto 'none'

option ifname 'wwan0'

option enabled '1'

config interface 'wan2'

option disabled '1'

option proto 'dhcp'

option ifname 'eth1'

option enabled '0'

config interface 'wan3'

option proto 'dhcp'

option ifname 'wlan0'

option enabled '0'

option disabled '1'

config interface 'loopback'

option ifname 'lo'

option proto 'static'

option ipaddr '127.0.0.1'

option netmask '255.0.0.0'

config interface 'lan'

option type 'bridge'

option proto 'static'

option netmask '255.255.255.0'

option ip6assign '60'

option ipaddr '192.168.1.90'

option ifname 'eth0 tap0 eth1'

config switch

option name 'switch0'

option reset '1'

option enable_vlan '1'

config switch_vlan

option device 'switch0'

option vlan '1'

option vid '1'

option ports '0 2 3 4'

config route

option table 'wan'

option target '0.0.0.0'

option netmask '0.0.0.0'

option interface 'wan2'

config route

option interface 'wan2'

option table 'wan2'

option target '0.0.0.0'

option netmask '0.0.0.0'

config route

option interface 'wan3'

option table 'wan3'

option target '0.0.0.0'

option netmask '0.0.0.0'

config interface 'ppp'

option enabled '1'

option cid '1'

option ifname 'wwan0'

option auth_mode 'none'

option proto 'qmi2'

option service 'auto'

option device '/dev/cdc-wdm0'

option dialnumber '*99#'

option pppd_options 'noipdefault'

option pdptype '1'

option backup '0'

option peerdns '1'

option method 'nat'

option mtu '1500'

option apn 'apn02.domain.cz'

option pincode '1234'

config globals 'globals'

config interface 'tun'

config interface 'eth1v6'

config interface 'wwan0v6'

option metric '10'

config interface 'wlan0v6'

config interface 'stabridge'

option enabled '0'

config redirect

option target 'DNAT'

option src 'wan'

option dest 'lan'

option proto 'tcp udp'

option src_dport '1-65535'

option dest_ip '192.168.1.199'

option dest_port '1-65535'

option name 'DMZ'

by anonymous

For comparation, netcast in local network between  2 computers must have this scenario:

#server - 1st terminal IP 10.10.10.123

michal@lenovo-tb15:~$ netcat -l 10000

ahoj

^C

#server - 2nd terminal IP 10.10.10.123

michal@lenovo-tb15:~$ sudo tcpdump -i wlan0 port 10000 -n

tcpdump: verbose output suppressed, use -v[v]... for full protocol decode

listening on wlan0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

10:05:40.336158 IP 10.10.10.8.46726 > 10.10.10.123.10000: Flags [S], seq 2258953928, win 64240, options [mss 1460,sackOK,TS val 1846504256 ecr 0,nop,wscale 7], length 0

10:05:40.336184 IP 10.10.10.123.10000 > 10.10.10.8.46726: Flags [S.], seq 1606394176, ack 2258953929, win 65160, options [mss 1460,sackOK,TS val 3896546805 ecr 1846504256,nop,wscale 7], length 0

10:05:40.352169 IP 10.10.10.8.46726 > 10.10.10.123.10000: Flags [.], ack 1, win 502, options [nop,nop,TS val 1846504365 ecr 3896546805], length 0

10:05:42.401376 IP 10.10.10.8.46726 > 10.10.10.123.10000: Flags [P.], seq 1:6, ack 1, win 502, options [nop,nop,TS val 1846506412 ecr 3896546805], length 5

10:05:42.401413 IP 10.10.10.123.10000 > 10.10.10.8.46726: Flags [.], ack 6, win 510, options [nop,nop,TS val 3896548870 ecr 1846506412], length 0

^C

5 packets captured

7 packets received by filter

0 packets dropped by kernel

#client  IP 10.10.10.8

petrm@pc8:~$ netcat 10.10.10.123 10000

ahoj

^C