Looking for a little assistance in setting up a gateway behind a modem that doesn't have bridge mode. Probably less of an issue with ClearOS itself and more of an issue with how I've got things set up.
I'm running a re-purposed PC with three NICs:
eth0 - 'WAN'
eth1 - LAN 1 - private
eth2 - LAN 2 - used for guests, friends, family, etc.
I started used ClearOS several years ago to deal with a tenant who took advantage of my generosity with Internet access. I've grown to love the software, and have three servers running at different locations. I use ClearOS to do all of the network control (DHCP, firewall, VPN, bandwidth management, etc.) and to split the incoming broadband connection into two: one for me and my stuff (NAS, PC, etc.) and one for everyone else. Basically a fancy 'guest network' that allows access to the Internet without exposing my equipment.
I'm running into difficulty with my latest installation that uses an LTE cellular modem for the WAN - a Huawei B882 specifically. This is a rural location, and there's really no other option for high-speed Internet. The 700 MHz LTE modem works well, however it can't be put into bridge mode. I can turn DCHP off on it, but I still have to assign it an IP address.
Here's what I did:
Assigned the modem an IP of 10.10.10.1 using the internal setup, and eth0 an IP of 10.10.10.2 in ClearOS.
eth1 (for LAN 1) is 172.16.200.1. This NIC runs to a switch and then to a few APs to allow several devices to connect.
eth2 (for the 'guest LAN) is 192.168.200.1. This NIC runs to one AP that any guests or friends can connect to.
The problem I'm having is inconsistent access to the Internet from the desktop PCs (on LAN 1), and difficulty accessing some of the devices on the network remotely. For the first point, it seems like one PC will have Internet access, and the other won't. Then a while later, the second PC will be able to surf websites while the first one shows 'no access'.
On the second point, I can log into the VPN, but I can only get as far as the ClearOS box. I can log into the web interface (using the 172.16.200.1 address), so I know I'm running through the VPN. I can't access any device further down the line however. I tried to access one of the access points and couldn't. I couldn't even ping anything else on the network. I can see that the devices are all there, as they're showing on the network map.
Wondering if anyone has any advice they can throw my way, or if anyone can share their experiences with the B882 modem.
Thanks much!
Bill
I'm running a re-purposed PC with three NICs:
eth0 - 'WAN'
eth1 - LAN 1 - private
eth2 - LAN 2 - used for guests, friends, family, etc.
I started used ClearOS several years ago to deal with a tenant who took advantage of my generosity with Internet access. I've grown to love the software, and have three servers running at different locations. I use ClearOS to do all of the network control (DHCP, firewall, VPN, bandwidth management, etc.) and to split the incoming broadband connection into two: one for me and my stuff (NAS, PC, etc.) and one for everyone else. Basically a fancy 'guest network' that allows access to the Internet without exposing my equipment.
I'm running into difficulty with my latest installation that uses an LTE cellular modem for the WAN - a Huawei B882 specifically. This is a rural location, and there's really no other option for high-speed Internet. The 700 MHz LTE modem works well, however it can't be put into bridge mode. I can turn DCHP off on it, but I still have to assign it an IP address.
Here's what I did:
Assigned the modem an IP of 10.10.10.1 using the internal setup, and eth0 an IP of 10.10.10.2 in ClearOS.
eth1 (for LAN 1) is 172.16.200.1. This NIC runs to a switch and then to a few APs to allow several devices to connect.
eth2 (for the 'guest LAN) is 192.168.200.1. This NIC runs to one AP that any guests or friends can connect to.
The problem I'm having is inconsistent access to the Internet from the desktop PCs (on LAN 1), and difficulty accessing some of the devices on the network remotely. For the first point, it seems like one PC will have Internet access, and the other won't. Then a while later, the second PC will be able to surf websites while the first one shows 'no access'.
On the second point, I can log into the VPN, but I can only get as far as the ClearOS box. I can log into the web interface (using the 172.16.200.1 address), so I know I'm running through the VPN. I can't access any device further down the line however. I tried to access one of the access points and couldn't. I couldn't even ping anything else on the network. I can see that the devices are all there, as they're showing on the network map.
Wondering if anyone has any advice they can throw my way, or if anyone can share their experiences with the B882 modem.
Thanks much!
Bill
In DHCP Server
Share this post:
Responses (9)
-
Accepted Answer
So.... problem solved.
Had to attend locally as the ClearOS box had been taken out of the network (physically) so that it wouldn't conflict with the DHCP from the modem, which I'd turned back on so that there would at least be Internet access to the users.
I did some digging, and it turns out it was my fault. In trying to work around the modem (the lack of bridge mode) I at some point set the gateway address on the LAN to .3, not .1 like it should have been. There were clues of course... When I tried to do a ping and got a reply back from .3, which is an AP, not the server, and when things worked for a while then all of a sudden stopped, and the length of time that had passed was close to the DHCP lease time.
I've been burned by the address lease time thing before on another system, so you'd think I'd learn.
Anyway, it's all good. Things are running well, I can VPN in. The only thing I've lost in the process was access to the modem's config page. In turning off all sorts of 'services' like the firewall, SIP, application layer gateway, etc, I somehow blocked access to the unit. Not that I need it now that it's working. Worst case scenario I can just to a factory reset and reconfigure it.
Thanks to everyone who contributed!
Bill -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
In 6.x, please run:cat /etc/clearos/network.conf
ifconfig | grep Eth -A 1
lspci -k | grep Eth -A 3
uname -r
You won't be getting DNS servers assigned in ClearOS as you've turned off DHCP in the modem.
In your own OpenVPN configuration (/etc/openvpn/whatever.conf), add the line "float" if you also have a line "remote .....". Are you connecting to the remote OpenVPN as a roadwarrior or LAN-LAN? -
Accepted Answer
I really appreciate the input guys. To answer some questions:
ClearOS 6.5 (not in front of the box, but it's 6.x, not 7). 7 wouldn't play nice, and I only had a short time to get the system configured at home before I took it out to the other location, so I threw in my 6.x disc and got it running.
Running OpenVPN as a server. This is just to allow me secure access to that network so I can 'dial in' remotely and do any management that I need to.
LAN1 and LAN2 each have DHCP turned on, with a collection of static addresses for 'fixed' devices, and a small range of dynamic addresses in a pool for tablets, phones, etc. The WAPs on each LAN are set up as just that - APs only. One is a router with DHCP turned off, the other is a PicoStation configured as an AP.
This is essentially the same setup I have on the other two ClearOS systems I run: one external port that feeds two internal LANs - each with their own APs - and OpenVPN pointing to LAN 1. The only difference in this case is the modem and the fact that you can't put it into bridge mode.
I also use the Dynamic DNS service on all three systems. This seems to be particularly important with the cellular modem, as every time it changes bands/frequency, I get a new external IP. This can happen several times a day as the modem moves from 3G to HSPA to LTE and back.
I've assigned the modem a static IP, and given one to the 'external' connection on the ClearOS box. The DNS servers from the ISP don't seem to come through the modem to the ClearOS machine (possibly because I've turned DHCP off on the modem?), so I've manually entered them under the IP Settings tab in ClearOS. If memory serves, I'd put the modem IP (10.10.10.1) and the free Google DNS in there as DNS 1 and 2.
As mentioned, I got the whole system running fine at home with my cable modem. Upon hooking it up behind the cellular modem, things seemed to work fine for a while (couple of hours), then the problems showed up. Prior to the trouble appearing, I was able to hotspot my phone (different cellular network provider) and use my laptop to VPN into the ClearOS box and view an IP cam over the Internet. Seemed like end-to-end functionality to me.
The system is about a two hour drive away, and I'll be back there end of the week. ...partly my motivation to get this working: drive less, remote access more. -
Accepted Answer
Assuming you've got the ClearOS box set up as a gateway, which I think you must have from what you said, the modem can have any size address range and it will only supply the single IP you need to connect all your devices on the LAN side to the Internet. The only requirement is that it is a different subnet from the LAN ports.
I would also try turning off DMZ as that is normally for a web server.
Your Clearos box on the 2 LAN ports should each have a static IP address defined and DHCP enabled with an address range to give out to the clients.
Perhaps try setting up one on the LAN segments first and getting that working, then add the second?
Hope that helps
EDIT D'oh I didn't see Nick's reply before I sent mine. Do as he says! -
Accepted Answer
It should not matter if the ClearOS WAN is static or DHCP unless it is acting as a VPN server, in which case it must be static.
Can you confirm that the ClearOS WAN is configured as External?
Both PC's getting onto the internet at the same time is a different issue. Are the ClearOS LAN's configured to be DHCP? Which DNS servers are they configured to hand out? The ClearOS LAN IP or some other servers?
Assuming ClearOS 7, what is the output of:cat /etc/clearos/network.conf
ifconfig | grep flags -A 1
lspci -k | grep Eth -A 3
uname -r
What sort of VPN are you using to connect and is ClearOS acting as the server or client? For you WAP's are they routers configured as WAP's. If so, have you connected to the LAN or WAN port of the router. If the LAN, did you remember to disable its DHCP server? -
Accepted Answer
I'd tried that. ...at least I think I did.
I had DHCP 'on' on the modem, with a range of 10.10.10.2 to 10.10.10.3, even though there was only one machine (ClearOS box) connected to it. The modem wouldn't allow me to have a 'range' of only one address, so I set it for a range of two. I even put the ClearOS box in the DMZ on the modem.
Things were fine until I realized that both PCs couldn't get out to the Internet at the same time. I wondered whether the modem was assigning addresses beyond just the ClearOS machine. Since there's only one more slot available, and only one PC could access the 'net, I drew a connection that perhaps wasn't there.
In the IP settings in ClearOS the DNS servers were listed as the modem (10.10.10.1) and one of the free Google ones 8.8.8.8.
I'm sure this all boils down to a few simple settings that I've missed. I just don't know which one(s). -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »