Proxicast Version Up and Further Steps

April 29, 2020

Proxicast updated the PocketPORT 2’s firmware to officially support the USB800, so I updated mine, factory reset it, plugged the USB800 in, and it came up without any issues. What a neat little device that solves so many problems!

Anyway, I’ve still not decided on what to use going forward, but I am definitely leaning toward the MikroTik just for simplicity’s sake. RouterOS 7 has the MIPSBE architecture now, so I’m not super worried about it losing support, and I can always roll with the long-term track for stability. It’s definitely the most compact option we have. I just hope I still have the foam ready to go back in for this or it’s another Amazon purchase and time in Visio.

Going back to the MikroTik in the case will leave me with 3 firewalls for extras/spares. Not too big of a deal. It does give true multi-connectivity though: Ethernet through the WAN port, WiFi using the GrooveA, and LTE using the Proxicast and the USB800.

Until next time!

0

Proxicast is a Go!

April 8, 2020

It works! We’re set with a replacement for the AF23 to use with the USB800.
Big props to their support for getting back to me quickly after hours!

The biggest question now is: what device do we use? Since I’m planning on having the USB800 as the primary connection, it really means, well, whichever we want.

Let’s run through the choices:

  1. Mikrotik hAP ac Lite
  2. By far the most versatile of the list because of the passive PoE out port that could run a WiFi CPE as well as enable “single cable” power for the Proxicast. It also has a built-in switch, though we almost never have wired devices. Lack of external antennas is the biggest disadvantage for this one, but let’s be real: how far away from the room do we need access? Probably not very far. Sadly, this may one day be unsupported by the latest RouterOS, but considering the use case, that may be not an issue.

  3. SonicWall TZ300 wireless-AC
  4. This one’s biggest disadvantage is the wireless card is one band or the other. One small one is the USB port being on the front, but that’s just a nitpicky annoyance because the aircard does work connected directly. It does, however, have a built-in switch. Probably should have a support contract, and will eventually be unsupported by the latest SonicOS.

  5. Fortinet FortiWiFi 50E-2R
  6. No major disadvantage besides, like the TZ300w, the USB port is on the front and it carries a support contract. This works well with the aircard plugged directly in, but like the TZ300w will one day no longer be supported by the latest FortiOS. However, it does have a built-in switch also.

  7. pfSense on PC Engines apu2d0 (or other similar device)
  8. I’ll be honest: pfSense is bae💛 which makes me want to actually make it work in the case. The only actual disadvantage of this is, well, FreeBSD’s WiFi drivers and their… issues. But that’s okay! I know the cards to use and the settings to tweak. USB ports are right by the “WAN” NIC and PC Engines makes good stuff. Lack of a built-in switch isn’t too bad. Small switches are cheap enough should we need one, and there’s one wired port besides. I just wish they’d make one in the alix3 form factor again… The best advantage this has is the non-proprietary nature of pfSense and FreeBSD, so artificial support removal is a nonissue.

  9. Some other consumer-grade router
  10. Just no. Maybe for a remote repeater for silliness’ sake, but otherwise no.

Looking at that list, It’s going to be pfSense or MikroTik going forward. It’s time for more Visio fun…

Until next time!

0

An Alternative Plan

April 5, 2020

The aircard seems to be working fine with pfSense despite being, well, a little fussy: it’s fussy enough that I’ve got a Proxicast PocketPort 2 on order. This little jewel is powered by Micro-USB and converts a USB aircard to 10/100 Ethernet. It supports the Verizon equivalent of the USB800, so I should be good to go once it arrives. There’s two good things about this: 1) it lets me replicate the AF23 dock for the old Huawei card, and 2) it means if I wanted to put the hAP ac Lite back in service, which has crossed my mind a couple of times, I would be able to use the 24V to 5V Micro-USB passive PoE splitter that was used with the Nighthawk M1 at AWA last year with good results after adding a Micro-USB to USB-C adapter. The only gotcha is it limited us to 100 Mb. Not a huge issue as I have rarely seen over 100 Mb from the USB800.

It all comes down to simplicity: the PocketPort 2 is tiny so it won’t take up much room in the case and lets me not have to contend with failover connection stupidity.

The plan is as follows: stick to pfSense and leverage the PocketPort 2 for a single WAN port that is not USB-based. Once it shows up I’ll first verify the aircard works with it then start planning to reconfigure the Pelican case once again. This will be, what, the third time this year? I’m not sure why but once I switched wireless ISPs things have been slightly unstable on that front. Had I stuck to T-Mobile, though, I’m sure I wouldn’t have been happy since my office is a black hole for them. Such is life: at least I’ll be able to bundle fiber in with my wireless plan on AT&T. That’s one +1 for them!

0

pfSense Success?

April 5, 2020

I went back to pfSense for my home firewall since soon I will have AT&T Fiber and need to do the bypass trick, so I decided to see if I could figure out how to get the USB800 working which actually took not much effort.

I plugged it into the MicroPC and enabled the AT port, which made the following command needed for the interface to work:

# usb_modeswitch -v 1410 -p b020 -u 2

Once I did that, the interface came up and I had Internet access. After that I plugged it into my firewall, ran the same command, and lo-and-behold, the connection came up and had access. Why did I not try this a few months ago I don’t know.

This means a lot of things for Internet in a Box: do we continue to use the FortiWiFi or do we switch back to pfSense on the APU2 or a different device, perhaps a fitlet2 with dual WiFi cards? The fitlet2 is shockingly expensive once you add RAM, storage, and an add-in card to give the storage and WiFi cards a home. It’s a pretty neat device and the USB ports’ location is better than the APU2’s. However, since I’ve got the USB800 wrangled in FreeBSD finally, I might be able to use the USB extension stand with the APU2 to position the aircard at a better location. Alternatively I could stick to the FortiWiFi as it worked great on my OKC trip or give the SonicWall another go, but the APU2 with pfSense is, in my opinion, a better device for this as it gets such limited use and having a support contract tied to something that is used infrequently seems wasteful. We shall see, though. I need to dig the APU2 back out, reload pfSense on it, and get things up and running with ue0 from the USB800 as the WAN connection.

Until next time!

0

Quick Update!

February 24, 2020

Hi friends! Currently at Will Rogers World Airport in Oklahoma City, OK, for my return flight to the 7th Circle of Hell, I mean, Hartsfield-Jackson Atlanta International Airport, and this trip was a big success on the data front: the USB800 had good speeds and no inexplicable slowdowns at all. I think we finally have a winning solution with the USB800 and FortiWiFi 50E-2R! I’ll get the mini version finalized soon and maybe pick another Chromecast up to throw in the small case with it to reduce the footprint further.

It might be time to close the big OneNote document I have and do some updates to this site’s pages…

0

Introducing Internet-in-a-Box Mini!

February 18, 2020

No, I’ve not decided to get rid of the full Internet-in-a-Box in favor of something smaller. What I have done, however, is fill the gap between aircard alone and the full case for single day or less setups.

What does this mean, and why am I doing this instead of using an actual hotspot device?

To answer the why, let’s go back to late 2009 when I picked up an aircard on T-Mobile. At that point, portable hotspot devices really didn’t exist except for the MiFi 2200 that was on Verizon and Sprint and much more expensive per month. We had one at my old company for trade shows, and because we needed Ethernet for server and workstations we plugged it into a higher end Cradlepoint router. Previous to this I was using my old boss’ Sprint aircard with a CTR350 for similar for the old WB4HRO repeater system, so I was well acquainted with Cradlepoint and their products’ limitations.

What I didn’t do at this point was pick up a Cradlepoint for my aircard choosing instead to repurpose an old netbook as a wireless router. It worked well enough.

Fast forward to early 2012 and I had the CTR35 and the UMG181 as my daily carry combo and it stayed that way for a couple of years until being supplanted by a mobile hotspot device. Not exactly the best move in my opinion, but it worked and gave me LTE speeds.

Anyway, enough of the past: here’s the what! I will be using the GL.iNet GL-AR750S (Slate) travel router for this. It will connect back to the datacenter using WireGuard for DHCP from the domain controller up there as well as adblocking via its DNS server. Should work perfectly!

Again, the scope of Internet-in-a-Box Mini is single day or less setups needing access for n+1 devices. The full Fortinet-based setup will continue to be used for longer duration, semi-permanent setups.

0

Trip Report and Further Testing

January 19, 2020

The work trip to Nashville was partially successful on the Internet in a Box front. Speeds were great when I arrived Sunday afternoon then proceeded to tank over the next two days, which made zero sense. By Monday morning download speeds were seemingly stuck at 1.5 Mbps while uploads were 30 Mbps+. I left my personal laptop in the room casting AGDQ to the Chromecast I’d plugged into the TV that day hoping that things would improve: well, they didn’t. I returned to my hotel room around 4:30p local time and things were still slow. Opted to just live with it, took a short power nap, headed across the street to get wings from Pizza Hut, then headed back to watch AGDQ and crashed relatively early.

I woke up the next morning and speeds were still slow. I powered the SonicWall down and threw the aircard in my work backpack and headed out. I was going about 20 miles east of Nashville that day, and I needed to use the aircard to get online once I got to the site, so of course I ran a speedtest. 25 down, 10 or so up. Maybe the tower I was connected at the hotel to was super overloaded? It was very close to Vanderbilt University after all.

Went back to the hotel once I was done and worked out of there rest of the day: speeds still were slow on the aircard there but usable for AGDQ only. I put both my personal and work laptops on the hotel’s WiFi which wasn’t that much faster but was usable.

When I got home Wednesday afternoon I hooked the SonicWall back up here and was getting similar speeds. Had the idea the next day to rebuild the APU2 on CentOS 7 with the latest kernel which failed. I moved the aircard back to the SonicWall after this and it’s been inconsistent. I swapped the SIM to the M1, which I have now working similar to the old AF23 dock, and speeds were fine. Moved it back to the aircard and speeds have been fine since. Still thoroughly confused, but I’ve got some new plans.

First off I have a Fortinet FortiWiFi on the way, and since we’re moving to this platform at work having my own device to work with could be helpful. Also, it should work to isolate the SonicWall’s USB port, assuming the USB800 is supported. If not I’ll give the M1 a go with this.

Secondly, I’ve got my Gen7 HP Microserver set up as a test ESXi host that holds 5 VMs: a management VM that has ScreenConnect on it, and 4 VMs on a separate vSwitch connected to the SonicWall that are presently downloading 10GB test files from OVH and speeds are looking fine. Once these are done in a few hours, I’ll fire up the browser and use the Azure demo streams for more traffic.

Thirdly, I’ve got a Gen8 HP Microserver on the way as well: this will be another test host to supplement the Gen7. Microservers are nice and small so one could be used for an “in-room server” at a con.

Until next time!

0

New Year, New Setup

January 4, 2020

Happy New Year!

Since our last post I’ve struggled with some issues that I documented in a rather large OneNote document. Internet-based traffic seemed to be okay, but the USB extension started showing issues with the SonicWall after I pumped a lot of data through it, so I reloaded OpenWrt on the APU2 and managed to get the tunnel established this time and traffic was passing between the firewalls, but the LAN connection stopped working. I was starting to get frustrated with it, so I loaded up a pfSense 2.5 snapshot and if_urndis.ko from FreeBSD 12. No luck, so I loaded up a FreeBSD 12.1 VM thinking I could do vanilla FreeBSD instead but it didn’t work either. Darn.

Not one to be defeated so easily by technology, I gave OpenWrt one final go before going back to the SonicWall, this time with my local LibreNMS install set up to alert when the device dropped. I had no disconnects until my connection at home went down for a few minutes. I removed the SonicWall from the local install and spun a second LibreNMS install up in the datacenter as that’s the VPN endpoint. I had some issues with the SonicWall dropping, even giving the M1 Nighthawk a try instead, which was a little more stable, but I was only doing Internet traffic on this, so I felt stuck. I went for OpenWrt one final time and it was just not working for me. I opted to connect the modem directly to the SonicWall and it kept having random disconnections that would clear up after I reset the tunnel on the datacenter firewall. What was the problem?

I did some looking around during downtime at work and found the issue: SonicWall firewalls don’t support multiple subnets on single IPsec Phase 2 entries. I flipped on the “Split Connections” option on this particular VPN entry and things got a lot more stable, but I was still experiencing issues. When the tunnel dropped yesterday morning, I decided that I’d just rebuild the tunnel entirely once I got to the office. There wasn’t a single disconnection after the tunnel was rebuilt, and when the P1 rekeyed after 8 hours the P2s stayed up and things seemed good.

I’ve got a work trip starting tomorrow through Wednesday, so this is definitely turning into testing in production! I have a contingency in plan, however: disable the tunnel and set DHCP back up on the firewall with OpenDNS for DNS servers. Hopefully this won’t be needed. Everything is packed up in the Pelican Case and the USB800 is in my work laptop backpack now, so it’ll be showtime in under 24 hours.

I’ll report on how well it worked once I return from the trip Wednesday afternoon.

0

Punting from the 1…

December 23, 2019

Well, some unexpected things have happened that pushed us back to 4th and long at our 1… I managed to acquire the USB800, and once it arrived I immediately plugged it into the USB extension I had the MF861 plugged into and… it went into a boot loop with pfSense. I was understandably somewhat disappointed when it worked just fine with the GPD Micro PC and my Windows 10 laptop. Not to be defeated, I loaded OpenWrt on an SD card and booted the APU2 with that, and the LTE card worked! Great, time to hammer at manual IPsec configuration… and hammer at it… After being just plain frustrated at that, I loaded up if_urndis.ko from FreeBSD 11.2 in a hope for the USB800 to work with pfSense, but that didn’t work either. What was I to do? See if I could wrangle OpenWrt into talking to the high crypto levels on the datacenter firewall? Find another distribution? Well, I found a different solution: I Googled “SonicWall USB800” and a KB article on SonicWall’s site mentioned that the latest SonicOS, 6.5.4.5, supported it. To eBay I went, where a TZ300 Wireless-AC (TZ300W) was up for $100. I put my bid in and won it on Friday. It arrived via the post today, so once I got home from work I unboxed it and got started.

I’ve configured a bunch of SonicWall firewalls at work over the last couple of years, so I’m familiar with the configuration process. Once it’s unboxed (and reset in this case), register it. Sadly this one was already registered, so I reached out to our rep for help and if I should put a ticket in or not. As expected, I put a ticket in to get it transferred to my personal MySonicWall account, so we’ll see how long that takes with the holiday over the next few days.

Anyway, after a little bit of “OK, why is this so slow?” that cleared up later, the firewall is configured nicely with the LTE modem connected via the extension. It’s set up as the secondary connection in the failover/load balancer, so if I found a hotel with an Ethernet port, I would be able to plug in without issue. Same with running a travel router in WiFi client mode if needed. One minor potential problem: the wireless is either 2.4 GHz or 5 GHz, not both simultaneously. Oh well, it shouldn’t be an issue: it’s almost 2020, why the heck are you still using a single-band device unless there’s no other option? If needed I can drop it back to 2.4 GHz, though that is most definitely not the preferred band.

I’m currently downloading something rather large from Steam using both wired and wireless, and that will give a very good metric for stability. I’ll need to run over by the Galleria to do a multi-device test sometime, and I still will be making a proper “let’s wander around Galleria and Environs” field trip after the first of the year with the MicroPC and the USB800. However, I was over there one day last week and actually brought the MicroPC and USB800 with me and it was quite acceptable. Admittedly, this may be unnecessary but hey, it’s a fun way to kill a few hours on a Saturday.

At any rate, the basic plan is to run this with all security services disabled and DPI disabled as well. I’m very glad I waited to redo the Pelican case’s foam as this is likely to be the preferred firewall going forward. A pity I couldn’t get the APU2 working with OpenWrt: it’s okay though, I’ll figure out a use for it!

Have a great rest of the year!

0

Next Steps and 2020 Preview

December 12, 2019

We are back, and things are proceeding nicely with the internet in a Box rebuild: the new apu2d0 arrived and is running pfSense with an IPsec tunnel back to the datacenter firewall. Also new is the LTE modem in use: ZTE’s MF861 “Velocity USB Stick”. However, this will ultimately be replaced with the Inseego Global Modem USB800 if I can ever find one. Initial tests are passable, and there’s a field trip to Galleria and Environs with one of these USB modems and my GPD MicroPC in my near future.

The reasoning for going with a USB modem instead of the M1 hotspot is because it is truly plug-and-play and not needing any sort of dock, unlike the previous Huawei card. Outside of convention trips and the few overnight business trips I have these days, I really only need access for a single device when away from home: sure, I could use my iPhone’s hotspot, but that’s only 15GB. Both the MF861 and presumably the USB800 use RNDIS, so pfSense, Arch Linux, and Windows 10 all automatically pick it up as a USB Ethernet device. This covers the operating systems it’ll be plugged into, though I’m sure macOS will have the same result if I pull my MacBook Air back out.

2020 will be here in 3 weeks, and my convention schedule is a bit more full. I’m planning to go to either Seishun Con here in Atlanta or (more likely) drive over to Birmingham, AL, for KamiCon, end of January. After that’s the long wait until MomoCon over Memorial Day weekend, then the long summer wait until DragonCon over Labor Day weekend, then the long wait until Anime Weekend Atlanta over Halloween weekend. And to wrap it all up is Atlanta Anime Day, assuming I decide to go, the Saturday after Thanksgiving.

I’m not planning to tote the full Internet in a Box to any con except AWA. If I get floor space in a room for the other 3 cons, yes, I’ll bring the aircard in my personal laptop backpack so I’d have (hopefully) better connectivity for my laptop. As I’m unsure of what the potential roommates’ opinions of portable networking are, I’ll err on the side of caution. Plus there’s a definite “do stuff outside of room” push at those cons. That exists too for AWA but this year was kind of a cluster planning-wise. I hope to alleviate that with a Wednesday check-in for this next year.

I’m sure there will be other fan events to attend, but there’s no telling when or where. And naturally, I’m sure I’ll have at least one overnight work trip that the case will get put in my checked luggage for use as usual.

Things are definitely coming together: let’s hope our connectivity solution holds true for a while. If it doesn’t, well, we’ll figure it out. Somehow.

0