Struggles with 4G EE network connection

rivimey · ‎03-08-2024

I have been provided with an EE72E dongle to connect to the internet via WiFi which seems to work fine when I connect to the internet via the donge's WiFi directly from my Macbook. However my need is to connect my Linux-based firewall/router for the house to the internet, rather than just one computer, so I have connected a USB Wifi dongle to the router, and established a WiFi connection from the router to the EE dongle.

Theoretically this should be sufficient, IMO. However any outgoing packets sent to the WiFi interface on the router just disappear - none are ever replied to, whether DNS query or anything else. I do have a default route set to use the WiFi connection, and I am monitoring the packets using "tshark -i wlx50*****fc8".

What is going wrong? How can I make this all work?

[I have obscured some text for privacy]

$ iwconfig wlx503e****5fc8
wlx503e****5fc8 IEEE 802.11 ESSID:"4G-WiFi-****-2.4GHz"
Mode:Managed Frequency:2.462 GHz Access Point: 3C:EF:****:65:46
    Bit Rate=65 Mb/s Tx-Power=14 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
    Power Management:off
Link Quality=47/70 Signal level=-63 dBm
    Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
    Tx excessive retries:1 Invalid misc:1786 Missed beacon:0

Typical tshark dump:

140 7.516882707 192.168.1.227 → 8.8.8.8 DNS 105 Standard query 0x835e A rABNa0zw9.ebl.msbl.org OPT
141 7.519401426 192.168.1.227 → 8.8.8.8 DNS 105 Standard query 0x835e A rABNa0zw9.ebl.msbl.org OPT
142 7.538458880 192.168.1.227 → 192.203.230.10 DNS 98 Standard query 0x3c9c A registry.k8s.io OPT
143 7.548033283 192.168.1.227 → 192.168.1.1 DNS 77 Standard query 0xa0c4 A 2.uk.pool.ntp.org
144 7.548096380 192.168.1.227 → 192.168.1.1 DNS 77 Standard query 0x41b8 AAAA 2.uk.pool.ntp.org
145 7.549894096 192.168.1.227 → 192.203.230.10 DNS 97 Standard query 0x9749 A auth.docker.io OPT
146 7.552442914 192.168.1.227 → 192.203.230.10 DNS 98 Standard query 0x3c9c A registry.k8s.io OPT
...
170 8.481124541 192.168.1.227 → 4.4.4.4 DNS 97 Standard query 0x4b36 A auth.docker.io OPT
171 8.483271934 192.168.1.227 → 4.4.4.4 DNS 97 Standard query 0x4b36 A auth.docker.io OPT
172 8.525839762 192.168.1.227 → 199.7.83.42 DNS 82 Standard query 0x9d03 NS <Root> OPT
173 8.528317529 192.168.1.227 → 199.7.83.42 DNS 82 Standard query 0x9d03 NS <Root> OPT
174 8.789675224 192.168.1.227 → 4.4.4.4 DNS 98 Standard query 0x8a18 A p2p.reolink.com OPT
175 8.791941526 192.168.1.227 → 4.4.4.4 DNS 98 Standard query 0x8a18 A p2p.reolink.com OPT
...

Interface status:

17: wlx503e****5fc8: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 50:3e:aa:52:5f:c8 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.227/24 brd 192.168.1.255 scope global dynamic wlx503e****5fc8
valid_lft 79866sec preferred_lft 79866sec

Routes:

$ ip route
default via 192.168.1.1 dev wlx503e****5fc8 metric 50
192.168.1.0/24 dev wlx503e****5fc8 proto kernel scope link src 192.168.1.227 metric 50
...

XRaySpeX · ‎03-08-2024

@rivimey : Firstly does the Linux-based firewall/router appear as a connected device on the 4GEE WiFi router?

Tell us more about this Linux-based firewall/router as I'm not sure what kind of beast it is. Is it a fixed Home BB router or a mobile router? Who supplies the BB to it (before you tried to get the EE mobile router to)? Maybe tell us its make & model & I'll look it up & make my own mind up.

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up > 2005: Wanadoo 1 Meg BB > 2007: Orange 2 Meg BB > 2008: Orange 8 Meg LLU > 2010: Orange 16 Meg LLU > 2011: Orange 20 Meg WBC > 2014: EE 20 Meg WBC > 2020: EE 40 Meg FTTC > 2022:EE 80 Meg FTTC SoGEA > 2025 EE 150 Meg FTTP

rivimey · ‎04-08-2024

Hi, I don't know how to find out what the EE72E dongle is doing, except that I can use it with the macbook and it does seem to respond to a dhclient request. How can I find out?

The router is an ubuntu mini-pc device with 4x2.5G eth ports which I would normally use with a fibre modem, running ubuntu 22.04 on a J4125 cpu. When running with ppoe/fibre it works very well. I am trying to adjust the setup such that the EE device takes over internet connection dity from the pppoe connection. (obvs not running ppp over the EE dongle!).

Overall, my intention is to configure the usb wifi device plugged into my router with SSID etc, then run dhclient on that ethernet port, then configuring the dhcp'd IPv4 address as the router's default route. The dhcp'd IP network (typ: 192.168.0.0/24) is not the same CIDR net as my own.

The ubuntu network stack does happily take this as default route and sends the expected traffic that way, but replies never come back.

My router runs a full instance of ISC Bind with master zones for the local network, and configured as a full recursive server for non-local lookup. At one point I did try setting dns forwarders rather than being a generic lookup but it made no difference.

[just a thought: is this due to NAT somewhere within the dongle, and if so what can I do about it?]

XRaySpeX · ‎04-08-2024

Login to your MBB router at http://192.168.1.1 with username/pwd as "admin"/"admin" or with the admin password found under the battery cover. Then look at Connection > Connection Status > Connected Device(s)

You surprise me! You know so much about a complicated fixed PPPoE BB router& yet seem not to be able to get into a simple mobile router.

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up > 2005: Wanadoo 1 Meg BB > 2007: Orange 2 Meg BB > 2008: Orange 8 Meg LLU > 2010: Orange 16 Meg LLU > 2011: Orange 20 Meg WBC > 2014: EE 20 Meg WBC > 2020: EE 40 Meg FTTC > 2022:EE 80 Meg FTTC SoGEA > 2025 EE 150 Meg FTTP

rivimey · ‎04-08-2024

I'm tired and the user guide is tiny.

There are 2 connected devices, one of which is my macbook and the other therefore must be the main router (only other thing I have set up).

The device is on loan to me and it seems some facilities are blocked, so apart from this very little is visible to me.

XRaySpeX · ‎04-08-2024

@rivimey wrote:

the other therefore must be the main router (only other thing I have set up).

Is its IP = 192.168.1.227 (I think, as I don't understand your logs)?

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up > 2005: Wanadoo 1 Meg BB > 2007: Orange 2 Meg BB > 2008: Orange 8 Meg LLU > 2010: Orange 16 Meg LLU > 2011: Orange 20 Meg WBC > 2014: EE 20 Meg WBC > 2020: EE 40 Meg FTTC > 2022:EE 80 Meg FTTC SoGEA > 2025 EE 150 Meg FTTP

rivimey · ‎04-08-2024

The 192.168.1.227 address is the IP address of my USB WiFi device, while 192.168.1.1 is the "other end" of that connection, chosen by the EE router for the WiFi network. The '227 address is provided to my router by DHCP when I connect to Wifi, not selected by me. Note that I never see a true internet address - these are all 'private' addresses, signalling that there is CGNAT (carrier grade NAT/network address translation) happening in the EE network.

[[About the log Info:

The iwconfig output shows the configuration of the WiFi elements of connected interfaces - things like SSID, frequency band and so on.

The 'tshark dump' is output from the program tshark, which is the text-mode version of Wireshark. It shows one packet transferred for each line of text. The IP addresses are always sender_to_receiver, so you would normally see a variety of addresses appearing in the first IP column, not only the '227 address.

The 'interface status' shows the generic linux interface detail, things which are available for any network interface. It shows the hardware (mac) address, any configured IP or IPv6 addresses and relevant CIDR masks, and bitrate, status (up, down, dhcp lease lifetime, etc). The 'iwconfig' output supplements this with details pertinent to wifi devices.

The 'ip route' output is showing the output of that command, showing the contents (in my case, partial) of the network routing table.

A Web UI might show things prettier but all the info is the same.]]

XRaySpeX · ‎04-08-2024

I don't understand that IP allocation. Had you changed the gateway IP of the EE72E? Did you not login to it at http://192.168.1.1 as I advised? If so, 192.168.1.1 is the IP address of the USB WiFi device & 192.168.1.227 would be the IP addy of something else (I assumed to be your other router).

In the Connected Device(s) page what is the IP addy stated for "the other therefore must be the main router"?

@rivimey wrote:

while 192.168.1.1 is the "other end" of that connection, chosen by the EE router for the WiFi network.

What "other end"? The WiFi network doesn't have an IP addy of its own; it has an SSID.

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up > 2005: Wanadoo 1 Meg BB > 2007: Orange 2 Meg BB > 2008: Orange 8 Meg LLU > 2010: Orange 16 Meg LLU > 2011: Orange 20 Meg WBC > 2014: EE 20 Meg WBC > 2020: EE 40 Meg FTTC > 2022:EE 80 Meg FTTC SoGEA > 2025 EE 150 Meg FTTP

rivimey · ‎04-08-2024

I did login to 192.168.1.1 (for me, no password needed).

The Connected Devices link doesn't work for me, either on the EE dongle main page or from the link you posted. You link refers to 192.168.1.4, which for me doesn't exist, while from the main page the "connected devices: 2" text is just text, not a link.

You are misunderstanding the WiFi connection's addressing:

- The 192.168.1.1 address is the internal IP address of the EE dongle as presented on the WiFi interface, as you said. I have not changed its configuration at all.

- The 192.168.1.227 address is a dynamically allocated address that the EE dongle hands out (using dhcp) to a connected device (e.g. for my macboox it is 192.168.1.106). In my case I described it as the address of "my USB WiFi device" because my router has a USB-connected tp-link WiFi interface to enable it to communicate over WiFi at all. I refer to the EE72E mobile router as the "EE dongle".

By "other end" I was referring to the EE dongle, in the context of this wifi network being used primarily as a point-to-point link.

For any computer to send anything to the EE dongle it has to create packets with both source and destination addresses, and if those packets are sent from the connected computer the source address (for my router, 192.168.1.227) will be set in the packet. If the connected device (e.g. my router) is not the source of the data but just forwarding it from somewhere else, then the original source address is retained so replies can be returned to their original source, and my router's address is not shown in the packet.

rivimey · ‎04-08-2024

I have now managed to get things sort-of working. I think the critical thing was setting up IPv6 firewall and routing correctly; it seems pure IPv4 doesn't work ??? I also rebooted my router, which may have influenced things.

I say sort of because I can't get forwarded traffic to work: traffic from/to my linux router works fine, but I think the CGNAT stuff makes things fail for routed traffic -- packets from my internal network just don't return.