Posted: Fri Jan 06, 2017 23:21 Post subject: ATT 3G Microcell and VPN
I'm using and openvpn client and I have an AT&T 3G microcell mini tower. The microcell provides cellular service through my internet connection.
I just recently subscribed to a VPN service and since then my microcell can't connect to the internet. I've done a lot of searching and I found that the microcell uses ports 123, 500, 443, and 1500. I also called AT&T and they said that I need to make sure all the ports are open.
I went to yougetsignal.com and confirmed that ports 123 and 1500 are blocked.
I found a few options to potentially try:
1. Administration>Command Firewall exceptions
2. Policy based routing to allow my microcell IP address through
3. Policy based routing to list all of my IP addresses that I want to be on the VPN.
The instructions I've read and found may be providing the answer I need but I don't understand or know all of the terminology. I already tried once and my router froze up so I'm hesitant to just try wing this.
What do you think would be the easiest option for me?
So the easiest is to list all the ip addresses in the policy based routing and exclude the microcell and the router. If I have a switch do I exclude that ip address as well?
When listing the ip address: 192.168.1.10/xx, the xx is not a range correct? For example 192.168.1.10/20 doesn't mean ip addresses 192.168.1.10 through 192.168.1.20.
Do I have list the xx at all? I think I understand it is associated with the gateway. Correct me if I'm wrong. For my case it will always be 24 but what is difference if I include it or not?
Either way I would have to include every ip address individually.
192.168.1.10/24 or 192.168.1.10
192.168.1.11/24 or 192.168.1.11
192.168.1.12/24 or 192.168.1.12
etc
Alternatively you can create your own range, perhaps using static DHCP to place all clients within a specific range you'd like or sending all clients within the configured DHCP range, or just list as separate values i.e.
Code:
192.168.1.10
192.168.1.11
192.168.1.12
etc..
192.168.1.10/20, does not mean include IP addresses ranging from 192.168.1.10 - .20, doesn't work that way! _________________ James
Main router:
Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac
IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset
Okay I just applied the changes. Everything is working great. My microcell is outside my VPN and is now functioning properly and my router is not broken.
I realize this went from a best option to a CIDR discussion. I hope that's not a problem.