Dual wan lte static ip & cgnat

Louk · November 18, 2023, 1:14pm

Hello all,

I have a MT RB4011 that I am using it just for the link aggregation in a NAS and I have also the Chateau 5g. SIM 1 with static IP is in Chateau and the SIM 2 is in a 5G router that it is on CGNAT.

My goal is that I want to use the 5G router SIM 2 that is connected to Chateau on ether1 for internet access and the SIM 1 that have static IP for external access (vpn, port forward mostly) without disabling on or the other.

I tried some load balance – magle methods but nothing is working efficiently.

The difference on the two sims besides the static ip and cgnat is the bandwidth.
SIM 1 have 150 mbps dl / 50 mbps ul
SIM 2 have 700 mbps dl / 70 mbps ul

Is it possible to do it without losing the speed of the SIM 2 (700mbps dl) if yes any help will be much appriciated.

Thanks i advance!

Amm0 · November 18, 2023, 4:50pm

Keep in mind with load balancing, it’s connection-based so it’s always going to be a bit “fuzzy” on how bandwidth is distributed — since it doesn’t know how much bandwidth a connection is going to use.

But assuming you’re using PCC, you can favor your SIM2 — so more connections use that one. If you haven’t see, this video does a pretty good job of explaining load balancing using PCC: https://www.youtube.com/watch?v=nlb7XAv57tw

Otherwise, some config/diagram/etc might help since it not ever clear what your mangling.

Louk · November 18, 2023, 5:21pm

Thanks for the reply and the guide.

ATM i am not mangling anything i have reset the Chateau after a lot of failures on the rules.

I will try the guide you send me and i will inform you if it was success!

Louk · November 18, 2023, 7:09pm

I made a configuration according the guide from the video but it was not a success after all.

What I am trying to do is in simple words is to use the lte of the Chateau for remote access and a 5G modem connected to Chateau ethernet 1 for local internet access.

In my case with the lte’s (chateau internal modem and the router connected in ethernet 1) i have not a static ip to set in default gateways route table so i use the interface instead (for example default gateway=lte1), maybe there is the problem and all the rules failing.

i have attached my current configuration file along with the diagram with what i want to do.
18112023.docx (13.9 KB)

Louk · November 18, 2023, 7:24pm

Port in the diagram is rong the correct one is 9001.
If i disable the the interface ether1 port forward is working.

Louk · November 19, 2023, 7:44pm

i find a semi solution but its not stable at all.

The sim 2 router have dhcp only local ip and there is no way to give a static one. If i put the dhcp address in the Chateau routes table and give distance 2 its working but if the router restart and the ip is not valid anymore, route is not working along with all mangle rules related to it.

My second issue right now is that the speed is cut to half on lte1 meaning downloading from outside my network the solid 50mbps upload became 20-35mbps roughly.

Where did i mess it up?

Louk · November 19, 2023, 7:56pm

The latest configuration:

/interface bridge
add name=LAN
add name=OpenVPN
/interface wifiwave2
set [ find default-name=wifi1 ] configuration.mode=ap
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface lte apn
set [ find default=yes ] default-route-distance=1
add apn=vpn-internet default-route-distance=1 ip-type=ipv4 use-peer-dns=no
/interface lte
set [ find default-name=lte1 ] allow-roaming=yes apn-profiles=vpn-internet band=“”
/ip pool
add name=dhcp_pool0 ranges=10.10.10.20-10.10.10.254
add name=OVPN-pool ranges=11.11.11.2-11.11.11.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=LAN lease-time=10m name=dhcp1
/routing table
add disabled=no fib name=ether_1
add disabled=no fib name=lte_2
/interface bridge port
add bridge=LAN interface=ether2 trusted=yes
add bridge=LAN interface=ether3 trusted=yes
add bridge=LAN interface=ether4
add bridge=LAN interface=ether5
add bridge=LAN interface=wifi1
add bridge=LAN interface=wifi2
/ip address
add address=10.10.10.1/24 interface=LAN network=10.10.10.0
add address=11.11.11.1/24 interface=OpenVPN network=11.11.11.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip cloud advanced
set use-local-address=yes
/ip dhcp-client
add add-default-route=no interface=ether1 use-peer-dns=no
/ip dhcp-server network
add address=10.10.10.0/24 dns-server=8.8.8.8 gateway=10.10.10.1
/ip dns
set servers=8.8.8.8,8.8.4.4,1.1.1.1
/ip firewall filter
add action=accept chain=input dst-port=1194 protocol=tcp
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark
connection-state=new in-interface=ether1 new-connection-mark=ether1_conn
passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark
connection-state=new in-interface=lte1 new-connection-mark=lte1_conn
passthrough=yes
add action=mark-routing chain=output connection-mark=ether1_conn new-routing-mark=
ether_1 passthrough=yes
add action=mark-routing chain=output connection-mark=lte1_conn new-routing-mark=
lte_2 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark
connection-state=new dst-address-type=!local in-interface=LAN
new-connection-mark=ether1_conn passthrough=yes per-connection-classifier=
src-address-and-port:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark
connection-state=new dst-address-type=!local in-interface=LAN
new-connection-mark=lte1_conn passthrough=yes per-connection-classifier=
src-address-and-port:2/1
add action=mark-routing chain=prerouting connection-mark=ether1_conn in-interface=
LAN new-routing-mark=ether_1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=lte1_conn in-interface=LAN
new-routing-mark=lte_2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat dst-port=9001 in-interface=lte1 protocol=tcp
to-addresses=10.10.10.3 to-ports=9001
add action=dst-nat chain=dstnat disabled=yes dst-port=1194 in-interface=lte1
protocol=tcp to-addresses=10.10.10.1 to-ports=1194
add action=masquerade chain=srcnat
/ip route
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=
192.168.141.57 pref-src=“” routing-table=ether_1 scope=30 suppress-hw-offload=
no target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=lte1
pref-src=“” routing-table=lte_2 scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=
192.168.141.57 pref-src=“” routing-table=main scope=30 suppress-hw-offload=no
target-scope=10
/ip service
set telnet disabled=yes
/system clock
set time-zone-name=Europe/Athens
/system note
set show-at-login=no