LTE router into UniFi WAN

skyw4lk3r

Well-Known Member
Joined
Apr 2, 2020
Messages
192
Hi

A friend only has LTE available in his area, and plugs his Huawei LTE router into the wan port of his USG. With the USG as his main router he has a complete unifi setup. It seems to be working fine. For Internet the USG gets a static IP on the lan of the LTE router.

Question is, how to solve any double nat issues that may arise, and is there a need to forward all ports on the LTE router so that all the port settings done on the USG will run correctly? Anything else that needs to be done to get the setup done correctly?
Would the USG firewall function correctly with this setup?

Thank you
 

PsyWulf

Honorary Master
Joined
Nov 22, 2006
Messages
12,564
Depends if the LTE router can do a DMZ rule to forward all traffic and the LTE itself isn't stealth NATed,then USG wont even know
 

skyw4lk3r

Well-Known Member
Joined
Apr 2, 2020
Messages
192
It's a B525 which does have a DMZ setting, but if there is another device also connected to a lan port of the Huawei as well as his USG, would there be a way to get it to work? So two lan ports connected on the LTE router. One goes to his separate network.
 

powermzii

Expert Member
Joined
Jun 4, 2007
Messages
4,860
It's a B525 which does have a DMZ setting, but if there is another device also connected to a lan port of the Huawei as well as his USG, would there be a way to get it to work? So two lan ports connected on the LTE router. One goes to his separate network.
On my 618 you specify the IP address of the device in the DMZ so if he can set a static IP for the USG then this shouldn't be a problem. The other LAN port would then get a different IP address and not be in the DMZ
 

powermzii

Expert Member
Joined
Jun 4, 2007
Messages
4,860
Oh and something else to consider on Telkom is using the 'unrestricted' apn. This takes care of possible double batting that might others ie occur on the standard apns. Rain doesn't have a similar apn so even if you DMZ on their router you're still strict double natter.. Just as fyi
 

skyw4lk3r

Well-Known Member
Joined
Apr 2, 2020
Messages
192
So this has been up and running well for the past month.
Now we want to try and setup a VPN (site to site) between work and home.

Would this be possible with double nat and dynamic IPs? Which VPN options would be best for this setup
 

MDKza

Senior Member
Joined
May 24, 2012
Messages
726
So this has been up and running well for the past month.
Now we want to try and setup a VPN (site to site) between work and home.

Would this be possible with double nat and dynamic IPs? Which VPN options would be best for this setup

Unifi to Unifi?
If it is both sides Unifi are they on the same controller?
 

skyw4lk3r

Well-Known Member
Joined
Apr 2, 2020
Messages
192
Unifi to unifi, but one's a dream machine pro which is on its own separate controller, can't be adopted to another controller afaik
 

nad_isa

Senior Member
Joined
Sep 23, 2011
Messages
680
So this has been up and running well for the past month.
Now we want to try and setup a VPN (site to site) between work and home.

Would this be possible with double nat and dynamic IPs? Which VPN options would be best for this setup

im no expert but as i understand it if your wan IP is a public IP then you should be okay, whether dynamic/static as there are solutions. if your wan IP is private (CGNAT) then this is where things get complicated.

Do a tracert to see and you should be able to setup something
 
Top