Netgate SG-1000 microFirewall

Author Topic: Travel pfsense box - things to consider  (Read 1775 times)

0 Members and 1 Guest are viewing this topic.

Offline 2chemlud

  • Sr. Member
  • ****
  • Posts: 385
  • Karma: +20/-5
    • View Profile
Travel pfsense box - things to consider
« on: May 10, 2015, 05:17:06 am »
Hi!

I think about setting up pfsense on an old norebook  with

- an 3G stick as the WAN interface
- built-in RJ45 as LAN

for traveling, as a firewall and for establishing some VPN tunnels.

First question(s):

Is the 3G setup feasible (got a noname XS stick P14 Made in China), considering drivers in  pfsense?

Do I have to remove the PIN from the SIM card or can pfsense meanwhile handle this?

Is dial-up automatically when pfsense starts up?

What is the config to absolutely minimize the "baseline" traffic via WAN?

Many thanks for any help/hints...

chemlud

Phishfry

  • Guest
Re: Travel pfsense box - things to consider
« Reply #1 on: May 20, 2015, 01:16:18 am »
Totally doable. I have used Dell Mini 1012 with Sierra MC8775 as a portable mifi and a bios modded HP Mini 210-1076NR with a Sierra MC7700.
I prefer internal mini PCIe 3G/4G modems as the usb dongles seem to be trouble, Several modems on the pfSense list don't work anymore, so chose your modem wisely.

pfSense really is not suited for removing the Pin from your SIM. You should get a working arrangement under Windows, ensuring a connection and SIM validation. Then setup pfSense. If your using ATT you can swap SIM pretty seamlessly between devices.

Connection is automatic once you configure it.

https://doc.pfsense.org/index.php/Configuring_3G_modems

Check out some of my mifi posts. Similar setup using wireless.

Straighttalk SIMs for tablet plan works as well. Just gig limited and throttled. Tablet SIM kit has both ATT and Tmobile SIMs..
« Last Edit: May 20, 2015, 01:29:40 am by Phishfry »

Phishfry

  • Guest
Re: Travel pfsense box - things to consider
« Reply #2 on: May 20, 2015, 02:19:09 am »
Quote
Is the 3G setup feasible (got a noname XS stick P14 Made in China), considering drivers in  pfsense?

I can't tell you if your device is supported. Try it out and see...

Finding a working device can be challenging..

Phishfry

  • Guest
Re: Travel pfsense box - things to consider
« Reply #3 on: May 20, 2015, 03:31:51 am »
You might want to check to ensure your mobile carrier allows VPN connections. Some carriers charge extra or require business class service to allow it.

Phishfry

  • Guest
Re: Travel pfsense box - things to consider
« Reply #4 on: May 20, 2015, 03:47:34 am »
Finding a suitable laptop for WWAN is challenging as well. Many whitelist their WWAN slot. I prefer LTE and the Sierra MC7700 is the only module i have found working in pfSense, but finding laptops that recognize the module has been tough. I bios modded my HP mini to clear the whitelist. I have found that Samsung N150 natively supports the MC7700. Only thing is, none of these laptops have 700mhz Antennas so they really only do 3.5G or hpsa+ due to antennas lacking. I need to do some antenna upgrades... I bought them but have a hard time tearing apart a working laptop!!

Dell Lattitudes have empty WWAN slots and sim slots and prewired with antennas.
E6220,E6320,E6420,E5320,E5420,E5520 ect....There are i7 chips with Intel AES-NI too.
I have an MC7700 ready to test in a E6420 i got cheap...

Offline 2chemlud

  • Sr. Member
  • ****
  • Posts: 385
  • Karma: +20/-5
    • View Profile
Re: Travel pfsense box - things to consider
« Reply #5 on: May 27, 2015, 01:58:16 pm »
Hi Phisfry!

Seems that this is our private party ;-)

Found my modem here:

https://doc.pfsense.org/index.php/Known_Working_3G-4G_Modems

...the very first. Have a newer one, but that one I found here:

https://forum.pfsense.org/index.php?topic=88356.0

:-(

I want to use an old Dell Precision M (not investment planned). Downloaded 2.2.2 (i386, full install), but it did not recognize the 4G modem on first boot... (but I had no SIM card inserted yet).

At the moment I do a full install and see what will happen after first boot from SSD...

so long!

chemlud

Offline 2chemlud

  • Sr. Member
  • ****
  • Posts: 385
  • Karma: +20/-5
    • View Profile
Re: Travel pfsense box - things to consider
« Reply #6 on: May 27, 2015, 02:16:00 pm »
I need to do some antenna upgrades... I bought them but have a hard time tearing apart a working laptop!!


... OT: recently I had to replace the graphics cards of a Dell Precision M6400... NIGHTMARE! You have to ripe the whole notebook completely apart, including the CPU cooler... Antennas are usually behind the display, so not that hard to acchieve :-)

Phishfry

  • Guest
Re: Travel pfsense box - things to consider
« Reply #7 on: May 30, 2015, 03:05:32 am »
Looking at the M6400  -I see an WWAN slot on mainboard. So why fight the USB problems of the E3372, get yourself an internal module..What mobile carrier are you using?
Nice thing i found about using the Dell is that some can use a small SSD drive in the dvd/2nd drive sled for a pfSense mifi or yank the drive and you have a windows workstation.  Nice 2 in one device...

Offline 2chemlud

  • Sr. Member
  • ****
  • Posts: 385
  • Karma: +20/-5
    • View Profile
Re: Travel pfsense box - things to consider
« Reply #8 on: May 30, 2015, 03:43:00 am »
My 6400 will be the one BEHIND the pfsense ;-) I use the two HDDs as RAID1, but with dual boot for Win and Linux... I never used the WWAN card, it's little problematic under windows, as I learned (driver, installation), and actually I think about stripping the machine of any wireless device (bluetooth, WLAN, WWAN) and only use a micro bluetooth stick when necessary...

The carrier will be Deutsche Telekom as well as prepaid cards for other European countries. Need some time to set up the basic config (users, firewall, VPN, etc...) and then try the WWAN part of the story.

As I wrote, after the first boot the pfsense saw no WWAN stick, but when I removed it later, it threw out a message like "g3u0 has been removed". Do I understand it correctly that I have to install the 3G modem manually at the GUI, not directly by assigning interfaces in the console of the pfsense machine?

Many thanks in advance!

chemlud

Phishfry

  • Guest
Re: Travel pfsense box - things to consider
« Reply #9 on: May 30, 2015, 07:39:06 pm »
The problems with the USB cell devices is usually they have a small "Mass storage device" for drivers. This device must be "Ejected" for the USB modems data interfaces to show up correctly in the pfSense PPP setup area. I am not much help with USB fobs as they are too much trouble.. Some work well some don't.. Sorry I can't be of more help there. Post your bootlog for "u3g0 found (X) ports" part for a look over. You should have the device installed at bootup for sure.

Phishfry

  • Guest
Re: Travel pfsense box - things to consider
« Reply #10 on: May 30, 2015, 09:00:38 pm »
You could consider installing a modem module in an USB/Mini PCIe adapter like this:
http://www.ebay.com/itm/Mini-PCI-e-Wireless-to-USB-Adapter-Card-with-SIM-Card-Slot-Test-WWAN-Module-/231398289493

I would find out which Sierra MC77xx module works with your telecom(There are 3 different models) and use that in the above adapter..

Phishfry

  • Guest
Re: Travel pfsense box - things to consider
« Reply #11 on: May 30, 2015, 09:04:37 pm »
Quote
Do I understand it correctly that I have to install the 3G modem manually at the GUI, not directly by assigning interfaces in the console of the pfsense machine?

Yes that is correct. Setup PPP from the GUI then assign to an interface.

Offline 2chemlud

  • Sr. Member
  • ****
  • Posts: 385
  • Karma: +20/-5
    • View Profile
Re: Travel pfsense box - things to consider
« Reply #12 on: May 31, 2015, 02:48:30 am »
... I used the wiki article to set up the PPP device, changed Routing/NAT (?) and now it works :-D ...but the 3G/4G net is lousy here at my place, so no way to really test the setup VPN...

Many thanx, will report on further developments.

kind regards

chemlud