Shared Internet Uplink for rural area

Hello everybody,

:man_farmer::woman_farmer:

I have this idea to share my internet (very weather depending LTE uplink with a downstream of about 1-15mbit/s). Because of this - weak and metered - internet connection it's quite important to have a good QOS management (have voice and video calls, maybe streaming? with priority for example) but maybe be also even able to limit the bandwidth (and record usage) of participants.

I wonder how to set it all up. I have only rudimentary networking skills (never worked with vlan or openwrt text configuration files for example.

Good thing is that we "harvested" already some used hardware which should be capable of doing the job.

Hardware wise my idea is following:

LTE Uplink (:tokyo_tower:) - TR-WDR3600 (:brain:) - CPE210 (PTP) ----- ~600m ----- CPE210 (PTP) - GL-MT300N-V2 (:signal_strength:)

I would need on "normal" network on the WDR3600 together with a "guest" network. The remote network should be on the MT300N-V2.

Does this all makes sense for a first draft? Guess I need to dive into VLANs and maybe get some extra tools for qos and traffic management?

It also would be great if I (from the the WDR3600) could access the MT300N-V2 network - but not the other way around. Guess that's just a VLAN setting?

Also would be nice to construct this that it can grow :seedling: So in the future maybe more participants :raised_hands:

quick visualization:

This shouldn’t be too difficult. You will need to install the sqm-qos package. The problem with an unstable wan connection is traffic shaping will not be practical. You can use the traffic shaping to limit bandwidth to each downstream network. Will you be needing to access the entire downstream (guest) network or just the CPEs and the router?

2 Likes

So here are my speed tests for the last 24 hours (while the network is in use):
image

Indeed, this than sounds more practical. So for example I could just say that the remote location has a maximum bandwidth budget of 2mbit/s for example.
Only bad thing than is that if the wan uplink gets tight (bad weather, rain...) and the available bandwidth for all drops down to like 1mbit/s than there will be no "priority" left for me :thinking:

Good question. Better to the whole network (might deploy a little arm server onsite) because I'm in charge for it (hardware and software wise). For now there is simply no network available.

So I put up one of the CPE210 up on a pole and had a little walk.

Close the the location the remote network should be established (around 600m away) I actually see the AP with my phone and even can connect to it (when I hold it up a bit :stuck_out_tongue:). I also tried a video stream and it worked :tada:

Looks like the PTP link will make no problems :+1:

Question now is how to "cascade" the networks* (guess they will be vlans) :nerd_face:
*with flexibilty in mind :stuck_out_tongue:

Yes it will involve vlans but its pretty easy to do. See this thread: https://forum.openwrt.org/t/solved-how-to-setup-separate-two-2-lans-networks-on-openwrt-18-06-5/55508/7
What equipment do you have for your LTE connection? You might get better stability with a directional antenna like a yagi.

1 Like

A video call (like teams or similar) will probably need stable 10Mbps to each client. HD video streaming needs at least 6Mbps per stream but that is absolute minimum.

If you only can provide 1-15Mbps total your clients will not be satisfied if they want to be in a meeting or talk on the phone or watch movies online.

Do you know who you are going to share your line with because you will be responsible for what ever they do on your IP address.

1 Like

The thing providing the wan uplink via lte is a huawei b2368-22. It is on the best (highest) spot installed and without changing the whole hardware there is not much more I can improve. I'm not planning in investing into more 4G/LTE equipment and rather keep my feet still for 5G :see_no_evil:

Good point, though from what i understand 5g has more bandwidth but shorter range. Then again they will probably come out with CPEs to compensate. Anyway, setting up the cascade network should be easy enough. To limit access between the networks like you want, setup the networks in different firewall zones. That way you can have your zone allowed access to the other but not in reverse. Good luck!

1 Like

It might not be quite obvious to people who are used to have always a unlimited broadband internet connection available but billion of peoples are able to use the internet with limited (low) bandwidth and limited traffic.

It's not that the infrastructure here (or in every random spot on earth) is just weak since yesterday - no, it's since always and only slowly gets better in this particular areas. The big improvements mostly happen in cities were (already) fast infrastructures gets faster. No one is interested to invest in rural areas, more expensive, less revenues.

If people are not egoistic and share the available resources there is actually no problem have parallel streams (not in 1080p of course). And I must admit it works, just today we had kind of a (not planned) "load test" and 4 users where actively penetrating the available uplink. Turned out the critical things are ping sensitive (real time audio/video, fast online games) other stuff didn't cause any headache.

Lucky me I don't have to satisfied any clients :wink: I'm just doing a favor to my neighbors which were perfectly able to survive till this very day without any internet at home :house:

That's certainly not true for my jurisdiction and I actually doubt that's a thing anywhere the words you put it. For sure many countries have certain laws which can force for example access provider to censor or maybe even disconnect clients from it's network. In Germany for example exists a law that kind of forces you (as a person sharing your internet uplink) to cooperate (typical by installing filters) if the content mafia has some copyright claim or something.

That I would be responsible for what ever thing you do in my house certainly sounds not right (at least if you are already an adult :wink: )

I'm just banging my head around this again.

The remote location should be able to survive locally (so without a need for the PTP connection be established). What this means is just that I create the local network with dhcp/wifi/etc. on the GL-MT300N-V2.

From here the question is already how the connection up to the TR-WDR3600 is established. Can it be "transparent" so without adding more and more NAT layers?

The thing is that I already have a double NAT configuration from the TR-WDR3600 over the LTE Router to the internet.

Any ides how can I avoid a unnecessary big NAT cascade? They tend to temper with voip and call signalisation :telephone_receiver::loud_sound:

Hope you have nice neighbours and you know them really well! Happy sharing IP address!:smiley:

1 Like

I can only think of one way to avoid the double nat, making the whole setup one network. Turn off the nat on the downstream router while having its dhcp issue a reserved ip range. However, I can’t think of a way to implement the segregation you want this way. I, personally haven’t had any troubles with double nat (even triple of you count isp cgnat). I even have a setup where I have a nat then proxy server behind another nat, no problems with video calls. Of course, results may vary =)

Another spin came to my mind. The cpe210 I pulled up has a nice range outside and is a good extension to the TR-WDR3600 which mainly covers inside. So beside doing the PTP connection to the remote location it would be great if it also could act as a access point for my local (guest) network :signal_strength:

No judgement here, just food-for-thought...

Before you start sharing your internet service, be sure that there are no prohibitions on sharing and/or reselling your connection in the terms & conditions from your ISP. If your ISP doesn't allow it and they find out about it, they may disconnect your service and/or seek damages. The legality of sharing your connection can vary from ISP to ISP (sometimes plan to plan), and jurisdiction to jurisdiction, so just be aware of the potential risks here. I am not judging, and this isn't something worthy of a forum debate about the legal terms or the rights, and responsibilities of he subscriber, just an FYI.

3 Likes

Best to test it out. The CPEs might be optimized for point to point.

I actually sharing by internet since many years. It was not unusual (pre covid) that I had like roughly a hundred different strangers a year using my internet uplink. The same was actually true when I was traveling. It never ever happened to me that someone didn't shared his/her internet connection with me (not for reason that it was metered and not for any legal reasons).

One time I used the internet from some one in germany who just recently received a letter from a well known law firm (exclusively working for the big content mafia) because his internet connection was used to share copyright protected material (I think it was a Disney movie or something) over a peer2peer network. And the thing is it actually happened, the person who stayed at his place before me had a p2p client running.
The letter asked him (the "owner" of the internet connection) to pay money for losses for the movie and to pay the attorney fees. Was a big sum but he just didn't need to pay it - it was enough to "cooperate" and tell them the person who did it is somewhere in Asia right now. And even he was not obliged to "cooperate" because it was a private claim without any judge involved. Still it was a good move to tell them the person how violated the copyright of their customer is not at his address because the law firm didn't went further like going to court...

I have a legal background and what I can tell you that only the "real" jurisdiction" counts. In the beginning of voip almost all ISPs didn't allow you (by contract) to use tethering of your phone for skype calls for example - in reality nobody cared (it was mostly :apple: enforcing this by software actually). The worst thing a ISP can do is cancel your contract.

So we learn there is real jurisdiction and there is much more FUD (@flygarn12 :wave:)

People also thing if they take off a "warranty void sticker" of a screw when they opening there phone that the warranty is really void :grin: People sometimes think to much and know to little...

Because I only have one of the CPE installed I can't use it simultaneous yet. What I think is needed is the STA+AP mode, which should be working from what I read so far.

The thing is I only have one ethernet cable from the CPE210 going to my TL-WDR3600. I have it setup to do a AP (only "normal" network) and have dhcp/dns/etc all directly taken from my TL-WDR3600. That works nicely.

Question how I could add the PTP connection, have it isolated and still be able to use the CPE as access point for my network?

I draw something up to have it a little bit visualized:

Are the CPEs flashed with openwrt? If they are, or if whatever firmware is on there supports VLANs then just create separate SSIDs segmented by VLAN. One for you and one for the downstream CPE.

All capable routers are already openwrtized. Only the LTE Router-Modem combo isn't because it's not supported.

Sounds so easy...

So as a complete vlan rookie I wonder where to define the VLANs actually.

From what I have read so far all vlans in my case are set up on the TR-WDR3600 - right?
The GL-MT300N-V2 spawns it's own 'normal' network (does dhcp for the clients etc.).

What I'm still not getting how to configure the CPE210's so that they will not introduce more NAT. For my Home and Guest network it would be just sufficient to bridge the network from the wired cpe210 so it will not have it's own dhcp/dns/etc but uses the one advertised on the TR-WDR3600 incited. But for the PTP link? How should I do this?

I think what you meant today was “thanks for the heads up, I have it all covered.”

1 Like