Seeking advice for back-up internet connection at home
Hello, Tildes Tech Support Team,
I'm doing some Homelab stuff. And I'm looking for a way to set up an inexpensive back-up Internet connection. Less about having a connection when I'm home and Internet goes out (Phone hotspot works in a pinch), but more about getting in and getting statuses of stuff when I'm not home and Internet drops.
For background, I have a Ubiquiti Unifi Dream Machine Pro that can do WAN failover. My primary Internet connection is through Verizon Fios. The UDM and the Fios ONT are directly connected via ethernet; I'm not using Verizon's crappy home router. Also, I rarely lose Internet connectivity. This really is just a Homelab experiment to see if it can be done.
I've seen some stuff about getting a cheap, refurb smartphone and a cheap MVNO plan like Google Fi that nets me a handful of GB a month, and then tethering the UDM to the phone somehow (maybe through some cheap router in bridge/passthrough mode like a GLinet travel router). Has anyone had any experience doing this?
But...I actually have a secondary Internet connection already. My apartment complex has WiFi across the complex and for each unit. That I unfortunately have to pay for, even though I don't use it -- I want FULL control over my home network. But since I do have it, is there a way I can take advantage of this? I'm thinking something like a reverse AP, if that exists. But it has to pass through the IP from the apartment WiFi.
I know there will likely be issues with double NATing. But depending on the services/things I'm trying to access or keep access to, that may not be a factor. Like my Unifi hardware talking with the Unifi cloud access stuff. I think double NAT shouldn't matter.
Anyway, appreciate whatever you all got!
How's your UDM? I love mine like a baby.
Most internet backups are via LTE/5G, so that's a good instinct. I don't know why you would need a phone in the loop, though; just get a data-only SIM and a travel router (like the glinet) and then run an Ethernet line for wan failover. Done!
Taking advantage of the apartment complex's wifi is almost certainly doable, but it'd be beyond my abilities. You could probably figure out some way to configure a pi to serve as a transceiver and then passthrough, but I feel like it'd be hard.
I just got my UDM Pro today! Before this I was using a Cloud Gateway Ultra. I wanted to play around with VLANs and the built-in RADIUS server and the CGU was a bit limiting in those departments. So I'm excited to get the full power of Unifi! Plus I also picked up one of their cameras. Love that the UDM Pro also functions as an NVR.
And I totally forgot that some glinet routers have a SIM slot. I have the A1300 Slate, which does not, so I usually tether to my phone via cable. Good call!
I've done this with a Verizon mifi hotspot and pfsense. It worked, but Verizon coverage in my area is so bad that it wasn't worth the extra complexity. Also, I ran into a weird issue if the hotspot wasn't connected, the pfsense wouldn't boot because the proxmox VM that it was running on would detect a missing USB mapping, so if the hotspot was off and I lost power, my Internet would get knocked out.
Weird edge case that you probably wouldn't run into using hardware.
I saw a video a while back about using a cheap travel router to bridge a phone’s hotspot to a a UDM as a backup connection:
https://youtu.be/hSk2VLt_T5c?feature=shared
(There’s a lot of good videos on his channel too, although they tend to run pretty long)
You could probably do something similar using the apartment WiFi instead of a phone hotspot. One thing to consider though - is the apartment WiFi the same ISP? If it is, then it might be likely that the apartment WiFi will also go out if yours does, unless it’s a very localized issue to your connection.
That's a good question about the ISPs. I don't think it's the same. The apartment service is provided by an ISP that specializes in multi-tenant housing: GiGstreem. Seems like they're their own AS and they don't get their connection from Verizon. That said, I also don't know how to properly read that site, nor do I know much about BGP. So I'm just guessing *shrug*
They're probably using their own fiber (guess based on upstream and overall offerings of the company) and if you're in one of their major metros I'd also guess that the fiber all terminates in one location in a building. So a fiber cut probably takes out every provider while an upstream issue at FIOS would just be FIOS.
Travel routers typically have a wifi-client-to-Ethernet mode so would be trivial to use for WAN failover or possibly even bonding if you like headaches.
Oh yeah, I use the travel router all the time at hotels or even at my parents house; I have the travel router set as a VPN client to connect back home.
I guess what I'm trying to avoid is triple NAT. I just did a traceroute on my apartment WiFi and it looks like they use CG-NAT. Which I expected. So it would look like: UDM --> Travel Router --> CG-NAT. Though if I'm already double-NAT'd via the apartment WiFi, what's one more NAT? ¯\_(ツ)_/¯
So I went ahead and tried it, using the travel router in the "traditional sense" with no passthrough/bridge mode. Then on a laptop connected to my cell hotspot, I tested some things out.
The UDM is communicating with Unifi's cloud services, so I can access my Unifi network via web! So I definitely have some access into my network.
WireGuard does not work, which I expected, since the client is trying to connect back to my Fios domain/public IP. I use a domain and DDNS service to keep that synced. With multiple-NAT, I don't think I can get that to work. I wonder if there's a different VPN service I can use to get around that.
And the remote access software I use does work. As does the ability to control my smart devices.
That's really all I need. VPN would be nice, but it's not major in an pinch like Fios being down.
OK, so I think I have my solution. Just get another travel router and keep it in my network rack, connected to the apartment WiFi. Maybe one with a SIM card slot in case I also want to try avoiding multiple-NAT. A couple others here pointed to the same thing, like that Mikrotik travel router that lhamil64 mentioned.
A VPN with a relay service like Tailscale or ZeroTier would work though any number of layers as long as it can go from your network to the Internet.
I personally use TailScale with a subnet router to give myself access to chunks of my network when I'm away from home.
I'm not surprised about the CG NAT, they (Gigstreem) seem to only have announced IPv4 and no IPv6. I feel like if you run CG NAT you should dualstack so people who care can use their v6 prefix how they want.
I haven't looked at their support but it might be worth asking them if they have a timeline for v6 if it's not already offered. Then you'd be able to have a v6 pathway for VPN in a backup scenario.
No idea about capturing the WiFi, but since you’re already running ubiquiti gear this is the easy answer:
https://store.ui.com/us/en/category/internet-solutions/collections/pro-internet-solutions/products/u-lte
I’ve been running one for over a year and it’s worked well the few times it has been necessary. They also offer a “pro” version of that product that is bring-your-own-SIM.
I forgot about that. I did see that a few months ago when I was initially thinking about this. Good catch!
But...Idk if I want to pay the Ubiquiti tax again, lol...
Just today I dropped like $900 on Unifi gear to replace more basic Unifi gear that I've had for less than a year. Still, if nothing else works, like using my apartment WiFi, good to know that there is a Unifi solution ready.
A startup I worked for used Verizon 3G pucks for a while to power the network while we were waiting for Comcast to get into the building. I had used a Linksys router flashed with DD-WRT in AP-Client mode. It was wired to the uplink port of the main router and provided Internet for the whole building. It worked well enough apart for the data overage bills each month. This was a while ago so not sure if DD-WRT is still relevant (website looks stale), open WRT might be a better option. As long as the free wifi doesn't have a captive/web portal this should work. It will double nat but should be able to set some fairly permissive port forwarding rules to get around it (that's assuming the free wifi isn't already behind a nat).
As far as cost effectiveness goes: I would personally go with Mint Mobile (t-mobile) or Visible (Verizon). This is assuming their cellular services are good in your area. In my area, whenever the power goes out, Verizon's 5G service drops out too and my speeds plummet as their slower network gets overwhelmed. As for this actually being useful for you in the long run, I highly doubt it. Even when my power goes out, I'm able to power my ONT and networking equipment off a battery backup unit, and I still have Fios. I am of the mind that your money would be much better spent on a UPS unit and/or a generator instead of a monthly cellular plan to be used only for this use case. I use an EcoFlow RIVER in UPS mode, it keeps it charged at 80% and will automatically keep devices powered in the case of a power failure. I happen to need a CPAP though, so it's plugged into that and not my networking equipment. It's just more important and too far away for me to wire in both.
There was one time that a car took out a pole directly in front of my house, and I lost both power and internet access for ~24 hours. I was able to use my phone as a hotspot to a laptop. Then I configured my my router to (OpenWRT) and share my cellular connection throughout my house. It can be done, in fact it isn't even that hard to do, but if you're not in a very high stakes use-case, or in a location that frequently has drop outs, it's really not worth it. If I was going to do something permanent, I would probably look into a router with a SIM card slot that is supported by OpenWRT. I actually use a Raspberry Pi, so I'd probably just get a USB cellular modem and be all set to set it to fail over. If you don't use OpenWRT then you can change your search variables accordingly. You could even use something like this as a "travel router" to keep a hotspot with you if you go on road trips or camping.
I apologize, in the end I wound up writing more about my specific setup than yours.
I don't know exactly what capabilities Ubiquiti provides.
OpenWRT can install the USB drivers to just tether to a phone plugged into a USB port, and you can then set up automatic connection failover. They make dedicated modems for this, or you could get a router with a built-in LTE/5G modem, but a used low-end smartphone will be a lot cheaper. A data-only SIM with a low cap could run you $5/month. This isn't the most professional approach, which depending on your priorities for your LAN may be a significant downside, but I've done a decent amount of research (thanks for fuck-all, Spectrum), and it does seem to be by some margin the cheapest.
My apologies for the late reply, but thanks for sharing Tello! Didn't know there were data-only SIMs for that cheap!