Using pfsense for WAN Redundancy with Cellular LTE/4G
I work from home a lot and I need reliable internet connectivity to workplace. As a result, I decided to implement a failover WAN connection into my firewall. I use pfSense as my firewall which combines power and flexibility with easy of configuration.
While researching options, I decided on the Netgear LB2120 4G LTE modem since it has Gigabit port(s) and can be used with external antennae.
I heard about an affordable Cellular pay-as-you-go cellular service on a linux podcast called ting.com. The basic service is $6 / month for network access and fees. Data is charged in 1GB blocks on top of that. Since I’m only using this during brief periods when my primary internet provider is unavailable, it works out to be a cost effective backup service.
I was quite surprised when I ran a speed test. I get 60Mbit/s down and 20Mbit/s up. The latency is high which is expected because of wireless frequency hopping and other characteristics. Overall, it’s very usable as a backup.
[ IMAGE of 4G LTE SPEEDTEST RESULT ]
Using firewall and routing rules within pfsense, you can deny certain traffic if you’re on the WAN. If you don’t want to stream movies or use other high-bandwidth services while on your failover connection, you use create DENY rules to certain things or you can DENY everything and only allow certain traffic (like a connection to the office VPN) over the LTE tunnel. This will reduce your cost and it can all be managed within pfsense.
- Backup VPN endpoint
Using Dynamic DNS I update the A record for my backup_home.chrisbergeron.com endpoint address. This way if I’m not at home and my primary VPN endpoint into home becomes unavailable, I can simply VPN in to the secondary endpoint. This allows me to check my home network to make sure other services are up and running.
Like many things this setup isn’t free. These are the costs:
- Modem: $140 USD
- SIM Card: $20 USD
- Monthly service minimum: $6/month
So for $160 up front, a bit of configuration and at least $6 a month I have peace of mind knowing that I’ll be able to connect to my workplace VPN. It beats driving into the office or having to take an unscheduled day off from work.
Using an LTE Modem is a great way to have a backup internet connection. As an added bonus, if you ever travel
Table of Contents generated with DocToc